Privacy Policy

This Privacy Policy (hereinafter, the “Policy”) explains how Route Watch (hereinafter, the “Company”, “we”, “us”, “our”) collects, uses, stores and protects personal information when you use our website, GPS‑monitoring hardware and other related online services (collectively, the “Service”).

By using the Service, you confirm that you have read and agree to the terms of this Policy. For additional clarification, please contact us via the contact page on our website.

• Client / User – a legal entity or individual who has signed an agreement with the Company and uses the Service to manage a vehicle fleet.
• Equipment – GPS trackers, OBD‑II devices and other devices offered by the Company to enable data collection.
• Personal data – any information that directly or indirectly relates to an identified or identifiable natural person.

The scope and nature of the data collected depend on how you use the Service. We may collect the following categories of personal data:

We have lawful grounds for collecting and processing personal data. Under data protection law, there are several possible grounds for processing, of which we use the following:

1. Performance of a contract – when processing is necessary for concluding or performing a contract between you and the Company. For example, we process your contact and telematics data to provide GPS‑monitoring services, issue invoices, support your account and ensure that the equipment functions properly.
2. Legitimate interest – when processing is required for our legitimate interests, such as improving the Service, usage analytics, fraud prevention or ensuring security, and these interests do not override your rights and freedoms. We perform a balancing test to ensure that our aims are justified and proportionate.
3. Compliance with legal obligations – when the law obliges us to process or store certain data, for example, to maintain accounting records, fulfil tax or other regulatory requirements, or respond to lawful requests from public authorities.
4. Consent – when we ask for your explicit consent for certain purposes, such as marketing newsletters or the use of optional cookies. Providing consent is voluntary, and you may withdraw it at any time; withdrawal does not affect the lawfulness of processing based on consent before its withdrawal.

In exceptional cases, we may rely on other bases provided by the GDPR (for example, protecting vital interests or performing a task in the public interest), but such situations are unlikely for our Service. We will not process data if we do not have a lawful basis.

We use the collected data solely for the purposes stated in this Policy, in particular:

1. Providing and maintaining the Service – creating and managing an account, deploying software, tracking vehicles, monitoring routes and technical condition, sending notifications, generating reports and analytics.
2. Processing orders and payments – selling and delivering equipment, renewing subscriptions, issuing invoices, processing payments through the payment processor.
3. Communicating with the Client – sending service messages (event alerts, tariff changes, important updates), responding to support requests and sending informational newsletters.
4. Marketing and promotional offers – with your consent, we may send information about new features, promotions and partner offers and analyse the effectiveness of such messages. You can opt out of marketing emails at any time.
5. Analytics and improvement – analysing use of the Service, testing new features, identifying and fixing errors, optimising the interface.
6. Ensuring security and preventing fraud – detecting suspicious activity, protecting account access, preventing unauthorised use of devices and data.
7. Compliance with the law and protection of rights – responding to lawful requests from public authorities, courts or other competent bodies, and protecting our rights or those of Clients, for example in case of claims or disputes.

We do not sell personal data. Disclosure is made only in cases necessary for the operation of the Service or as required by law:

1. Service providers. We engage third‑party companies for hosting (AWS), payment processing (Stripe), SMS communications (Twilio), analytics (Google Analytics), email delivery, order processing, equipment delivery and other operations. They process data solely under our instructions and are not permitted to use it for their own purposes.
2. Client administrator. If you have a corporate account, your employer or another authorised person (administrator) may receive access to reports and data related to vehicles, drivers and events.
3. Business transfer. In the event of a merger, acquisition, sale or reorganisation of the Company, user data may be transferred to a new legal successor, but subject to existing confidentiality obligations.
4. Compliance with the law. We may disclose information upon request of state authorities or a court if required by law, or to protect our rights, the safety of users or third parties.
5. Device manufacturers. To improve the quality and diagnostics of devices, we may transmit anonymised telematics data to tracker manufacturers. Such data do not contain information that allows identification of specific users or vehicles.

In addition, we may publish aggregate and de‑identified statistical information for analytical or research purposes. Such information does not contain personal data and does not allow identification of specific individuals or vehicles.

The Service’s servers are located in the European Union (AWS Frankfurt region). Because we provide services to international clients, data may be transferred between countries. Where such transfers occur, we ensure an adequate level of protection by using standard contractual clauses or other mechanisms permitted by law. By using the Service, you acknowledge that your information may be transferred and processed outside your country of residence.

We retain data only for as long as necessary to fulfil the purposes described in this Policy or as required by law. Approximate terms:

• GPS and telematics data: 6 months for the Base plan, 12 months for Pro, unlimited for Enterprise (after the term ends, data may be deleted or anonymised).
• Account and contact data: retained for the entire period of your account’s existence. You can update or delete these data via the “Delete account” function in the administration panel. In case of deletion, we anonymise or delete data unless we are required to retain them longer by law.
• Payment data: the Company does not store bank card numbers; these data are processed by the payment processor. We may retain transaction information (date, amount, status) for financial reporting.
• Cookies and analytics data: according to cookie settings and the policy of the relevant analytics service.

After the specified periods expire, the data are deleted, anonymised or blocked, except when the law requires longer storage.

We implement technical and organisational measures to protect personal information from unauthorised access, alteration, loss or destruction. These include:

• encryption of data during transmission (HTTPS, TLS);
• access control and authentication;
• separation of data between clients;
• regular security monitoring and system updates;
• supplier audits.

Despite our efforts, no method of transmission or storage of data can guarantee absolute security. If you suspect a security breach, please notify us immediately.

Depending on the applicable law (for example, the Ukrainian Law “On Personal Data Protection”, the GDPR or others), you may have the following rights:

1. Right of access – to obtain confirmation of whether your data are being processed and to receive a copy of them.
2. Right to rectification – to correct inaccurate or incomplete personal data.
3. Right to erasure – in certain circumstances to request deletion of your data (the “right to be forgotten”).
4. Right to restrict processing – to temporarily restrict the use of data.
5. Right to data portability – to receive your data in a structured format for transfer to another service provider.
6. Right to object – to contest processing if it is based on legitimate interest.
7. Right to withdraw consent – to withdraw consent to processing (for example, for marketing mailings).
8. Right to lodge a complaint – to contact a competent data protection authority if your rights are violated.

To exercise your rights, you can submit a request using the contact details provided on our website. We may require confirmation of your identity and may refuse to comply with the request where permitted by law (for example, when deletion conflicts with an obligation to retain data).

Important: users may modify and update only those personal data that they provide during registration (name, email, contact information, etc.). Telematics data, GPS records and diagnostic readings are factual records of the movement and technical state of vehicles; these data are presented for information purposes and cannot be edited. You may view and export them, but modification or deletion is possible only within the retention period.

The Service does not include a specific age restriction; however, its use requires the ability to enter into a contract and accept the terms of this Policy. If a user has not reached the age of majority under the law of their country, they should use the Service with the consent and under the supervision of parents or legal guardians. If you become aware that a minor has provided us with their data without such consent, please let us know and we will take steps to delete them.

We may update this Policy from time to time to reflect changes in legislation, technology or our activities. The updated version will be published on our website with a new date. We recommend reviewing the Policy periodically. By continuing to use the Service after changes take effect, you agree to the new version.