Privacy Policy

Last updated: January 2025

1. Introduction

Zenith Fleet ("we," "us," or "our") respects your privacy and is committed to protecting your personal data. This privacy policy explains how we collect, use, and protect your information when you use our AI-powered fleet operations platform and website.

This policy applies to all users of our services within the European Union, Portugal, and globally, ensuring compliance with the General Data Protection Regulation (GDPR) and Portuguese data protection laws.

2. Data Controller

Zenith Fleet
Email: legal@zenithfleet.com
For data protection inquiries: privacy@zenithfleet.com

3. Information We Collect

3.1 Personal Information

  • Account Information: Name, email address, company name, phone number
  • Vehicle Data: Vehicle identification, registration plates, maintenance records
  • Location Data: GPS coordinates for fleet tracking and route optimization
  • Driver Information: Driver IDs, driving behavior analytics (anonymized)
  • Usage Data: Platform usage patterns, feature utilization, performance metrics

3.2 Technical Information

  • Device Information: IP address, browser type, operating system
  • Cookies and Tracking: Session cookies, preference cookies, analytics cookies
  • Log Data: Access logs, error logs, security events

3.3 Telematics Data

  • Vehicle diagnostics and performance data
  • Fuel consumption and efficiency metrics
  • Route and traffic information
  • Safety and incident data

4. Legal Basis for Processing

We process your personal data based on:

  • Contract Performance: To provide our fleet management services
  • Legitimate Interest: To improve our platform and ensure security
  • Consent: For marketing communications and analytics cookies
  • Legal Obligation: To comply with applicable laws and regulations

5. How We Use Your Information

  • Provide and maintain our fleet management platform
  • Process and analyze vehicle and driver performance data
  • Generate reports and insights for fleet optimization
  • Ensure platform security and prevent fraud
  • Provide customer support and technical assistance
  • Send service updates and important notifications
  • Improve our AI algorithms and platform features
  • Comply with legal and regulatory requirements

6. Data Sharing and Disclosure

We do not sell your personal data. We may share information with:

6.1 Service Providers

  • Cloudflare: For CDN, security, and hosting services
  • Supabase: For database and authentication services
  • Integration Partners: Enode, Samsara, Geotab (enterprise clients only)

6.2 Legal Requirements

We may disclose information when required by law, court order, or to protect our rights and safety.

6.3 Business Transfers

In case of merger, acquisition, or sale, your data may be transferred as part of business assets.

7. Data Security

We implement appropriate security measures including:

  • Encryption for data transmission and storage
  • Access controls and authentication mechanisms
  • Regular backups and data recovery procedures
  • Secure infrastructure provided by trusted cloud providers
  • Employee training on data protection best practices

8. International Data Transfers

Your data may be processed outside the EU/EEA. We ensure adequate protection through:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions for specific countries
  • Appropriate safeguards and security measures

9. Data Retention

We retain personal data for:

  • Account Data: Duration of service relationship plus 3 years
  • Vehicle Data: 7 years for maintenance and compliance records
  • Location Data: 2 years unless longer retention required by law
  • Analytics Data: Aggregated and anonymized indefinitely
  • Log Data: 1 year for security and troubleshooting

10. Your Rights (GDPR)

Under GDPR, you have the right to:

  • Access: Request copies of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your personal data
  • Restriction: Limit how we process your data
  • Portability: Receive your data in a structured format
  • Object: Object to processing based on legitimate interest
  • Withdraw Consent: For processing based on consent

To exercise these rights, contact us at privacy@zenithfleet.com

11. Cookies and Tracking

We use cookies for:

  • Essential platform functionality
  • User authentication and session management
  • Security and fraud prevention
  • Analytics and performance monitoring (with consent)

See our Cookie Policy for detailed information.

12. Children's Privacy

Our services are not intended for individuals under 16 years of age. We do not knowingly collect personal data from children under 16.

13. Changes to This Policy

We may update this policy periodically. We will notify you of significant changes through email or platform notifications. The "Last updated" date indicates when changes were last made.

14. Contact Information

For privacy-related questions or concerns:

  • Email: privacy@zenithfleet.com
  • Data Protection Officer: dpo@zenithfleet.com
  • Legal Team: legal@zenithfleet.com

You also have the right to lodge a complaint with the Portuguese Data Protection Authority (CNPD) or your local supervisory authority.

15. Portuguese Law Compliance

This policy complies with Portuguese Law No. 58/2019 (Lei de Execução do RGPD) and all applicable Portuguese data protection regulations.