Privacy Policy for Nauto Services and Products

Effective date: 12/17/2024

This Privacy Policy ("Policy") describes what information Nauto, Inc. and Nauto Global Limited, its service providers, and affiliates (collectively, "Nauto," "we," "our" or "us") collects when you use Nauto's product and services and how Nauto processes this information for itself and on its customers' behalf.

When we talk about the "Services" in this Policy, we are referring to the use of the Nauto device (both the device hardware and the software which supports and interacts with the device), Nauto's applications, use of your account through the Nauto website or other Nauto products and services. If you are a website user, we provide additional details about how we collect and use information from our public website in our Privacy Policy for Nauto Website Visitors.

Nauto Global Limited, an Irish registered company, will provide the Services to Nauto's Customers in the European Union, and Nauto, Inc., a United States company, will provide Nauto's customers with the Services in all other countries. Details of these Nauto companies are set out at the end of this Policy.

Nauto’s role

1. Customer data

Nauto is a processor of any personal information it processes when providing the Services. This means that it will only process the personal information pursuant to the controllers' ( i.e. "customers" such as your employer) instructions.

Nauto may, on behalf of its customers, collect and analyze information (including personal information) about users (such as drivers and passengers) of the Services and other individuals (such as members of the public whose images may be captured by the Services). This content and information is referred to in this Policy as "Customer Data" and is controlled by Nauto's customers. To the extent that Nauto captures, stores and analyzes Customer Data, Nauto does so on behalf of its customers.

If you are using the Services by invitation of a Nauto customer, whether that customer is your employer, another organization, or an individual, Nauto collects, stores, and analyzes your data on behalf of its customer in a manner consistent with this Privacy Policy, though that customer will otherwise determine its own additional policies regarding the treatment of Customer Data in its possession which may apply to your use of the Services. Nauto may implement some of these policies on its customers' behalf. Please check with the customer about the policies it has in place.

2. Nauto data

Nauto is a controller of "Nauto data". Nauto anonymizes or pseudonymizes certain personal information to train the Nauto algorithm, which will benefit the customers from which the data originates, Nauto and other Nauto customers as well as improve road safety.

What Information Does Nauto Collect and Receive?

1. Customer Data

The Nauto device is an intelligent fleet safety system that allows the collection of internal and external event data from vehicles in order to improve driver safety and fleet operations. Nauto devices use image sensor and position sensor technology to scan a driver's environment and collect information. This includes:

Technical information: The device's image sensors are both inward and outward facing. In addition to potentially capturing limited video clips and images of drivers and passengers, the Nauto device may also collect the following types of information:

  • GPS location
  • Network or internet protocol addresses
  • Operating system ID
  • Mobile network details
  • Nauto device identifier or registration details
  • Nauto device settings
  • Date, time and type of web requests

Information about driving and road conditions: The Nauto device and Services may also collect information about a vehicle's environment and experience while on the road, including information about:

  • Geographic location and relative proximity of a vehicle to other vehicles
  • Hazards, such as pedestrians (whose faces may be blurred), bicycles, weather, and other vehicles
  • Signs, traffic control devices, lane markings and similar road infrastructure
  • Collision, near-miss, hard braking, acceleration or cornering events
  • Traffic patterns, speeds, and flow
  • Lane and road departure
  • License plate numbers (which may be blurred) and other information such as color or make of surrounding vehicles
  • Not obeying the rules of the road e.g. running a red light

Information about drivers and passengers: The Nauto device and Services may also collect other personal information about drivers (and passengers where indicated) such as:

  • Vehicle identification number ("VIN")
  • License plate
  • Face of driver
  • Driver's posture and other behaviors when driving
  • Drivers and passengers involved in a collision
  • Live camera feed / photo images including passengers
  • Audio recordings including passengers (if enabled)

Driver activity: The Nauto device's software may also analyze driver behavior, posture and movements in order to help ensure safety and prevent accidents. This is done for safety reasons in order to protect the vital interests of the drivers and passengers. The device may process the following information about a driver's behavior:

