Damoov Data Privacy Policy

Introduction

At Damoov, we prioritize the data privacy of our clients and their end-users. As a leading provider of mobile telematics technology, we are committed to transparent and secure data handling. This policy sheds light on our data practices and the controls we have in place.

Data Collection and Use

  1. Types of Data Collected:

    • Telematics Data: This includes GPS, accelerometer, and gyroscope data.
    • Phone Status Data: Charging level, event of connecting smartphone to a charger, and connecting to WiFi (without specific WiFi details).
    • Smartphone Permissions Data: Access to GPS, fitness sensors, mobile data, WiFi status, low power mode, and low GPS accuracy.
    • User Details (Optional): Our clients may share details like name, surname, custom ID, phone number, email address, date of birth, car make, and model. These details, if shared, are stored in a separate database and only combined with telematics data in our Datahub portal for client-specific activities.
  2. Use of Data:

    • We capture telematics data, linking it to a user ID (UUID), ensuring data personalization.
    • Damoov uses depersonalized and aggregated data to refine ML and scoring models without any third-party sharing.
    • Data collected via Damoov SDK belongs to a product owner (Customer).

Data Storage and Management

  1. Data Storage: Our infrastructure resides in France, hosted across OVH and AWS. All communication is securely managed using HTTPS protocol, with further protection from Cloudflare, AWS, and Windows in-built security tools.

  2. Access Control:

    • Data access requires short-lived JWT tokens managed by Auth0.
    • Company administrators manage access via Datahub. API access for a company is granted through admin credentials (managed via Datahub). API access for end-users is granted through individual access tokens.
  3. Data Retention:

    • Trip Waypoints: Stored for 3 months by default.
    • Aggregated Statistics: Stored until the user profile renewal.
    • Heartbeats Data: Stored for 30 days by default.
    • Crash Data Buffer: Stored for 30 days by default.
  4. Third-Party Integrations: We share depersonalized waypoints with Google Maps and HERE Technology to transform GPS data into geo-information.

Data Security

  1. Security Protocols: Robust encryption is used during data transfer, and perimeter security measures are in place for data at rest.
  2. Data Breach Protocols: In case of a breach, immediate actions are taken to mitigate further damages. Affected clients will be informed within 30 minutes of detection.

Rights and Controls

  1. User Rights: Clients have full access to their data at every stage of the data management cycle. This includes access at the application level, SDK data reception, platform, API, and data-export connectors.
  2. Data Deletion & Download: Clients can delete or download their data via Datahub, APIs, or by reaching out to our support team.
  3. Opt-Out & Custom Configuration: Clients can determine the level of data processing and can configure it via our support team.
  4. Incident Reporting: Clients can report anomalies or concerns related to data privacy through our customer support portal.

General Provisions

  1. Compliance: We are GDPR-compliant and align with best practices in data privacy.
  2. Consent: Clients and end-users grant consent by registering, accepting our terms, and integrating our solution.
  3. Policy Updates: Clients will be informed about policy changes via email.
  4. Liability: Damoov assumes responsibility, with liability limited to $5000 per case, in the event of data mishandling or mismanagement.

Conclusion

Damoov remains dedicated to providing a secure, transparent, and compliant data environment. We don't sell data to third parties. If there are further queries, clients can refer to our detailed guidelines here or reach out to our support team.