Fleetr Fleetr

Privacy Policy

Effective Date: 2026-05-23

1. Scope and Application

This Privacy Policy applies to all users of the Fleetr platform, including insurance brokers and administrative users who input, process, or access client data. It covers all personal information under our custody or control.

2. What Information We Collect

  • Broker name and agency assignment
  • Client name (no vehicle or sensitive health/financial information)
  • Uploaded PDF documents for processing (short-lived on our servers)
  • Email addresses (for account management)

3. Consent

All data input into Fleetr is subject to express consent provided by the client to their broker. Brokers using Fleetr must confirm that consent has been obtained in compliance with PIPEDA and/or FIPPA requirements.

4. Use of Information

  • Processing and managing fleet insurance documents
  • Organizing and storing agency-specific files
  • Internal auditing and compliance
  • System troubleshooting and improvement

We do not use personal information for marketing or analytics unrelated to core services.

5. Data Storage and Safeguards

  • Production data is hosted on Canadian-based servers
  • Sensitive client directory fields are encrypted at rest (AES-256)
  • Passwords are hashed using PBKDF2-SHA256 (one-way; not stored in plain text)
  • Access is governed by role-based permissions tied to agency codes
  • Uploaded and processed policy PDFs are removed after you download them when possible, and otherwise within about 30 minutes
  • HTTPS and secure session cookies are used in production

6. Retention and Destruction

We keep different categories of data for different periods:

  • Ephemeral operational PDFs — uploads and processed outputs for download: until you download them, or about 30 minutes, whichever comes first.
  • Operational persistent data — encrypted client directory entries and broker signature assets: until removed by your agency.
  • Billing and audit records — usage counts, invoices, and administrative activity logs: retained as required for operations, accounting, and compliance.

Individuals can request deletion through their broker.

7. Access and Correction

Individuals have the right to request access to, and correction of, their personal information by contacting their broker. Brokers can then contact Fleetr support to facilitate these changes.

8. Disclosure of Information

Personal information is not shared with third parties unless:

  • Required by law (e.g., court order)
  • Authorized by the client
  • Necessary to protect system integrity or security

9. Security practices

Fleetr uses encryption in transit (HTTPS), hashed passwords (PBKDF2-SHA256), agency-scoped access, and short-lived processing of policy PDFs as described in sections 5 and 6 above. Our practices are informed by common privacy and security frameworks (including PIPEDA obligations). We do not claim formal SOC 2 or ISO 27001 certification unless agreed with you in writing.

10. Privacy breaches

If you believe a privacy breach involving Fleetr has occurred, contact us promptly at jordan@fleetr.ca so we can assess the situation and meet any notification obligations under applicable law.

11. Contact Information

For privacy-related questions or concerns: jordan@fleetr.ca