  • Driver behavior and actions or inaction
  • Driving and collision risks
  • Number of passengers in the vehicle
  • Drowsiness
  • Inattention (e.g., phone use, passenger activity)
  • Braking
  • Speed, acceleration, and mileage
  • Driving time
  • Nauto device tampering
  • Vehicle security (e.g., detecting sound of broken glass, stolen vehicle)
  • Not obeying the rules of the road, e.g. texting while driving, ignoring traffic control signals or signs, DUI (i.e. drunk-driving)

Driver profile: If specifically requested by the customer, the Nauto device may use videos and photographs in order to create a limited abstracted non-geometric visual profile of a driver for that Nauto customer. Only at the customer's direction, this software may create a limited profile that is used to determine similarity of appearance of a driver in one particular photo or a video captured by a Nauto device to another photo or a video captured by a Nauto device to match multiple trips (potentially across multiple vehicles in the fleet) into one driver record for the customer's benefit.

To provide more details, and to the extent requested by a customer, we may display a driver's Profile name and photo, and link that Profile with information collected by that driver's Nauto device. In order to create these Profiles on behalf of customers, Nauto may collect information such as names, username, password, photographs, location, and contact information of drivers.

Customer or emergency services: At customer's request, for coaching or emergency services, the Nauto

Services may also receive from customer input or customer systems other personal information about drivers to be added, only at customers' request, to driver profiles such as:

  1. Phone number
  2. Email address
  3. Home/work address
  4. Driver's license / ID information
  5. Date of birth
  6. Emergency contact information
  7. Name

Passersby: Some images and information about members of the public may also be captured by the device.

2. Nauto Data

Account creation information

Customers may create a Nauto account to make it easier to communicate with us and access the Services we provide. To create an account, customers may be asked to provide information such as names, usernames, passwords and contact information.

Services usage information

This is information about customers and customer personnel who are accessing and using the Services, which may include details of administrative, technical and support communications with us.

Log data

When our Customers use the Services we may collect log data such as your Internet Protocol address, the date and time of your use of the Services and cookie data.

Pseudnomymized/Anonymized data

When permitted by our customers, we anonymize or pseudonymize certain Customer data to train our algorithm.

How Does Nauto Use the Information it Collects?

1. Customer data

Provide and Improve Nauto Services

Nauto may access and use Customer Data as reasonably necessary and in accordance with a customer's instructions to provide and improve the Services. For example, Nauto may, on its customers' behalf and in accordance with their instructions, use this information to understand and predict traffic flows, advise drivers of hazards in real time, determine the cause and consequence of individual driving behavior and events and develop composite safety scores for drivers or vehicles or portions of the customer organization (e.g. a region or subfleet).

Nauto may also use Customer Data as set forth in our agreement with the customer or as expressly permitted in writing by the customer or as required by law.

Technical support

Nauto may also use this information to provide technical support, to prevent or address service, security, technical issues, to improve the quality of service Nauto provides or at a customer's request in connection with customer support matters.

To understand and develop our Services

We carry out research and analyze trends to better understand how users are using the Services and improve them for the customers.

Communicating with customer personnel and marketing

If customer personnel contact us with a problem or question, we will use customer personnel information to respond. We may also send customer personnel service and administrative emails and messages, and we may contact customer personnel to inform them about changes in our Services, our service offerings, and important service-related notices, such as security and fraud notices. These emails and messages are considered part of the Services we are contractually obliged to provide to customers' personnel and, apart from marketing emails, customer personnel may not opt-out of them. Where we send emails about new product features or other news about Nauto, customer personnel and other recipients can opt out of these at any time.

2. Nauto data

Billing and account management

We use account data to administer accounts and keep track of billing and payments. This processing of Nauto Data is necessary for us to provide the Services to Customers.

