Privacy Policy

Last updated: April 28, 2026

This Privacy Policy explains how F2 Core collects, uses, discloses, stores, and protects personal information when you visit or use f2core.com, our forms, calculators, partner directory, portals, mobile or field workflows, connected-hardware workflows, and related business services.

For purposes of this Policy, "F2 Core," "we," "us," and "our" means FLEX2 LLC., with principal contact information listed in the Contact Us section below.

F2 Core is a business-to-business platform for dealership operations, facility operations, environmental workflows, SPCC documentation support, partner routing, vendor workflows, connected hardware workflows, AFMS, and audit-ready evidence management. Our services are not intended for personal, household, or children’s use.

Contents

Scope of this Policy
Our Role: Controller, Processor, Service Provider, or Partner Intermediary
Personal Information We Collect
Sources of Personal Information
How We Use Personal Information
Legal Bases for Processing in the EEA, UK, and Similar Regions
Cookies, Analytics, and Similar Technologies
How We Disclose Personal Information
Sales, Sharing, Targeted Advertising, and Profiling
Notice at Collection for California and Similar U.S. State Laws
Privacy Rights and Choices
Regional Privacy Disclosures
International Transfers
Retention
Security
Customer Data, Tenant Data, and Organization-Controlled Records
Partner Directory and Routed Requests
Connected Hardware, Sensors, and Field Apps
Automated Workflows, Analytics, and AI-Assisted Features
Marketing Communications
Do Not Track and Global Privacy Control
Children’s Privacy
Third-Party Links and Services
Changes to this Policy
Contact Us

1. Scope of this Policy

This Policy applies to personal information we process through:

public websites, including pages for platform, compliance, AFMS, hardware, resources, pricing, partner directory, and contact;
forms such as Request Concierge, Request Demo, Talk to Sales, Request Quote, partner applications, downloads, checklist requests, and support requests;
free tools and calculators, including SPCC screening and containment calculators;
authenticated portals, customer dashboards, partner portals, field apps, and role-based workflows;
partner, vendor, dealer, installer, compliance, waste/pickup, and hardware routing workflows;
connected hardware and operational telemetry workflows where personal information is included or associated with a user, site, device, asset, partner, or work record;
support, training, implementation, billing, security, and administrative communications.

This Policy does not replace any separate written customer agreement, data processing agreement, partner agreement, order form, or service terms. Where a separate agreement applies, that agreement controls to the extent it conflicts with this Policy.

2. Our Role: Controller, Processor, Service Provider, or Partner Intermediary

Depending on the context, F2 Core may act in different privacy roles.

For website visitors, demo requests, marketing contacts, partner applications, directory submissions, and direct business inquiries, F2 Core generally acts as an independent controller or business that determines how personal information is used.

For customer platform data submitted by an organization through an authenticated account, F2 Core may act as a processor, service provider, contractor, or data intermediary processing information on behalf of that customer and under that customer’s instructions.

For partner-routed requests, F2 Core may act as a routing intermediary. The partner, dealer, installer, waste vendor, compliance provider, or service provider that receives the request may separately act as an independent controller or business for its own follow-up, quoting, scheduling, service delivery, billing, and compliance obligations.

3. Personal Information We Collect

We collect personal information directly from you, from your organization, from authorized users, from partners or vendors, from connected systems, and from automated website or platform technologies.

A. Contact and business identity information

We may collect your name, business email, phone number, job title, company, dealership group, department, role, work location, mailing address, region, and preferred contact method.

B. Account and access information

We may collect login identifiers, account credentials or authentication tokens, role assignments, organization membership, site access, permission settings, SSO or identity-provider details, access logs, and security events.

C. Website, form, and marketing information

We may collect form submissions, demo requests, quote requests, partner applications, download requests, calculator submissions, newsletter or marketing preferences, UTM/source data, campaign attribution, page views, referral URLs, search terms, click activity, device identifiers, browser type, IP address, approximate location, cookie identifiers, and analytics events.

D. Site, facility, asset, and workflow information

We may collect information about dealership sites, facilities, assets, tanks, equipment, connected devices, vendors, service categories, work orders, tickets, RFQs, schedules, inspections, labels, QR codes, manifests, documents, photos, notes, approvals, invoices, credits, closeout records, audit packets, and related operational history.

Some of this information may relate to individuals if it includes names, contact details, signatures, photos, role assignments, user actions, timestamps, device usage, or location-related workflow records.

