FleetMS
FleetMS · Legal

Privacy Policy

Last updated: 5 May 2026

FleetMS is a multi-tenant fleet-dispatch platform operated by Steven Sng Labs(the “Operator”), a sole proprietorship registered in Malaysia. This policy explains what personal data the Operator processes, why, how long, and your rights as a data subject under the Malaysian Personal Data Protection Act 2010 (“PDPA”) and equivalent regimes including the EU General Data Protection Regulation (“GDPR”) where applicable.

1. Data we process

FleetMS processes three categories of personal data:

  • Tenant staff accounts (dispatchers, org admins): name, email address, role, sign-in metadata, audit log of actions taken in the dispatcher app.
  • Driver records (provided by tenant): name, phone number, license class, MPV capability, time-off windows, completed-job history.
  • Passenger records (entered by tenant): name, contact number, pickup and dropoff locations, special instructions. Where the passenger is an EU resident, the Operator processes this data on behalf of the tenant under a controller-processor relationship.

2. Purposes

  • To deliver the dispatcher app the tenant has subscribed to.
  • To send WhatsApp messages to drivers about jobs they are assigned to.
  • To enable tenant audit + compliance via the audit log.
  • To send transactional emails (invitations, password resets, billing).
  • To diagnose product errors via Sentry (event metadata only; no message bodies).

3. Legal basis

Tenant staff and driver data are processed under contract (the tenant’s FleetMS subscription). Passenger data is processed on behalf of the tenant; the tenant is the controller and is responsible for ensuring a valid lawful basis exists for the underlying booking. The Operator acts as processor only.

4. Sharing

The Operator does not sell personal data. Sub-processors used:

  • Supabase (Singapore region, ap-southeast-1) — primary database hosting.
  • Vercel (multi-region edge) — application hosting.
  • Cloudflare — DNS only, no data.
  • Sentry (EU region) — error tracking metadata.
  • Meta WhatsApp Cloud API — driver messaging.

5. Retention

Tenant and driver records are retained for the lifetime of the tenant’s subscription plus 90 days. Audit logs are retained for 12 months. Passenger records follow the tenant’s retention configuration; the default is 12 months from the last associated job.

6. Your rights

You have rights to access, correct, and (where applicable) delete or port your personal data. To exercise these rights, contact privacy@fleetms.my. For passenger data, please direct your request to the booking tenant first (the controller); the Operator will support the tenant in responding.

7. Security

FleetMS uses row-level security (RLS) to isolate tenants at the database level, encrypted backups with point-in-time recovery, and TLS for all traffic. Production access is restricted to the Operator and audited.

8. Cross-border transfers

Data is stored primarily in Singapore (ap-southeast-1). Sub-processors in other regions (e.g. Vercel edge, Sentry EU) operate under appropriate safeguards, including standard contractual clauses where required.

9. Changes

Material changes to this policy will be communicated via in-product notice or email to the tenant’s registered admin at least 30 days before taking effect.

10. Contact

Steven Sng Labs · privacy@fleetms.my