Privacy Policy

    Last updated: April 3, 2026

    Introduction

    HostCaptain is a product of MC Capital Solutions LLC, a company registered in the State of California, United States. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use the HostCaptain platform ("Service").

    By using HostCaptain, you agree to the collection and use of information in accordance with this policy. If you do not agree with this policy, please do not use the Service.

    Information We Collect

    We collect the following types of information to provide and improve the Service:

    Account Information

    • Name and email address (provided during registration)
    • Password (stored securely using industry-standard hashing)

    Business Data You Provide

    • Vehicle information (make, model, year, VIN, mileage, purchase price, etc.)
    • Trip and earnings data (imported from Turo CSV exports)
    • Expense records, receipts, and maintenance logs
    • Loan and recurring payment details
    • Team member information (name and email for invitations)

    Usage Data

    • Pages visited, features used, and interactions within the app
    • Browser type, device type, and operating system
    • IP address and approximate geographic location

    Cookies and Analytics

    We use cookies and similar tracking technologies to analyze usage patterns and improve the Service. We use third-party analytics services including Segment and PostHog for this purpose. You can control cookie preferences through your browser settings.

    How We Use Your Information

    All information we collect is used strictly to provide, maintain, and improve the Service. Specifically, we use your information to:

    • Provide and operate the HostCaptain platform
    • Generate financial reports, dashboards, and analytics for your business
    • Power AI-assisted features such as Captain AI recommendations
    • Process payments and manage your subscription
    • Send transactional emails (account verification, password resets, team invitations)
    • Respond to support inquiries
    • Improve the Service based on usage patterns and feedback

    What We Do NOT Do

    • We do not sell your personal information to third parties — ever.
    • We do not share your data with advertisers or data brokers.
    • We do not use your business data to compete with you or share it with other hosts.
    • We do not rent or trade your information for marketing purposes.

    Payment Processing

    Payments for HostCaptain subscriptions are processed by Stripe, Inc. ("Stripe"). When you subscribe to a paid plan:

    • Your credit card details are entered directly into Stripe's secure payment form.
    • HostCaptain does not store, process, or have access to your full credit card number.
    • Stripe is PCI-DSS Level 1 certified, the highest level of payment security certification.
    • We receive only a limited record from Stripe (e.g., last four digits of your card, billing email) to display subscription status.

    For more information, see Stripe's Privacy Policy.

    Bank Account Linking (Stripe Financial Connections)

    HostCaptain may offer the ability to link your bank or credit card accounts to automatically import transactions. This feature is powered by Stripe Financial Connections, a service provided by Stripe, Inc.

    How It Works

    • When you choose to link a financial account, you are redirected to Stripe's secure interface to authorize the connection.
    • HostCaptain never receives your bank login credentials. Authentication is handled entirely by Stripe and your financial institution.
    • Once authorized, Stripe provides HostCaptain with read-only access to your transaction history (up to 180 days) for the connected account(s).

    What Data We Receive

    • Transaction details: date, amount, merchant/description, and category
    • Account metadata: account name, type (checking, credit card), and last four digits
    • We do not receive your account balance, account number, or routing number

    How We Use This Data

    • To display your transactions within HostCaptain for review
    • To analyze transactions and suggest or auto-create expense records for your business
    • To help you categorize spending and assign expenses to specific vehicles

    Your Control

    • Linking a bank account is entirely optional and always requires your explicit consent.
    • You can disconnect a linked account at any time from your HostCaptain settings.
    • Upon disconnection, we stop receiving new transaction data. You may also request deletion of previously imported transaction data.

    For more information, see Stripe Financial Connections Terms and the Financial Connections Security Addendum.

    Third-Party Services

    We use the following third-party services to operate and improve HostCaptain:

    • Supabase — Database hosting, authentication, and file storage
    • Stripe — Payment processing and financial account connections
    • Segment — Analytics event routing
    • PostHog — Product analytics and usage insights
    • Cloudflare — Content delivery, DDoS protection, and Turnstile CAPTCHA
    • ActiveCampaign — Transactional and marketing email delivery

    Each of these services has their own privacy policy governing how they handle data. We only share the minimum data necessary for each service to function.

    Data Storage and Security

    • All user data is stored on servers located in the United States.
    • Data is encrypted in transit using TLS/SSL and at rest using AES-256 encryption.
    • Access to production systems is restricted to authorized personnel only.
    • We use Row-Level Security (RLS) policies to ensure users can only access their own data and data belonging to their company.
    • We conduct regular security reviews of our codebase and infrastructure.

    Data Retention

    We retain your data for as long as your account is active or as needed to provide the Service. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it by law (e.g., financial records for tax purposes).

    Anonymized and aggregated data that cannot be used to identify you may be retained indefinitely for analytics and product improvement.

    Your Rights

    Depending on your location, you may have the following rights regarding your personal data:

    • Access: Request a copy of the personal data we hold about you.
    • Correction: Request correction of inaccurate or incomplete data.
    • Deletion: Request deletion of your personal data (subject to legal retention requirements).
    • Portability: Request an export of your data in a machine-readable format.
    • Objection: Object to certain types of data processing.
    • Withdrawal of Consent: Withdraw consent for optional data processing at any time.

    California Residents (CCPA/CPRA)

    If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), including the right to know what personal information we collect, the right to delete it, and the right to opt out of the sale of personal information. We do not sell personal information.

    European Economic Area Residents (GDPR)

    If you are located in the EEA, we process your data based on legitimate interests (providing the Service), contractual necessity, and your consent where applicable. You have the right to lodge a complaint with your local data protection authority.

    Children's Privacy

    HostCaptain is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children. If we become aware that a child under 18 has provided us with personal data, we will take steps to delete such information promptly.

    Changes to This Policy

    We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will notify you by email or by posting a prominent notice on the Service. Your continued use of HostCaptain after any changes constitutes acceptance of the updated policy.

    Contact Us

    If you have any questions about this Privacy Policy or your personal data, please contact us at:

    MC Capital Solutions LLC

    DBA HostCaptain

    Email: support@hostcaptain.co