E. Compliance and environmental workflow information

We may collect information submitted through SPCC, containment, labeling, inspection, audit-readiness, incident, spill-reporting, waste pickup, used-oil, and environmental documentation workflows. This may include state, facility location, tank/container details, fluid types, capacities, spill history responses, inspection notes, label records, partner review status, and evidence exports.

F. Connected hardware, telemetry, and field workflow information

Where enabled, we may process device heartbeat, tank level, sensor readings, runtime, cycle counts, pressure, dew point, current sensing, alarms, thresholds, transfer events, stop events, pickup events, photos, signatures, route context, mobile app activity, offline store-and-forward events, timestamps, and related diagnostic information.

G. Partner, vendor, dealer, and directory information

We may collect partner profile details, service coverage, capabilities, certifications, service categories, contact endpoints, territories, response SLAs, application details, qualification information, performance metrics, quote responses, scheduling records, documents, invoices, and closeout information.

H. Payment, commercial, and billing information

If paid services, hardware orders, subscriptions, or partner services are enabled, we may collect billing contacts, invoice information, payment status, purchase history, commercial terms, subscription details, order details, and related financial workflow records. Payment card or bank information, if collected, should be handled by a payment processor and not stored by F2 Core unless expressly disclosed.

I. Support and communications information

We may collect messages, emails, chat records, helpdesk tickets, call notes, meeting notes, implementation notes, training records, troubleshooting information, attachments, and feedback.

J. Sensitive personal information

F2 Core is designed for business and operational workflows, not for collecting sensitive personal information. However, some information may be considered sensitive under certain laws, such as account credentials, precise location if enabled in field apps, contents of communications submitted to us, incident-related records, photos, or signatures.

We do not use sensitive personal information to infer characteristics about individuals. We use it only as needed to provide the service, maintain security, comply with law, complete requested workflows, or as otherwise permitted by applicable law.

4. Sources of Personal Information

We may collect personal information from:

you directly;
your employer or organization;
authorized account administrators;
dealerships, dealer groups, partners, vendors, installers, waste/pickup providers, compliance providers, and service providers;
connected devices, sensors, field apps, and platform integrations;
identity providers, SSO providers, CRM tools, support tools, analytics providers, hosting providers, and security tools;
public business sources, partner websites, or professional directories;
systems integrated at your organization’s direction, such as maintenance, ERP, accounting, partner, or vendor systems.

5. How We Use Personal Information

We use personal information for the following purposes.

A. Provide and operate the services

To provide websites, calculators, portals, dashboards, partner directory features, FacilityOps Concierge, SPCC workflows, AFMS workflows, hardware workflows, work routing, partner routing, field apps, evidence records, exports, support, account administration, and customer-requested services.

B. Respond to inquiries and route requests

To respond to demo requests, quote requests, contact forms, partner applications, concierge intake, support requests, download requests, checklist requests, and related communications.

Where a request involves a partner, dealer, installer, compliance provider, waste/pickup provider, or vendor, we may route relevant details to that party so they can respond, quote, schedule, deliver, or support the requested service.

C. Manage accounts, roles, and access

To authenticate users, assign permissions, support SSO, enforce role-based access, maintain organization and site access, manage customer or partner accounts, and protect against unauthorized use.

D. Operate workflows and maintain records

To create, route, assign, schedule, approve, document, close out, audit, export, and report on tickets, work orders, RFQs, inspections, pickups, labels, QR codes, documents, invoices, credits, incidents, and asset records.

E. Support compliance-readiness and documentation workflows

To support SPCC inventory, containment calculations, state-aware workflow guidance, labeling records, inspection schedules, audit packets, document retention, and environmental workflow organization.

F2 Core provides workflow, documentation, visibility, and audit-readiness support. It does not provide legal, engineering, environmental, tax, or professional advice.

F. Improve, secure, and monitor the services

To analyze usage, improve features, debug errors, maintain performance, prevent fraud or abuse, detect security incidents, enforce terms, protect systems, monitor uptime, test functionality, and develop new services.

G. Marketing and business development

To send business communications, newsletters, product updates, event information, partner program information, demo follow-ups, and other marketing communications, where permitted by law. You may opt out of marketing emails at any time.

H. Analytics and attribution

To understand website traffic, page performance, resource downloads, form activity, funnel conversion, partner directory searches, and product interest.

I. Legal, contractual, and administrative purposes

To comply with laws, enforce agreements, manage billing, resolve disputes, respond to lawful requests, maintain audit records, protect rights and safety, and support mergers, acquisitions, financing, reorganization, or similar business transactions.