Investigating fraud and abuse

We work hard to keep the Services secure and to prevent abuse and fraud. Any processing of Nauto Data in these circumstances will be in our legitimate interests and the legitimate interests of our customers and their personnel to have their data kept secure and free from abuse and fraud. Processing of Customer Data in these circumstances shall be on behalf of our customers.

Anonymizing/pseudonymizing data to train the Nauto Algorithm

This Policy is not intended to place any limits on what Nauto does with data that it anonymizes/pseudonymizes such that the data is no longer associated with and can no longer be linked to an identifiable user or customer of the Services. Nauto uses anonymized/pseudonymized information for business purposes, including for product improvement, analytics, industry and market research, and other purposes consistent with Nauto's business needs. Examples of anonymized/pseudonymized information used by Nauto include information on:

  • Road signs and traffic lights
  • Vehicle density and speeds
  • Parking spaces
  • Collision and near miss hotspots
  • Typical patterns and risks of different maneuvers
  • Parking and stops
  • Risk scoring
  • Scenario risk, based on context (e.g. risk in a construction zone, pothole)
  • Location and labeling of objects such as vehicles and traffic signs
  • Driving paths
  • Risk events
  • Vehicle speed and change in velocity or delta-V
  • Dynamic aggregated data (e.g., traffic data, construction activity, weather, road conditions)
  • Infrastructure data (e.g., pot holes, number of lanes, lane markers, stop sign / signal locations)

How Does Nauto Share the Information It Collects?

Nauto may share information described in this Policy from time to time. Our customers determine their own policies for the sharing and disclosure of Customer Data. Nauto does not control how customers or their third parties choose to share or disclose Customer Data.

1. Customer data

Nauto may share Customer Data and other information in accordance with our agreement with our customers and our customers' instructions, including with:

  • Customers: Nauto may share Customer Data and other information in accordance with our agreement with customers. This means that customers, and third parties that customers designate to receive their Customer Data, can receive up-to-date information about a driver's location, speed, driving hazards, and attentiveness, in addition to in-depth analysis of driver safety, traffic dynamics, or insurer loss data. There may be times when a user contacts Nauto to help resolve an issue specific to the Services. In order to help resolve the issue and given our relationship with our customer, we may share this concern with our customer.
  • Third Party Service Providers and Agents: Nauto may provide information to vendors, service providers, and other partners who help provide the Services and who, like Nauto, will use this information in accordance with instructions from Nauto's customers either directly or through Nauto. These partners must adhere to strict confidentiality obligations that are consistent with this Policy and the agreements Nauto enters into with them.
  • Sharing of Pseudonymized/Anonymized Data: Nauto may disclose or use pseudonymized/anonymized information for any purpose, including for business, public interest, or research purposes. For example, we may use this information to advise other customers, including fleet owners and insurers, and Nauto drivers about driving conditions and to warn them of hazards. Nauto may also use this information to provide customers with other fleet management services, general risk analysis and traffic analysis.
  • Affiliates: Nauto may engage affiliates in our corporate group to process Customer Data in accordance with our agreement with Customers.
  • Legal Compliance: Nauto may share information to comply with legal or regulatory requirements and to respond to lawful requests, court orders and legal process.
  • Emergency Services: Nauto may contact emergency services and share Customer Data on behalf of its customers if there is an accident based on information that Nauto receives from Nauto devices. This is to protect the vital interests of drivers, passengers or members of the public.

2. Nauto Data

  • Changes to Business Structure: In the event Nauto is involved in a merger, acquisition, bankruptcy, dissolution, reorganization, sale of some or all of Nauto's assets, financing, acquisition of all or a portion of our business, a similar transaction or proceeding, or steps in contemplation of such activities (e.g. due diligence).
  • Fraud and Illegal Activity: Nauto may share Nauto Data to enforce our rights, prevent fraud and for safety. This is in order to protect and defend the rights, property, or safety of us or third parties, including enforcing contracts or policies, or in connection with investigating and preventing fraud.

How Does Nauto Handle Security, Data Retention and Storage?

