Last Updated: May 20, 2026
This summary is provided for quick reference. It does not replace the full Privacy Policy that follows and is not a complete description of our practices or your rights. Please read the full policy for details.
Who we are. Standard Fleet, Inc. (“Standard Fleet,” “we,” “us,” or “our”) is a vehicle telematics and fleet management technology company. We provide a software platform that enables fleet operators to manage commercial vehicle operations using telematics data sourced from vehicle manufacturers and data aggregators.
What we collect from drivers. When a fleet operator (a “Fleet Customer”) enrolls a vehicle in our platform, we receive precise geolocation, vehicle telemetry, diagnostics, driving behavior indicators, and vehicle and driver identifiers about that vehicle and its operator.
Who receives the data. Your Fleet Customer uses the data to manage its fleet. Our upstream data providers (vehicle manufacturers and aggregators) receive the data to the extent our agreements with them require. Our service providers (hosting, analytics, and support vendors) receive the data only to perform services on our behalf. We do not sell personal information. We do not share personal information for cross‑context behavioral advertising. We do not provide personal information to insurers, credit bureaus, marketers, or advertisers.
Your rights. Depending on your state of residence, you may have rights to access, correct, delete, and obtain a copy of your personal information; to opt out of sale, sharing, targeted advertising, and certain profiling; to limit the use of your sensitive personal information; and to appeal a decision on your request.
How to reach us. To exercise a right, or to ask a question about this policy, email us at legal@standardfleet.com. See Section 10 of the full policy for details.
This Privacy Policy describes how Standard Fleet collects, uses, discloses, and protects personal information in connection with our fleet telematics and fleet management services. The policy is organized around the individuals whose personal information we process. If you are in more than one category, each applicable section applies to you.
1.1 Drivers and vehicle occupants
The primary audience for this policy is the individual who operates, or is a passenger in, a vehicle that a Fleet Customer has enrolled in our platform (each, a “Driver”). Sections 2 through 15 of this policy address Standard Fleet’s collection, use, disclosure, and retention of personal information relating to Drivers in connection with the telematics services. Section 18 identifies rights available to Drivers who are residents of particular states.
1.2 Website visitors
This policy also covers individuals who visit our website at standardfleet.com (the “Site”). Section 16 addresses our Site‑specific practices, including cookies, analytics, and opt‑out preference signals. If you are a Site visitor and are not a Driver or a Fleet Customer contact, Sections 2 through 15 generally will not apply to you except as cross‑referenced in Section 16.
1.3 Fleet Customer personnel and prospects
This policy also covers individuals representing Fleet Customers, prospective Fleet Customers, resellers, vendors, and other business partners with whom we interact in a business‑to‑business capacity (each, a “Business Contact”). Our processing of personal information about Business Contacts is described at Sections 2.3, 4.3, and 5.4, and follows standard business‑to‑business SaaS practice.
1.4 Job applicants
If you apply for a position with Standard Fleet, we process the categories of personal information described at Section 2.4 for the employment‑related purposes described at Section 4.4. We retain that information in accordance with Section 8. This policy does not govern employment‑related personal information of Standard Fleet employees after hire, which is addressed in our internal human resources policies.
1.5 Our role when processing driver telematics data
When a Fleet Customer enrolls a vehicle, we process the telematics data generated by that vehicle on the Fleet Customer’s behalf. Under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (the “CCPA”), Standard Fleet is a “service provider” and the Fleet Customer is the “business.” Under the Virginia Consumer Data Protection Act, the Colorado Privacy Act, the Connecticut Data Privacy Act, the Oregon Consumer Privacy Act, the Texas Data Privacy and Security Act, the Delaware Personal Data Privacy Act, the Utah Consumer Privacy Act, the Iowa Consumer Data Protection Act, the Indiana Consumer Data Protection Act, the Tennessee Information Protection Act, the Montana Consumer Data Privacy Act, the Minnesota Consumer Data Privacy Act, the Maryland Online Data Privacy Act, the New Jersey Data Privacy Law, the New Hampshire Data Privacy Act, the Nebraska Data Privacy Act, the Kentucky Consumer Data Protection Act, and the Rhode Island Data Transparency and Privacy Protection Act, Standard Fleet is a “processor” and the Fleet Customer is the “controller.” We process Driver telematics data solely to provide fleet management services to the Fleet Customer and in accordance with the contract between Standard Fleet and the Fleet Customer. We do not use Driver telematics data for our own independent commercial purposes, and we do not sell or share Driver telematics data within the meaning of any of the foregoing laws.
Notwithstanding our service provider and processor role, Standard Fleet maintains a dedicated intake channel for Driver privacy rights requests concerning telematics data processed through the platform and coordinates with the applicable Fleet Customer and upstream data providers as reasonably necessary to fulfill each request.