6. Legal Bases for Processing in the EEA, UK, and Similar Regions

Where applicable law requires a legal basis for processing, we rely on one or more of the following:

Contract: to provide services, accounts, portals, support, subscriptions, orders, and requested business workflows.
Legitimate interests: to operate, secure, improve, market, and administer our B2B services; route requests; prevent fraud; understand product interest; and support business communications.
Consent: for certain cookies, marketing communications, optional location features, or other processing where consent is required.
Legal obligations: to comply with tax, accounting, audit, security, regulatory, or lawful request obligations.
Vital interests or public interest: only where applicable and necessary, such as safety or emergency-related circumstances.

You may withdraw consent where processing is based on consent. Withdrawal does not affect processing that occurred before withdrawal or processing that continues under another lawful basis.

7. Cookies, Analytics, and Similar Technologies

We may use cookies, pixels, tags, SDKs, local storage, and similar technologies to:

operate the website and portals;
keep users logged in;
remember preferences;
secure accounts and prevent abuse;
measure page performance and product interest;
understand form activity and conversion paths;
support analytics, attribution, and marketing where permitted.

Cookie categories may include:

Strictly necessary cookies for security, authentication, routing, form protection, and core functionality.
Functional cookies for preferences and usability.
Analytics cookies for traffic, performance, diagnostics, and product interest.
Marketing or advertising cookies, if enabled, for attribution, retargeting, campaign measurement, or cross-context behavioral advertising.

Where required, we will request consent before using non-essential cookies. You can manage cookies through browser settings and any cookie preference tool we provide.

We honor applicable opt-out signals where required by law, including Global Privacy Control where it is legally required and technically recognized.

8. How We Disclose Personal Information

We may disclose personal information to the following categories of recipients.

A. Service providers and subprocessors

Hosting, cloud infrastructure, database, storage, security, monitoring, analytics, email, CRM, support, identity, SSO, payment, communications, workflow, document, form, mapping, search, and professional service providers.

B. Customers and account administrators

If you use the services through an organization, your organization and its administrators may access information associated with your account, role, activity, records, permissions, workflows, and submitted content.

C. Partners, dealers, installers, vendors, and service providers

We may share request details, site information, contact information, asset context, urgency, service category, documents, quote details, schedule details, closeout records, and related workflow information with partners or vendors involved in the requested service.

D. Integrated systems

At a customer’s direction, we may share information with ERP, maintenance, accounting, identity, partner, vendor, CRM, compliance, hardware, or other integrated systems.

E. Professional advisors and legal recipients

We may share information with lawyers, auditors, insurers, accountants, consultants, regulators, courts, law enforcement, or other parties when necessary for legal, compliance, security, or dispute-resolution purposes.

F. Business transaction parties

We may disclose information in connection with a merger, acquisition, financing, sale, restructuring, bankruptcy, or transfer of all or part of our business.

G. Public or directory-facing information

Partner directory profiles, business listings, capability badges, service coverage, certifications, and public business contact details may be displayed publicly where submitted or approved for publication.

9. Sales, Sharing, Targeted Advertising, and Profiling

We do not sell personal information for money.

Some analytics, advertising, attribution, or marketing technologies may be considered "sharing," "targeted advertising," or "cross-context behavioral advertising" under certain U.S. state privacy laws. Where applicable, you may opt out through our cookie preference tool, a "Do Not Sell or Share My Personal Information" or similar link, or by sending a request using the Contact Us section below.

We do not use personal information to make solely automated decisions that produce legal or similarly significant effects concerning individuals without appropriate human review.

10. Notice at Collection for California and Similar U.S. State Laws

The table below summarizes categories of personal information we may collect, the purposes for collection, and categories of recipients.

