DIRTFLEET
← Back to home

Privacy posture

Plain-English privacy.

The legal terms live at /privacy. This is the operating-engineer's version: what we collect, why, who else touches it, and the GDPR/CCPA tools we built.
Start free trialLegal privacy policy

What we collect

Seven categories.

  • Account

    Email, hashed password, name, optional phone (when the SMS feature is enabled). Required to log you in and to send you the operational emails (trial nudges, work-order assignments, billing).

  • Org membership

    Which DirtFleet org(s) you belong to and your role(s). Drives every authorization decision in the app.

  • Activity

    Hours logs, repair logs, flag actions, work-order updates, tool check-ins, checklist responses, incident reports. The shop's operating data.

  • Optional location

    Per-log GPS only when the org's policy is opt-in / on-by-default AND the device permits. We never run continuous location tracking. Captured at the moment of an explicit save event, not between.

  • Photos / documents

    Driver-uploaded meter photos, repair photos, asset documents (registration, insurance). Stored either in Postgres BYTEA or your-choice S3/R2 bucket — your data, your choice.

  • Audit metadata

    IP address + user-agent string on mutating actions. Drives the AdminAuditLog (DirtFleet staff actions) + AuditLog (org-side actions). Required for SOC 2 Type II compliance.

  • Cookies

    Auth session cookie (HttpOnly, SameSite=lax). Optional locale + theme preference cookies. No third-party analytics or advertising trackers.

What we don't do

Negative space matters.

  • Sell your data to third parties. Not now, not ever — it's in the terms.
  • Embed third-party advertising trackers. No Facebook Pixel, no Google Analytics on authed pages.
  • Run continuous GPS / location tracking. Per-log only.
  • Store passwords in plaintext. bcrypt cost 12.
  • Share customer data across tenant boundaries. Every query carries organizationId.
  • Use customer data to train AI models without explicit, per-feature consent.

Your rights

Five concrete tools.

The GDPR and CCPA gave you these on paper; we made them buttons in the app or one curl call away.

  • Right to access

    Org admin can export a complete JSON archive of every member, asset, log, flag, work order, project, incident, certification at /api/export/org-archive.

  • Right to delete

    Self-service via lib/user-delete (account settings → Delete account). Deletes your User row + cascade. Org-level deletion is org-admin only.

  • Right to portability

    Same exports as right-to-access. CSV + JSON, no proprietary formats.

  • Right to consent + withdrawal

    Tracked in lib/consent — append-only ledger of TERMS / PRIVACY / LOCATION_TRACKING / MARKETING_EMAIL / COOKIE_ANALYTICS grants and revokes, with version + IP + UA per row.

  • Right to restrict processing

    Cancel the subscription; data goes read-only-accessible for 30 days, then purged. No silent retention.

Sub-processors

See /security.

The current sub-processor list lives on /security. When we add a new one we update the list before activating them in production.

Privacy questions? privacy@dirtfleet.app. The legal terms live at /privacy.