Section 10 describes the available channels. Drivers may alternatively submit requests to their Fleet Customer.
This Section identifies the categories of personal information we collect, organized by the individual about whom the information is collected. The categories reflect the CCPA statutory categories set forth at California Civil Code Section 1798.140, adapted to Standard Fleet’s actual operations. Most other state comprehensive privacy laws reference or substantially parallel the CCPA categorical framework.
2.1 Information we process about Drivers
When a Fleet Customer enrolls a vehicle that you operate or occupy, we receive and process the following categories of personal information on the Fleet Customer’s behalf:
Section 6 addresses sensitive personal information in further detail.
2.2 Information we collect from Site visitors
When you visit the Site, we may collect:
2.3 Information we process about Business Contacts
When you interact with us in a business‑to‑business capacity, we may collect:
2.4 Information we collect from job applicants
When you apply for a position with Standard Fleet, we may collect your name and contact information; your resume, cover letter, employment history, education, references, work authorization status, and other information relevant to the application; and correspondence related to your application.
We receive personal information from the following categories of sources.
3.1 Sources of Driver telematics data
We receive Driver telematics data from the following sources, in each case to the extent relevant to the vehicles enrolled by a particular Fleet Customer:
3.2 Sources of other personal information
For Site visitors, we collect information directly from you when you submit it and automatically through your interactions with the Site. For Business Contacts, we receive information directly from you or your employer, from publicly available sources such as business directories, from our resellers and business partners (including WEX Inc.), and automatically through your use of the platform or Site. For job applicants, we receive information directly from you and, where applicable and with any consent required by law, from recruiters, professional references, and background check providers.
4.1 Driver telematics data
We process Driver telematics data only for the Authorized Purpose and related operational, compliance, security, and legal support activities described in this policy . Within that scope, permitted fleet management activities include vehicle health monitoring and diagnostics; asset tracking, dispatch, and route optimization; driver safety monitoring and coaching; operational and regulatory compliance, including compliance with applicable transportation and commercial motor vehicle regulations; fuel and energy management; utilization analysis and reporting; and maintaining records of consents, acknowledgments, withdrawals, and compliance certifications. The Authorized Purpose is further defined in our Terms of Service and the End User License Agreement between Standard Fleet and the Fleet Customer.
4.2 Prohibited uses of Driver telematics data
We do not, and we do not permit any Fleet Customer or third party to, use Driver telematics data for:
4.3 Site and Business Contact information
We use information collected from Site visitors and Business Contacts to operate, maintain, and improve the Site; respond to inquiries and requests; deliver newsletters and marketing communications (subject to opt‑out as described below); analyze Site usage and engagement; manage business relationships; communicate about products, services, and contractual matters; process transactions, billing, and payments; and conduct legal, compliance, audit, tax, and recordkeeping activities.
4.4 Job applicants
We use job applicant information to evaluate applications and manage the hiring process, to communicate with applicants, and to comply with employment‑related legal obligations.
4.5 Legal, safety, and security
Across all categories, we use personal information to comply with applicable law, legal process, and lawful requests from governmental or regulatory authorities; to enforce our agreements; to protect our rights and the rights of others; and to detect, prevent, investigate, and respond to security incidents, fraud, and illegal activity.
We do not sell personal information, as that term is defined in the CCPA and in other state consumer privacy laws. We do not share personal information for cross‑context behavioral advertising within the meaning of the CCPA. We disclose personal information in the circumstances described below.
5.1 To the Fleet Customer
Driver telematics data is provided to the Fleet Customer that enrolled the relevant vehicle, for the Authorized Purpose described in Section 4.1 and in the Driver Consent Agreement. The Fleet Customer determines how the data is used within its own operations and publishes its own privacy notices and policies to its personnel and Drivers.
5.2 To upstream data providers
We access Driver telematics data through agreements with data aggregators and, as integrations activate, vehicle manufacturers. We may disclose consent records, audit materials, and related operational records to these counterparties, and may permit access to telematics data where expressly required by the applicable data access agreements, including for purposes of records producibility, consent verification, and compliance review. Where an upstream provider receives deidentified or aggregated Vehicle Data under a perpetual license granted in the underlying data access agreement, that license is limited to deidentified or aggregated data and does not extend to personal information.
5.3 To service providers and vendors
We engage service providers and vendors to support our operations, including hosting, data storage, analytics, communications, customer support, payment processing, and professional services. We disclose personal information to these service providers only as reasonably necessary for them to perform services on our behalf, and subject to contractual obligations restricting their use of the information to those services.
