Capte ("we," "us," or "our") is committed to protecting your privacy and the security of your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our fleet management software, vehicle telematics platform, and related services (collectively, the "Services"). This policy complies with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act and California Privacy Rights Act (CCPA/CPRA), and other applicable data protection laws.
This policy covers two distinct roles Capte plays: (1) as a Data Controller — when we determine how your personal data is used — and (2) as a Data Processor — when we process personal data on behalf of our business customers (fleet operators). For most fleet-management and telematics services, the fleet customer is the data controller and Capte acts as processor on their behalf, strictly in accordance with their instructions and the data processing provisions of our General Terms and Conditions (CGV/CGU, Article 11). For data we collect to operate our own business (account management, billing, marketing, security, and AI model improvement), Capte acts as a controller.
We review and update this policy at least annually, or more frequently if our practices, technology, or legal requirements change.
Capte is the data controller responsible for the personal data it collects directly for its own business purposes. For questions or concerns:
As Capte SAS is established in France, our lead supervisory authority under GDPR’s one-stop-shop mechanism is the Commission Nationale de l’Informatique et des Libertés (CNIL): www.cnil.fr.
We collect personal information that you provide directly when you register, use our Services, or interact with us, including:
Providing this information is voluntary for some purposes (e.g., marketing surveys) but required for others (e.g., account creation). If you choose not to provide required information, you may be unable to access certain features or complete transactions.
The specific data collected varies depending on your configuration, device type, and features enabled by your fleet administrator. Through our IoT telematics platform and monitoring services, we collect:
When Capte collects this data on behalf of a fleet customer, Capte acts as a data processor and the fleet customer is the data controller. Processing is governed by Article 11 of our General Terms and Conditions (CGV/CGU).
When you access our Services, we automatically collect:
Fleet customers may upload or configure additional data, such as driver assignments, vehicle naming or labeling, and custom fields or tags. Capte processes this data as a processor on the fleet customer’s instructions.
We may receive your personal data from resellers, partners, referral programs, or other third parties, and may combine it with data we already hold. We adhere to data minimization principles and collect only the personal data necessary for the disclosed purposes. We do not use your data for secondary purposes without your consent or another valid legal basis.
For transparency under CCPA/CPRA, the categories of personal information we collect include:
We use precise geolocation data solely to provide contracted fleet management services. You have the right to limit our use of your sensitive personal information. See Section 7.2.
Under the GDPR, we process personal data based on the following legal grounds:
Where we rely on legitimate interests, we conduct a balancing test to ensure our interests do not override your fundamental rights. You may request a copy of any balancing test by contacting privacy@capte.co.
We use the collected information to:
Some of our Services use automated processing to analyse telematics data and generate outputs such as driver safety scores, predictive maintenance alerts, and drowsiness or distraction warnings. These outputs are produced by machine-learning models trained on historical driving and vehicle data.
Automated outputs may be shared with your fleet manager and can influence decisions such as coaching, scheduling, or insurance recommendations (where your employer uses third-party insurance integration). These outputs do not, on their own, produce legally binding decisions about you without human review.
Under GDPR Article 22, if an automated decision produces legal or similarly significant effects on you, you have the right to: (1) request human review, (2) express your point of view, and (3) contest the outcome. Contact privacy@capte.co. Under applicable US state laws (Virginia VCDPA, Colorado CPA, Connecticut CTDPA, Texas TDPSA, and others), you may also opt out of profiling used for targeted advertising or decisions producing legal or similarly significant effects.
Capte uses CAN bus data and related vehicle diagnostic signals — collected through our telematics platform — to train, validate, and improve proprietary AI and machine-learning models. The sole purpose of this training is to identify patterns in equipment behaviour that precede component failures, enabling predictive maintenance alerts and reducing vehicle downtime for our customers.
Where Capte acts as a data processor on behalf of a fleet customer (which is the case for most fleet and telematics data), Capte may only use that data for AI training if the fleet customer (as data controller) has expressly authorised this use in writing. We do not use customer-controlled personal data for AI model training without such written authorisation. AI model training from data collected in Capte’s controller capacity (e.g., from Capte’s own demonstration environments and test fleets) is governed solely by this policy.
Vehicle data used for AI training is pseudonymized before ingestion: driver identifiers are separated from telemetry signals at the point of model training. We do not retain raw personal data longer than necessary for training purposes, and we implement access controls to prevent re-identification.
Processing for AI training in Capte’s controller capacity is based on our legitimate interests (GDPR Art. 6(1)(f)) in improving service quality and safety outcomes. A Legitimate Interest Assessment for this activity is available upon request.
