Fleetr Fleetr

Privacy Policy

Effective Date: 2025-10-08

1. Scope and Application

This Privacy Policy applies to all users of the Fleetr platform, including insurance brokers and administrative users who input, process, or access client data. It covers all personal information under our custody or control.

2. What Information We Collect

  • Broker name and agency assignment
  • Client name (no vehicle or sensitive health/financial information)
  • Uploaded PDF documents (encrypted)
  • Email addresses (for account management)

3. Consent

All data input into Fleetr is subject to express consent provided by the client to their broker. Brokers using Fleetr must confirm that consent has been obtained in compliance with PIPEDA and/or FIPPA requirements.

4. Use of Information

  • Processing and managing fleet insurance documents
  • Organizing and storing agency-specific files
  • Internal auditing and compliance
  • System troubleshooting and improvement

We do not use personal information for marketing or analytics unrelated to core services.

5. Data Storage and Safeguards

  • All data is hosted on Canadian-based servers
  • Files and data are encrypted using AES-256
  • Passwords are hashed using bcrypt
  • Access is governed by role-based permissions tied to agency codes
  • Temporary files are deleted every 20 minutes if older than 15 minutes

6. Retention and Destruction

Data is retained only as long as necessary for processing. Users can request deletion through their broker. Temporary files are purged regularly, and backups are securely managed and periodically purged.

7. Access and Correction

Individuals have the right to request access to, and correction of, their personal information by contacting their broker. Brokers can then contact Fleetr support to facilitate these changes.

8. Disclosure of Information

Personal information is not shared with third parties unless:

  • Required by law (e.g., court order)
  • Authorized by the client
  • Necessary to protect system integrity or security

9. Contact Information

For privacy-related questions or concerns, contact: privacy@fleetr.ca

Fleetr Breach Response Plan

Purpose: Provide a structured response to any privacy breach involving personal information.

1. Identification and Containment

  • Isolate affected systems
  • Disable compromised accounts
  • Preserve breach evidence

2. Assessment

  • Determine scope and data affected
  • Assess “real risk of significant harm” (RROSH)

3. Notification Procedures

If RROSH is determined, notify regulators and affected individuals with all required details.

4. Containment and Remediation

  • Fix vulnerabilities
  • Reset credentials, update policies

Fleetr Breach Recordkeeping Procedures

Purpose: Maintain detailed records of all privacy breaches for at least 24 months.

Process:

  • Secure, access-controlled incident registry
  • Log date, nature, info affected, notifications, remediation

Access and Security:

  • Access limited to Privacy Officer and tech leadership
  • Logs encrypted and reviewed quarterly

Retention:

  • Kept for 24+ months
  • Secure deletion after review

Policies reviewed annually or after major platform changes.