Privacy Policy

1. Introduction

Welcome to FleetWorkflow. We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our fleet management and vehicle rental platform.

If you have any questions or concerns about this policy or our practices with regard to your personal information, please contact us.

2. Information We Collect

2.1 Information You Provide

• Account Information: Email address, password (encrypted), full name
• Profile Information: Organization details, role within organization
• Customer Data: Customer names, email addresses, phone numbers, driver license numbers
• Vehicle Information: Vehicle details, VIN numbers, license plates, mileage, condition notes
• Rental Records: Booking information, rental dates, pricing, status updates
• Inspection Data: Vehicle condition reports, photos, notes
• Files and Photos: Inspection photos, vehicle documentation

2.2 Information Collected Automatically

• Usage Data: Pages visited, features used, time spent on platform
• Device Information: Browser type, operating system, IP address
• Analytics Data: We use Google Analytics and Vercel Analytics to understand usage patterns

2.3 Third-Party Authentication

When you sign in using Google OAuth, we receive your email address and basic profile information from Google. We do not have access to your Google password.

3. How We Use Your Information

We use your information to:

• Provide and maintain the FleetWorkflow platform
• Manage your account and authenticate your identity
• Process vehicle rentals and manage fleet operations
• Store and organize inspection photos and documents
• Send you important notifications about your rentals and account
• Improve our services and develop new features
• Ensure platform security and prevent fraud
• Comply with legal obligations
• Analyze usage patterns to enhance user experience

4. Data Storage and Security

4.1 Where We Store Your Data

• Database: PostgreSQL database with encrypted connections
• File Storage: Cloudflare R2 for photos and documents
• Passwords: Encrypted using industry-standard bcrypt hashing
• Email Service: Resend for transactional emails

4.2 Security Measures

We implement appropriate technical and organizational measures to protect your data:

• Encrypted data transmission (HTTPS/SSL)
• Secure password hashing
• Role-based access controls
• Organization-based data isolation (multi-tenancy)
• Regular security updates and monitoring

However, no method of transmission over the Internet is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee absolute security.

5. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

• Within Your Organization: Data is shared with other members of your organization based on their role and permissions
• Service Providers: Third-party services that help us operate our platform (Cloudflare R2, Resend, Google OAuth, analytics providers)
• Legal Requirements: When required by law, court order, or government request
• Business Transfers: In connection with a merger, acquisition, or sale of assets

6. Data Retention

We retain your information for as long as your account is active or as needed to provide you services. We will retain and use your information as necessary to:

• Comply with legal obligations
• Resolve disputes
• Enforce our agreements
• Maintain business records

When you delete your account, we will delete or anonymize your personal information, except where we are required to retain it for legal or legitimate business purposes.

7. Your Privacy Rights

Depending on your location, you may have the following rights:

• Access: Request a copy of your personal data
• Correction: Update or correct inaccurate information
• Deletion: Request deletion of your personal data
• Data Portability: Receive your data in a structured, machine-readable format
• Withdraw Consent: Withdraw consent for processing where we rely on consent
• Object: Object to processing of your personal data

To exercise these rights, please contact your organization administrator or reach out to us directly.

8. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to:

• Maintain your session and keep you logged in
• Remember your preferences
• Understand how you use our platform (via Google Analytics and Vercel Analytics)
• Improve platform performance and user experience

You can control cookies through your browser settings. However, disabling cookies may affect your ability to use certain features of our platform.

9. Children's Privacy

FleetWorkflow is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected information from a child under 18, we will take steps to delete such information.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that are different from the laws of your country. We take appropriate measures to ensure that your personal information remains protected in accordance with this Privacy Policy.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

12. Contact Us

If you have any questions about this Privacy Policy or our privacy practices, please contact your organization administrator or reach out through the contact information provided in your account settings.