Category	Examples	Purposes	Categories of recipients
Identifiers	Name, email, phone, company, account ID, IP address	Respond to requests, create accounts, provide services, security, support, marketing	Service providers, customers, partners, vendors, integrated systems
Commercial and business information	Orders, subscriptions, services requested, quote requests, partner applications, billing contacts	Provide services, route requests, billing, support, analytics	Service providers, partners, customers, professional advisors
Internet or electronic network activity	Page views, cookie IDs, device/browser data, referrer, analytics events	Security, analytics, troubleshooting, attribution, product improvement	Analytics, hosting, security, and marketing providers
Professional or employment-related information	Role, title, department, organization, permissions	Account management, workflow routing, authorization, support	Customers, service providers, partners where relevant
Geolocation information	Approximate website location; precise field-app or workflow location if enabled	Directory search, partner routing, field workflow support, fraud prevention	Service providers, customers, partners involved in workflow
Audio, visual, or similar information	Photos, signatures, uploaded documents, field evidence	Service delivery, closeout proof, audit-ready records, support	Customers, partners, service providers
Sensitive personal information	Account credentials, precise location if enabled, contents of submitted communications, signatures, incident details	Security, authentication, requested services, legal compliance, workflow completion	Service providers, customers, partners as needed
Inferences	Product interest, workflow status, partner match, lead routing signals	Improve routing, personalize business follow-up, analytics	Service providers, customers, partners as needed
Customer records and operational data	Sites, assets, tanks, devices, inspections, labels, QR records, tickets, RFQs, invoices, manifests	Provide platform, compliance, partner, vendor, and hardware workflows	Customers, service providers, partners, integrated systems

We retain each category for the period described in the Retention section below.

11. Privacy Rights and Choices

Depending on where you live and how we process your information, you may have rights to:

access or know what personal information we process;
receive a copy of personal information;
correct inaccurate information;
delete information;
restrict or object to processing;
withdraw consent;
opt out of marketing communications;
opt out of sale, sharing, targeted advertising, or certain profiling;
limit use of sensitive personal information;
request portability;
appeal a denied request where required by law;
lodge a complaint with a privacy regulator.

We will not discriminate against you for exercising privacy rights.

To make a request, contact us using the Contact Us section below. We may need to verify your identity and authority before responding. If you submit a request involving information controlled by your employer, customer organization, or another business, we may direct the request to that organization or respond as required by our contract and applicable law.

Authorized agents may submit requests where permitted by law. We may require proof of authorization.

12. Regional Privacy Disclosures

EEA, UK, and Switzerland

Individuals in the EEA, UK, and Switzerland may have rights under applicable data protection laws, including rights of access, rectification, erasure, restriction, portability, objection, withdrawal of consent, and complaint to a supervisory authority.

If we transfer personal information outside the EEA, UK, or Switzerland, we use appropriate safeguards where required, such as standard contractual clauses, UK addenda, adequacy mechanisms, data processing agreements, or other lawful transfer mechanisms.

California and other U.S. states

Residents of California and other U.S. states may have rights to know, access, correct, delete, opt out of sale or sharing, opt out of targeted advertising, limit certain sensitive personal information uses, and appeal certain decisions.

We do not knowingly sell personal information for money. If our use of analytics or advertising technologies is considered sharing or targeted advertising, we provide applicable opt-out mechanisms.

Canada

Canadian residents may request access to and correction of personal information, ask questions about our privacy practices, or submit complaints. We use contractual and organizational safeguards when personal information is processed by service providers.

Brazil

Brazilian residents may have rights under the LGPD, including confirmation of processing, access, correction, anonymization, blocking, deletion, portability, information about sharing, withdrawal of consent, and review of certain decisions.

Australia and New Zealand

Residents of Australia and New Zealand may request access to or correction of personal information and may submit privacy complaints. We aim to maintain a clearly expressed, up-to-date privacy policy and reasonable safeguards for personal information.

India

Where India’s Digital Personal Data Protection Act applies, individuals may have rights to notice, access information, correction, erasure, grievance redressal, withdrawal of consent, and nomination rights, subject to applicable rules and exceptions.

Singapore and other regions

Where other privacy laws apply, we will honor applicable rights and requests as required by law.

13. International Transfers

F2 Core may process personal information in the United States and other countries where we, our service providers, partners, customers, or vendors operate. These countries may have privacy laws that differ from the laws where you live.

Where required, we use legal transfer mechanisms and safeguards such as data processing agreements, contractual commitments, standard contractual clauses, security controls, access controls, and vendor due diligence.

14. Retention

We retain personal information only as long as reasonably necessary for the purposes described in this Policy, unless a longer period is required or permitted by law, contract, audit, tax, accounting, security, dispute-resolution, or compliance obligations.

