Privacy Policy

Last updated: 6 June 2026

This Privacy Policy explains how CodifyAI S.R.L. ("CodifyAI", "we", "us") collects, uses, and protects personal data when you use the Codify Fleet platform at myfleets.eu (the "Service"). We are committed to handling your data in line with the EU General Data Protection Regulation (Regulation (EU) 2016/679, "GDPR") and applicable national law.

1. Who we are (Data Controller)

CodifyAI S.R.L.
Romanian company registration (CUI): 51174729
Registered office: Romania
Privacy contact: [email protected]

2. Controller and Processor roles

Codify Fleet is a business-to-business fleet-management service. The roles under the GDPR depend on the data:

• You (our business customer) are the Data Controller for the fleet data you put into the platform — vehicle locations, driver records, trips, documents and related information about your vehicles and drivers. CodifyAI acts as your Data Processor for this data and processes it only on your documented instructions, under a Data Processing Agreement (DPA).
• CodifyAI is the Data Controller for account-administration data — the details of the person who registers and administers the account, billing information, and technical/security logs needed to run the Service.

3. What data we process

Category	Examples
Account & identity	Name, email address, phone number, password (stored hashed), role/permissions
Vehicle data	Registration plate, VIN, make/model, odometer, fuel logs, uploaded documents (e.g. insurance, registration)
Location & telemetry	GPS coordinates, speed, heading, ignition/engine status, geofence entries/exits, route and trip history, timestamps
Driver data	Driver name, driver/iButton/NFC identifier, assigned trips, driving-behaviour scoring (harsh braking/acceleration/cornering), mileage/Kørebog logs
Documents	Files you upload to the document vault
Technical & usage	IP address, browser/device type, session identifiers, access and security logs

Location data relating to identifiable drivers or vehicles is personal data. Where it is used to monitor employees, the employing customer (Controller) is responsible for having a valid lawful basis, for informing affected drivers, and for respecting national employment-law limits on workplace monitoring.

4. Why we process it and our legal basis

Purpose	Legal basis (GDPR Art. 6)
Providing the fleet-management Service to account holders	Performance of a contract (Art. 6(1)(b))
Processing fleet/driver/location data on behalf of customers	On the customer's instructions as Processor (Art. 28); the customer determines the lawful basis
Security, fraud prevention, service reliability and improvement	Legitimate interests (Art. 6(1)(f))
Mileage/Kørebog records, invoicing, accounting and tax	Legal obligation (Art. 6(1)(c))
Optional features you actively enable	Consent (Art. 6(1)(a)), withdrawable at any time

5. Third parties and sub-processors

We share data only with service providers who help us run the Service, under contract and only as needed:

Provider	Purpose	Location
Hetzner Online GmbH	Server hosting & backups	EU (Germany/Finland)
Cloudflare, Inc.	DNS, CDN, security/proxy	USA (EU SCCs in place)
Synsbasen / TjekBil	Vehicle registration lookup (when you use plate lookup)	Denmark (EU)
OpenRouteService (HeiGIT)	Routing / isochrone calculation (optional feature)	EU (Germany)

We do not sell your data and do not use it for third-party advertising.

6. International transfers

Our infrastructure is hosted in the EU. Where a provider (e.g. Cloudflare) may process data outside the EEA, transfers are protected by the European Commission's Standard Contractual Clauses and appropriate safeguards under Chapter V of the GDPR.

7. How long we keep data

• Location & trip history: retained for the period configured by the customer in their contract; absent specific instruction, position history is kept for up to 12 months and then deleted or anonymised.
• Account data: for the duration of the contract and a reasonable period afterwards.
• Accounting/tax records: for the period required by law.
• Backups: rotated and deleted on a rolling basis.

8. Your rights

Subject to the GDPR, you have the right to: access your data; rectify inaccurate data; erase data; restrict or object to processing; data portability; and to withdraw consent at any time. To exercise these rights, contact [email protected]. If your data is held on behalf of one of our customers (you are a driver/employee), please contact that customer (the Controller) first; we will assist them.

You also have the right to lodge a complaint with a supervisory authority — in Romania, the ANSPDCP (dataprotection.ro); in Denmark, Datatilsynet (datatilsynet.dk); or with the authority in your country of residence.

9. Public share links

Account holders can generate public live-tracking links. Anyone holding such a link can view the live location of the shared vehicle until the link expires or is revoked. Only share these links with people who are authorised to see the location.

10. Security

We apply technical and organisational measures including encryption in transit (HTTPS/TLS), access controls, hashed passwords, network protection and regular backups. No system is perfectly secure; we work to protect your data and to notify you and the authorities of any breach as required by law.

11. Cookies

Codify Fleet uses only strictly necessary cookies and local storage required to keep you signed in and to operate the app. See our Cookie Policy for details.

12. Changes

We may update this policy from time to time. Material changes will be reflected by the "Last updated" date above and, where appropriate, communicated to account holders.