MyFuelHQ logoMyFuelHQ

Privacy Policy

Last updated: May 9, 2026

This Privacy Policy describes how Lyon Park Technologies, LLC, a Virginia limited liability company that operates the MyFuelHQ™ platform (“Lyon Park Technologies,” “we,” “us,” or “our”), collects, uses, shares, and protects personal data in connection with the MyFuelHQ™ software platform and related services (collectively, the “Services”).

Table of Contents

  1. 1. Who We Are and Our Role
  2. 2. Categories of Personal Data We Process
  3. 3. Sources of Personal Data
  4. 4. Purposes of Processing
  5. 5. Legal Bases for Processing
  6. 6. Subprocessors
  7. 7. Data Retention
  8. 8. Your Virginia Consumer Data Protection Act Rights
  9. 9. Your California Privacy Rights
  10. 10. Children’s Data
  11. 11. Security Measures
  12. 12. Security Incident Notification
  13. 13. Cookies and Tracking
  14. 14. Mobile Application Provisions
  15. 15. AI Processing of Documents
  16. 16. International Transfers
  17. 17. Changes to This Policy
  18. 18. How to Contact Us
  19. 19. Effective Entity

1. Who We Are and Our Role

Lyon Park Technologies, LLC is the entity responsible for the MyFuelHQ™ platform. Our registered office is at 2758 Washington Blvd, Arlington, VA 22201.

Controller for account data. Lyon Park Technologies is the controller of personal data we collect from owners and authorized users about themselves and their accounts (such as name, email address, phone number, hashed password, and account activity).

Processor for documents and operational data. When customers upload or forward documents to the Services, or when the Services collect operational data from customer-owned hardware (such as tank monitors and point-of-sale systems), Lyon Park Technologies acts as a processor on the customer’s behalf. The customer is the controller of that data and of any personal data about third parties contained within it (such as supplier contacts, fuel haulers, or driver names appearing on bills of lading and invoices).

2. Categories of Personal Data We Process

  • Account and contact data: name, business email, phone number, hashed password, role, and authentication tokens.
  • Station and configuration data: station address(es), tank and pump configuration, fuel grade configuration, supplier identifiers, and integration settings.
  • Forwarded supplier email and document data: bills of lading, invoices, electronic funds transfer notices, sales reports, and similar documents that the customer forwards or uploads. These documents may include personal data about third-party individuals (such as supplier representatives, haulers, or drivers).
  • Tank monitor data: real-time tank levels, deliveries, and alarm events from Veeder-Root automatic tank gauges connected to the Services.
  • Point-of-sale data: transaction-level pump and shift data from Gilbarco Passport and similar point-of-sale systems.
  • Billing data: Stripe customer identifier, payment method tokens, subscription tier, and billing history. We do not store full payment card numbers; Stripe holds card data, and we hold tokenized references only.
  • Activity and audit data: records of user actions, document parsing events, system events, IP addresses, browser and device metadata, and access logs.
  • Support communications: emails, support tickets, and messages you send us.

3. Sources of Personal Data

We collect personal data from the following sources:

  • Directly from you when you create an account, configure the Services, communicate with us, or submit documents.
  • Automatically from your equipment through integrations you authorize, including tank monitors, point-of-sale systems, and email forwarding rules you configure.
  • From authorized third parties such as your fuel suppliers, payment processor, or other software you have connected to your account.

4. Purposes of Processing

  • Service delivery: to provide the dashboards, integrations, document parsing, reconciliation, alerts, and reports that make up the Services.
  • Authentication and security: to verify identity, prevent fraud, detect and respond to abuse, and maintain the integrity of the Services.
  • Billing and account management: to invoice for and collect subscription fees and to communicate about your account.
  • Customer support: to respond to inquiries, troubleshoot, and maintain a record of support interactions.
  • Product improvement: to analyze usage, debug, and improve features and performance of the Services.
  • Marketing communications: to send product updates, newsletters, and promotional materials. You can unsubscribe at any time using the link included in each marketing message; transactional and security messages will continue to be delivered.
  • Legal and regulatory: to comply with applicable law, respond to lawful requests, and enforce our agreements.