You have the right to object to processing of your personal data for AI training purposes under GDPR Article 21. Contact privacy@capte.co. Objecting to AI training processing does not affect your ability to use our fleet management services.
We share your information with third-party vendors who assist in operating our Services, such as cloud hosting providers, payment processors, and analytics platforms. These providers access your personal data only to perform specific services on our behalf and are contractually bound to protect it through Data Processing Agreements compliant with GDPR Article 28.
When Capte acts as a data processor on behalf of fleet customers, any engagement of third-party technology services that involves access to customer personal data is subject to the prior written authorisation requirement of the CGV/CGU (Article 11.4(d)). Capte will inform fleet customers of any such third-party service engagements in accordance with its contractual obligations.
We may share information with companies that integrate with our platform to provide enhanced fleet management solutions. Categories shared: identifiers and, where authorized by the fleet customer, fleet and telematics data.
We may disclose your information when required by law, regulation, court order, or subpoena, or to protect the rights, property, or safety of Capte, our customers, or others. We will inform the relevant data controller (fleet customer) before disclosing their data to authorities, except where legally prohibited from doing so.
In connection with mergers, acquisitions, reorganizations, or asset sales, your personal information may be transferred. We will provide notice of any such change and inform you of your rights in advance where required by law.
We may share your personal data whenever you direct us to do so, including when you authorize a third-party application or service to access your information.
We do not sell your personal data to third parties for monetary consideration. We may share internet activity data for cross-context behavioral advertising only when you have granted explicit consent via our cookie banner. Certain US state laws define such sharing as a "sale" — you may opt out at any time using the mechanisms in Section 12 or by emailing privacy@capte.co.
When our business customers (fleet operators) use our Services to manage their fleets, Capte acts as a data processor on behalf of those customers, who are the data controllers. This relationship is governed by Article 11 of our General Terms and Conditions (CGV/CGU), which sets out Capte’s obligations as processor, including:
If you are an end user (e.g., a driver) of Capte’s products through your employer (a Capte fleet customer), your employer’s privacy policies govern the processing of your personal data. Please contact your employer for information about how your data is used.
Depending on your location, you have rights to access, correct, delete, or limit the use of your personal data. To exercise any right, see Section 7.5.
If you are in the European Economic Area, United Kingdom, or Switzerland, you have the following rights:
CNIL contact: www.cnil.fr | https://www.cnil.fr/fr/plaintes | +33 1 53 73 22 22
UK: Information Commissioner’s Office — https://ico.org.uk | Switzerland: FDPIC — https://www.edoeb.admin.ch
California residents have the following rights:
Capte collects precise GPS geolocation data, which is classified as Sensitive Personal Information (SPI) under CPRA §1798.140(ae)(1)(A). This data is used solely to provide contracted fleet management services. In the twelve months prior to this policy’s effective date, we have not sold personal data covered by the CPRA.
If you reside in Virginia, Colorado, Connecticut, Texas, Oregon, Montana, or another state with a comprehensive consumer privacy law, you have rights including: access, correction, deletion, data portability, opt out of sale, opt out of targeted advertising, and opt out of profiling that produces legal or similarly significant effects (e.g., AI-based driver scoring used in employment decisions).
We honor browser-based opt-out preference signals such as the Global Privacy Control (GPC). To opt out of profiling or targeted advertising, use the mechanisms in Section 12 or email privacy@capte.co.
Residents of India may seek redressal of grievances and have the right to nominate an individual to exercise their rights in case of death or incapacity. Residents of France have the right to instruct us on the processing of their personal data after death (Article 85, Loi Informatique et Libertés).
To exercise any of the above rights without discrimination:
We will respond within 30 days. We may verify your identity before processing your request. No charge for reasonable requests. If we deny your request, we will explain why and provide appeal instructions. Appeals must be submitted within 45–60 days (depending on applicable law) to privacy@capte.co. You may also contact your state attorney general or applicable supervisory authority.
We retain personal data only as long as necessary to fulfill the purposes in this policy, comply with legal obligations, resolve disputes, and enforce our agreements.
Upon request or termination of services, we will delete or anonymize your data in accordance with applicable laws. Fleet customers may request a deletion certificate per Article 11.4(g) of our CGV/CGU.
We implement appropriate technical and organizational security measures to protect personal data, including:
In accordance with GDPR Article 25 (Privacy by Design and by Default), Capte integrates data protection principles into our product development lifecycle. This includes: collecting only the minimum personal data necessary for each function, applying pseudonymization before processing in analytics contexts, and configuring default privacy settings to the most protective option available.
