Privacy Policy for Nauto Services and Products

Effective as of:
May 31, 2017

1. Scope and Application

This Policy applies to persons and companies who use our Services to understand the environment and experience of their drivers. This Policy does not apply to individual drivers who may have installed or used Nauto devices in their cars. If you interact with our Services as both a fleet owner or insurance provider, and a driver, the respective privacy statements apply to your different interactions. 

2. What Information Does Nauto Gather

2.1 Driving Data

Nauto collects information about a driver’s environment and experience while on the road (Driving Data). Nauto devices use forward-facing camera and sensor technology to scan a driver’s environment, collecting information in the form of videos and photos about: 

  • Geographic location and relative proximity of a driver to other vehicles
  • Hazards, such as pedestrians (blurred faces), bicycles, weather, and other vehicles
  • Collision, near-miss, hard braking, acceleration or cornering events
  • Traffic patterns, speeds, and flow
  • Lane and road departure
  • License plate numbers and other identifying information such a color or make of surrounding vehicles
  • Vehicle
  • Not obeying the rules of the road including
  •      • Running red light
  •      • Rolling stop

At the same time, Nauto uses inward-facing camera and sensor technology to monitor a driver’s state and driving behavior, collecting information about:

  • Driver behavior and actions or inaction
  • Risks
  • Count of the passengers onboard
  • Drowsiness
  • Inattention (e.g., phone use, passenger activity)
  • Braking
  • Speed, acceleration, and mileage
  • Driving time
  • Nauto device tampering
  • Vehicle security (e.g., audio listening of broken glass, stolen vehicle)
  • Not obeying the rules of the road, e.g.:
  •      Texting While Driving
  •      Ignoring traffic control signals or signs
  •      DUI 

In addition, Nauto uses automated means to collect information from Nauto devices, such as:

  • Location Information including GPS position
  • Network or Internet protocol addresses
  • Operating system identification
  • Mobile network identification
  • Nauto device identifier or registration
  • Nauto device settings
  • Date and time of web requests

Once connected to a wireless network, the Nauto device in your vehicle regularly sends the data described in this Policy to Nauto to provide you with the Services.

2.2 Personal Data

Nauto collects personally identifiable information about the driver and passengers ("Personal Data"). Nauto uses Personal Data for the sole purpose of providing value to our Fleet Owners and Insurance Providers. This data includes:

  • Name
  • Phone number
  • Email address
  • Other (e.g., home address, work address)
  • Driver’s license / ID information
  • Date of birth
  • Vehicle identification number ("VIN")
  • License
  • Emergency contact information
  • Face of driver
  • Face of passengers
  • Face of pedestrians
  • Who was in a collision
  • Live camera feed / photos
  • Audio recordings
  • Un-blurred video
  • Un-blurred photos
  • Account / payment / billing information

In addition, drivers and passengers may transmit information to Nauto voluntarily, by recording a short voice note using the Nauto device. Nauto processes the voice note to understand additional details of an incident or passenger interaction and may use the information provided to offer technical or emergency support to drivers.

2.3 Other Data

Nauto uses aggregate, anonymized, non-personal driving to provide insights to improve driving behavior. This data includes:

  • Road signs and traffic lights
  • Vehicle density and speeds
  • Parking spaces
  • Collision and near miss hotspots
  • Parking and stops
  • Risk scoring
  • Scenario risk, based on context (e.g. risk in a construction zone; pothole)
  • Location and labeling of objects, such as vehicles and traffic signs
  • Driving paths
  • Risk events
  • Vehicle speed and change in velocity or delta-V
  •  Dynamic aggregated data (e.g., traffic data, construction activity, weather, road conditions)
  • Infrastructure data (e.g., pot holes, number of lanes, lane markers, stop sign / signal locations)
  • All other information processed by Nauto algorithms from sensors in the Nauto device

2.4 Account, Payment, and Billing Information

You may be asked to create a Nauto account “Profile,” to make it easier for you to communicate with us and access the Services we provide to you. To create an account, you may be asked to provide some personal data, such as your name, username, password, email address, mailing address, and phone number.Nauto may also collect payment information from you or your company, including a credit or debit card number, card expiration date, CVV code, billing address, and shipping address, to complete a transaction through our Services.

To the extent you request it, we may create account “Profiles” for your drivers. These Profiles allow Nauto to display a driver’s Profile name and photo, and link that Profile with information collected by that driver’s Nauto device, including all the information discussed at Sections 2.1 and 2.2 above. So that we may create these Profiles, your drivers may be asked to provide personal data, such as their name, username, password, email address, mailing address, and phone number. 

2.5 Website Use

When you visit Nauto’s website or other online services, we and our third-party partners analyze log file information and other data collected through cookies, web beacons, and other tracking technology, to collect information about your browsing behavior. This information may include, for example, your browser type, domains, page views, IP address, referring/exit pages, information about how you interact with our website or online services interface and links, traffic and usage trends, etc. We may use session cookies to keep you logged in while you use features of our website or online services.