6. Subprocessors

We engage the following subprocessors to provide the Services. We commit to maintaining this list and to providing at least thirty (30) days’ advance notice of material additions or changes by email or in-app notice, so that customers may object to a new subprocessor before it begins processing personal data.

SubprocessorService ProvidedRegion
Stripe, Inc.Payment processing and subscription billingUnited States
Resend (Drift Labs, Inc.)Transactional and product email deliveryUnited States
Anthropic, PBCAI document parsing (Claude API, vision on uploaded PDFs)United States
Neon, Inc.Managed PostgreSQL database hostingUnited States
Railway Corp.Compute and API hostingUnited States
Vercel Inc.Frontend application hostingUnited States
Amazon Web Services, Inc.Object storage (Amazon S3) for uploaded documentsUnited States
Cloudflare, Inc.DNS, edge proxy, and DDoS protectionUnited States

7. Data Retention

We retain personal data for the following periods:

  • Account data: retained for as long as the customer maintains an active subscription, plus a thirty (30) day post-cancellation export window.
  • Backups: retained for up to ninety (90) days following deletion from production systems.
  • Financial and billing records: retained for seven (7) years to meet tax and accounting obligations.
  • Audit and activity logs: retained on an immutable, append-only basis for the life of the account and for a period after termination consistent with security and legal requirements.
  • AI parser inputs and outputs: retained for ninety (90) days for quality assurance, debugging, and accuracy auditing, after which they are anonymized or deleted.
  • Marketing contact records: retained until you unsubscribe or request deletion, subject to a suppression list to honor your unsubscribe request.

We may retain personal data longer where required by law, to enforce our agreements, or to defend legal claims.

8. Your Virginia Consumer Data Protection Act Rights

If you are a Virginia resident, you have the right to:

  • Confirm whether we process your personal data and access that data;
  • Correct inaccuracies in your personal data, taking into account the nature of the data and the purposes of processing;
  • Delete personal data we have collected from you;
  • Obtain a portable copy of personal data you have provided to us; and
  • Opt out of the sale of personal data, of targeted advertising, and of certain types of profiling that produce legal or similarly significant effects.

Lyon Park Technologies does not sell personal data, does not engage in targeted advertising, and does not use personal data for profiling that produces legal or similarly significant effects on you.

To exercise your rights, contact privacy@myfuelhq.com. We will respond within forty-five (45) days. If we deny your request, you may appeal by replying to our denial; we will respond to your appeal within sixty (60) days.

9. Your California Privacy Rights

If you are a California resident, you have the right to:

  • Know what personal information we collect, use, disclose, and retain;
  • Access a copy of your personal information in a portable format;
  • Correct inaccurate personal information;
  • Delete personal information, subject to legal exceptions;
  • Opt out of the sale or sharing of personal information;
  • Limit the use and disclosure of sensitive personal information; and
  • Be free from retaliation for exercising any of these rights.

Lyon Park Technologies does not sell or share personal information as those terms are defined under the CCPA, and we do not use sensitive personal information for purposes other than those permitted under the CCPA without your direction.

To exercise your California rights, email privacy@myfuelhq.com with the subject line “California Privacy Request.” We will verify your request before responding.

10. Children’s Data

The Services are intended for business use by adult professionals operating fuel retailing businesses. The Services are not directed to children under 18, and we do not knowingly collect personal data from children. If we learn that we have inadvertently collected personal data from a child, we will delete it.

11. Security Measures

We implement administrative, technical, and physical safeguards designed to protect personal data, including:

  • industry-standard encryption in transit (TLS) and at rest;
  • role-based access controls and the principle of least privilege;
  • multi-factor authentication available for customer accounts;
  • tenant isolation enforced through row-level security in our database layer;
  • centralized audit logging of administrative and customer-facing actions;
  • vendor risk assessment and contractual data-protection commitments with subprocessors;
  • regular review of access, dependencies, and infrastructure configuration.

