GDPR Compliance
FleetKeeper is committed to protecting your personal data and complying with the General Data Protection Regulation (GDPR). This page provides information about how we comply with GDPR and explains your rights under this regulation.
1. About GDPR
The General Data Protection Regulation (GDPR) is a European Union regulation that governs how personal data of individuals in the EU/EEA must be processed. It applies to any organization that processes personal data of EU/EEA residents, regardless of where the organization is located.
2. How FleetKeeper Complies with GDPR
2.1 Lawful Basis for Processing
We only process your personal data when we have a lawful basis to do so:
- Contract Performance: We process data necessary to provide our Service to you.
- Legitimate Interests: We process data for our legitimate business interests, such as improving our Service, preventing fraud, and ensuring security.
- Consent: We obtain your consent for optional processing, such as marketing communications.
- Legal Obligation: We process data when required by law.
2.2 Data Minimization
We only collect and process personal data that is necessary for the purposes for which it is processed. We do not collect excessive or unnecessary data.
2.3 Data Security
We implement appropriate technical and organizational measures to protect your data:
- Encryption of data in transit (TLS 1.3) and at rest (AES-256)
- Multi-tenant architecture with strict data isolation
- Regular security audits and vulnerability assessments
- Access controls and authentication requirements
- Employee training on data protection
- Incident response procedures
2.4 Data Processing Agreements
We have Data Processing Agreements (DPAs) in place with all third-party service providers who process personal data on our behalf. These agreements ensure that they comply with GDPR requirements.
2.5 International Data Transfers
When we transfer personal data outside the EEA, we ensure appropriate safeguards are in place:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Data processing agreements with all service providers
3. Your Rights Under GDPR
As a data subject under GDPR, you have the following rights. To exercise any of these rights, please contact us at privacy@fleetkeeper.app.
3.1 Right of Access (Article 15)
You have the right to obtain confirmation as to whether your personal data is being processed, and if so, access to that data along with information about how it is being used.
How to exercise: Contact us to request a copy of your personal data. We will provide it in a commonly used electronic format.
3.2 Right to Rectification (Article 16)
You have the right to have inaccurate personal data corrected and incomplete data completed.
How to exercise: Update your information directly in the app or contact us to request corrections.
3.3 Right to Erasure / "Right to be Forgotten" (Article 17)
You have the right to request the deletion of your personal data when:
- The data is no longer necessary for its original purpose
- You withdraw consent and there is no other legal basis
- You object to processing and there are no overriding legitimate grounds
- The data has been unlawfully processed
- Legal obligations require erasure
How to exercise: Use the account deletion feature in the app or contact us. Your data will be deleted within 30 days.
3.4 Right to Restriction of Processing (Article 18)
You have the right to request restriction of processing when:
- You contest the accuracy of the data
- Processing is unlawful but you don't want deletion
- We no longer need the data but you need it for legal claims
- You have objected to processing pending verification
How to exercise: Contact us to request restriction. We will mark the data and limit processing.
3.5 Right to Data Portability (Article 20)
You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller.
How to exercise: Use the data export feature in the app or contact us for a complete export of your data.
3.6 Right to Object (Article 21)
You have the right to object to processing based on legitimate interests, direct marketing, or processing for research/statistics.
How to exercise: Contact us to object. We will stop processing unless we have compelling legitimate grounds.
3.7 Right Not to be Subject to Automated Decision-Making (Article 22)
You have the right not to be subject to decisions based solely on automated processing that produce legal or significant effects.
Note: FleetKeeper does not make automated decisions that produce legal or significant effects on users.
3.8 Right to Withdraw Consent
Where processing is based on your consent, you have the right to withdraw that consent at any time without affecting the lawfulness of prior processing.
How to exercise: Adjust your preferences in the app settings or contact us.
4. Data We Process
Here is an overview of the personal data we process:
| Data Category | Examples | Purpose | Legal Basis |
|---|---|---|---|
| Account Information | Name, email, password | Account creation and authentication | Contract |
| Company Information | Company name, address | Multi-tenant organization | Contract |
| Fleet Data | Vehicle info, driver info, expirations | Core service functionality | Contract |
| Documents | Uploaded files, photos | Document management | Contract |
| Usage Data | App interactions, logs | Service improvement | Legitimate Interest |
| Communication Data | Support messages | Customer support | Contract |
5. Data Retention
We retain your data only as long as necessary:
- Active Accounts: Data retained while your account is active
- After Deletion Request: Data deleted within 30 days
- Backup Data: Retained for up to 90 days after deletion
- Usage Logs: Anonymized after 12 months
6. Sub-Processors
We use the following sub-processors to provide our Service:
| Sub-Processor | Purpose | Location |
|---|---|---|
| Supabase | Database and Authentication | EU (Germany) |
| Cloudflare | CDN and Document Storage | Global (EU data) |
| Expo | Push Notifications | USA (SCCs) |
| Brevo | Email Notifications | EU (France) |
7. Data Protection Officer
For GDPR-related inquiries, you may contact our Data Protection team:
- Email: dpo@fleetkeeper.app
8. Supervisory Authority
If you are not satisfied with our response to your data protection concerns, you have the right to lodge a complaint with your local data protection authority.
For users in Romania, the supervisory authority is:
- ANSPDCP (Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal)
- Website: www.dataprotection.ro
9. Data Breach Notification
In the event of a personal data breach, we will:
- Notify the relevant supervisory authority within 72 hours (if required)
- Notify affected individuals without undue delay (if the breach is likely to result in high risk to their rights and freedoms)
- Document the breach and our response
10. Contact Us
For any GDPR-related questions or to exercise your rights, please contact us:
- Privacy Email: privacy@fleetkeeper.app
- DPO Email: dpo@fleetkeeper.app
- General Support: support@fleetkeeper.app
We will respond to your request within 30 days as required by GDPR.