No method of transmission over the internet is 100% secure. We cannot guarantee absolute security, and we encourage you to exercise caution when transmitting personal data online.
Where a breach is likely to result in a risk to the rights and freedoms of natural persons, we will notify the CNIL (our lead supervisory authority) without undue delay and, where feasible, within 72 hours of becoming aware of the breach.
Where a breach is likely to result in a high risk to the rights and freedoms of natural persons, we will notify affected individuals without undue delay, describing the nature of the breach, its likely consequences, and the measures taken or proposed.
In accordance with Article 11.5 of our CGV/CGU, Capte will notify fleet customers (as data controllers) promptly upon becoming aware of any breach involving their personal data, providing all information necessary for the customer to fulfil its own GDPR notification obligations.
We comply with applicable US state breach notification laws, including California (Cal. Civ. Code §1798.82) and all other states where affected residents are located.
We maintain an internal breach register documenting all personal data security incidents, regardless of whether notification is required, as required by GDPR Article 33(5).
As Capte operates in both France and the United States, personal data may be transferred between these jurisdictions. When transferring personal data from the EEA, UK, or Switzerland, we rely on the following mechanisms:
In accordance with Article 11.8 of our CGV/CGU, Capte does not transfer personal data processed on behalf of fleet customers to countries outside the EEA without the fleet customer’s prior written consent, and all such transfers are carried out under appropriate safeguards, including SCCs.
Transfers to the United States by Capte Technologies Inc. in its capacity as data controller (e.g., for its own account management and marketing operations) are carried out under SCCs between Capte SAS and Capte Technologies Inc. Customers may request a copy of the applicable SCCs by contacting privacy@capte.co.
We use cookies, pixel tags, localStorage, and similar technologies to improve your experience, analyse usage patterns, and personalise content where you have given consent.
Our website stores your consent preferences in the browser’s localStorage (not a cookie) under the key cookie_consent_v1, and uses Google Consent Mode v2 to signal your choices to Google services. Google services then set cookies only if you have granted the relevant consent. No analytics or advertising cookies are set before your consent is recorded.
You can manage or withdraw consent at any time through:
We honor the Global Privacy Control (GPC) signal where required by law. For our full Cookie Policy, visit www.capte.co/cookies.
Where AI features involve the processing of biometric data (such as facial geometry or gaze tracking), this constitutes special category data under GDPR Article 9. Processing is only carried out where a valid legal basis exists, which may include:
Where drivers are located in states with biometric privacy laws, including Illinois (BIPA), Texas (CUBI), Washington (MHMD), Maryland (HB 218), and other applicable states, Capte and its fleet customers will comply with applicable notice, consent, and data handling requirements, including:
We may send marketing and promotional communications where permitted by law or with your consent. You can opt out at any time by:
Even if you opt out of marketing, we may still contact you about your account, services, or important administrative matters.
Our Services may contain links to third-party websites and services. We are not responsible for their privacy practices. Our Privacy Policy does not apply to third-party sites, products, or applications, even if accessible through our Services. We encourage you to review third-party privacy policies before providing personal data.
Our Services are not intended for individuals under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected data from a child without parental consent, we will delete it promptly. Contact privacy@capte.co if you believe we have inadvertently collected data from a minor.
Capte does not discriminate against users who exercise their privacy rights under any applicable data privacy law. You will not be denied services, charged different prices, or provided a different level of service for exercising your rights, unless the difference is reasonably related to the value provided by your personal data.
Capte has designated a Data Protection Officer (DPO) to oversee compliance with GDPR and other applicable data protection legislation.
The DPO is registered with the CNIL in accordance with GDPR Article 37(7).
We may update this Privacy Policy to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by:
Your continued use of our Services after such changes constitutes acceptance of the updated policy. For material changes to how we process your personal data as a controller, we will provide at least 30 days’ notice where required.
This Privacy Policy and any data protection matters related to Capte’s role as a data controller are governed by French law. Any dispute relating to this policy that cannot be resolved through our privacy complaint process (Section 7.5) shall be subject to the exclusive jurisdiction of the Tribunal des activités économiques de Versailles, without prejudice to your right to lodge a complaint with the CNIL or your local supervisory authority at any time.
For any questions, concerns, or requests regarding this Privacy Policy or our data practices:
Capte Technologies Inc.
© 2026 Capte Technologies Inc. All rights reserved. | Privacy Policy v2.1 — March 2026 | DPO-172140 | privacy@capte.co