Nauto respects Do Not Track (“DNT”) settings in browsers. If you are logged out of our services and have DNT enabled, we will not set cookies that can be used to aggregate information about your usage. We may use some cookies to enhance your experience by storing preferences or options.

For more information regarding Nauto’s privacy policies applicable to its website and other online services, please see Nauto’s Privacy Policy for Nauto Website Visitors.

3. How Does Nauto Use the Data it Gathers?

3.1 Provide, Improve, and Develop Nauto Services

Nauto uses the driving and connectivity data it collects from Nauto devices, as well as any information voluntarily provided by drivers, to provide, improve and develop its services. Using the data, Nauto is able to, among other things:

  • Generate detailed maps of high-risk driving areas
  • Understand and predict traffic flows
  • Advise drivers of hazards in real time
  • Determine the cause and consequence of individual driving Behavior and events
  • Develop composite safety scores for drivers

Nauto also uses the information it collects to provide technical support, improve the quality of service Nauto provides, and develop new services and technologies.

Nauto also uses face scanning and facial recognition software on the images of drivers collected.  Nauto uses this software to create a profile, based on the driver’s facial features, such as the distance between the eyes, nose and ears, for a particular individual, that it uses to connect a driver in one particular photo or video to another photo or video.  Nauto does not and could not use this information to recreate an image of a person.

3.2 Business Development, Advertising, and Research

Nauto also uses aggregate, anonymized, non-personal driving and connectivity data for business purposes, including for product improvement, analytics, industry and market research, and other purposes consistent with Nauto’s legitimate business needs.

4. How Will Nauto Share the Information It Collects?

4.1 With You

Nauto will share with you the data it collects. This means that you can receive up-to-date information about your drivers’ location, speed, driving hazards, and attentiveness, in addition to in-depth analysis of driver safety, traffic dynamics, or insurer loss data.

However, we may take certain measures to protect the privacy of third persons whose personal data may be collected by the Nauto device. Nauto reserves the right to withhold, within its sole discretion, identifying images and information of passersby or nearby drivers. For example, we may blur the faces of pedestrians or the content of vehicle license plates so that they cannot be identified in video content recorded by Nauto. Nauto also may blur the faces of passengers in your fleet vehicles, unless passengers give consent to the disclosure of their identity. Additionally, Nauto reserves the right to withhold, within its sole discretion, certain personal data about your drivers and passengers, such as health, financial, or other sensitive information.

4.2 Vendors, Service Providers, and Other Partners

Nauto may provide the information described above to vendors, service providers, and other partners who support Nauto’s business by providing technical infrastructure services, analyzing how our services are used, measuring the effectiveness of our services, providing customer service, facilitating payments, or conducting academic research and surveys. These partners must adhere to strict confidentiality obligations in a way that is consistent with this Policy and the agreements we enter into with them.

4.3. Third Parties

Nauto may share, license, or sell aggregate, anonymized, non-personal Driving Data, connectivity, and driver-provided data it collects from your drivers with and among other fleet owners, insurers, Nauto drivers, and other third parties. No Personal Data will be shared. Nauto uses this information to advise other fleet owners, insurers and Nauto drivers about driving conditions and to warn them of hazards. Nauto also uses this information to provide all its clients with the most up-to-date and precise fleet management and mapping services, driver safety scores, risk analysis, and traffic analysis available.

Nauto devices are capable of warning drivers of safety concerns about other nearby drivers. To the extent that one of your drivers presents a safety risk or concern, Nauto may share Driving Data (referenced in Section 2.1 above)  and information about that driver’s vehicle—such as his or her vehicle make, model, or license plate—with another fleet owner, insurer, or driver in the Nauto network.  Nauto also may contact emergency services and share certain Driving Data and Personal Data if there is an accident based on information that Nauto receives from Nauto devices. 

Under no circumstances do we share your Personal Data, or the Personal Data of your drivers, for any commercial or marketing purposes, to any third-party company or organization outside the Nauto network other than as described in Section 4.2 above, without your explicit consent. Nauto will never share or sell your account, payment, or billing information, other than as described in Section 4.2 above, without asking you first.

Signing up for or connecting to third-party products or services sometimes requires us to share data with third parties. Before we share your data with a third party, you will be shown details about any proposed exchange(s) of data between Nauto and the third party that is providing the product or service. In some cases, Nauto or the third party will instead (or also) ask for permission to control the products that you have connected. Your explicit consent is required to allow any of these exchanges or requests for control and you will be able to revoke it at any time.

Any Nauto data that you choose to share with a third party is governed by that third party’s privacy policy while in that party’s possession. Any data that Nauto receives from third-party products and services will be processed and stored by Nauto and will be treated in accordance with this Policy. This information may be processed in the same ways as any other data that is a part of your Nauto account or Nauto logs. 

