Legal

Privacy Policy

Last updated: January 17, 2026

This Privacy Policy explains how Fleety ("we," "us," or "our") collects, uses, processes, and protects your personal information when you use our Services.

Fleety is committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR) and Swedish data protection laws.

1. Introduction

Data Controller:

2. Information We Collect

2.1 Information You Provide Directly

Account Information:

  • Name and email address
  • Company name (optional)
  • Password (encrypted)
  • Billing information (processed by payment providers)
  • Profile information

Content You Upload:

  • Documentation and knowledge base materials
  • Support ticket content
  • Chat conversations
  • Custom configuration settings
  • API keys and integration settings

Support and Communications:

  • Messages you send to our support team
  • Feedback and feature requests

2.2 Information We Collect Automatically

Usage Data:

  • Pages visited and features used
  • Time spent on our Services
  • API usage and request logs
  • Error logs and performance metrics
  • Token usage (AI messages, tickets, etc.)

Technical Information:

  • IP address
  • Browser type and version
  • Device type and operating system
  • Referring website
  • Date and time of access

2.3 Information from Third Parties

We may receive information from:

  • Payment processor (Polar - transaction confirmations)
  • Authentication providers (if you use OAuth/SSO)

3. Legal Basis for Processing (GDPR)

We process your personal data under the following legal bases:

3.1 Contractual Necessity (Art. 6(1)(b) GDPR)

To provide our Services under our Terms of Service:

  • • Account creation and management
  • • Service delivery and support
  • • Billing and payment processing
  • • Communication about your account

3.2 Legitimate Interests (Art. 6(1)(f) GDPR)

For our legitimate business interests, balanced against your rights:

  • • Improving and optimizing our Services
  • • Preventing fraud and abuse
  • • Ensuring security and network integrity
  • • Internal analytics and research

3.3 Consent (Art. 6(1)(a) GDPR)

When you explicitly consent to marketing communications (opt-in only) and beta features or research participation.

3.4 Legal Obligation (Art. 6(1)(c) GDPR)

To comply with laws, tax and accounting requirements, respond to legal requests, and maintain regulatory compliance.

4. How We Use Your Information

4.1 Service Delivery

  • Process and respond to customer support queries using AI
  • Generate AI responses via Retrieval-Augmented Generation (RAG)
  • Manage support tickets and conversations
  • Provide access to your dashboard and analytics
  • Enable API access and integrations

4.2 Service Improvement

  • Analyze usage patterns to improve features
  • Debug and fix technical issues
  • Monitor service performance and uptime
  • Develop new features

4.3 Communication

  • Send transactional emails (account updates, billing notices)
  • Respond to support requests
  • Notify you of service changes or security issues
  • Send marketing emails (only with consent, easy opt-out)

4.4 Security and Compliance

  • Detect and prevent fraud or abuse
  • Enforce our Terms of Service
  • Comply with legal obligations
  • Protect our rights and property

4.5 What We DO NOT Do

  • Train AI models on your data or customer conversations
  • Sell your personal data to third parties
  • Use your data for advertising
  • Share data with third parties except as described in this policy
  • Process data outside the EU/EEA without adequate safeguards

5. Data Sharing and Disclosure

5.1 Third-Party Service Providers

We share data with trusted service providers who help us deliver Services:

AI Provider: OpenAI (GPT models)

  • • Purpose: Generate AI responses using RAG (Retrieval-Augmented Generation)
  • • Data shared: User queries, relevant documentation snippets
  • • Important: We do NOT allow OpenAI to train on your data

Payment Processor: Polar

  • • Purpose: Process payments and manage subscriptions
  • • Data shared: Email, transaction details
  • • Tax handling: Polar manages all tax compliance

Analytics: Umami (self-hosted)

  • • Purpose: Understand how Services are used
  • • Data shared: Anonymized usage data
  • • Privacy: Self-hosted means no data leaves our infrastructure

5.2 Legal Requirements

We may disclose data if required by law:

  • Court orders or legal process
  • Government investigations
  • Protection of rights, safety, or property
  • Compliance with tax and regulatory obligations

5.3 Business Transfers

If Fleety is acquired or merged, your data may be transferred to the new entity. We will notify you and ensure continued protection under GDPR.

5.4 With Your Consent

We may share data for other purposes with your explicit consent.

6. International Data Transfers

6.1 EU/EEA Operations

Our infrastructure is hosted on a VPS, and data is primarily processed within the EU/EEA when possible.

6.2 Safeguards for Non-EU Transfers

When we transfer data outside the EU/EEA (e.g., to OpenAI), we ensure protection through:

  • Standard Contractual Clauses (SCCs) approved by the EU Commission
  • Your explicit consent (when required)

6.3 Third-Country Providers

OpenAI (USA): Uses SCCs and adheres to the EU-U.S. Data Privacy Framework.

7. Data Retention

7.1 Active Accounts

We retain your data while your account is active.

7.2 Data Deletion Requests

Data is stored indefinitely unless you request deletion. To delete your account and data, contact support@fleety.dev.

7.3 Financial Records

Payment records are managed by Polar and retained according to their policies and Swedish tax law requirements.

7.4 Legal Holds

We may retain data longer if required by law or ongoing legal proceedings.

8. Your Rights Under GDPR

As an EU/EEA data subject, you have the following rights:

8.1 Right to Access (Art. 15 GDPR)

Request a copy of personal data we hold about you by contacting support@fleety.dev.

8.2 Right to Rectification (Art. 16 GDPR)

Correct inaccurate or incomplete data through your account settings or by contacting us.

8.3 Right to Erasure / "Right to Be Forgotten" (Art. 17 GDPR)

Request deletion of your data by contacting support@fleety.dev, subject to legal retention requirements.

8.4 Right to Restrict Processing (Art. 18 GDPR)

Limit how we use your data in certain circumstances.

8.5 Right to Data Portability (Art. 20 GDPR)

Receive your data in a structured, machine-readable format (JSON) by contacting support@fleety.dev.

8.6 Right to Object (Art. 21 GDPR)

Object to processing based on legitimate interests or for marketing purposes.

8.7 Right to Withdraw Consent (Art. 7(3) GDPR)

Withdraw consent at any time (e.g., unsubscribe from marketing emails).

8.8 Right to Lodge a Complaint

File a complaint with your local data protection authority:

  • Sweden: Integritetsskyddsmyndigheten (IMY) - https://www.imy.se
  • EU-wide list: https://edpb.europa.eu/about-edpb/board/members_en

8.9 How to Exercise Your Rights

Contact us at support@fleety.dev. We will respond within 30 days (may extend by 60 days for complex requests).

9. Additional Policies

Cookies and Tracking

We use essential cookies for authentication and session management. Analytics cookies help us understand usage patterns. We do NOT use advertising or marketing cookies. You can control cookies through your browser settings.

Security Measures

We implement TLS 1.3 encryption in transit, AES-256 encryption at rest, bcrypt password hashing, and regular security audits. In case of a data breach, we notify affected users within 72 hours and report to data protection authorities.

Children's Privacy

Fleety is not intended for individuals under 18. We do not knowingly collect data from children. If we discover such data, we will delete it immediately.

Changes to This Policy

We may update this policy to reflect changes in laws, new features, or improvements to data practices. We will notify you via email at least 7 days before material changes. Continued use constitutes acceptance.

California Privacy Rights (CCPA)

California residents have the right to know what personal information we collect, delete personal information, opt-out of data sales (we do not sell data), and non-discrimination for exercising rights.

Questions about our Privacy Policy?

Contact Support