Privacy Policy
Last updated: May 17, 2026 Effective date: May 17, 2026
Disclaimer. This document is a draft generated to map Fleetmo's data practices and outline a privacy notice aligned with GDPR, CCPA/CPRA and general US privacy law. It is not legal advice. Before publication, it must be reviewed by a qualified data privacy attorney for your jurisdictions.
1. Who we are
Fleetmo ("we", "our", "us") is the fleet management platform operated by Fleetmo LLC, a Florida limited liability company.
- Registered address: 1370 Washington Ave, Apt 302, Miami Beach, FL 33139, United States
- Website: https://fleetmo.app
- Privacy contact: privacy@fleetmo.app
- General contact: info@fleetmo.app
Fleetmo provides software for chauffeur services, airport transfer operators, limousine agencies, brokers and hotels. The platform handles ride intake, dispatch, driver assignment, partner forwarding, payments and proof-of-service across web and mobile apps.
This Privacy Policy explains how we collect, use, disclose and safeguard personal information processed through:
- the website at fleetmo.app
- the dispatch console at my.fleetmo.app
- the Fleetmo driver mobile application (iOS / Android)
- our APIs and integrations
[⚠️ LEGAL REVIEW REQUIRED] Confirm the legal name "Fleetmo LLC" and EIN status with counsel before publishing. The Florida registered address must match the agent of record on file with the FL Division of Corporations.
2. Our role as data controller or processor
Fleetmo can act in two distinct roles depending on the processing activity:
| Processing activity | Our role | Legal basis |
|---|---|---|
| Marketing waitlist & website analytics | Controller | Consent |
| Driver mobile app accounts & live tracking | Controller (toward drivers) | Performance of a contract |
| Operator dispatch console (passenger booking data) | Processor on behalf of the operator | Contract between operator and passenger |
| Payment ledger & driver/partner payouts | Controller | Performance of a contract; legal obligation (tax/AML) |
| Partner directory and network forwarding | Controller (toward partner companies) | Legitimate interests |
| Third-party WordPress blog comments / accounts | Controller | Consent |
When an operator uses Fleetmo to manage rides booked by their own clients, the operator is the data controller of the passenger data and Fleetmo acts as a data processor. A separate Data Processing Addendum (DPA) governs that relationship.
[⚠️ LEGAL REVIEW REQUIRED] Confirm controller/processor split with counsel for your specific contractual structure. The standard DPA template must be finalized before onboarding EU operators.
3. Information we collect
3.1 Information you provide directly
- Account & profile data: name, email address, phone number, preferred language, profile picture (optional), company name (for B2B users), VAT/Tax ID (for B2B users).
- Driver onboarding data: full name, date of birth, mobile phone, driver's license number, vehicle assignment, professional licenses and certifications where required by the operator or local law.
- Passenger booking data (entered by operators): passenger name, contact phone, pickup and drop-off address, flight number, passenger count, vehicle preference, internal booking notes.
- Partner registration data: company name, registered address, VAT number, contact name, contact email, contact phone, fleet class and service area.
- Payment & payout data: billing address, bank account or IBAN, Stripe Connect identifiers, Wise account identifiers. Card data is collected directly by Stripe and never reaches Fleetmo servers.
- Communications: content of messages you send to support, sales or the Data Protection Officer; survey responses; waitlist email.
3.2 Information collected automatically
- Device & technical data: device model, operating system, app version, browser type and version, IP address, time-zone, language preference, device identifiers (advertising ID / IDFA only when you consent), crash logs.
- Location data: when the driver mobile app is in use, we collect precise real-time GPS coordinates to display the driver on the dispatch console, route them to the pickup and stamp pickup/drop-off events. Background location is collected only while a service is in progress (driver "on-shift"). Drivers can revoke location permission at any time through the operating system.
- Service evidence: pickup and drop-off photos captured from the driver app, with embedded GPS coordinates and timestamps used to resolve no-show disputes and demonstrate proof of service.
- Usage data: pages and screens visited, features used, dwell time, in-app interactions, referring URL, search terms.