4.4. Business Transactions

In the event Nauto is involved in a bankruptcy, merger, acquisition, reorganization, or sale of assets, your information may be sold or transferred as part of that transaction. This Policy will apply to your information as transferred to the new entity.

4.5. Fraud and Illegal Activity

Nauto may access, preserve, and share your information or information collected from your drivers when Nauto has a good faith belief that it is necessary to: protect the property and security of Nauto, Nauto users, and others; or to prevent death or imminent bodily harm.

4.6. Legal Compliance

Nauto may access, preserve, and share your information or information collected from your drivers in response to a legal request (like a search warrant, court order, or subpoena) if Nauto has a good faith belief that the law requires it. Information concerning you or your drivers may be accessed, processed, and retained for an extended period of time when it is the subject of a legal request or obligation, government investigation, or investigations concerning possible violations of our terms or policies, or otherwise to prevent harm.

The information we collect may be processed and stored on Nauto servers located in the United States or in other countries. Your information may be subject to legal requirements, including disclosure requirements, in those jurisdictions.

5. Data Protection, Security, and Retention

5.1. Data Protection and Security

Nauto takes security seriously. We use commercially reasonable physical, administrative, and

technological methods to transmit your data securely including HTTPS, TLS/SSL protocol, AES and RSA data encryption. The Nauto cloud is supported by third-party vendors and service providers which process and store information in compliance with this Policy and any other appropriate confidentiality and security measures.

In addition to technological security measures, Nauto places access controls on its employees, contractors, and agents. We restrict access to any Personal Data to those Nauto employees, contractors, and agents who need to know that information in order to transmit, store, or process it, and who are subject to strict contractual confidentiality obligations that are consistent with this Policy, and may be disciplined or terminated if they fail to meet these obligations.

Nauto cannot guarantee that unauthorized third parties will never be able to defeat our security measures or use your Personal Data for improper purposes. In the event that any information in our possession or under our control is compromised as a result of a breach of security, we will take reasonable steps to investigate the situation and, where appropriate, notify those individuals whose information may have been compromised and take other steps, in accordance with any applicable laws and regulations.

5.2. Data Retention and Deletion

Most data are temporarily stored locally on the Nauto device while awaiting processing and only select data is sent up into the cloud. Only limited Personal Data and Driver Data are kept for an extended period of time. We may retain your Personal Data or the Personal Data of your drivers after you have closed your account if retention is reasonably necessary to comply with our legal obligations, meet regulatory requirements, resolve disputes between Nauto users, prevent fraud or abuse, or enforce this Policy and our User Agreement. Because of the way we maintain certain Services, after your information is deleted, backup copies may linger for some time before they are deleted, and we may retain certain data for a longer period of time if we are required to do so for legal reasons.

6. International Users

If you are using the Services or the Nauto website in the European Union or other regions outside of the United States with laws governing data collection and use that may differ from U.S. law, be advised that Nauto may transfer your Personal Data and Driving Data to the United States, and that by using the Services or visiting the website, you consent to that transfer.  Nauto complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union to the United States.  Nauto has certified to the Department of Commerce that it adheres to the EU-U.S. Privacy Shield Framework.  If there is any conflict between the terms in this privacy policy and these Privacy Shield Principles, the Privacy Shield Principles shall govern.  To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.

Under the Privacy Shield Principles, Nauto has responsibility for the processing of personal information it receives under the Privacy Shield and subsequently transfers to a third party acting as an agent on its behalf under Section 4.2 above.  Nauto complies with the Privacy Shield Principles for all onward transfers of personal data from the E.U., including the onward transfer liability provisions.

In compliance with the Privacy Shield Principles, Nauto commits to resolve complaints about our collection or use of your personal information.  European Union or Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Nauto at privacy@nauto.com.  If there is a dispute that we are unable to resolve, Nauto has committed to refer unresolved Privacy Shield complaints to JAMS, an alternative dispute resolution provider located in the United States.  If you are unsatisfied with the resolution of your complaint, you may contact JAMS at https://www.jamsadr.com/eu-us-privacy-shield for further information and assistance.  You may also have the ability, under certain conditions, to invoke binding arbitration for complaints regarding Privacy Shield compliance not resolved by a complaint to Nauto or through JAMS.  More information related to this arbitration procedure is available at https://www.privacyshield.gov/article?id=ANNEX-I-introduction.  The Federal Trade Commission has jurisdiction over Nauto’s compliance with the Privacy Shield.

7. Notification of Changes to This Privacy Policy

We may revise this Policy from time to time. The most current version will govern our use of your information. If we make a change to this policy that, in our sole discretion, is material, we will notify you via an email update using an email address associated with your account. By continuing to access or use the Services after those changes become effective, you agree to be bound by the revised Policy.

8. Questions?

If you have any questions, please contact us at privacy@nauto.com.