No system is completely secure, and we cannot guarantee that personal data will not be subject to unauthorized access, disclosure, alteration, or destruction.

12. Security Incident Notification

If Lyon Park Technologies confirms unauthorized access affecting personal data, we will notify affected customers without undue delay and, where feasible, within seventy-two (72) hours of confirmation. Notification will include the nature and scope of the incident, the categories of personal data involved (to the extent known), the steps Lyon Park Technologies has taken or will take in response, and recommendations for the customer.

13. Cookies and Tracking

We use a small set of cookies and similar technologies, organized into the following categories:

  • Essential session cookies: required to authenticate you and maintain your logged-in session.
  • Analytics cookies (Google Analytics 4): used to understand how visitors use the public marketing site so we can improve it.
  • No advertising cookies and no third-party tracking pixels. We do not place advertising cookies, and we do not embed third-party tracking pixels in the authenticated Services.

You can control cookies through your browser settings. Disabling essential cookies will prevent you from logging in to the Services.

Note: If we begin serving customers or visitors in the EU, UK, or other regions requiring prior consent for analytics cookies, a consent banner will be added.

14. Mobile Application Provisions

If MyFuelHQ™ releases a mobile application, it will use the following data:

  • Push notification tokens (Apple Push Notification service / APNs): used to deliver alerts you have opted into. Tokens are stored only as long as needed to deliver notifications.
  • Camera (optional): used to capture supplier documents. Captured images remain on the device until you upload them; we do not background-collect images.
  • Face ID / Touch ID (optional): handled entirely on-device by iOS to unlock the app. Biometric data never leaves your device and is not transmitted to or stored by Lyon Park Technologies.
  • No IDFA tracking; ATT prompt not required. The app does not request the Identifier for Advertisers and does not engage in cross-app tracking.

15. AI Processing of Documents

AI processing is part of the Services. When you forward or upload supplier documents to the Services, those documents are processed by AI as a core part of how the Services work. Lyon Park Technologies currently uses Anthropic, PBC’s Claude API to extract structured data from documents. AI-assisted parsing is not optional and Lyon Park Technologies does not offer a manual-only processing tier; customers who do not wish to have documents processed by AI should not submit those documents to the Services.

Subprocessor terms and no-training default. Anthropic processes documents on Lyon Park Technologies’ behalf as a subprocessor under its enterprise terms, which by default prohibit Anthropic from using API inputs and outputs to train its foundational models. Lyon Park Technologies relies on this default and will provide notice in accordance with Section 17 (Changes to This Policy) if it materially changes.

AI parsing is probabilistic and may produce errors. You are responsible for verifying any AI-generated output before relying on it for financial, regulatory, accounting, tax, or operational decisions.

16. International Transfers

The Services are operated in the United States, and all subprocessors listed in Section 6 host data in U.S. data centers. If you access the Services from outside the United States, your personal data will be transferred to and processed in the United States. The Services are not currently configured for compliance with the EU General Data Protection Regulation or the UK Data Protection Act, and we do not currently rely on Standard Contractual Clauses or other approved transfer mechanisms.

17. Changes to This Policy

We may update this Privacy Policy from time to time. For material changes, we will provide at least thirty (30) days’ prior notice by email to the billing owner address and through an in-app banner. Non-material changes are effective when posted. The “Last updated” date at the top of this Policy reflects the most recent revision.

18. How to Contact Us

Lyon Park Technologies, LLC
2758 Washington Blvd
Arlington, VA 22201

We aim to acknowledge privacy inquiries within five (5) business days.

19. Effective Entity

This Privacy Policy is between you and Lyon Park Technologies, LLC, a Virginia limited liability company with offices at 2758 Washington Blvd, Arlington, VA 22201. MyFuelHQ™ is a product of Lyon Park Technologies, LLC. The MyFuelHQ™ mark is a trademark of Lyon Park Technologies, LLC.