- Cookies and similar technologies: as described in our Cookie Policy.
3.3 Information from third parties
- Authentication providers (if you sign in with Google or Apple): name, email, profile picture, unique account identifier.
- Payment providers (Stripe, Wise): payment status, payout confirmation, refund/chargeback notifications, KYC/AML flags.
- Email providers (Brevo): delivery, bounce and engagement events.
- WordPress / blog (wp.fleetmo.app): author account data and comment metadata.
- Public business registries (during partner verification): company name, VAT validity (VIES), legal status.
- Flight data providers: real-time flight status used to surface ETA in the driver app.
3.4 Special category data
Fleetmo does not intentionally collect health data, biometric data, genetic data, racial or ethnic origin, political opinions, religious beliefs, sexual orientation or trade union membership.
A driver's license number is treated as a high-sensitivity government identifier; driver photos for proof-of-service may incidentally capture biometric features but are not used for biometric identification.
[⚠️ LEGAL REVIEW REQUIRED] If your operator customers ever request biometric driver authentication (face ID, fingerprint), additional consent and a separate DPIA under GDPR Art. 35 will be required.
3.5 Children's privacy
Fleetmo is a B2B platform and is not directed at children under 16. We do not knowingly collect personal information from minors. If you believe a child has provided personal information to Fleetmo, contact privacy@fleetmo.app and we will delete it.
4. How we use information
We use personal information for the following purposes:
| Purpose | Categories of data | Legal basis (GDPR) |
|---|---|---|
| Provide the dispatch console, driver app and APIs | Account, device, usage, location | Contract |
| Match drivers to rides and route them to pickup | Location, account, service evidence | Contract |
| Process payments and reconcile driver/partner payouts | Payment, transaction, account | Contract; legal obligation |
| Detect and prevent fraud, abuse and security incidents | Device, usage, IP, transaction | Legitimate interests; legal obligation |
| Provide customer support | Communications, account, usage | Contract; legitimate interests |
| Improve and develop the product | Usage, device, aggregated/anonymized data | Legitimate interests |
| Send service announcements and product updates | Account, communication preferences | Legitimate interests |
| Send marketing emails (waitlist, newsletter) | Email, IP, engagement | Consent (revocable any time) |
| Build the verified partner directory | Company name, VAT, performance metrics | Legitimate interests |
| Comply with tax, anti-money-laundering and accounting laws | Payment, transaction, identity | Legal obligation |
| Defend, exercise or establish legal claims | All categories as relevant | Legitimate interests; legal obligation |
[⚠️ LEGAL REVIEW REQUIRED] If you decide to use personal data to train machine-learning models (for example, automatic ride classification or no-show prediction), add a dedicated section, perform a Legitimate Interests Assessment and update this notice.
5. Automated decision-making and profiling
Fleetmo currently performs no fully-automated decision-making that produces legal or similarly significant effects on individuals under GDPR Art. 22.
Smart dispatch suggestions (matching a driver to a ride based on shift, zone, vehicle class) are advisory only. A human operator must confirm the assignment.
[⚠️ LEGAL REVIEW REQUIRED] If automatic driver assignment is enabled in the future, individuals will gain the right to obtain human intervention, contest the decision and express their point of view. Update this section and re-run the DPIA before launch.
6. Who we share information with
We do not sell personal information. We share it only with:
6.1 Service providers (processors acting on our behalf)
- Hosting and infrastructure: Vercel Inc. (United States) for web application hosting; Supabase / managed Postgres for the operational database.
- Email delivery: Brevo SAS (France) for transactional and marketing email.
- Payments: Stripe, Inc. (United States) and Wise plc (United Kingdom) for payment processing and payouts.
- Analytics & performance: Vercel Analytics (privacy-preserving, cookieless).
- Customer support tooling: to be added; this notice will be updated when a help-desk vendor is selected.
- Mobile push notifications: Apple Push Notification service and Google Firebase Cloud Messaging.
