Fleetonomy

Legal centre

Privacy policy

Last updated May 2026·Kenya · Uganda · Tanzania · Rwanda

Vector Automation Systems Ltd("VAS", "we") explains how Fleetonomy collects, uses, stores, and shares personal data. This policy applies to the Fleetonomy website, progressive web app, and related services. Read it with our Cookie policy and Terms of service.

Jump to section
  1. 1. Who we are
  2. 2. Scope & East African law
  3. 3. Information we collect
  4. 4. How we use personal data
  5. 5. Collection notice (Kenya)
  6. 6. Sharing & subprocessors
  7. 7. Your rights
  8. 8. Sensitive & children's data
  9. 9. Retention
  10. 10. Cross-border transfers
  11. 11. Security & breaches
  12. 12. Automated decisions
  13. 13. Changes

1. Who we are

Data controller (platform data): Vector Automation Systems Ltd, Nairobi, Kenya. Email: info@vasmetering.com.

Tenant data:When you use Fleetonomy on behalf of a fleet operator, that organisation is usually the data controller for driver, vehicle, and customer records. VAS processes such data on the tenant's instructions as a data processor.

2. Scope and East African law

We design Fleetonomy for operators in Kenya and the wider East African Community. Depending on where you or your data subjects are located, one or more of the following may apply:

  • Kenya — Data Protection Act, 2019 and subsidiary regulations (Office of the Data Protection Commissioner / ODPC).
  • Uganda — Data Protection and Privacy Act, 2019 and Regulations, 2021 (Personal Data Protection Office / PDPO).
  • Tanzania — Personal Data Protection Act, 2022 and Regulations, 2023 (Personal Data Protection Commission / PDPC).
  • Rwanda — Law No. 058/2021 relating to the protection of personal data and privacy.

VAS registers with the ODPC as a data controller and/or data processor where required under Kenyan law. Tenants are responsible for their own registrations and compliance in jurisdictions where they operate.

3. Information we collect

3.1 Account and workspace data

  • Name, email address, phone number, display name.
  • Organisation / tenant name, slug, country, and subscription plan.
  • Role, team membership, invite codes used, audit timestamps.

3.2 Fleet and operations data (tenant-controlled)

  • Vehicles, drivers, trips, fuel, maintenance, documents, alerts, and payments you or your team enter.
  • Location and telematics: GPS coordinates, speed, heading, accuracy, and timestamps from driver capture or integrated devices.
  • Compliance identifiers: national ID numbers, driving licence details, organisation membership fields where collected during join flows.

3.3 Payment and billing metadata

  • M-Pesa references, amounts, paybill/account references, reconciliation status.
  • We do not store full card numbers or M-Pesa PINs.

3.4 Technical and security data

  • IP address, browser/device type, session identifiers, API logs.
  • Push notification subscription endpoints (if you opt in).
  • Service worker and cache metadata for PWA offline support.

4. How we use personal data

We process personal data to:

  • Provide, secure, and improve Fleetonomy.
  • Authenticate users and enforce role-based access.
  • Process subscriptions, trials, and payment reconciliation.
  • Send operational notifications (email, push where enabled).
  • Comply with legal obligations and respond to lawful requests.
  • Detect fraud, abuse, and security incidents.

5. Collection notice (Kenya — Section 29 DPA)

When we collect personal data directly from you, we inform you that:

  • Data is collected for the purposes listed in this policy.
  • Recipients may include our cloud subprocessors and, for tenant data, other members of your workspace according to RBAC settings.
  • Technical and organisational safeguards include encryption in transit, httpOnly session cookies, tenant isolation, and access controls.
  • Providing account data is generally mandatory to use the service; withholding it may prevent sign-up or access.
  • You have the rights described in Section 7 below.

6. Sharing and subprocessors

We do not sell personal data. We share data with:

  • Infrastructure providers — e.g. Google Firebase / Google Cloud (hosting, authentication, database, storage) under data processing terms.
  • Payment networks — Safaricom M-Pesa (Daraja) for payment callbacks and STK flows initiated by tenants.
  • Your tenant colleagues — according to roles you assign.
  • Professional advisers or authorities — when required by law or to protect rights and safety.

7. Your rights

Subject to applicable law, you may have the right to be informed, access, correct, delete or restrict processing, object, withdraw consent, and lodge a complaint with the ODPC (Kenya), PDPO (Uganda), PDPC (Tanzania), or your local supervisory authority.

Tenant-held data: If your employer or fleet operator controls your record, contact them first; we will assist them in responding to valid requests.

Submit requests to info@vasmetering.com. We may verify your identity before responding.

8. Sensitive and children's data

Location history, national identifiers, and health-related compliance notes may be treated as sensitive or high-risk under local law. Tenants must ensure a lawful basis before uploading such data.

Fleetonomy is not directed at children under 18. Tenants must not upload children's personal data except where permitted by law.

9. Retention

We retain personal data while your account or tenant subscription is active and for a reasonable period afterward for backups, billing, disputes, and legal compliance. Tenant admins may delete many records through the dashboard; full tenant deletion requests should be sent to info@vasmetering.com.

10. Cross-border transfers

Personal data may be processed on servers outside your country (including Google Cloud regions). Where required by law, we rely on adequacy decisions, standard contractual clauses, contractual necessity, your consent, or supervisory authorisations (e.g. Tanzania PDPC permits).

Tenants exporting data from Uganda, Tanzania, or Rwanda remain responsible for obtaining any required permits or consents in those jurisdictions.

11. Security and breach notification

We implement administrative, technical, and physical safeguards appropriate to the risk. No system is completely secure.

12. Automated decision-making

Fleetonomy does not make solely automated decisions with legal or similarly significant effects on individuals. Analytics and alerts are assistive tools; human operators remain responsible for operational decisions.

13. Changes

We may update this policy. The last updated date in the page header will change when we do. Material changes may also be communicated by email or in-app notice.