5.4 To business partners and resellers
We may disclose information to our business partners and resellers, including WEX Inc., in connection with the commercial arrangements governing those relationships. Where a Fleet Customer accesses the platform through WEX or another reseller, we share information with the reseller to the extent necessary to administer the commercial relationship. Disclosures to resellers do not include Driver telematics data beyond what is necessary for the reseller to perform its role.
5.5 Legal disclosures
We may disclose personal information in response to lawful requests from governmental or regulatory authorities, including valid subpoenas, court orders, and similar legal process, and where we believe disclosure is necessary or appropriate to comply with applicable law, enforce our agreements, protect our rights or the rights of others, or detect, prevent, or respond to fraud, security, or technical issues.
5.6 Corporate transactions
If Standard Fleet is involved in a merger, acquisition, financing, reorganization, or sale of assets, personal information may be disclosed or transferred to the counterparty or successor entity as part of that transaction. We will take reasonable steps to ensure that personal information remains subject to this Privacy Policy or, where the successor entity’s privacy practices would be materially different, to provide affected individuals with notice as required by applicable law.
5.7 With your direction
We may disclose personal information to third parties where you direct us to do so or otherwise authorize the disclosure.
Several of the state consumer privacy laws that apply to our services recognize “sensitive personal information” (or “sensitive data”) as a distinct category subject to heightened treatment. The scope of that category varies by statute. For Standard Fleet, the most consistently relevant element is precise geolocation, which most state laws treat as sensitive.
6.1 Precise geolocation
Precise geolocation data is an essential component of fleet management services. Because our platform tracks where enrolled vehicles are and where they go, we necessarily process precise geolocation about each enrolled vehicle and, by extension, about the individual operating or occupying the vehicle at the time. We process precise geolocation solely for the Authorized Purpose and do not disclose precise geolocation to any third party except as described in Section 5 and except as required by applicable law or valid legal process.
6.2 Other categories of sensitive data under state law
Depending on the Driver’s state of residence, additional categories of personal information processed through our platform may qualify as sensitive data, including driving behavior data if processed in a manner that reveals sensitive characteristics. We process any such data only for the Authorized Purpose and apply the same restrictions on sale, sharing, and disclosure that apply to other personal information under this policy. Where applicable state law provides a right to limit use of sensitive personal information, Section 18 identifies the mechanics of that right in the Driver’s state.
We do not sell personal information for valuable consideration within the meaning of the CCPA, and we do not share personal information for cross‑context behavioral advertising within the meaning of the CCPA. We do not sell personal data, process personal data for targeted advertising, or engage in profiling in furtherance of decisions that produce legal or similarly significant effects concerning an individual, within the meaning of the Virginia, Colorado, Connecticut, Oregon, Texas, Delaware, Utah, Iowa, Indiana, Tennessee, Montana, Minnesota, Maryland, New Jersey, New Hampshire, Nebraska, Kentucky, or Rhode Island consumer privacy laws. We act as a service provider under the CCPA and as a processor under those state laws with respect to Driver telematics data, and we process that data only on the instructions of the Fleet Customer and for the Authorized Purpose.
We do not qualify as a “data broker” under the California Delete Act (California Civil Code Section 1798.99.80 et seq.) because we do not sell personal information and because we maintain direct relationships with Drivers (through the Driver Consent Agreement) and with Fleet Customers (through our commercial agreements). We are not registered as a data broker with the California Privacy Protection Agency and are not required to register. Individuals seeking to delete personal information held by Standard Fleet may submit deletion requests directly to us as described in Section 10.
We retain personal information for the period necessary to fulfill the purposes described in this Privacy Policy and to comply with applicable legal, accounting, contractual, audit, and reporting obligations.
Driver telematics data is retained during the period a vehicle is enrolled by the Fleet Customer and thereafter for the retention tail specified in the applicable agreement between Standard Fleet and the upstream data provider for the relevant data source. Upon receipt of a notice described in Section 5.4 of the End User License Agreement (consent withdrawal, sale of the vehicle, lease termination, theft, or destruction), we mark the Driver’s consent record as withdrawn, initiate upstream aggregator notification workflows, and notify the Fleet Customer that operational reassignment is required. Vehicle Data collection for the affected vehicle ceases once the Fleet Customer completes the operational reassignment procedures required under the End User License Agreement .
Consent records (including records of Driver acceptance of the Driver Consent Agreement and of any subsequent withdrawal) are retained for at least seven years following the date the applicable vehicle is removed from the platform or the Driver’s participation in the applicable fleet consent pool ends, whichever is later, consistent with the retention requirements in our upstream data access agreements. Consent records are producible to upstream counterparties during the retention period as required by the applicable agreements.
For other categories of personal information, we apply retention periods that reflect the purpose for which the information was collected and any applicable legal or business requirements.
