Privacy Policy

Last updated: 1 June 2025

Plain-English summary: We collect only what we need to run your fleet operations. We never sell your data to third parties. You can request a copy, correction, or deletion of your data at any time by emailing privacy@ofleet.io.

1. Who We Are

OFleet Technologies Ltd ("OFleet", "we", "our", or "us") operates the fleet management platform available at ofleet.io and via our mobile applications. We are the data controller for personal data processed under this policy.

Registered address: OFleet Technologies Ltd, [Address], [City], [Country]. Contact: privacy@ofleet.io.

2. Data We Collect

2.1 Information You Provide

  • Account data: Name, email address, company name, phone number, and billing information when you register or subscribe.
  • Fleet data: Vehicle details (registration, make, model, capacity), driver profiles (name, licence number, contact), delivery addresses, and operational schedules you enter into the platform.
  • Support communications: Messages, emails, or chat transcripts when you contact our support team.

2.2 Data Collected Automatically

  • Usage data: Pages visited, features used, session duration, and click interactions within the platform.
  • Device & technical data: IP address, browser type, operating system, and device identifiers.
  • GPS & location data: Real-time vehicle location transmitted by the OFleet driver app — used solely for route tracking and optimisation. Location data is retained for 90 days and then anonymised.
  • Cookies: See Section 7 for full cookie details.

2.3 Data From Third Parties

If you connect a third-party service (e.g. Shopify, WooCommerce, QuickBooks), we receive order and customer data necessary to perform dispatch and routing. We process this data only as instructed by you.

3. How We Use Your Data

Purpose Legal Basis (GDPR)
Providing and improving the OFleet platform Performance of contract
Route optimisation and dispatch automation Performance of contract
Billing and account management Performance of contract / Legal obligation
Customer support and onboarding Legitimate interest
Product analytics and feature development Legitimate interest
Marketing communications (opt-in only) Consent
Fraud prevention and security Legitimate interest / Legal obligation

4. Sharing Your Data

We do not sell your personal data. We share data only in these circumstances:

  • Service providers: Cloud hosting (AWS), payment processing (Stripe), analytics (Mixpanel), email delivery (SendGrid), and customer support tools. All processors are bound by data processing agreements.
  • Your integrations: Data shared with third-party apps you explicitly connect to OFleet.
  • Legal requirements: When required by law, court order, or to protect OFleet's legal rights.
  • Business transfers: In the event of a merger, acquisition, or sale of assets, data may be transferred to the successor entity. We will notify you in advance.

5. Data Retention

  • Account and operational data: retained for the duration of your subscription plus 2 years.
  • GPS location data: 90 days (then anonymised).
  • Billing records: 7 years (legal requirement).
  • Support conversations: 3 years.
  • You may request earlier deletion — see Section 6.

6. Your Rights

Depending on your jurisdiction, you have the right to:

  • Access: Request a copy of all personal data we hold about you.
  • Rectification: Ask us to correct inaccurate or incomplete data.
  • Erasure ("right to be forgotten"): Request deletion of your data (subject to legal retention obligations).
  • Restriction: Ask us to pause processing while a dispute is resolved.
  • Portability: Receive your data in a machine-readable format (CSV or JSON).
  • Objection: Object to processing based on legitimate interest, including marketing.
  • Withdraw consent: Where processing is based on consent, you may withdraw it at any time.

To exercise any right, email privacy@ofleet.io. We will respond within 30 days. If you are unsatisfied, you have the right to lodge a complaint with your local data protection authority.

7. Cookies

Category Purpose Duration
Strictly necessary Authentication, session management, security Session
Functional Remembering your preferences and settings 1 year
Analytics Aggregate usage statistics (no individual tracking) 2 years
Marketing (opt-in) Personalised ads on third-party platforms 90 days

You can manage cookie preferences via the cookie banner on first visit or in your account settings.

8. Data Security

OFleet is SOC 2 Type II certified. Security measures include AES-256 encryption at rest, TLS 1.3 in transit, role-based access control, multi-factor authentication for all staff, and annual third-party penetration testing. In the unlikely event of a data breach, we will notify affected users within 72 hours as required by GDPR.

9. International Transfers

Our primary servers are located in [Region]. If your data is transferred outside the European Economic Area, we ensure adequate protection through Standard Contractual Clauses (SCCs) approved by the European Commission, or equivalent mechanisms.

10. Children's Privacy

OFleet is a business-to-business service intended for users 18 years and older. We do not knowingly collect personal data from anyone under 16. If you believe a minor has provided us with data, contact privacy@ofleet.io and we will delete it promptly.

11. Changes to This Policy

We may update this policy periodically. Material changes will be communicated via email and an in-app notification at least 14 days before taking effect. Continued use of OFleet after that date constitutes acceptance of the revised policy.

12. Contact Us

For any privacy-related questions or requests, contact our Data Protection Officer at:
Email: privacy@ofleet.io
Post: OFleet Technologies Ltd, [Address], [City], [Country]