1) Who we are

The Service is operated by the entity responsible for demo.assettracker.ddriven.dev ("we," "us," "our").

Contact: privacy@yourdomain.com | Mailing address: [Your company address]

2) What this policy covers

This policy applies to information collected through:

• our website and web app (dashboards),
• device/telemetry ingestion endpoints used to transmit tracking data,
• support communications (email, chat, tickets), and
• related services we provide to your organization.

It does not cover third-party websites or services that may be linked from the Service.

3) Information we collect

A) Account and organization information

When you create an account or an organization, we may collect:

• organization name and settings,
• name, email address, phone number (if provided),
• password (stored as a one-way hashed credential by our authentication system),
• roles/permissions (e.g., admin vs. user),
• billing contact details.

B) Payment and billing information

If you provide payment details, we may process:

• payment status, invoices, billing history, and plan details,
• limited payment metadata (e.g., last 4 digits, expiration month/year) if stored by a payment processor,
• manual payment records if an administrator processes payments offline or by invoice.

We do not intend to store full card numbers or CVV on our servers. If you use a third-party payment processor, your card data is typically handled directly by that processor.

C) Device, location, and telematics data

If you connect tracking devices to the Service, we may collect:

• GPS/GNSS data (latitude/longitude), speed, heading, timestamps,
• device identifiers (e.g., device ID, SIM identifiers), connection metadata, and signal strength,
• sensor and diagnostic data depending on configuration (e.g., accelerometer events, voltage, temperature, OBD-related diagnostics when enabled),
• event data (e.g., motion/impact alerts, geofence events, tamper flags),
• device health/heartbeat and firmware/application version.

D) Usage and log data

We may automatically collect:

• IP address, browser type, device type, operating system,
• pages viewed and actions taken in the dashboard,
• error reports, audit logs (e.g., admin changes), and security logs.

E) Cookies and similar technologies

We may use cookies/local storage for:

• authentication sessions,
• security (fraud prevention, abuse mitigation),
• preferences (e.g., theme, last-selected org),
• analytics (optional, depending on your configuration).

You can manage cookies through your browser settings. Some cookies are necessary for the Service to function.

4) How we use information

We use information to:

• create and manage accounts and organizations,
• provide tracking, dashboards, and device management features,
• process billing, invoices, and account status (e.g., active/past due),
• improve reliability and performance (debugging, monitoring, analytics),
• detect, prevent, and respond to fraud, abuse, or security incidents,
• communicate with you about the Service (updates, security notices, support),
• comply with legal obligations and enforce agreements.

5) Legal bases (where applicable)

Depending on your jurisdiction, we may process personal information under these bases:

• Contract: to provide the Service you request.
• Legitimate interests: to secure and improve the Service, prevent abuse, and support customers.
• Consent: for optional analytics/marketing where required.
• Legal obligation: to comply with applicable laws, regulations, and lawful requests.

6) How we share information

We may share information in these situations:

A) Service providers (processors)

We may use vendors to help run the Service (e.g., hosting, databases, monitoring, email delivery, payment processing, mapping). They are authorized to process information only as needed to provide services to us and are required to protect it.

B) Within your organization

If your organization uses the Service, admins may be able to:

• view and manage users,
• view device and location data connected to the organization,
• configure billing and account settings.

C) Legal and safety

We may disclose information if we believe it is reasonably necessary to:

• comply with law, regulation, subpoena, or court order,
• protect the security, integrity, or rights of the Service, users, or the public,
• investigate or prevent fraud or abuse.

D) Business transfers

If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, information may be transferred as part of that transaction.

We do not sell personal information in the ordinary meaning of "sell."

7) Data retention

We retain information for as long as necessary to:

• provide the Service and maintain your account,
• meet contractual and operational requirements,
• comply with legal obligations (e.g., accounting),
• resolve disputes and enforce agreements.

Retention periods may vary by data type. You may request deletion (see "Your choices and rights"), but some information may be retained where required for legitimate business or legal purposes.

8) Security

We use administrative, technical, and organizational safeguards designed to protect information, such as:

• access controls and least-privilege permissions,
• encryption in transit (HTTPS/TLS),
• monitoring and logging to detect abuse,
• secure credential storage (hashed passwords).

No system can be guaranteed 100% secure. You are responsible for maintaining the confidentiality of your credentials and for any access via your account.

9) Your choices and rights

Depending on where you live, you may have rights to:

• access the information we hold about you,
• correct inaccurate information,
• request deletion of your information,
• object to or restrict certain processing,
• receive a copy of your information (data portability),
• withdraw consent where processing is based on consent.

To submit a request, contact us at privacy@yourdomain.com. We may verify your identity and your authority (especially for organization accounts) before fulfilling requests.

10) Organization administrators

If you use the Service through an organization:

• Your organization's admins can manage your access and may be able to view data associated with organization devices and users.
• Please contact your organization admin for organization-level requests (e.g., device removal, organization deletion) where applicable.

11) Children's privacy

The Service is not directed to children under 13 (or the age defined by local law), and we do not knowingly collect personal information from children. If you believe a child has provided personal information, contact us so we can take appropriate action.

12) International use

If you access the Service from outside the United States, your information may be processed and stored in countries where we or our service providers operate. We take steps designed to ensure appropriate safeguards for international transfers where required.

13) Changes to this policy

We may update this Privacy Policy from time to time. We will post the updated policy and revise the "Effective date" above. Material changes may be communicated through the Service or by email.