Depending on your state of residence, you may have some or all of the rights described below with respect to personal information we process about you. Section 18 identifies the rights available in particular states and any state‑specific mechanics. Not every right is available in every state.
10.1 Submission channels
You may submit a privacy rights request through any of the following channels:
If you are a Driver operating a vehicle enrolled by a Fleet Customer, you may alternatively submit your request to the Fleet Customer. Where you do so, the Fleet Customer is contractually required to provide Standard Fleet with the information necessary to respond, and we will coordinate with the Fleet Customer as reasonably necessary to fulfill the request. You may also submit your request directly to Standard Fleet through any of the channels listed above, which is generally the more direct path.
10.2 Verification
We will take reasonable steps to verify your identity using information you provide in the request and, where applicable, information we already maintain about you. We may request additional information as reasonably necessary to verify your identity or the authority of your authorized agent. For an authorized agent request, we may require written authorization signed by you, and we may require that you verify your own identity and confirm the agent’s authority with Standard Fleet directly.
10.3 Response timing
We will respond to your request within the timeframe required by applicable law. Under the CCPA, we generally respond within 45 days of receipt of a verifiable request, extendable by an additional 45 days with notice where reasonably necessary. Under most state comprehensive privacy laws (including Virginia, Colorado, Connecticut, Oregon, Texas, Delaware, Utah, and others), we generally respond within 45 to 60 days, extendable by an additional 45 or 60 days depending on the state.
10.4 Fees
We do not charge a fee to process or respond to your rights request unless the request is manifestly unfounded, excessive, or repetitive, in which case we may charge a reasonable fee or decline to act on the request as permitted by applicable law. If we do so, we will inform you of the reason and of any available appeal rights.
10.5 Appeals
Where applicable law provides a right to appeal our response to a rights request, you may submit an appeal by contacting us through any of the channels listed at Section 10.1 and clearly identifying your communication as an appeal. We will review the appeal within the timeframe required by applicable law and inform you in writing of our appeal decision and the reasons for it. If the appeal is denied in whole or in part, we will also provide you with the contact information of the relevant state regulator (for example, the state attorney general), so that you may submit a complaint if you choose.
Where required by applicable law, including under the CCPA and comparable laws in Colorado, Connecticut, Oregon, Texas, Delaware, Montana, Minnesota, Maryland, New Hampshire, New Jersey, and other states that recognize universal opt‑out mechanisms, we honor the Global Privacy Control (“GPC”) signal transmitted by certain browsers and extensions as an opt‑out of the sale or sharing of personal information and of processing for targeted advertising, to the extent those concepts apply to our processing.
Recognition of GPC applies to the Site. GPC signals transmitted at the browser level do not reach Driver telematics data processed through the platform, because telematics data is collected from vehicles and their onboard systems rather than through a web browser. Drivers wishing to exercise opt‑out rights with respect to telematics data should use the mechanisms described in Section 10.
12.1 Continuous collection
The platform collects telematics data on a continuous basis while the enrolled vehicle is in operation and, for certain diagnostic and system‑health purposes, while the vehicle is stationary or parked. Vehicle Data collection continues while the vehicle remains enrolled in the Standard Fleet program and is operated within the fleet’s active driver consent pool. Drivers are informed of continuous collection at enrollment through the Driver Consent Agreement, and this policy provides public notice of the same.
12.2 Remote commands
Where supported by the applicable data source and authorized by the Fleet Customer’s configuration, the platform may send remote commands to enrolled vehicles, including commands to lock, unlock, or alert the horn or lights. Standard Fleet sends remote commands only at the Fleet Customer’s instruction and only for the Authorized Purpose. Drivers are informed of remote command capability at enrollment through the Driver Consent Agreement.
12.3 Quarterly consent status notices
Standard Fleet sends each Driver with an active consent record a quarterly notice confirming their consent status, summarizing the categories of data collected, and providing the withdrawal mechanism. Quarterly notices are transparency and consent-maintenance communications; they are not re-consent requests. A Driver’s failure to respond to a quarterly notice does not lapse, revoke, or otherwise alter their consent. Drivers may withdraw consent at any time using the mechanism described in the Driver Consent Agreement, regardless of any quarterly notice.
Certain data source integrations impose vehicle-make-specific disclosure, consent, or operational obligations, including requirements to notify Drivers of data collection parameters specific to the applicable manufacturer, requirements to reference the manufacturer's own privacy notice, and where applicable, requirements to disclose that Standard Fleet has instructed the applicable data source to configure vehicle data settings to enable fleet telematics collection. Where a Driver's vehicle is subject to such requirements, the applicable disclosures are presented to the Driver in the Driver Consent Agreement at enrollment. As Standard Fleet activates additional data source integrations, we will add or update the corresponding make-specific disclosures in this Section and notify Fleet Customers and Drivers as required by applicable law .
