Onfleet Privacy Notice (August 7, 2020)

Last updated: August 7, 2020 (see current version)

Introduction

Onfleet, Inc. (“Onfleet”) understands and respects our users’ need for privacy. This Privacy Notice (“Notice”) describes the types of information we collect, the purposes for which it is used, and the choices you have with respect to its use.

About Onfleet

Onfleet is a logistics management software and route optimization platform for businesses offering last-mile delivery. You can access the Onfleet service (“Service” or “Services”) via our website dashboard, smartphone applications, SMS messaging feature on mobile devices, APIs, and through third-parties. For more information about our Services, check out our “Features” section on our website.

Scope and Application

This Notice applies to users of the Onfleet Service (e.g. delivery drivers or “Drivers”), paying Onfleet clients (“Clients”), and Onfleet website visitors (including our homepage at onfleet.com, and our blog, order, reseller, and support pages, collectively “Sites”). This Notice also applies to our Clients’ customers (“Recipients”). We encourage you to read this Notice in full to understand our privacy practices before using our Services.

Information We Receive From You

We collect the following information through your use of our Services, and otherwise with your consent. In some cases, we receive information directly from you, such as when you sign up for a dispatcher or administrative Onfleet account, we collect your name, email address, and phone number. In other cases, we receive information about you from our Clients when they use our Services, such as your name and phone number when you are added as a driver by an administrator or dispatcher. The types of information that we collect include:

1. Information about you and your Onfleet account – Name, email address, postal address, phone number, company name, credit card payment information, customer and delivery information (such as scheduling information and delivery destination), and in some cases, your photograph. You provide this information to us directly during the account registration process.
2. Vehicle information of drivers – Transportation method, vehicle year, make, model, color, and license plate number. You provide this information to us directly when using our Services.
3. Driver behavioral information – We collect information about how you drive your vehicle. This includes time, location, bearing, speed, and accuracy. We collect this information automatically when you use our Services.
4. Geolocation information – Driver location is collected from their device's native location service, which combines GPS, cell-tower, Wi-Fi, and other sensor data to accurately pinpoint a driver's latitude and longitude while the driver is "on-duty." We do not access, collect, or store location information from a driver's mobile device when they are off-duty or offline. We may collect other information such as application crash reports or application usage analytics for drivers who are not online for the express purpose of providing and improving our Services. For example, if you engage the chat function as a driver while off-duty, we may collect and use application usage analytics for support purposes to understand the driver journey. We may remotely log in to the application, with your permission, to resolve an issue if our application crashes.
5. Business contact information – We collect personal information from individuals when we attend or host events, conferences, and other business meetings. This information includes business contact information such as name, email address, and phone number.
6. Device information – IP address, device type, operating system, manufacturer, model and version number, and unique device identifiers such as your device ID, but not IMEI. We collect this information automatically when you use our Services.
7. Browser and usage information – Operating System (OS) running on your device, Internet Protocol (IP) address, access times, browser type, and language, and the website you visited before our Sites. We also collect usage details, such as time, frequency, and use pattern. In some cases, we analyze information on specific end users such as the amount of time spent on the platform. In other cases, we look at data in the aggregate. We use this information to optimize our Services. We collect this information automatically when you use our Services.

To learn about your information collection choices and to opt-out of data collection, see the “Your Choices” section below.

Information We Receive from Other Sources

1. Clients of our Services – Clients of our Services may provide information about you when they submit content through our Services. For example, you may be mentioned in a troubleshooting ticket opened by someone else. We also receive your email address from other users when they provide it to invite you to our Services. Similarly, a dispatcher may provide your contact information when they designate you as a driver on their company’s account.
2. Client customers – We may receive personal data about you from one of our Client’s customers. We will only use this information for the purpose of providing our Services. For example, a recipient of a delivery may provide personal information about you when submitting a support ticket.
3. Other partners – We receive information from partners to help us find potential customers and enhance our Services with useful information. For example, information provided by our partners allows us to provide route optimization services, such as when we receive mapping and location information or spatial data analytics from Google Maps.

