Privacy policy

Last Updated: November 13, 2025

This Privacy Policy describes how Fleet Contacts (“we,” “us,” or “our”) handles information in connection with our software-as-a-service (SaaS) platform and iOS application (the “Service”). The Service allows organizations to create, organize, and distribute contact information to managed iOS devices.

By using the Service, you acknowledge and agree to the terms described in this Privacy Policy.

1. Information You Provide

The Service allows customers to create and manage:

Contacts
Contact Groups
Configuration URLs used by your organization’s devices

All data entered into the Service is provided solely by you or by users in your organization. We do not add, modify, or enrich this information.

2. Customer Responsibility for Data Classification

You are solely responsible for ensuring that no sensitive, confidential, or regulated information is stored in any contact, note field, or contact group.

This includes, but is not limited to:

Medical or health information (PHI)
Financial information
Government-issued identifiers
Authentication credentials
Personal data requiring heightened protection under GDPR, HIPAA, or other regulations

We do not monitor the content you upload. Customers are fully responsible for the type of information entered into the system.

3. Public URL Access to Contact Groups

Each contact group you create is accessible via a public URL. This URL is intended to be distributed only to authorized iOS devices in your organization.

Anyone with access to the URL can retrieve the contact group’s data.
You are responsible for keeping this URL confidential and sharing it only with approved devices or individuals.
We recommend treating these URLs as sensitive configuration assets.

We are not responsible for unauthorized access resulting from customers sharing, exposing, or failing to protect these URLs.

4. How Your Data Is Stored

Each customer/tenant is hosted in its own isolated environment, which includes:

A dedicated container runtime
A dedicated database
Logical separation from all other tenants

This isolation is designed to prevent cross-tenant access.

However, the security of your tenant and your contact data also depends on the confidentiality and integrity of the configuration URLs you manage.

5. No Guarantee of Confidentiality

Because customers control:

The data they enter
Who receives configuration URLs
Which devices are configured to retrieve contacts

we cannot guarantee the confidentiality of any data stored in the Service.

By using the Service, you acknowledge that:

You are responsible for protecting access to your URLs.
You are responsible for maintaining appropriate device and user security.
We are not liable for unauthorized access resulting from customer actions, misconfigurations, or sharing.

6. How We Use Technical Information

We may collect limited technical information such as:

Server logs
Device or browser type
Error reports
Usage statistics

This information is used solely to operate, maintain, and improve the Service.

We do not sell or share personal information with third parties for advertising or marketing purposes.

7. Data Retention & Deletion

Your data is retained for as long as your account remains active.
If you close your account, all contact and group data are removed from active systems within a commercially reasonable period.
You may request deletion of your data at any time by contacting support@fleetcontacts.com.

8. Security

We implement reasonable administrative and technical safeguards to protect the platform.

However, no system is completely secure, and customers are responsible for:

Ensuring proper access controls
Securing their configuration URLs
Managing which devices can retrieve contact data
Appropriately classifying the data they store

9. Children’s Privacy

The Service is not directed to children under 13, and we do not knowingly collect information from children.

10.1. Data Controller vs. Data Processor

Under the EU General Data Protection Regulation (“GDPR”):

You (the customer/organization) are the Data Controller.
We (Fleet Contacts) act as the Data Processor.

This means:

You determine the purpose and legal basis for storing personal information in the Service.
We process that information only according to your instructions and solely to provide the Service.

10.2. Customer Responsibilities

As the Data Controller, you are solely responsible for:

Ensuring that any personal data stored in the Service is lawful and compliant with GDPR
Avoiding the storage of sensitive or special-category data
Ensuring appropriate consent, notices, and data rights fulfillment for individuals whose information you enter
Securing access to your configuration URLs
Responding to GDPR data subject requests (access, deletion, correction, etc.)

10.3. Our Responsibilities

As the Data Processor, we:

Process data only as needed to deliver the Service
Maintain tenant isolation
Provide reasonable security controls
Do not sell, share, or use your data for unrelated purposes
Assist with GDPR requests where technically feasible and legally required

10.4. Data Transfers

If you use the Service from the EU, you consent to the processing and storage of your data in the United States or other jurisdictions where we operate infrastructure.

11. International Users

If you access the Service outside the United States, you acknowledge and agree that your data may be transferred to and processed in the United States.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When updated, the “Last Updated” date will be revised.

Continued use of the Service indicates acceptance of the revised policy.

13. Contact Us

For questions regarding this Privacy Policy or GDPR matters, contact us:

Fleet Contacts Email: support@fleetcontacts.com