13.1 Stellantis‑brand vehicles accessed through Mobilisights
Where a Driver operates a Stellantis‑brand vehicle (including Chrysler, Dodge, Jeep, Ram, Fiat, Alfa Romeo, or an affiliate brand) enrolled through Mobilisights LLC, Standard Fleet instructs Mobilisights to override any end‑user privacy settings the Driver may have configured on the vehicle so that Standard Fleet may receive the telematics data required to provide fleet management services. This override is required under Standard Fleet’s agreement with Mobilisights and is disclosed to the Driver through a specific acknowledgment presented in the Driver Consent Agreement before vehicle activation. Standard Fleet does not request or apply the override for any other manufacturer or integration.
13.2 Toyota vehicles
Where a Driver operates a Toyota‑brand vehicle enrolled through a direct Toyota data integration (as distinct from a Toyota vehicle accessed through an aggregator), additional disclosures apply, including Toyota’s Privacy Notice, available at the URL identified in the Driver Consent Agreement, and any additional Driver and passenger consent mechanics required by Toyota. For Drivers of Toyota vehicles accessed through an aggregator rather than through a direct Toyota integration, the applicable aggregator’s disclosures govern.
13.3 General Motors vehicles accessed through OnStar
Where a Driver operates a General Motors vehicle enrolled through a direct GM OnStar integration (as distinct from a GM vehicle accessed through an aggregator), the following apply: Standard Fleet uses the OnStar Remote API Services with the participating vehicle; those services operate continuously while the vehicle is enrolled; continuous tracking and other related information is delivered to Standard Fleet for the Authorized Purpose; the information types include vehicle location, telemetry, and seat belt usage; and Standard Fleet may, at the Fleet Customer’s instruction, send remote commands to the vehicle, including commands to lock, unlock, or alert the horn or lights, to the extent supported by OnStar. For Drivers of General Motors vehicles accessed through an aggregator rather than through a direct OnStar integration, the applicable aggregator’s disclosures govern.
Most modern vehicles, including vehicles enrolled in the platform, contain an Event Data Recorder (an “EDR”). An EDR records a narrow set of vehicle operational data for the moments before, during, and after a crash or similar event. The presence of an EDR, the data categories recorded, and the circumstances under which EDR data may be accessed or shared are disclosed in the vehicle owner’s manual and are subject to federal regulations at 49 C.F.R. Part 563 and to applicable state EDR statutes.
Where the platform receives EDR data from an upstream data provider, we process that data for the Authorized Purpose and consistent with the retention and disclosure limitations set forth in this Privacy Policy. Under the federal and state EDR framework, consent rights with respect to EDR data are generally vested in the vehicle owner. For vehicles enrolled by a Fleet Customer, the Fleet Customer, as the party responsible for providing any owner‑level consent required, provides that consent on behalf of its enrolled fleet for Standard Fleet’s receipt of EDR data.
The Site and the platform are directed to business users and are not intended for children. We do not knowingly collect personal information from children under thirteen years of age (the age threshold under the federal Children’s Online Privacy Protection Act). Given the commercial fleet context, we do not expect to process telematics data from Drivers under sixteen years of age in the ordinary course. If we learn that we have collected personal information from a child under the applicable threshold without verifiable parental or guardian consent, we will take reasonable steps to delete that information. If you believe a child has provided personal information to us, please contact us using the channels in Section 20.
This Section addresses Site‑specific practices. Cookies and similar technologies are not used to collect Driver telematics data.
16.1 Categories of cookies
We use the following categories of cookies and similar technologies on the Site:
16.2 Third‑party analytics
We use third‑party analytics services to understand how visitors use the Site. These services place cookies on your device that collect information about your use of the Site. Information collected through these cookies is aggregated and used to improve the Site.
16.3 Managing cookies
You can manage cookies through your browser settings. Disabling cookies may affect the functionality of the Site. Section 11 describes our handling of the Global Privacy Control signal for Site visitors.
16.4 Relationship to Website Terms of Service
Use of the Site is governed by our Website Terms of Service, posted at https://www.standardfleet.com/terms-of-service. The Website Terms of Service address Site use; this Privacy Policy addresses our privacy practices.
17.1 Do Not Track
Some browsers transmit a “Do Not Track” signal. There is no consensus among industry participants on how to respond to such signals, and Standard Fleet does not currently respond to Do Not Track signals. Where applicable, Standard Fleet honors the Global Privacy Control signal as described in Section 11.
