Data protection

Introduction


We do not aim to receive personal data and do not require our clients to provide it. By default, API “SDK user registration” is used with an empty body. Apart from that, we provide full access to data at any stage of the data management cycle.

Overall architecture


982

The Damoov architecture contains two main blocks that are separated on a server level and communicate with each other via VPN and using user DeviceToken - a unique user ID and JWT with a limited lifetime. Each service is located on its own server and infrastructure provider.

UserService - the service to generate DeviceToken, run user Authentication, and refresh JWT access token.
Hosting: AWS

Telematics Platform - a data management platform that processes data collected by the Telematics SDK and verified with valid DeviceToken of JWT access token
Hosting: OVH

Access to Data


Our clients have access to data at any stage of the data management cycle:

  • Real-time data from SDK
  • Raw data
  • Cleaned data
  • Processed data
  • Analyze data

Subject Matter and Duration of the Processing


Subject matter

  • Collect smartphone data and transfer to telematics platform:
    • Sensors data - (GPS, Accelerometer, Gyroscope, Screen on/off, phone lock/unlock)
    • Permissions status (GPS, Motion, Bluetooth, WiFi, Mobile data)
    • Device details
  • Process collected data
    • Filter and exclude non vehicle data from data set
    • Filter and exclude non-incidents events
    • Clean and normalize data
    • Interpret smartphone data into vehicle data
    • Enhance data
    • Enrich data using metadata from 3rd party
  • Analyze data
    • Driving patterns
    • Claims monitoring
    • Safe-driving
    • Eco-driving
    • GEO-Analytics
  • Store data

Data retention schedule

Default schedule:

  • Processed data -> up to 24 month
  • Raw data -> up to 14 days

Manage data


However, we also support on-demand data destruction. There is an API Delete a user and DataHub that can be used to delete data. These interfaces can be used to destruct data on an individual user level as well as to delete a specific trip.

User access levelAdmin access level
Trips dataXX
User recordXX

Use-cases

There are two available cases:

  • Telematics SDK inside your mobile app:
    We confirm that SDK doesn’t collect any Sensitive data, moreover it is fully managed by the host app and you can define what you want to track and how you want to do that.
    Read more about Tracking modes

Apart from that, our back-end integration doesn’t require any details about the app users. We will generate for you a unique SDK DeviceToken (UUID) for each app user and will use this DeviceToken as a unique user ID across all our services.
For your convenience, you can associate your internal customer ID with DeviceToken and use it in DataHub as a searchable field.
Read more about User Management API

  • ZenRoad app for the trial period
    ZenRoad uses our backend and for the Authentication process asks either a phone number or email (you can select it during the registration process).
    Also, the app has a profile page, however, we don’t require users to complete it. It doesn’t impact the app performance.

Apart from that, Auth details (phone or email) are hosted on AWS region Ohio and will be deleted by your request.