Onfleet’s Data Protection Policy aligns with the Fair Information Protection Principles and Data Protection Principles as defined by the General Data Protection Regulation (GDPR). Onfleet collects and uses personal data fairly, for lawful purposes only. Onfleet has implemented appropriate safeguards to protect customer data against any accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access.
Onfleet’s Privacy Notice explains how information is collected, used, stored, and disclosed by Onfleet. Our Privacy Notices are updated and reviewed by subject matter experts on a regular basis. Onfleet also documents and disseminates extensive internal governance materials that address our information security controls, privacy policies and practices, and regulatory compliance requirements. These policies and procedures are implemented and reviewed regularly by our Information Security Officer to ensure they align with our customers’ needs and industry best practices.
We aim to develop products that meet our customers’ needs and enhance the security and protection of their information. Onfleet supports single sign-on (SSO) via the SAML 2.0 protocol, enabling enterprise customers to log into Onfleet with their organization’s existing system. Our product also provides customers the ability to track certain user activity within the application, such as task assignments and completion.
All Onfleet employees complete security and data privacy training upon hire. All employees, regardless of their tenure, participate in live security and privacy training on an annual basis. We also provide specific role-based privacy and security training upon hire and on an annual basis.
Onfleet employs various security measures, such as encryption, role-based access, multi-factor authentication, antivirus software, and strong passwords, to secure employee devices. Employees are granted a limited set of default permissions to access company resources, such as company email and internal company portals. Privileged access requires account management and access control procedures that involve review and approval. We also restrict and monitor access to sensitive data.
Onfleet operates in several jurisdictions using AWS cloud hosting infrastructure in the United States (US-East region). AWS has SOC 1, 2, and 3, ISO 27001, and FIPS certifications, in addition to meeting compliance standards for many other legal, security, and privacy frameworks. You can read more about AWS’ compliance practices and certifications here:
Compliance Programs.
Onfleet’s customer data is encrypted at rest and in transit. We use encryption methods that meet or exceed those defined by the IETF/IRTF Cipher Catalog and National Institute of Standards and Technology (NIST) publication FIPS 140-2 or any superseding document, according to date of implementation.
Onfleet has established Business Continuity and Disaster Recovery plans to help recover as quickly and effectively as possible from an unforeseen disaster or emergency. The plans cover all essential and critical infrastructure elements, systems, and networks in accordance with key business activities. The plans are periodically tested in a simulated environment and inform the ongoing enterprise risk management process.
Onfleet strives to ensure the continuation of service. As part of this commitment to customers Onfleet provides a dashboard with the current operational status of Onfleet and its associated services, including limited historical metrics. This dashboard also allows end-users to subscribe to updates regarding the status of the Onfleet service.
This status dashboard can be found here: https://status.onfleet.com
Onfleet’s enterprise risk management program is designed to ensure the effective management of compliance risks by making accountabilities clear across the organization. Onfleet’s risk assessments evaluate all risks to the organization and are modeled after the NIST Risk Management Guide for Information Technology Systems, NIST SP 800-30. Key stakeholders conduct annual assessments that include a risk reduction action plan to manage or mitigate risks.
