Privacy Policy
This policy explains what information VettyFleet (βwe,β βusβ) collects, how we use it, and the choices you have. It covers our marketing site at vettyfleet.com and the application at app.vettyfleet.com (the βServiceβ).
The short version: we collect what we need to run a compliance platform and nothing more. We never sell personal information, we don't run advertising, and the fleet records you enter belong to your company β we process them only to provide the Service.
1. Two kinds of data
It helps to separate the two roles we play:
- Account data β information about you and your company (name, email, company location, billing status). For this, we decide how the data is used and this policy applies directly.
- Fleet records β the driver, vehicle, and credential information your company enters into the Service, which can include driver names, license numbers, contact details, hire dates, medical certificate dates, uploaded documents, and DOT drug-and-alcohol testing records. For these, your company is the controller and we act only as its service provider: we process fleet records solely on your company's instructions to provide the Service. Drivers who have questions about records their employer keeps in VettyFleet should contact their employer; we assist employers with those requests.
2. What we collect
- Account and profile: your name, work email, a hashed password (never the plain text), and company name, city, and state. If you sign in with Google, we receive your name and email from Google β never your Google password.
- Fleet records: whatever your company enters, as described above. Testing results are used only to compute compliance status inside your own portal.
- Billing: payments are handled by Stripe. We store your subscription status and plan; card numbers go directly to Stripe and never touch our servers.
- Usage and logs: standard server logs (IP address, browser type, pages requested) kept for security and debugging.
- Marketing-site analytics: vettyfleet.com uses Google Analytics to understand traffic. The application itself contains no analytics or advertising trackers β only the cookies it needs to keep you signed in (session and CSRF cookies).
- Contact form: the name, email, and message you submit so we can reply.
3. How we use information
To provide and secure the Service; to compute compliance statuses and send the notifications you'd expect (renewal digests, account emails like verification, password resets, and team invitations); to bill subscriptions; to answer support requests; and to understand marketing-site traffic in aggregate. We do not sell personal information, share it for advertising, or use fleet records for any purpose other than serving your company. We do not use your data to train AI models.
4. Who processes data for us
We use a small set of infrastructure providers, each bound by their own contractual and legal obligations:
| Provider | Purpose | What they handle |
|---|---|---|
| Amazon Web Services | Hosting (United States) | All application data and documents |
| Stripe | Payments | Billing details, card information |
| Resend | Transactional email | Email addresses and message content |
| Optional sign-in; marketing-site analytics | Sign-in identity; site usage statistics |
Beyond these providers, we disclose information only if the law requires it (for example, a valid subpoena) or to protect the Service from abuse β and we notify you when legally permitted.
5. Security
All traffic is encrypted in transit with TLS. Every account lives in an isolated company portal β your records are never visible to another tenant. Uploaded documents are served only to authenticated members of your company, never at public URLs. Passwords are stored hashed with an industry-standard algorithm, and we keep routine off-site-style database backups so records survive hardware failure. No system is perfectly secure; if a breach affects your data we will notify you promptly, as the law requires.
6. Retention and deletion
- Account data and fleet records are kept while your account is active β that history is the point of a compliance system.
- If you cancel or ask us to delete your account, we delete your company's data from active systems within 30 days (after giving you a chance to export it). Residual copies in backups are overwritten on the normal backup rotation.
- We may retain minimal billing records as required for tax and accounting purposes.
7. Your rights and choices
Depending on where you live β including under the California Consumer Privacy Act β you may have the right to know what personal information we hold about you, to correct it, to delete it, and to receive a copy. We honor these requests for everyone, not just where the law compels it, and we never discriminate for exercising them. Because we don't sell or share personal information for advertising, there is nothing to opt out of. To exercise any right, use the contact form; we will verify the request and respond within the legally required time (45 days under the CCPA). For fleet records, we will route or assist the request through your employer, as the law provides for service providers.
8. Children
The Service is for businesses and is not directed to anyone under 16. We do not knowingly collect personal information from children.
9. Changes to this policy
If we change this policy in any material way, we will notify account owners by email before the change takes effect and update the date at the top of this page.
10. Contact
Questions or requests about privacy? Reach us through the contact form and we'll respond promptly.