All processors are bound by a written contract that requires them to process personal data only on our documented instructions, apply appropriate security measures and assist us with data-subject requests.
6.2 Other operators on the Fleetmo network
When an operator forwards a service to a partner operator, the partner receives the data needed to perform the ride: passenger name, pickup and drop-off addresses, scheduled time, contact phone for the passenger, flight information and price. Each operator is an independent data controller for the data shared into its workspace.
6.3 Authorities and other parties
We may disclose personal information if required to do so by law or in response to a valid request from a public authority (such as a court order, subpoena, or governmental inquiry); to protect the rights, property or safety of Fleetmo, our users or the public; or in connection with a merger, acquisition or sale of assets (in which case we will give notice before personal data is transferred and becomes subject to a different privacy policy).
[⚠️ LEGAL REVIEW REQUIRED] Confirm exact list of processors and complete Article 28 contracts (DPA) for each before launch.
7. International data transfers
Fleetmo is incorporated in the United States and operates infrastructure primarily in the US. We also use service providers located in the European Union (Brevo, France) and the United Kingdom (Wise). Data may therefore be transferred to and processed in jurisdictions other than the one in which you reside, including the United States.
For transfers of personal data of EU/EEA, UK or Swiss residents to third countries that have not received an adequacy decision, we rely on:
- the EU-US Data Privacy Framework for transfers to certified US processors;
- Standard Contractual Clauses (SCCs) approved by the European Commission for transfers to other third countries;
- a Transfer Impact Assessment (TIA) documenting any supplementary technical, contractual and organizational measures.
[⚠️ LEGAL REVIEW REQUIRED] Verify which Fleetmo processors are certified under the EU-US DPF. Execute current-version SCCs (2021/914) with every other non-adequate country processor and document the TIA before launch.
8. How long we keep information
We retain personal information only as long as necessary for the purposes described in this policy, then we delete or anonymize it.
| Data category | Retention period | Why |
|---|---|---|
| Driver mobile app account & GPS history | 24 months after last activity | Dispute resolution; legal claims |
| Operator dispatch console accounts | For the duration of the contract + 24 months | Service continuity; audit |
| Passenger booking data | 5 years from completed service | Operator audit obligations |
| Payment & ledger records | 7 years | Tax, accounting, AML obligations |
| Partner directory profiles | For the duration of the partnership + 24 months | Trust signals; chargeback defense |
| Marketing waitlist & newsletter | Until unsubscribe + 24 months | Re-engagement |
| Support communications | 36 months | Customer service quality |
| Server logs and security telemetry | 12 months | Incident investigation |
| Cookies | See Cookie Policy | n/a |
After the retention period expires, data is either irreversibly anonymized for aggregate analytics or permanently deleted from production systems and backups (backups are purged on rolling rotation).
[⚠️ LEGAL REVIEW REQUIRED] Confirm retention periods against local sector-specific obligations (especially for transport licensing and tax) in each country where Fleetmo operators are based.
9. Cookies and similar technologies
The marketing website fleetmo.app uses a minimal set of cookies and similar technologies. The dispatch console (my.fleetmo.app) uses only session cookies strictly necessary to keep you signed in.
| Category | Examples | Purpose | Consent required (EU/UK) |
|---|---|---|---|
| Strictly necessary | session, CSRF token, language preference | Make the site work | No |
| Analytics | Vercel Analytics (cookieless) | Aggregate page-view stats | No (cookieless) |
| Marketing | (none today) | n/a | Yes if added later |
A cookie banner with granular controls is presented on first visit from EU/UK/Swiss IP addresses, in line with the ePrivacy Directive and GDPR. You can change your preferences at any time from the cookie settings link in the website footer.
[⚠️ LEGAL REVIEW REQUIRED] Update this table whenever a new cookie or tracker is added (for example, if Hotjar, GTM or Meta Pixel are integrated). Italian and German users require particular care; consider also CNIL guidance for France.
10. Your rights
Depending on where you live, you have one or more of the following rights with respect to your personal information:
- Right of access — obtain a copy of the personal data we hold about you.