How We Use, Share, and Disclose Information

We use collected information to:

1. Communicate with you – We may contact you to respond to your inquiries, requests, and/or send important notices either via email, SMS, push notifications, and in-app notifications. This includes, for example, sending confirmations, invoices, technical notices, routing updates, security alerts, administrative messages, and providing you with updates about our Services and new features. See “Your Choices” below to learn how to manage your communication preferences.
2. Provide customer support – We use your personal and Onfleet usage information to resolve support issues that may arise through your use of our Services. Onfleet employees are prohibited from viewing the content of data you import into your Onfleet account, except when necessary to resolve your support issues. Access is limited to the data required to resolve your support issues.
3. Deliver and improve our Services – We use your information to deliver and analyze how you use our Services, develop new products and services, and improve functionality, quality, and user experience. For example, we track geolocation, driver behavior, and other information to facilitate route optimization and other features. This includes using aggregated, anonymized data to improve our Services. For more information see “Browser and usage information” in the “Information We Receive From You” section above.
4. Market our Services – We use your information to market our Services. For example, we may send you an email notification about new product features. Additionally, we may use pseudonymized personal information collected on our website to better tailor marketing or website content, including to run or optimize our service, or for other purposes, such as internal research. To learn more about how we track and use your information, see the “Use of Cookies and Other Tracking Technologies” section below.
5. Advertise – Onfleet App does not contain or allow in-app targeted advertising at this time. We also do not use push notifications or in-app notifications to display advertisements to our users.
6. Store data – We store data on servers hosted by Amazon Web Services (“AWS”). We use appropriate technical, administrative, and physical measures to secure your data during storage.

We share information about you and your vehicle(s) with third parties only in the manner described below:

1. Marketing and advertising – We do not sell information about you to advertisers or other third parties. We do not currently share your information with third parties for marketing purposes, but if that changes we will obtain your consent first.
2. Other users – If you register or access our Services through an Onfleet Client, certain information about you including your name, contact info, photograph, content and past use of your account may become accessible to that Client and other individuals with whom the Client shares access. If you are a Client managing a particular group of users within our Services, we may share your contact information with current or past users, for the purpose of facilitating Services-related requests.
3. Mergers and acquisitions – If your personal information is transferred to a party unaffiliated with Onfleet as part of merger, acquisition, or sale of all or a portion of our assets, we will provide you with notice prior to transferring your personal information to the new entity. Notice will be provided directly through our Services.
4. Legal purposes – We disclose your information when we believe that disclosure is (1) reasonably necessary to comply with any applicable law, regulation, subpoena, legal process, or enforceable governmental request; (2) necessary to enforce the provisions of the Notice; (3) required to enforce our Terms of Service, including investigation of potential violations; or (4) necessary to protect against harm to the rights, property, or safety of Onfleet, our users, or the public as required or permitted by law.
5. External processing and Subprocessors – We provide your information to other third parties to help us with our business activities, products, and services. These companies are authorized to use your information only as necessary to provide these services or perform them on our behalf.

We use the following sub-processors to operate our Services. This list was last updated on January 16, 2020.

Third-Party Service or Vendor	Type of Service	Location	Website
Salesforce	CRM subscription	USA	https://www.salesforce.com/
Amazon Web Services	Cloud storage	USA	https://aws.amazon.com/
G Suite	Business communications	USA	https://gsuite.google.com/
Microsoft Azure	Cloud storage	USA	https://azure.microsoft.com/
mLab (MongoDB, Inc.)	Database management	USA	https://mlab.com/
Zendesk	Support ticketing	USA	https://www.zendesk.com/
Twilio	Voice, text and chat platform	USA	https://twilio.com/
New Relic	Application performance management	USA	https://newrelic.com/
Redislabs	Database management	USA	https://redislabs.com/
Stripe	Payment processing	USA	https://stripe.com/
Digital Ocean	Cloud storage	USA	https://digitalocean.com/
Pandadoc	Document management	USA	https://pandadoc.com/
Nexmo	Voice and text platform	USA	https://nexmo.com/

Legal Bases for Processing (for EEA users)

If you are an individual from the European Economic Area (“EEA”), we collect and process your personal data only where we have legal basis for doing so under applicable EU laws. The legal basis depends on the Services you use and how you use them. This means we collect and use your personal data only:

1. To fulfill our contractual obligations to you;
2. To operate our business, including to improve and develop our services, for fraud prevention purposes, improve user experience, or other legitimate interest; and/or
3. As otherwise in compliance with law.

