Privacy Policy

Last updated: March 2026

Introduction

Pikfleet ("we") places paramount importance on protecting the personal data of its clients and users. This policy describes what data we collect, why, and how we process it, in accordance with the General Data Protection Regulation (GDPR — Regulation EU 2016/679).

Data Controller and DPO

Pikfleet is published and operated as a SaaS service for professionals (B2B). The data controller is the legal entity operating Pikfleet (Chenavas Holding).

To ensure the protection of your data, we have appointed a Data Protection Officer (DPO). For any questions, exercise of rights, or complaints regarding your personal data, you can contact them at: privacy@pikfleet.fr.

Data Collected

In the context of using Pikfleet, we collect the following categories of data:

Category Examples Purpose
Account data First name, last name, email, password (hashed) Authentication and account management
Organization data Company name, SIRET, address Billing and contracting
Fleet data License plates, VIN, mileage Vehicle management and tracking
Driver data Name, license, assignments Operational tracking and traceability
Usage data Logs, IP address, browser, pages viewed Security, support, service improvement

We do not sell your personal data. It is shared only with the third parties and subcontractors mentioned in this policy and strictly necessary for the provision of our services. Additionally, no telephone contact data collected for sending operational SMS is shared with third parties for marketing purposes.

Data collected from third parties (Prospecting)

Occasionally, Pikfleet may collect professional information about you from third-party sources, such as public directories, corporate websites, or professional social networks (like LinkedIn).

This information is limited to professional business data (name, job title, employer name, professional email address, professional phone number). We collect and process this data based on our legitimate interest in identifying and contacting relevant prospects to present our services. We ensure respect for your rights by limiting this collection to what is strictly professionally necessary and by providing you with a simple means to object to this processing at any time.

Legal Basis for Processing

  • Contract execution — processing necessary for providing the subscribed Pikfleet service.
  • Legal obligation — retention of accounting and contractual documents.
  • Legitimate interest — platform security, fraud prevention, B2B commercial prospecting, product improvement.
  • Consent — optional marketing communications or non-essential cookies.

Aggregated Data and Statistics

We may compile, aggregate, and anonymize platform usage data. This aggregated data contains no information allowing direct or indirect identification of individuals. We reserve the right to disclose these anonymous statistics to our partners, subcontractors, or to use them for promotional purposes (e.g., publishing reports on the average carbon footprint of fleets).

Legal Disclosures and Exceptional Cases

We may disclose your personal data only in the following exceptional cases:

  • To comply with a legal obligation, court decision, judicial, or administrative requisition.
  • To enforce our contracts, TOS, and other commercial agreements, or to defend our rights in court.
  • To protect the physical safety of our employees, users, or the public in emergency situations.
  • In the context of a merger, acquisition, restructuring, or sale of the Publisher's assets, provided the acquiring entity applies equivalent confidentiality commitments.

Retention Period

Account and fleet data are retained for the entire duration of the contract, then archived for 3 years from termination. Technical logs are kept for 12 months. Billing data is retained for 10 years in accordance with legal accounting obligations.

Subcontractors and International Transfers

Pikfleet uses technical subcontractors to ensure the proper functioning of the service. The list of our main subcontractors includes:

  • Vercel Inc. (USA / EU) — Web interface hosting.
  • Supabase Inc. (USA / EU) — Database and authentication (data hosted in EU).
  • Resend Inc. (USA) — Sending technical emails and notifications.
  • Stripe Inc. (USA / EU) — Payment and subscription processing and management.

Notification and evolution of subcontractors: The Publisher agrees to inform the Client by email or via the administration interface of any subsequent addition or replacement of a technical subcontractor. The Client has a 15-day period from this notification to present their written objections for legitimate and documented reasons related to data protection.

Transfers outside the EU: When some of our subcontractors process data outside the European Economic Area (EEA) (notably in the United States), these transfers are framed by the Standard Contractual Clauses (SCCs) adopted by the European Commission to ensure a level of data protection equivalent to that in force within the EU.

Cookies and Tracking Technologies

Pikfleet's showcase website uses no advertising or targeting cookies requiring prior consent.

We only use essential technical cookies (strictly necessary for security, authentication when accessing your client portal, and navigation) as well as anonymous, privacy-respecting audience measurement tools that do not require placing a tracking cookie.

You can configure or disable technical cookies directly from your internet browser's preferences, although this may impact access to certain features of your client portal.

Your Rights and Access

Under the GDPR, you have the following rights:

  • Right of access — to obtain confirmation that your data is processed and receive a copy.
  • Right to rectification — to correct inaccurate or incomplete data.
  • Right to erasure ("to be forgotten") — to request deletion under conditions.
  • Right to restriction of processing — to freeze the processing of your data in certain cases.
  • Right to portability — to receive your data in a structured, commonly used, and machine-readable format.
  • Right to object — to object at any time to the processing of your data, notably for commercial prospecting.
  • Right to complain — to file a complaint with the competent supervisory authority (CNIL in France - cnil.fr).

Free access and timeframes: The exercise of these rights is entirely free. Pikfleet commits to responding within a maximum of one month from receipt of your request (extendable by two months for particularly complex requests or a large number of requests).

To exercise your rights: privacy@pikfleet.fr.

Users residing in the UK (UK GDPR): Under the UK GDPR, you have equivalent rights. All your requests to exercise rights or complaints can be sent directly by email to the address above.

Data Security

Pikfleet implements appropriate technical and organizational measures: data encryption in transit (TLS), encryption at rest, role-based access control (RLS), access logging, and regular backups.

For transparency and in accordance with our confidentiality commitments, as of the date of the last update, the Publisher has received no governmental or administrative requisition requesting access to its users' data.

Data Breach Notification

In the event of a security breach resulting in unauthorized access, loss, or alteration of your personal data, we commit to:

  • Notify the competent supervisory authority (CNIL) within 72 hours of becoming aware of it, unless the breach poses no risk to rights and freedoms.
  • Directly inform impacted users without delay when the breach presents a high risk to their rights and freedoms.

Minors' Data

Pikfleet is an exclusive professional B2B tool not configured or intended for use by minors. We do not knowingly collect information about persons under 15 years of age. If we discover that minors' data has been collected inadvertently, we will immediately proceed with its definitive deletion.

Policy Modifications

We reserve the right to modify this policy. In the event of a substantial change, users will be informed by email or via an in-app notification at least 30 days before it takes effect.

fren