Legal

Privacy Policy

Last updated: April 1, 2025

Introduction

We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and protect information in connection with our GPS tracking devices and software services. Our services are used by individuals, businesses, and fleet managers for vehicle tracking, route monitoring, and related purposes. We collect limited personal data (such as phone number and real-time GPS location) only to provide and improve our service. We comply with applicable data protection laws, including the EU General Data Protection Regulation (GDPR), and apply strong security measures to safeguard your information. By using our services, you consent to the collection and use of your information as described in this Policy.

Information We Collect

We collect the following types of personal information:

  • Account and Contact Information: Name, email address, phone number, billing address, and other contact details you provide when registering or subscribing to our service. This information allows us to create and manage your account.
  • Device and Authentication Data: Information about the GPS device and software you use, such as device ID/serial number, hardware model, IP address, browser type (if accessing via web), login credentials (username and hashed password), and other system identifiers.
  • Location and Usage Data: Real-time GPS location coordinates of your vehicle(s), route history, time stamps, and related telemetry data collected while using the service. We also collect usage logs and analytics (for example, service usage times, features accessed, and error reports) to operate and improve our service.
  • Payment Information (if applicable): If you make purchases or subscribe to a paid plan, we collect payment details (e.g. credit card or bank account information) only as necessary to process payments. We do not store full payment card information; such data is handled by secure payment processors.

We collect information directly from you when you register, use the service, contact us, or otherwise interact with our products. We may also automatically collect certain technical information from devices used to access our service (e.g. IP address, device type) to help secure and maintain the service.

How We Use Your Information

We use the personal data we collect for the following purposes:

  • Service Provision: To provide, personalize, maintain, and improve the GPS tracking services. For example, we use your location data to display your vehicle's position on maps, compute routes, provide alerts (geofencing, speed, etc.), and power real-time tracking features. We use your phone number and contact details to set up and manage your account and communicate important service information (such as account updates or alerts).
  • Account Management and Support: To manage your account, authenticate your access, process payments (if applicable), and respond to your inquiries or support requests. We use contact information to send transactional and administrative communications (such as password resets, account confirmations, or important notices about the service).
  • Service Improvement and Analytics: To analyze how our services are used, diagnose technical issues, and improve our products. We aggregate and anonymize usage data for performance metrics and troubleshooting. We also use analytics to optimize system performance and to detect and prevent abuse or unauthorized use.
  • Security and Fraud Prevention: To protect the security and integrity of our systems and your data. This includes verifying accounts, detecting suspicious activity, preventing fraud, and enforcing our terms of service.
  • Legal Compliance: To comply with applicable legal obligations. For example, we may use or disclose information as required by law (e.g. responding to lawful requests by public authorities) or to comply with valid legal processes.
  • No Third-Party Sharing: We do not sell, rent, or share your personal information with unaffiliated third parties for their marketing purposes. We do not integrate or sync your data with any external platforms or services. Your data is processed solely within our organization to provide the tracking service. If required (for example, in connection with a merger, acquisition, or sale of assets), your information might be disclosed to another entity, but only to the extent necessary, and with appropriate safeguards.

Throughout these uses, we adhere to the principles of data minimization and purpose limitation. We use only the personal data necessary to achieve the purposes described, and we do not use it in ways that are incompatible with those purposes.

Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA) or the UK, our processing of your personal data is governed by the GDPR. Under Article 6 of the GDPR, we rely on one or more lawful bases to process your data:

  • Performance of a Contract (Art. 6(1)(b)): We process personal data as necessary to perform our contract with you. For example, collecting your location data and contact information is necessary to provide you with the GPS tracking service you requested.
  • Consent (Art. 6(1)(a)): Where required by law, we rely on your consent. For instance, if we offer optional features (such as email updates or marketing communications) you must consent before we use your data for those purposes. You may withdraw consent at any time by contacting us, without affecting the lawfulness of processing prior to withdrawal.
  • Legal Obligations (Art. 6(1)(c)): We may process or retain personal data as necessary to comply with legal obligations, such as tax or accounting laws. For example, billing and payment records are kept to satisfy financial regulations.
  • Legitimate Interests (Art. 6(1)(f)): In some cases, we process data based on our legitimate interests, provided those interests do not override your rights and freedoms. For example, we have a legitimate interest in ensuring the security of our systems and detecting fraud (such as verifying login attempts or investigating network anomalies). We also rely on legitimate interests to improve our service (analysis and debugging) and to enforce our terms. We always balance our interests against your rights; for instance, we do not process sensitive personal data without explicit consent.

These lawful bases align with GDPR requirements. When we rely on legitimate interests, we perform internal reviews to ensure minimal intrusion and compliance with GDPR principles.