If you have any questions about the legal basis for processing, please refer to the “Your Rights” section below or contact us at the address listed in the “Contact Us” section.

Use of Cookies and Other Tracking Technologies

We use cookies to collect your personal and other information as you navigate our Services. Cookies help make interactions with our Services easier and faster for our users. For more information, see our Cookie Notice.

“Do-Not-Track” and Targeted Ads

We do not respond to web browser “Do-Not-Track” signals. We do not serve targeted advertisements in our Services at this time. However, you may see targeted ads from us on other websites based on your browsing history or other online activities.

Your Choices

Where appropriate or legally required, we will describe how we use personal information, so you can make choices about how your data is used. You can notify us of your preferences during the information collection process and change your selection at any time by contacting us directly.

1. Geolocation – We collect your geographic location when you use our Services. You can restrict our access to and collection of your location information by disabling location-sharing on your device, located in your Onfleet account settings or in your device (e.g., mobile phone) settings.
2. Marketing emails – You can choose to stop receiving marketing emails by following the unsubscribe instructions included in these emails, or by using the email address listed in the “Contact Us” section below. If you opt out of receiving marketing emails, we may still send you non-promotional emails, such as emails about your Onfleet account.
3. Push notifications – You can opt-out of receiving push notifications through your device settings. Please note that opting-out of receiving push notifications may impact how our Services function.
4. Mobile application information – You can stop Onfleet from collecting information through the Onfleet App by uninstalling the mobile app. You can use the standard uninstall processes available on your mobile device or via the mobile application marketplace or network. You can also contact us to deactivate your account using the email address listed in the “Contact Us” section below.

Your Rights

You have certain rights in connection with the personal information we obtain about you. To update your preferences, correct your information, limit the communications you receive from us, or submit a request to exercise your rights, please contact us as specified in the “Contact Us” section.

As required by law, you have the right to:

1. Request access to certain personal information we maintain about you;
2. Request that we update, correct, amend, erase or restrict certain personal information;
3. Object to some forms of automated decision-making or profiling;
4. File a complaint with a relevant European Data Protection Authority; and
5. Exercise your right to data portability.

Where our Services are administered for you by a Client, you may need to first contact the Client to assist with your requests. For all other requests, you can contact us as provided in the “Contact Us” section below to request assistance.

In some circumstances you can withdraw consent you previously provided to us or object to the processing of your personal information, and we will apply your preferences moving forward.

To help protect your privacy and maintain security, we may take steps to verify your identity before granting you access to the information. We may also decline your access request, but in the event we do, we will provide an explanation for our decision. Your request and choices may be limited in certain cases: for example, if fulfilling your request would reveal information about another person, or if you ask to delete information which we or your administrator are permitted by law or have compelling legitimate interests to keep. If you have unresolved concerns, you may have the right to complain to a data protection authority in the country where you live, where you work or where you feel your rights were infringed.

For more information about your rights under the California Consumer Privacy Act (“CCPA”) please refer to our separate CCPA Notice.

Privacy Shield Certification

Onfleet complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework (“Privacy Shield”) as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union, Switzerland, and the United Kingdom, as applicable to the United States in reliance on Privacy Shield. Onfleet has certified to the Department of Commerce that it adheres to the Privacy Shield Principles (“Principles”) with respect to such information. We may also process personal data our customers submit relating to individuals in the EU via other compliance mechanisms, including data processing agreements based on the EU Standard Contractual Clauses. If there is any conflict between the terms in this privacy policy and the Principles, the Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit http://www.privacyshield.gov.

