Name: KC Mobility Scooter Rentals LLC
Address: 703 Pennsylvania Ave, Leavenworth, KS, 66048, US
Telephone: 913-775-1098

The short version

We collect the minimum we need to deliver a rental, send a receipt, and follow up after. We don't sell your data. We don't share it with marketers. We use a small set of named processors (Stripe, Supabase, Resend) to actually run the business — they're listed below. You can ask us what we have on you and we'll tell you, or delete it on request.

Who we are

KC Mobility Scooter Rentals LLC, a Kansas LLC operated by Jeffrey Guzman. Physical address: 703 Pennsylvania Ave, Leavenworth, KS 66048. Reachable at 913-775-1098 or jeff@kcmobilityscooterrentals.com. We are a hospitality rental and refurbishment business — not a medical or healthcare provider, durable medical equipment supplier, or covered entity under HIPAA.

What we collect

You give us, directly:

Reservation info: name, email, phone number, delivery address (when applicable), rental dates, equipment selection, height and weight (used for fitting recommendations only — not stored beyond the rental window).
Payment info: card details enter Stripe directly through Stripe Checkout. We never see or store full card numbers. Stripe sends us a transaction record (last 4 digits, brand, transaction ID, charge amount).
Rental agreement: the e-signature you submit through our signing flow, with timestamp and IP, kept for the legal duration of the contract.
ID photo (kiosk events only, when enabled): at events where we offer camera-based ID verification, a single JPEG snapshot of your driver's license or government photo ID, stored in a private bucket associated with your order. We do not run OCR or facial-recognition on it. We delete it 90 days after the rental ends, or sooner on request.
Communications: emails, texts, or call notes you send us.
Sell or haul-away inquiries: if you contact us to sell equipment or schedule a free pickup, we keep the photos you sent and the contact info you provided for the duration of the transaction plus a year for accounting records.

Collected automatically:

Server logs: IP address, browser, requested URL, referrer, timestamp. Used for security and capacity planning. Retained ≤30 days.
Cookies and local storage: a session cookie when you sign in as a customer or admin (so we know it's still you). The kiosk tablet uses sessionStorage to hold form state during a single rental flow and wipes it between customers. We do not use third-party advertising cookies.
Analytics: if/when we add Google Analytics or a similar service, it'll be disclosed here with the configured retention. As of the date above, we are not running third-party visitor analytics.

How we use it

To process the rental, sale, or haul-away you asked for.
To send transactional email and SMS — receipts, signing links, payment links, pickup confirmations, return reminders.
To follow up after the rental and ask if everything went well.
To improve the service — anonymized aggregate analysis only.
To meet our legal, tax, and accounting obligations.

We do not use your information for behavioral advertising. We do not sell or rent customer lists. We do not share data with marketing affiliates.

Who we share it with

We use a short list of named service providers, each scoped to one job:

Stripe (Stripe Inc., US/EU): payment processing, refunds, receipts. Stripe sees card details. We see only the last 4 + brand + amount. Stripe's privacy policy.
Supabase (Supabase Inc., US): our database, customer authentication, file storage, and Edge Functions. All customer data we hold lives there. Supabase's privacy policy.
Resend (Resend Inc., US): transactional email delivery. Resend's privacy policy.
Hostinger (Hostinger International Ltd., EU): static-site hosting. Server logs and IP addresses pass through their infrastructure. Hostinger's privacy policy.
Twilio (Twilio Inc., US): SMS delivery for kiosk payment links and pre-reg confirmations, when enabled per event. Twilio sees the phone number and the message body. Twilio's privacy policy.

These are processors, not partners — they handle data on our instruction and aren't allowed to use it for their own purposes beyond what their service requires.

Legal disclosure

We will share information when legally required (subpoena, court order, lawful law-enforcement request) or when necessary to protect our rights, property, or the safety of staff or customers. We will tell you if this happens unless legally prohibited from doing so.

How long we keep it

Rental records: 7 years (tax/accounting requirement under Kansas law).
Signed agreements: 7 years (legal contract retention).
ID photos (kiosk camera mode): 90 days after the rental ends, or sooner on request.
Email correspondence: 3 years for ordinary business; longer if it's part of a legal matter.
Sell/haul-away inquiry photos: 1 year after the transaction.
Server logs: 30 days.
Marketing email opt-ins: until you unsubscribe (we do not send marketing email yet, but if we do, every send includes a one-click unsubscribe).

Your rights

You can, at any time, by emailing jeff@kcmobilityscooterrentals.com:

Ask what we have on file about you (we'll provide a copy within 30 days).
Correct anything that's wrong.
Delete your data — except the parts we're legally required to keep (tax records, signed contracts).
Opt out of any future marketing communications.
Take your data with you in a portable format (CSV/JSON).

California residents (CCPA): the rights above are sufficient under CCPA. We do not sell personal information. We do not knowingly collect from anyone under 16.

EU/EEA visitors (GDPR): we are a small US business and do not target EU customers, but if you reach our site from the EU and we hold data on you, you have GDPR rights — access, rectification, erasure, portability, and the right to lodge a complaint with your local data protection authority. Email and we'll respond.

Children

Our service is for adults. We don't knowingly collect personal information from children under 16. If we learn we've collected information from a child without parental consent, we'll delete it promptly. Parents can email us to confirm.

Security

All site traffic is HTTPS. Customer-facing data is stored in Supabase with row- level security policies. Payment card data never reaches our servers — it goes directly from your browser to Stripe. Admin sessions require multi-factor authentication. ID photos are stored in a private bucket with admin-only signed- URL access (5-minute expiry per request).

No system is perfectly secure. If we discover a breach affecting your data, we will notify you within 72 hours and report to the appropriate authorities as required by Kansas Stat. 50-7a01 et seq.

Changes to this policy

When we change this policy, we update the "last updated" date at the top and keep the old versions on file. Material changes (adding new processors, expanding data collection) get an email notification to active customers.

Contact

Privacy questions, complaints, data access or deletion requests: jeff@kcmobilityscooterrentals.com or 913-775-1098.

Privacy Policy