Security

Nauto takes security seriously. Nauto maintains administrative, technical, and physical safeguards designed to protect the privacy and security of the information that it collects. These safeguards take into account the nature of the information we collect, process and store, and the current state of technology. The Nauto cloud is supported by customer authorized third-party vendors and service providers that process and store information in compliance with this Policy and any other appropriate confidentiality and security measures.

In addition to technological security measures, Nauto places access controls on its employees, contractors, and agents.

Nauto protects all behavior and driver profile information using the same or more strict security procedures that it uses to protect other confidential data.

Data Retention

1. Customer Data

We only retain Customer Data if necessary in accordance with our agreement with the customer or as expressly permitted in writing by the customer or as required to comply with our legal obligations.

Generally, Nauto retains such information for no longer than is reasonably necessary. Subject to legal obligations and restrictions, Nauto will make reasonable, good-faith efforts to permanently destroy all such information pertaining to a person under the following circumstances:

  • If three years have passed since the last interaction between Nauto and the person, provided the customer contract no longer is in place.
  • A person who remains employed by a Nauto customer "interacts" with Nauto so long as that person remains employed by the Nauto customer;
  • If Nauto is informed by a customer, in writing, that the person is no longer employed by the customer; or
  • If a person requests, in writing, permanent deletion of all information relating to that person.

2. Nauto Data

Generally, we only store Nauto Data for as long as is necessary for the business purposes for which the data is processed by Nauto. This means certain account creation information and general account information along with Services usage information will typically be stored while the account remains active or for shorter periods if possible. We may retain certain Nauto Data after an account has closed if retention is reasonably necessary to comply with our legal obligations, meet regulatory requirements, resolve disputes, prevent fraud or abuse, or enforce this Policy and our agreements with customers. For example, certain Nauto Data such as financial and payment information may need to be stored for a number of years after payment is made in accordance with applicable tax and corporate laws. Nauto may store anonymized data, indefinitely.

Storage

Most data (including most Customer Data) is temporarily stored locally on the Nauto device and only select data as agreed with the customer (including only select Customer Data) is sent up into the cloud in the USA.

Does Nauto Use Children's Information?

The Services are not directed at children under 13 years. If you learn that a child under 13 has provided us with personal information without parental or guardian consent, please contact us. Should our Services capture information about children (as passengers or outside the relevant vehicle), this information will only be processed on behalf of customers where it is in the vital safety interests of children or those of others or where the processing is in our customers' legitimate interests or those of the children or the public.

Does Nauto Transfer Data Internationally?

If you are using the Services in the European Union or other regions outside of the United States with laws governing data collection and use that may differ from U.S. law, be advised that Nauto may transfer your information, Customer Data and Nauto Data to the United States and other countries with differing data protection laws and differing government agency data access rules.

If we collect your information in the EU or the UK when we transfer your information outside the EU or the UK, we may transfer it to countries that have been recognized as offering an adequate protection by the EU or the UK. When this adequacy status has not been offered, we use standard contracts that can be used in the EU or the UK to safeguard your information while transferring it outside the EU or the UK.

Nauto, Inc., complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF,  as set forth by the U.S. Department of Commerce. Nauto, Inc. has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. If there is any conflict between the terms in this Policy and these EU-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) Program, and to view Nauto Inc.’s certification, please visit https://www.dataprivacyframework.gov/.

Nauto, Inc. is accountable for the personal information received under the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, including any subsequent transfers to third parties Nauto, Inc. engages solely to the extent such third parties are acting on Nauto Inc.’s behalf.

If third-party agents process personal data on Nauto Inc.’s behalf in a manner inconsistent with the DPF Principles, Nauto, Inc. remains responsible and liable under the EU-U.S. DPF and the UK Extension unless Nauto, Inc. demonstrates that it is not responsible for the event giving rise to any damages.

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, Nauto commits to resolve DPF Principles-related complaints about our collection or use of your personal information. EU and UK individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF should first contact Nauto at privacy@nauto.com.

