Skip to main content

Privacy Policy

Last updated: 18 March 2026

1. Data Controller

FleetAgent Pro Ltd ("FleetAgent Pro", "we", "us", "our") is the data controller for personal data collected through our fleet management platform. We are committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Data (Use and Access) Act 2025.

Company: FleetAgent Pro Ltd, registered in England and Wales (Company No. — contact us for details)

Data Protection Contact: privacy@fleetagent.pro

ICO Registration: Contact us for details

2. Information We Collect

We collect the following categories of personal data:

  • Account information: Name, email address, password (hashed), organisation details
  • Fleet data: Vehicle records (registration, make, model, odometer), driver profiles (name, licence details), fuel transactions (date, amount, location, card details)
  • Usage data: Pages viewed, features used, session duration (collected via Plausible Analytics, which is cookieless and does not collect personal data or IP addresses)
  • Billing information: Processed by Stripe (we do not store full credit card details)

3. Lawful Basis for Processing

Under Article 6 of the UK GDPR, we process your personal data on the following lawful bases:

  • Contract performance (Art. 6(1)(b)): Processing necessary to provide the FleetAgent Pro service to you, including account management, fleet data processing, and billing
  • Legitimate interest (Art. 6(1)(f)): Service improvement, security monitoring, fraud prevention, and aggregated analytics. You may object to processing based on legitimate interest at any time.
  • Legal obligation (Art. 6(1)(c)): Tax reporting, HMRC requirements, and data retention obligations under UK law

4. How We Use Your Data

Your data is used exclusively to operate and improve FleetAgent Pro:

  • Service delivery: Display dashboards, calculate analytics, generate alerts, import fuel transactions
  • Communication: Account notifications, billing reminders, service updates, support responses
  • Improvement: Identify bugs, optimise performance, understand feature usage

We do not sell your data to third parties. We do not use your data for advertising or marketing to third parties.

5. Sub-processors and Data Sharing

We share data with the following sub-processors to deliver the service. All sub-processors are bound by data processing agreements compliant with the UK GDPR:

  • Supabase (Supabase Inc.): Authentication and user management. Data hosted in the EU. Processing governed by Supabase DPA.
  • Google Cloud Platform (Google LLC): Database hosting, application hosting. Data hosted in London (europe-west2), UK. Processing governed by Google Cloud DPA.
  • Stripe (Stripe Payments Europe Ltd.): Payment processing and subscription billing. Stripe is authorised by the FCA and processes data under its own controllership for payment compliance. Processing governed by Stripe DPA.
  • Resend (Resend Inc.): Transactional email delivery (alerts, billing notifications). Processing governed by Resend DPA.
  • Plausible Analytics (Plausible Insights OÜ): Privacy-friendly, cookieless web analytics. Plausible does not collect personal data, IP addresses, or use cookies. Data hosted in the EU.

6. International Data Transfers

Your core fleet data is hosted in the United Kingdom on Google Cloud London (europe-west2). Where data is transferred to sub-processors outside the UK, we ensure appropriate safeguards are in place:

  • UK adequacy decisions: Transfers to the EEA are covered by the UK's adequacy finding for EU/EEA countries
  • UK International Data Transfer Agreement (IDTA): Transfers to non-adequate countries (e.g. the US) are covered by the UK IDTA or the UK Addendum to the EU Standard Contractual Clauses, as approved by the ICO

7. Data Retention

We retain your data according to the following policies:

  • Active accounts: Data retained for as long as your account is active
  • Deleted accounts: Data deleted within 30 days of account deletion (backup copies may persist for up to 90 days)
  • Billing records: Retained for 7 years to comply with HMRC requirements

You can request immediate data deletion by contacting us at privacy@fleetagent.pro.

8. Your Rights Under UK GDPR

Under the UK GDPR and the Data Protection Act 2018, you have the following rights:

  • Right of access (Art. 15): Request a copy of all personal data we hold about you
  • Right to rectification (Art. 16): Correct inaccurate or incomplete data
  • Right to erasure (Art. 17): Request deletion of your personal data (subject to legal retention requirements)
  • Right to restriction (Art. 18): Request we stop processing your data while disputes are resolved
  • Right to data portability (Art. 20): Receive your data in a structured, commonly used, machine-readable format (CSV) for transfer to another service
  • Right to object (Art. 21): Object to processing based on legitimate interest
  • Rights related to automated decision-making (Art. 22): We do not make solely automated decisions with legal or similarly significant effects
  • Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing

To exercise any of these rights, contact us at privacy@fleetagent.pro. We will respond within one calendar month as required by the UK GDPR. This period may be extended by two further months for complex requests, in which case we will inform you within the first month.

9. Cookies and Analytics

Essential cookies only. FleetAgent Pro uses a session cookie from Supabase to keep you signed in. This is a strictly necessary cookie required for the service to function and does not require consent under the Privacy and Electronic Communications Regulations 2003 (PECR).

Analytics cookies. We use Plausible Analytics, a privacy-focused tool that does not use cookies and does not collect personal data or IP addresses. Out of an abundance of caution under PECR, we ask for your consent before initialising Plausible. You will see a banner on your first visit. You can accept or decline, and change your choice at any time via the Cookie settings link in our footer.

No tracking or advertising cookies. We do not use Google Analytics, Facebook Pixel, or any third-party tracking services. We do not track your browsing behaviour across other websites.

10. Data Security

We implement appropriate technical and organisational measures to protect your data as required by Article 32 of the UK GDPR:

  • Encryption: Data encrypted in transit (TLS 1.3) and at rest (AES-256)
  • Access controls: Role-based permissions, multi-factor authentication for admin accounts
  • Hosting: Data hosted on Google Cloud London (europe-west2) within the United Kingdom
  • Monitoring: Automated security scanning, intrusion detection, regular security reviews
  • Backup: Daily encrypted backups with 90-day retention

While we implement strong security measures, no system is 100% secure. If you discover a security vulnerability, please report it to security@fleetagent.pro.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of significant changes via email or an in-app notice at least 30 days before the changes take effect. Continued use of FleetAgent Pro after notification constitutes acceptance of the updated policy.

12. Supervisory Authority

If you are not satisfied with our response to a privacy request, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF
United Kingdom

Helpline: 0303 123 1113

Website: ico.org.uk

13. Contact Information

For privacy inquiries, data access requests, or to exercise your rights under the UK GDPR:

Email: privacy@fleetagent.pro

Response time: We will respond to all privacy requests within one calendar month as required by the UK GDPR.