17.2 International visitors
Standard Fleet’s operations, the Site, and the platform are based in the United States. Personal information collected through the Site or processed through the platform is processed in the United States. The Site and the platform are not directed to individuals outside the United States. If you access the Site or the platform from outside the United States, your personal information may be transferred to and processed in the United States, which may have privacy and data protection laws different from those of your jurisdiction.
This Section addresses the state‑specific mechanics for the rights described in Section 9. The description of each state’s rights framework below is provided for convenience and is not intended to expand or limit any right provided under applicable law. To the extent a state’s law conflicts with the summary below, the state’s law controls. To exercise any of the rights described in this Section, use any of the channels in Section 10.
18.1 California
Governing statute. California Consumer Privacy Act, California Civil Code Section 1798.100 et seq., as amended by the California Privacy Rights Act.
If you are a California resident, you have the rights listed in Section 9, including: the right to know what categories and specific pieces of personal information we have collected about you; the right to delete personal information we have collected about you (subject to statutory exceptions); the right to correct inaccurate personal information; the right to opt out of the sale or sharing of your personal information; the right to limit the use and disclosure of your sensitive personal information to the purposes permitted by statute; the right to non‑discrimination; and, if our response to your request is denied in whole or in part, the right to appeal as described in Section 10.5 and, separately, to file a complaint with the California Privacy Protection Agency or the California Attorney General.
Shine the Light. Under California Civil Code Section 1798.83, California residents may request information about our disclosures of personal information to third parties for those third parties’ direct marketing purposes. We do not disclose personal information to third parties for those third parties’ direct marketing purposes.
California Delete Act. We do not qualify as a data broker under California Civil Code Section 1798.99.80 et seq. See Section 7 for further discussion.
18.2 Virginia
Governing statute. Virginia Consumer Data Protection Act, Virginia Code Section 59.1‑575 et seq.
Rights. Virginia residents may confirm whether we are processing their personal data and access that data; correct inaccuracies; delete personal data; obtain a copy of personal data in a portable format; opt out of the processing of personal data for targeted advertising, sale, or profiling in furtherance of decisions that produce legal or similarly significant effects; and appeal our decision on a rights request.
Mechanics. We respond to rights requests within 45 days, extendable by an additional 45 days where reasonably necessary and with notice. Appeals are reviewed within 60 days and, if denied, include the contact information for the Virginia Office of the Attorney General.
18.3 Colorado
Governing statute. Colorado Privacy Act, Colorado Revised Statutes Section 6‑1‑1301 et seq.
Rights. Colorado residents have the rights of access, correction, deletion, portability, opt‑out of targeted advertising, sale, and profiling that produces legal or similarly significant effects, and the right to appeal. Colorado law requires recognition of a universal opt‑out mechanism for sales and targeted advertising; we honor the Global Privacy Control signal as described in Section 11.
Mechanics. We respond within 45 days, extendable by an additional 45 days. Appeals are reviewed within 45 days, extendable by an additional 60 days. Denial notices include the contact information for the Colorado Attorney General. Colorado law does not provide a cure period for violations; we maintain internal controls consistent with the absence of that cure opportunity.
18.4 Connecticut
Governing statute. Connecticut Data Privacy Act, Public Act 22-15, codified at Connecticut General Statutes Section 42‑515 et seq.
Rights. Connecticut residents have the rights of access, correction, deletion, portability, opt‑out of targeted advertising, sale, and profiling that produces legal or similarly significant effects, and the right to appeal. Connecticut law requires recognition of a universal opt‑out mechanism; we honor the Global Privacy Control signal as described in Section 11.
Mechanics. We respond within 45 days, extendable by an additional 45 days. Appeals are reviewed within 60 days. Denial notices include the contact information for the Connecticut Attorney General. The cure period provided in the statute has been sunset by its terms; we maintain internal controls consistent with the absence of cure.
18.5 Utah
Governing statute. Utah Consumer Privacy Act, Utah Code Section 13‑61‑101 et seq.
Rights. Utah residents have the rights of access, deletion, portability, and opt‑out of targeted advertising and sale. Utah law does not provide a general right to correct personal data and does not provide a right to appeal.
Mechanics. We respond within 45 days, extendable by an additional 45 days. Denial notices include the contact information for the Utah Division of Consumer Protection.
18.6 Oregon
Governing statute. Oregon Consumer Privacy Act, Oregon Revised Statutes Sections 646A.570 to 646A.589.
Rights. Oregon residents have the rights of access, correction, deletion, portability, opt‑out of targeted advertising, sale, and profiling that produces legal or similarly significant effects, the right to obtain a list of specific third parties to which we have disclosed personal data, and the right to appeal. Oregon law requires recognition of a universal opt‑out mechanism; we honor the Global Privacy Control signal as described in Section 11.