- Right to rectification — ask us to correct inaccurate or incomplete data.
- Right to erasure ("right to be forgotten") — ask us to delete your data, subject to legal retention obligations.
- Right to restrict processing — ask us to limit how we use your data.
- Right to data portability — receive your data in a structured, commonly used, machine-readable format.
- Right to object — object to processing based on legitimate interests or for direct marketing.
- Right to withdraw consent — at any time, where processing is based on consent.
- Right to lodge a complaint — with a competent supervisory authority (for EU residents) or your state Attorney General (for US residents).
10.1 California residents (CCPA / CPRA)
California residents additionally have the right to:
- know what categories of personal information we collect, the sources, the business purposes and the categories of third parties with whom we share it;
- request deletion of personal information;
- correct inaccurate personal information;
- opt out of the "sale" or "sharing" of personal information for cross-context behavioral advertising. Fleetmo does not sell or share personal information for cross-context behavioral advertising.
- limit the use of sensitive personal information (driver's license data is collected only when required for service delivery);
- non-discrimination for exercising any of the above rights.
To exercise your CCPA rights, email privacy@fleetmo.app or use the "Do Not Sell or Share My Personal Information" link in the website footer.
10.2 How to exercise your rights
Send a written request to privacy@fleetmo.app including enough information to identify you and the right you wish to exercise. We will respond within 30 days (extendable by 60 days for complex requests under GDPR; 45 days extendable by 45 days under CCPA).
We may need to verify your identity before fulfilling a request to protect your account.
[⚠️ LEGAL REVIEW REQUIRED] Implement an internal procedure (DSR workflow) to receive, log, verify, route and respond to data-subject requests within statutory deadlines. Counsel should review the verification process.
11. Security
We apply administrative, technical and organizational measures designed to protect personal information against unauthorized access, loss, misuse, alteration or destruction. These measures include:
- TLS 1.3 encryption for all data in transit;
- AES-256 encryption at rest for the operational database and object storage;
- role-based access control (RBAC) with row-level security per tenant;
- multi-factor authentication for staff with access to production data;
- audit logging of access to personal data;
- regular vulnerability scanning and dependency updates;
- a documented incident response procedure with breach notification within 72 hours to the competent supervisory authority where required by GDPR Art. 33.
No method of transmission over the internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee absolute security.
[⚠️ LEGAL REVIEW REQUIRED] Document the formal incident response playbook, breach notification template, and tabletop exercise schedule before launch (called out as a top P1 finding in the internal PIA).
12. Data Protection Officer and EU representative
For users in the European Union, the European Economic Area, the United Kingdom or Switzerland:
- Data Protection contact: privacy@fleetmo.app
- EU representative under GDPR Art. 27: [⚠️ LEGAL REVIEW REQUIRED] Fleetmo LLC, as a US-established controller offering services to EU data subjects, must appoint a written EU representative. Engage a service such as VeraSafe, DataRep, or a local law firm before going live in the EU.
- UK representative under UK GDPR: [⚠️ LEGAL REVIEW REQUIRED] Required if you target UK users.
13. Changes to this policy
We may update this Privacy Policy from time to time. If we make material changes we will notify you by email (if we have your email address), through an in-app banner or by posting a notice on our website at least 30 days before the changes take effect.
The "Last updated" date at the top of this policy indicates when it was last revised. Continued use of the services after the effective date constitutes acceptance of the revised policy. Where required by law (for example, where the change broadens our use of your data), we will ask for fresh consent.
14. Contact
Fleetmo LLC 1370 Washington Ave, Apt 302 Miami Beach, FL 33139 United States
- Privacy inquiries: privacy@fleetmo.app
- General inquiries: info@fleetmo.app
You also have the right to lodge a complaint with a competent supervisory authority. For EU residents, the list is available at https://edpb.europa.eu/about-edpb/about-edpb/members_en.
Generated by the Fleetmo PIA tooling on May 17, 2026. Pending review by qualified data privacy counsel before publication.