Privacy Policy

Last updated: January 2025

Introduction

At Flott HQ, we are committed to protecting your privacy and keeping your information secure. This Privacy Policy explains how we collect, use, share, and protect information when you use our fleet management platform and services.

Who We Are (Controller)

For the purposes of EU/EEA, UK, and other applicable data protection laws, the data controller is the Flott HQ entity identified below.

Legal entity: Flott HQ, Inc.

Address: 1111B S Governors Ave STE 28362 Dover, DE 19904

Email: privacy@flotthq.com

Privacy contact: privacy@flotthq.com

Information We Collect

We collect information to provide, operate, and improve our services. This includes:

  • Account Information: Name, email address, company name, phone number, and billing details when you register for our services.
  • Fleet and Telematics Data: Vehicle location, GPS coordinates, speed, mileage, fuel consumption, engine/diagnostic data, and other telematics data from connected vehicles and equipment.
  • Driver Information: Driver identifiers, behavior metrics, hours-of-service (where applicable), and performance data as permitted by law.
  • Site and Operations Data: Information about your facilities, routes, delivery schedules, and operational workflows.
  • Usage Data: Information about how you use our platform, including features used, settings, and preferences.
  • Integration Data: Information from third-party systems you connect (e.g., TMS, ERP, telematics providers).

Sources of Information

We collect information (i) directly from you and your organization, (ii) from connected vehicles/devices, and (iii) from third parties you choose to integrate.

How We Use Your Information

We use the information we collect to:

  • Provide real-time fleet tracking, monitoring, and management services.
  • Generate analytics, reports, and insights to help optimize your operations.
  • Send alerts, notifications, and maintenance reminders.
  • Provide customer support and communicate about your account and product updates.
  • Maintain platform security, prevent fraud and abuse, and troubleshoot issues.

Legal Bases (EU/EEA/UK)

Where GDPR/UK GDPR applies, we process personal data under one or more of the following legal bases, depending on the context:

  • Contract necessity (to provide the services you request).
  • Legitimate interests (to operate, improve, and secure the platform), where not overridden by your rights.
  • Consent (where required for certain optional processing).
  • Legal obligation (to comply with applicable laws).

Data Sharing and Disclosure

We do not sell your personal information. We may share information with service providers that help us operate the platform (e.g., hosting, analytics, customer support, communications, billing/payment processing), professional advisors (legal, auditing, insurance), authorities when required by law or to protect rights and safety, and parties involved in a business transfer (e.g., merger or acquisition). Service providers must protect the information and use it only on our documented instructions.

International Transfers

Because we are a US-based company, your information may be processed in the United States and other countries where we or our service providers operate. Where GDPR/UK GDPR applies and we transfer personal data internationally, we use appropriate safeguards as required by law, such as adequacy decisions (where applicable) and/or Standard Contractual Clauses or other approved transfer mechanisms, along with additional measures where necessary.

Data Retention

We keep information only as long as necessary to provide the services, meet contractual obligations, comply with legal requirements, resolve disputes, and enforce agreements. Retention periods vary by data type, customer configuration, and legal requirements. We may retain certain information for longer where required or permitted by law (for example, for compliance, security, or audit purposes).

Data Security

We use industry-standard security measures such as encryption in transit and at rest (where appropriate), access controls, secure infrastructure, and regular security reviews. However, no transmission or storage system can be guaranteed 100% secure.

Automated Decision-Making

We may use analytics to generate insights (for example, operational performance metrics). We do not make decisions that produce legal or similarly significant effects on individuals based solely on automated processing, unless explicitly agreed with you and permitted by law.

Your Rights

EU/EEA and UK

Depending on your location and circumstances, you may have the right to:

  • Access your personal data and obtain a copy.
  • Request correction of inaccurate or incomplete data.
  • Request deletion of your data, subject to legal and contractual retention requirements.
  • Object to or request restriction of certain processing activities.
  • Request data portability in a structured, commonly used, machine-readable format.
  • Withdraw consent at any time where processing is based on consent.
  • Lodge a complaint with a supervisory authority.

California (CCPA/CPRA)

If you are a California resident, you may have the right to:

  • Know what personal information is collected and how it is used/disclosed.
  • Request deletion of personal information.
  • Correct inaccurate personal information.
  • Opt out of the sale or sharing of personal information (if applicable).
  • Limit the use or disclosure of sensitive personal information (if applicable).
  • Not be discriminated against for exercising your rights.

Do Not Sell or Share (if applicable)

If we engage in practices that are considered a 'sale' or 'sharing' of personal information under California law (for example, certain targeted advertising activities), we will provide a method to opt out as required.

How to Exercise Your Rights

To submit a request, contact us at privacy@flotthq.com. For organizational accounts, we may need to verify your identity and authority (for example, that you are an authorized user or administrator) before responding.

Required vs Optional Information

Some information is required to create and maintain an account and provide the services. If you do not provide required information, we may not be able to provide the platform or certain features.

Children

Our services are intended for business use and are not directed to children. We do not knowingly collect personal information from children.

Changes to This Policy

We may update this Privacy Policy from time to time. We will update the 'Last updated' date and, where required, provide additional notice.

Contact Us

If you have questions about this Privacy Policy or want to exercise your rights, contact us:

Email: privacy@flotthq.com

© 2025 Flott HQ, Inc.
Privacy PolicyTerms of ServiceCookie Policy