Mechanics. We respond within 45 days, extendable by an additional 45 days. Appeals are reviewed within 45 days. Denial notices include the contact information for the Oregon Attorney General.
18.7 Texas
Governing statute. Texas Data Privacy and Security Act, Texas Business and Commerce Code Section 541.001 et seq.
Rights. Texas residents have the rights of access, correction, deletion, portability, opt‑out of targeted advertising, sale, and profiling that produces legal or similarly significant effects, and the right to appeal. Texas law requires recognition of a universal opt‑out mechanism; we honor the Global Privacy Control signal as described in Section 11.
Mechanics. We respond within 45 days, extendable by an additional 45 days. Appeals are reviewed within 60 days. Denial notices include the contact information for the Texas Attorney General.
18.8 Iowa
Governing statute. Iowa Consumer Data Protection Act, Iowa Code Chapter 715D.
Rights. Iowa residents have the rights of access, deletion, portability, and opt‑out of sale and targeted advertising. Iowa law does not provide a general right to correct personal data and does not provide a right to appeal.
Mechanics. We respond within 90 days, extendable by an additional 45 days. Denial notices include the contact information for the Iowa Attorney General.
18.9 Delaware
Governing statute. Delaware Personal Data Privacy Act, Delaware Code Title 6, Chapter 12D.
Rights. Delaware residents have the rights of access, correction, deletion, portability, opt‑out of targeted advertising, sale, and profiling that produces legal or similarly significant effects, the right to obtain a list of categories of third parties to which we have disclosed personal data, and the right to appeal. Delaware law requires recognition of a universal opt‑out mechanism; we honor the Global Privacy Control signal as described in Section 11.
Mechanics. We respond within 45 days, extendable by an additional 45 days. Appeals are reviewed within 60 days. Denial notices include the contact information for the Delaware Department of Justice.
18.10 Tennessee
Governing statute. Tennessee Information Protection Act, Tennessee Code Annotated Section 47‑18‑3301 et seq.
Rights. Tennessee residents have the rights of access, correction, deletion, portability, opt‑out of targeted advertising, sale, and profiling that produces legal or similarly significant effects, and the right to appeal.
Mechanics. We respond within 45 days, extendable by an additional 45 days. Appeals are reviewed within 60 days. Denial notices include the contact information for the Tennessee Attorney General.
18.11 Montana
Governing statute. Montana Consumer Data Privacy Act, Montana Code Annotated Title 30, Chapter 14, Part 28.
Rights. Montana residents have the rights of access, correction, deletion, portability, opt‑out of targeted advertising, sale, and profiling that produces legal or similarly significant effects, and the right to appeal. Montana law requires recognition of a universal opt‑out mechanism; we honor the Global Privacy Control signal as described in Section 11.
Mechanics. We respond within 45 days, extendable by an additional 45 days. Appeals are reviewed within 60 days. Denial notices include the contact information for the Montana Department of Justice.
18.12 Minnesota
Governing statute. Minnesota Consumer Data Privacy Act, Minnesota Statutes Sections 325M.10 to 325M.21.
Rights. Minnesota residents have the rights of access, correction, deletion, portability, opt‑out of targeted advertising, sale, and profiling, the right to question the result of profiling and be informed of the reasons the profiling led to the result, the right to obtain a list of specific third parties to which we have disclosed personal data, and the right to appeal. Minnesota law requires recognition of a universal opt‑out mechanism; we honor the Global Privacy Control signal as described in Section 11. Minnesota does not provide a general cure period; we maintain internal controls consistent with the absence of cure.
Mechanics. We respond within 45 days, extendable by an additional 45 days. Appeals are reviewed within 45 days. Denial notices include the contact information for the Minnesota Attorney General.
18.13 Maryland
Governing statute. Maryland Online Data Privacy Act, Maryland Commercial Law Code Section 14‑4601 et seq.
Rights. Maryland residents have the rights of access, correction, deletion, portability, opt‑out of targeted advertising, sale, and profiling that produces legal or similarly significant effects, and the right to appeal. Maryland law imposes heightened data minimization obligations on controllers and prohibits the sale of sensitive data. Maryland law requires recognition of a universal opt‑out mechanism; we honor the Global Privacy Control signal as described in Section 11.
Mechanics. We respond within 45 days, extendable by an additional 45 days. Appeals are reviewed within 60 days. Denial notices include the contact information for the Maryland Office of the Attorney General. Standard Fleet may restrict enrollment of Maryland‑based vehicles pending written internal clearance; see the End User License Agreement for related enrollment provisions.
18.14 New Jersey
Governing statute. New Jersey Data Privacy Law, New Jersey Statutes Annotated Section 56:8‑166.4 et seq.