Retention periods vary by context. We use the following criteria:

Information type	Typical retention approach
Website analytics and cookies	Based on cookie type, consent settings, browser settings, and analytics configuration
Marketing and lead records	Until no longer needed for business follow-up, unless you opt out or request deletion where applicable
Demo, quote, and contact requests	As long as needed for sales, support, partner routing, audit, and business records
Partner directory and application records	As long as the partner relationship, review, publication, or application process remains active, plus a reasonable records period
Account and platform records	For the account term and a reasonable period afterward, subject to customer agreement and legal obligations
Operational workflow records	As needed for service delivery, audit-ready history, customer reporting, legal obligations, and customer agreements
Compliance, environmental, SPCC, inspection, label, incident, and evidence records	As needed for customer-directed compliance-readiness, audit, legal, and documentation purposes
Security logs	As needed for security, fraud prevention, incident investigation, and platform integrity
Billing and tax records	As required for accounting, tax, audit, and legal purposes

When information is no longer needed, we delete, de-identify, aggregate, or retain it only as legally permitted.

15. Security

We use administrative, technical, and organizational safeguards designed to protect personal information from unauthorized access, disclosure, alteration, misuse, or loss.

Safeguards may include encryption, access controls, role-based permissions, least-privilege access, audit logging, secure development practices, monitoring, backups, vendor review, incident response procedures, and contractual protections.

No system is completely secure. You are responsible for using strong passwords, protecting credentials, configuring user access appropriately, and notifying us promptly of suspected unauthorized access.

16. Customer Data, Tenant Data, and Organization-Controlled Records

Where personal information is submitted to F2 Core by or on behalf of a customer organization, that organization may control the relevant record. This may include user accounts, site records, asset records, partner workflows, compliance records, field evidence, documents, tickets, work orders, RFQs, invoices, and audit exports.

If you are an end user of a customer organization and want to exercise rights regarding organization-controlled records, contact your organization first. We will support customer organizations as required by our agreements and applicable law.

17. Partner Directory and Routed Requests

If you use the partner directory, request a quote, submit a partner application, request dealer/installer contact, request compliance services, or request waste/pickup coverage, we may share relevant information with eligible partners or vendors.

Information shared may include your contact details, company, location, site count, service need, requested product or service, preferred timeline, notes, and related workflow context.

Partners and vendors may use that information to respond, quote, schedule, provide services, maintain their own records, or comply with their own legal obligations. Their use of information may be governed by their own privacy notices and agreements.

18. Connected Hardware, Sensors, and Field Apps

If connected hardware, AFMS, monitoring kits, controls, field apps, or related workflows are enabled, we may process operational telemetry and field records. This may include device readings, alerts, thresholds, user actions, QR scans, before/after photos, signatures, route context, offline app events, timestamps, and closeout details.

We use this information to operate hardware-related workflows, route service, support safety workflows, document closeout, troubleshoot devices, improve reliability, and maintain asset history.

19. Automated Workflows, Analytics, and AI-Assisted Features

F2 Core may use rules, workflow automation, analytics, anomaly detection, ranking, recommendations, and AI-assisted tools to support operational workflows. Examples may include partner matching, request routing, exception detection, document organization, ticket prioritization, summary generation, and dashboard insights.

These tools are intended to support human decision-making and operational follow-through. We do not use them to make solely automated decisions about individuals that produce legal or similarly significant effects without appropriate human review.

20. Marketing Communications

You may opt out of marketing emails by using the unsubscribe link in the email or by contacting us. Even if you opt out of marketing, we may still send transactional, security, account, service, legal, or administrative communications.

21. Do Not Track and Global Privacy Control

Some browsers offer "Do Not Track" signals. There is not a uniform industry standard for responding to those signals.

Where legally required, we honor recognized opt-out preference signals such as Global Privacy Control for applicable sale, sharing, or targeted advertising opt-outs.

22. Children’s Privacy

F2 Core is intended for business users and is not directed to children. We do not knowingly collect personal information from children. If you believe a child has provided personal information to us, contact us so we can take appropriate action.

23. Third-Party Links and Services

Our websites and services may link to third-party websites, partner websites, integrations, payment processors, identity providers, map providers, support tools, or external resources. We are not responsible for the privacy practices of third parties. Review their privacy notices before submitting information to them.

24. Changes to this Policy

We may update this Policy from time to time. The "Last updated" date shows when this Policy was last revised. If we make material changes, we will provide notice as required by law, such as by posting the updated Policy, notifying account administrators, or providing in-product notice.

25. Contact Us

For privacy questions, requests, or complaints, contact the F2 Core Privacy Team using the details below.

F2 Core Privacy Team

For privacy questions, requests, or complaints:

Email: [email protected]

Mailing address: 416 Market St, Suite 202, Lewisburg PA 17837

Use the contact form →

← Back to Home Back to top ↑