Privacy Policy
Last Updated: May 14, 2026
1. Introduction
Welcome to OneFliit ("OneFliit", "we", "our", or "us"). We are committed to protecting your privacy and handling personal data responsibly.
This Privacy Policy explains how we collect, use, process, and safeguard personal information when you use our fleet management software, platform, and related services (the "Service").
By using the Service, you acknowledge the practices described in this Privacy Policy.
2. Data Controller
The controller responsible for processing personal data is:
Leto Digital Oy
Business ID (Y-tunnus): 3592885-3
Email: support@onefliit.com
Website: onefliit.com
3. Data We Collect
We may collect, store, and process the following categories of personal data and business-related information in connection with the Service.
Account Information
- name;
- email address;
- encrypted or securely hashed passwords;
- company details;
- billing information;
- account settings and preferences;
- subscription and plan information;
- and communication preferences.
Fleet, Customer, and Operational Data
Depending on how customers use the Service, the platform may process business and operational data including:
- vehicle information;
- fleet records and operational metrics;
- booking and reservation records;
- rental agreements and contract information;
- customer and renter information uploaded by customers;
- driver or user assignment information;
- maintenance, inspection, and service records;
- expense logs and financial records;
- uploaded documents, notes, and attachments;
- scheduling and calendar-related information;
- customer communication records;
- and other operational data submitted to the Service by customers.
Customers are responsible for ensuring they have the lawful right and appropriate legal basis to upload and process any personal data submitted to the Service.
Payment and Billing Information
Payments and subscription billing are processed through third-party payment providers, including Stripe.
We do not store full payment card details on our systems. Payment processors may collect and process billing information, payment methods, transaction identifiers, and related payment data in accordance with their own privacy policies and legal obligations.
Usage and Technical Data
We may automatically collect certain technical and usage-related information, including:
- IP address;
- browser type and version;
- device identifiers and operating system information;
- session activity and usage behavior;
- pages visited and feature interactions;
- timestamps and access logs;
- crash reports and diagnostic information;
- approximate geographic region;
- and security-related telemetry and audit logs.
Some technical and usage information may be collected automatically through our infrastructure, hosting, security, and analytics providers.
Communication Data
If you contact us or interact with customer support, we may collect:
- email correspondence;
- support requests;
- contact form submissions;
- chat or communication records;
- and other information you voluntarily provide to us.
This information is used solely for customer support, operational communication, and improvement of the Service.
4. How We Use Your Data
We use personal data for the following purposes:
- To provide and maintain the Service
- To manage user accounts and authentication
- To provide customer support
- To improve the functionality, security, and performance of the Service
- To monitor usage and detect technical issues
- To prevent fraud, abuse, and unauthorized access
- To communicate important updates or service-related notices
- To comply with legal obligations
5. Legal Basis for Processing (GDPR)
If you are located in the European Economic Area (EEA), we process personal data based on one or more of the following legal grounds under the GDPR:
- Performance of a contract (Article 6(1)(b)) — processing necessary to provide the Service and fulfill contractual obligations.
- Legitimate interests (Article 6(1)(f)) — including maintaining platform security, improving services, analytics, and customer communication.
- Consent (Article 6(1)(a)) — where required for analytics, optional communications, or other consent-based processing.
- Legal obligation (Article 6(1)(c)) — where processing is required under applicable laws or regulations.
6. Cookies and Analytics
We use cookies and similar technologies necessary for the operation, security, and improvement of the Service.
Infrastructure and Security
We use Cloudflare for content delivery, security, and performance optimization. Cloudflare may process technical data such as IP addresses, browser metadata, and security-related logs.
Analytics
We use Google Analytics to monitor and analyze usage of the Service in order to improve performance and user experience.
Google Analytics may collect:
- device information,
- usage behavior,
- pages visited,
- session duration,
- and related analytics information.
Where required by applicable law, analytics technologies are used only with appropriate user consent.
7. Sharing of Personal Data
We do not sell personal data or Customer Data.
We do not share personal data with unrelated third parties for advertising, marketing, profiling, or data brokerage purposes.
Personal data and Customer Data may be processed by carefully selected third-party service providers that help us operate, maintain, secure, and improve the Service. These providers may include infrastructure, hosting, database, authentication, analytics, payment processing, communication, and customer support providers.
Current categories of service providers may include:
- Cloudflare (hosting, CDN, and security infrastructure);
- Supabase (database, authentication, and backend infrastructure);
- Stripe (payment processing and subscription billing);
- Brevo (transactional email delivery);
- Web3Forms (contact form processing);
- Google Analytics (website and usage analytics);
- and other technology providers necessary for operation of the Service.
These providers are authorized to process personal data only as necessary to provide services on our behalf and are subject to appropriate contractual confidentiality, security, and data protection obligations.
Authorized OneFliit personnel may access Customer Data or personal data only where reasonably necessary to:
- provide technical support;
- maintain platform functionality and security;
- investigate abuse, fraud, or security incidents;
- comply with legal obligations;
- or protect the rights, safety, systems, users, or lawful interests of OneFliit and its customers.
We may also disclose personal data:
- where required by applicable law, regulation, court order, or governmental authority;
- in connection with mergers, acquisitions, financing, or business transfers;
- to enforce our legal rights or agreements;
- or with your consent.
All personal data is handled in accordance with applicable data protection laws and commercially reasonable confidentiality and security measures.
8. International Data Transfers
Some service providers may process personal data outside the European Economic Area (EEA).
Where international data transfers occur, we implement appropriate safeguards in accordance with GDPR requirements, including European Commission Standard Contractual Clauses (SCCs) or other lawful transfer mechanisms.
9. Data Retention
We retain personal data only for as long as necessary to:
- provide the Service,
- maintain customer relationships,
- comply with legal obligations,
- resolve disputes,
- and enforce agreements.
Retention periods may vary depending on the nature of the data and applicable legal requirements.
10. Your Rights
Under applicable data protection laws, including the GDPR, you have the right to:
- access your personal data;
- correct inaccurate or incomplete data;
- request deletion of your personal data;
- object to processing;
- request restriction of processing;
- request data portability;
- withdraw consent at any time where processing is based on consent;
- lodge a complaint with a supervisory authority.
If you are located in Finland, you may contact the Office of the Data Protection Ombudsman (Finland).
To exercise your rights, contact us at support@onefliit.com.
11. Data Security
We implement appropriate technical and organizational measures designed to protect personal data against unauthorized access, alteration, disclosure, loss, or destruction.
However, no method of electronic transmission or storage is completely secure, and we cannot guarantee absolute security.
12. Children's Privacy
The Service is intended for business and professional use and is not directed to children.
We do not knowingly collect personal data from children.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time.
Updated versions will be published on this page with a revised "Last Updated" date. Continued use of the Service after updates become effective constitutes acceptance of the revised Privacy Policy.
14. Contact Us
If you have any questions regarding this Privacy Policy or the processing of personal data, please contact us:
Leto Digital Oy
Business ID (Y-tunnus): 3592885-3
Email: support@onefliit.com
Website: onefliit.com