1. Third Parties - We use a limited number of third party providers to assist us in providing our Services. These providers perform technical operations such as database monitoring, data storage and hosting services, and customer support software tools. These third parties may access, process or store personal data when providing these services, based on our instructions only. If we receive personal data subject to our certification under the Privacy Shield and then transfer it to a third-party service provider acting as an agent on our behalf, we have certain liability under the Privacy Shield if both (i) the agent processes the personal data in a manner inconsistent with the Privacy Shield and (ii) we are responsible for the event giving rise to the damage.
2. U.S. Federal Trade Commission Enforcement – Onfleet is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).
3. Complaints – In compliance with the Privacy Shield Principles, Onfleet commits to resolve complaints about our collection or use of your personal information.
   1. EU individuals with inquiries or complaints regarding our Privacy Shield certification should first contact Onfleet at privacy@onfleet.com.
   2. Onfleet has committed to refer unresolved Privacy Shield complaints to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit https://www.jamsadr.com/file-an-eu-us-privacy-shield-claim for more information or to file a complaint. The binding arbitration services of JAMS are provided at no cost to you.
   3. Finally, as a last resort and in limited situations, EU individuals may seek redress from the Privacy Shield Panel, a binding arbitration mechanism.

Children’s Privacy

Our Services are not directed to children under the age of 13, and we do not knowingly collect information from children under the age of 13.

How Long We Retain Information

How long we keep information we collect about you depends on the type of information, as described below. We will either delete or anonymize your information or, if this is not possible (for example, the information is stored in backup archives), then we will securely store your information and isolate it from any further use until deletion is possible.

1. Account information – We retain your account information for as long as your account is active and a reasonable period thereafter in case you decide to re-activate our Services. We also retain some of your information as necessary to comply with our legal obligations, to resolve disputes, to enforce our agreements, to support business operations, and to continue to develop and improve our Services. Where we retain information for the improvement and development of our Services, we take steps to eliminate information that directly identifies you. If our Services are made available to you through our Clients, we retain your information as long as required by the Client. For more information, see " Information We Receive from Other Sources" above.
2. Marketing information – If you have elected to receive marketing emails from us, we retain information about your marketing preferences for a reasonable period of time from the date you last expressed interest in our Services, such as when you last opened an email from us or ceased using your Onfleet account. We retain information derived from cookies and other tracking technologies for a reasonable period of time from the date the information was created.

California Consumer Privacy Act (for California residents)

Onfleet complies with the CCPA, which may provide you with additional rights and information about how we collect and use personal information. For more information about how we comply with the CCPA, please see our separate CCPA Notice.

Security Safeguards

We use reasonable and appropriate physical, technical, and administrative safeguards to protect your information from unauthorized use, access, loss, misuse, alteration, or destruction. We also require that third party service providers acting on our behalf or with whom we share your information also provide appropriate security measures in accordance with industry standards. Notwithstanding our security safeguards, it is impossible to guarantee absolute security in all situations. If you have any questions about security of our Services, please contact us using the email address listed in the “Contact Us” section below.

Changes to this Privacy Notice

We periodically update this Notice to describe new features, products, or services, and how those changes affect our use of your information. If we make material changes to this Notice, we will provide notification through our services and/or notify you directly. We encourage you to review this Notice for updates each time you use our Services.

Third Party Services, Applications, and Websites

Certain third party services, websites, or applications you use, or navigate to from our Services may have separate user terms and privacy policies that are independent of this Notice. This includes, for example, websites owned and operated by our customers or partners. We are not responsible for the privacy practices of these third party services or applications. We recommend carefully reviewing the user terms and privacy statement of each third party service, website, and/or application prior to use.

Contact Us

If you have questions about this Notice or our information handling practices, please contact us at privacy@onfleet.com or write to us at:

Onfleet, Inc.
703 Market Street, Floor 20
San Francisco, CA 94103
United States

---

Other versions of this document

• Privacy Policy (Current)
• Privacy Policy (Revision 2022-03-11)
• Privacy Policy (Revision 2020-08-07)