Rights. New Jersey residents have the rights of access, correction, deletion, portability, opt‑out of targeted advertising, sale, and profiling that produces legal or similarly significant effects, and the right to appeal. New Jersey law requires recognition of a universal opt‑out mechanism; we honor the Global Privacy Control signal as described in Section 11.
Mechanics. We respond within 45 days, extendable by an additional 45 days. Appeals are reviewed within 45 days. Denial notices include the contact information for the New Jersey Division of Consumer Affairs.
18.15 New Hampshire
Governing statute. New Hampshire Data Privacy Act, New Hampshire Revised Statutes Annotated Chapter 507‑H.
Rights. New Hampshire residents have the rights of access, correction, deletion, portability, opt‑out of targeted advertising, sale, and profiling that produces legal or similarly significant effects, and the right to appeal. New Hampshire law requires recognition of a universal opt‑out mechanism; we honor the Global Privacy Control signal as described in Section 11.
Mechanics. We respond within 45 days, extendable by an additional 45 days. Appeals are reviewed within 60 days. Denial notices include the contact information for the New Hampshire Office of the Attorney General.
18.16 Nebraska
Governing statute. Nebraska Data Privacy Act, Nebraska Revised Statutes Section 87‑1101 et seq.
Rights. Nebraska residents have the rights of access, correction, deletion, portability, opt‑out of targeted advertising, sale, and profiling that produces legal or similarly significant effects, and the right to appeal.
Mechanics. We respond within 45 days, extendable by an additional 45 days. Appeals are reviewed within 60 days. Denial notices include the contact information for the Nebraska Attorney General.
18.17 Indiana
Governing statute. Indiana Consumer Data Protection Act, Indiana Code Section 24‑15‑1‑1 et seq.
Rights. Indiana residents have the rights of access, correction, deletion, portability, opt‑out of targeted advertising, sale, and profiling that produces legal or similarly significant effects, and the right to appeal.
Mechanics. We respond within 45 days, extendable by an additional 45 days. Appeals are reviewed within 60 days. Denial notices include the contact information for the Indiana Attorney General.
18.18 Kentucky
Governing statute. Kentucky Consumer Data Protection Act, Kentucky Revised Statutes Section 367.3611 et seq.
Rights. Kentucky residents have the rights of access, correction, deletion, portability, opt‑out of targeted advertising, sale, and profiling that produces legal or similarly significant effects, and the right to appeal.
Mechanics. We respond within 45 days, extendable by an additional 45 days. Appeals are reviewed within 60 days. Denial notices include the contact information for the Kentucky Attorney General.
18.19 Rhode Island
Governing statute. Rhode Island Data Transparency and Privacy Protection Act, Rhode Island General Laws Section 6‑48.1‑1 et seq.
Rights. Rhode Island residents have the rights of access, correction, deletion, portability, opt‑out of targeted advertising, sale, and profiling that produces legal or similarly significant effects. Rhode Island law does not provide a general cure period; we maintain internal controls consistent with the absence of cure.
Mechanics. We respond within the period required by applicable law. Denial notices include the contact information for the Rhode Island Attorney General.
18.20 Florida
Governing statute. Florida Digital Bill of Rights, Florida Statutes Sections 501.701 to 501.721 (Chapter 501, Part V).
The Florida Digital Bill of Rights applies to a narrower set of controllers than most other state comprehensive privacy laws. Standard Fleet does not believe it meets the applicability thresholds under Florida law. To the extent any Florida resident is a Driver whose personal information we process, we will honor the substantive rights available under Florida law on request, to the extent applicable.
18.21 Residents of other states
If your state has a consumer privacy law that provides rights comparable to those described above and that is effective at the time of your request, we will honor the rights available under that law in accordance with its terms. You may also have rights under state sector‑specific laws (for example, laws governing health information, financial information, or employee monitoring). This Privacy Policy does not address sector‑specific laws in detail, and any rights you have under those laws are available in addition to the rights described above.
We may update this Privacy Policy from time to time. The updated Privacy Policy will be posted at the URL where this policy is published, with a revised Last Updated date. For material changes, we will provide additional notice as required by applicable law, which may include in‑platform notice, email notice, or posting a prominent notice on the Site. Where applicable law requires affirmative consent before applying a material change to previously collected personal information, we will obtain that consent before doing so. Your continued use of the Site or the platform after the effective date of an updated Privacy Policy constitutes your acknowledgment of the updated Privacy Policy to the extent permitted by applicable law.
20. Contact us
Standard Fleet, Inc.
Attn: Privacy
214 Grant Avenue, Suite 325
San Francisco, California 94108
Email: legal@standardfleet.com