Privacy Policy

This policy applies to personal information processed by Open VTS in connection with our marketing website, commercial discussions, software downloads, evaluation environments, support interactions, and related business operations.

Open VTS is a self-hosted vehicle tracking platform. In many cases, our customers install and operate the software on their own servers or cloud accounts. When that happens, the customer decides what data to collect from vehicles, drivers, dispatchers, cameras, mobile apps, and integrated devices. In those situations, the customer is generally the controller or business responsible for that operational data, while Open VTS acts only as a software vendor and, where applicable, a limited service provider acting on the customer's instructions.

If you are a driver, employee, contractor, passenger, or fleet user whose information is processed inside a customer-run Open VTS deployment, you should direct privacy questions to the organization operating that deployment first. They control the relevant settings, retention rules, integrations, and user permissions.

The exact data we collect depends on how you interact with us. We may collect:

• Contact and identity information such as your name, work email address, phone number, company name, job role, country, and fleet size when you complete forms or speak with our team.
• Commercial and inquiry information such as your product interests, deployment requirements, device mix, budget range, procurement timeline, and the content of messages you send to us.
• Download, onboarding, and support information such as version requests, installation context, issue reports, configuration details, diagnostic logs, screenshots, uploaded files, or other material you voluntarily provide.
• Technical and usage information generated when you use our website, such as IP address, browser type, device characteristics, pages visited, date and time of access, referring URLs, and standard server log data.
• Limited authentication or session information where required to secure administrative areas, prevent abuse, or maintain account access for systems we directly operate.

We ask that you avoid sending sensitive personal data unless it is strictly necessary for a support request or another legitimate business purpose. If you do send such material, please limit it to what is necessary.

We use personal information to operate and improve our business, including to:

• Respond to inquiries, schedule demos, provide quotations, and manage sales conversations.
• Deliver requested downloads, onboarding guidance, documentation access, and customer support.
• Maintain the reliability, security, and integrity of our website, downloads, infrastructure, and support systems.
• Understand which pages, content, or campaigns are useful so we can improve site performance, product education, and commercial messaging.
• Comply with legal obligations, enforce contractual rights, prevent fraud, investigate misuse, and protect Open VTS, our users, and the public.
• Send operational, product, or commercial communications where permitted by law and consistent with your preferences or our legitimate interests.

Where laws such as the GDPR or UK GDPR apply, our legal bases may include performance of a contract, steps requested before entering a contract, legitimate interests, compliance with legal obligations, and consent where consent is specifically required.

A core part of our business is giving customers control over where their data lives. That means operational data inside a self-hosted Open VTS deployment is usually stored on systems selected and administered by the customer, not on Open VTS infrastructure.

Depending on the deployment and enabled modules, that data may include vehicle identifiers, location history, route replay, geofences, trip events, mobile app activity, device telemetry, user accounts, and video or image evidence. The customer decides which modules to enable, which end users to authorize, how long to retain data, and what lawful basis or notice is required for their workforce, drivers, or end users.

Open VTS may access a limited subset of that data only when necessary to provide implementation services, troubleshooting, managed hosting, security assistance, or other contracted support. In those cases, we process the data under the customer's instructions and only to the extent required to perform the requested service.

We use cookies and similar technologies only where they are useful for the operation, security, or measurement of our website and related services.

• Essential cookies or local storage items may be used for session continuity, authentication, load balancing, and security controls.
• Preference technologies may remember choices such as playback, form state, or other user experience settings.
• Embedded third-party content, such as privacy-enhanced video embeds or external scheduling tools, may set or read their own technologies when you interact with them.
• Our servers may also record technical request metadata for performance monitoring, abuse prevention, and debugging.

You can usually control cookies through your browser settings. Blocking some technologies may affect how parts of the site function.

We do not sell personal information. We may disclose personal information in the following situations:

• To hosting, infrastructure, communications, CRM, scheduling, payment, and support providers that help us operate the business under appropriate contractual restrictions.
• To implementation partners, resellers, or subcontractors involved in delivering services you requested, where necessary and appropriate for the engagement.
• To auditors, lawyers, insurers, and other professional advisers where disclosure is reasonably necessary for legal, financial, compliance, or risk-management purposes.
• To government bodies, courts, regulators, or law enforcement when required by law or when necessary to establish, exercise, or defend legal claims.
• In connection with a merger, acquisition, financing, reorganization, or asset sale, subject to customary confidentiality and data protection safeguards.

We retain personal information only for as long as needed for the purpose for which it was collected, including to support our contractual relationship, maintain accurate records, resolve disputes, enforce agreements, and comply with legal, tax, accounting, or regulatory obligations.

Retention periods vary depending on the category of data, the nature of the relationship, and applicable law. For example, website inquiry records may be kept while an active sales or support conversation continues and for a reasonable period afterward, whereas operational data in a customer deployment is usually retained according to the customer's own settings and policies.

We use administrative, technical, and organizational safeguards designed to protect information against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. No system is completely immune from risk, so we cannot guarantee absolute security.

Depending on your location and the laws that apply, you may have the right to request access to personal information, correction of inaccurate data, deletion, restriction of processing, portability, objection to certain processing, and withdrawal of consent where processing is based on consent.

You may also have the right to complain to a supervisory or data protection authority. We may need to verify your identity before acting on a request, and some rights are subject to legal exceptions.

If your request relates to data held inside a customer's Open VTS deployment, we may redirect you to that customer because they control the relevant environment and are in the best position to fulfill your request.

Open VTS serves organizations in multiple countries. As a result, personal information may be processed in countries other than the one where it was originally collected. When that happens, we take steps appropriate to the transfer, such as contractual protections, vendor due diligence, access controls, and security measures designed to protect the transferred data.

Our services are intended for businesses and professional users. We do not intentionally collect personal information from children in a manner that requires parental consent.

We may update this Privacy Policy from time to time to reflect changes in our website, product, legal obligations, or business practices. When we make material changes, we will update the effective date above and, where appropriate, provide additional notice.

For privacy questions, data requests, or commercial privacy reviews, contact us at info@openvts.io. You can also use our contact page.