Data Security

We implement strong security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include administrative, technical, and physical safeguards such as:

  • Encryption: We use industry-standard encryption to protect data both in transit and at rest. All data transmission between your devices and our servers is encrypted (e.g. via HTTPS/TLS). Additionally, we employ end-to-end encryption for sensitive data streams where feasible, meaning that location data is encrypted on the device and only decrypted within our secure systems. Encryption is explicitly cited by the GDPR as an example of an "appropriate technical … measure" for data security. In fact, GDPR guidance notes that proper encryption can render personal data unintelligible in the event of a breach, potentially reducing legal reporting requirements.
  • Access Controls: We enforce strict access controls and authentication. Only authorized personnel may access personal data, and system logs audit who accessed what and when. Employees and contractors undergo privacy and security training and are bound by confidentiality obligations.
  • Infrastructure Security: We host data on secure servers with up-to-date security patches, firewalls, and intrusion detection systems. We regularly test and monitor our systems to guard against vulnerabilities. Regular backups and disaster recovery plans ensure data availability and integrity in case of hardware failure or other incidents.
  • Ongoing Assessment: In line with Article 32 of the GDPR, we continually review and update our security practices based on the latest industry standards and potential threats. We conduct periodic security assessments (including penetration testing and audits) to validate the effectiveness of our safeguards.

By taking these measures, we strive to ensure the confidentiality, integrity, and availability of your personal data. Our goal is to exceed regulatory requirements so that your information remains secure at all times.

Data Retention

We retain personal data only as long as necessary to fulfill the purposes outlined above and to comply with legal obligations. Specifically:

  • Service Data: We retain your location and account data while your account is active and as needed to provide ongoing services. If you deactivate or delete your account, we will erase or anonymize your personal data within a reasonable timeframe thereafter.
  • Billing and Legal Records: We retain billing, payment, and correspondence records for a period required by applicable laws (for example, accounting rules) or for as long as reasonably needed to address disputes and maintain compliance.
  • Backups: Encrypted backups may be stored for a limited period to support disaster recovery, after which they are deleted or overwritten.

In accordance with GDPR's storage limitation principle, personal data is "kept in a form which permits identification of data subjects for no longer than is necessary". When data is no longer needed for any legitimate purpose, it is securely deleted or irreversibly anonymized. We periodically review stored data to remove anything that should no longer be retained. For example, inactive accounts with no login for an extended period (e.g. several years) are deactivated and eventually purged unless retention is legally required.

Your Rights under GDPR

If you are an EU/EEA or UK resident, the GDPR grants you certain rights regarding your personal data. We respect and facilitate the exercise of these rights:

  • Right to Access: You have the right to obtain confirmation of whether we process your personal data and to request a copy of the data we hold about you.
  • Right to Rectification: You may request correction of inaccurate or incomplete personal data (for example, updating a phone number or address).
  • Right to Erasure ('Right to be Forgotten'): You may request deletion of your personal data when there is no longer a valid reason for us to process it (for example, after account deletion). However, please note some data may be retained if required by law or for legitimate business purposes.
  • Right to Restrict Processing: You can ask us to restrict processing of your data while we verify its accuracy or if you have objected to certain processing and we are considering those objections.
  • Right to Data Portability: You have the right to receive your personal data in a structured, commonly used and machine-readable format, and to transmit that data to another controller, when technically feasible. For instance, you can request a file of your location history or account details.
  • Right to Object: You may object to our processing of your personal data for certain purposes, including direct marketing or processing based on legitimate interests. If you object, we will cease those activities unless we have compelling legitimate reasons to continue or if required by law.
  • Right to Withdraw Consent: If we rely on your consent to process data (for optional services or communications), you have the right to withdraw that consent at any time. Withdrawal of consent will not affect the lawfulness of processing carried out prior to withdrawal.
  • Right to Lodge a Complaint: If you believe our processing of your data violates applicable laws, you have the right to file a complaint with a supervisory authority in your jurisdiction.

We handle all requests in accordance with the GDPR. We will respond to verified requests without undue delay and within the one-month time limit (which may be extended by two additional months if needed and you are informed of the delay). To exercise any of these rights, please contact our Data Protection Officer using the information below in the Contact Information section. We may ask you to verify your identity before acting on any request. We will not charge a fee for reasonable requests; however, if a request is manifestly unfounded or excessive (particularly if repetitive), we may charge a reasonable fee or refuse to act, in accordance with the GDPR.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal requirements. When we make material changes, we will notify you by posting an updated version on our website and updating the policy's "Effective Date." For significant changes (e.g. reusing data for new purposes), we will notify you via email or through in-app announcements where feasible. Please review this Privacy Policy periodically. Continued use of our services after a revision constitutes acceptance of the updated terms.

Contact Information

If you have questions, concerns or requests regarding this Privacy Policy or our data practices, please contact our Data Protection Officer (DPO):

Our DPO will handle inquiries about your privacy rights and this policy. We strive to respond to all communications promptly and within any legal timeframes.

If you reside in the EU/EEA or the UK and believe that we are processing your personal data unlawfully, you may also lodge a complaint with the data protection authority in your country.

Effective Date: April 1, 2025.

This Privacy Policy outlines our commitment to transparency and data protection. Your privacy is important to us, and we take every step to protect your personal information in accordance with GDPR and industry best practices.