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, Nauto commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://www.jamsadr.com/DPF-Dispute-Resolution for more information or to file a complaint. The services of JAMS are provided at no cost to you. You may also have the ability, under certain conditions, to invoke binding arbitration for complaints regarding EU-U.S. DPF and the UK Extension to the EU-U.S. DPF compliance not resolved by a complaint to Nauto or through JAMS. More information related to this arbitration procedure is available at https://www.dataprivacyframework.gov/s/article/ANNEX-I-introductiondpf?tabset-35584=2. Nauto is subject to the investigatory and enforcement powers of the Federal Trade Commission with respect to its compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF.

Do the Nauto Services Give Me Any Data Subject Rights?

1. Customer Data

If your personal information is comprised in Customer Data, then you should contact the customer in relation to any statutory rights you may have to access, rectify, erase, restrict or object to customer's processing of your data.

2. Nauto Data

If you are based in the EEA, UK, Switzerland or are a legal resident of California in the U.S., you have certain rights in relation to your information if your personal information is comprised in Nauto Data. Depending on your location, the following may apply:

  • Access. You have the right to access such information, and to receive an explanation of how we use it and who we share it with. This right is not absolute. For example, we cannot reveal trade secrets, or give you information about other individuals.
  • Erasure. You have the right to request deletion of such information. We may need to retain some of your information comprised in Nauto Data where there are valid grounds for us to do so under data protection laws.
  • Objection and withdrawal of consent: You have the right to (i) withdraw your consent where you previously provided such consent; or (ii) object to our processing of such information where we process such information on the basis of our legitimate interests (see above under How we use your personal information).
  • Portability. You have the right to receive a copy of such information we process on the basis of consent or contract in a structured, commonly used and machine-readable format, or to request that such information is transferred to a third party.
  • Correction. You have the right to correct any such information held about you that is inaccurate.
  • Restriction. You have a right in certain circumstances to stop us processing such information other than for storage purposes.

In compliance with the EU-U.S. DPF Principles, individuals have the right to (a) access the personal information about them that is comprised in Nauto Data and be able to correct, amend, or delete that information where it is inaccurate, or has been processed in violation of the Principles, except where the burden or expense of providing access would be disproportionate to the risks to the individual's privacy in the case in question, or where the rights of persons other than the individual would be violated and (b) opt out of (i) disclosing their information to a third party, unless such third party is acting as an agent to perform task(s) on behalf of and under the instructions of Nauto and (ii) their information being used for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by the individuals.

Please use the contact details set out below to contact Nauto Global Limited should you wish to exercise these rights. You can also access your personal information comprised in the Nauto Data by sending us a request at privacy@nauto.com. After we verify your identity, we will provide you with a copy of this personal information. If you are based in the European Union, without prejudice to any other rights you may have, you also have the right to file a complaint against Nauto Global Limited with your lead supervisory authority, and also with the Irish Data Protection Commissioner, which is our Lead Supervisory Authority by contacting them at info@dataprotection.ie.

How Does Nauto Advise of Changes to This Privacy Policy?

We may revise this Policy from time to time. We will provide notice of any changes on this page, and if the changes are significant, we will provide a more prominent notice, for example by contacting our customers. By continuing to access or use the Services after those changes become effective, you agree to be bound by the revised Policy.

How Should You Contact Us?

If you have any questions about Nauto's Policy or practices and if you are based in the European Union, please contact Nauto Global Limited at privacy@nauto.com or at the address below:

Nauto Global Ltd
Bank of Ireland Workbench
39 St Stephen's Green
Dublin 2, D02 HF62, Ireland

Nauto Global Limited will be the data controller of Nauto Data in relation to its customers in the European Union.

If you have any questions about Nauto's Policy or practices and if you are based outside the European Union, please contact Nauto, Inc. at privacy@nauto.com or at the address below:

1259 Reamwood Ave.
Sunnyvale, CA 94089 USA

English