This Privacy Notice governs how GPSafe ("GPSafe", "we" or the "Data Controller") collects, uses, stores, shares and protects the personal information of users ("you") interacting with the mx.gpsafe.io website, its forms, the "platform.gpsafe.io" web application and the GPSafe / GPStrackMe mobile apps (collectively, the "Services").
1 Personal data we collect
We collect only the data needed to deliver our Services:
- Identification & contact: name, company, role, email, phone.
- Commercial: industry, fleet size, messages submitted through forms.
- Automatic technical: IP address, device type, OS, browser, pages visited, timestamps (via cookies and server logs).
- Telemetry (active customers only): GPS position, speed, vehicle events, dashcam video and other data generated by installed GPSafe devices under the service contract.
We do not collect sensitive data. We do not request financial data from this site except in the payment portal (Stripe), which is processed directly by our certified PSP.
2 Purposes of processing
Primary purposes
- Handle demo, quote, support or information requests.
- Deliver the contracted Services (tracking, dashcam, reports, mobile app, API).
- Invoicing, billing and administrative follow-up.
- Comply with legal, tax and security obligations.
Secondary purposes
- Sending commercial communications and newsletters (you can opt out anytime).
- Analytical studies to improve the site and Services.
3 Legal basis
- Your explicit consent when submitting a form or accepting this notice.
- The contractual relationship when you are a customer.
- Applicable legal compliance (LFPDPPP, Tax Code, etc.).
- GPSafe's legitimate interest to operate and secure its Services.
4 Disclosures
We do not sell your data. We may share it only with:
| Recipient | Purpose | Country |
|---|---|---|
| Amazon Web Services | Hosting and infrastructure | USA |
| Stripe Inc. | Payment processing | USA |
| Google (Workspace, reCAPTCHA, Maps, Fonts) | Productivity & web services | USA |
| Transactional SMS/Email providers | Service notifications | USA / MX |
| Competent authorities | Legal compliance | MX |
All third parties operate under confidentiality and/or data-processing agreements. International transfers are conducted under clauses guaranteeing a level of protection equivalent to that required in Mexico.
5 Retention
We retain your data for as long as necessary to fulfil the stated purposes and applicable legal periods (typically 5 years for tax data). After that, we securely delete or anonymize it.
6 ARCO rights and consent withdrawal
You have the right to Access, Rectify, Cancel or Object to the processing of your data, and to withdraw your consent. To exercise them, send your request via the contact form including:
- Your name and contact method.
- Document proving your identity (ID, passport).
- Clear description of the right you wish to exercise.
We will reply within a maximum of 20 business days.
7 Security
We implement reasonable administrative, technical and physical safeguards to protect your data against unauthorized access, loss or alteration: encryption in transit (TLS), encryption at rest, role-based access control, audit logging, backups and continuity plans.
8 Cookies
We use strictly necessary cookies for site functioning and anonymous analytical cookies. See our Cookie Policy for details.
9 Minors
Our Services are aimed at businesses and users over 18. We do not intentionally collect data from minors; if detected, we delete it.
10 Changes to this notice
We may update this Notice to reflect legal or service changes. The current version is always published on this page with the last-updated date. If changes are substantial, we will notify you through the usual channels.
11 Contact
For anything related to this Notice or your personal data, write to us through the contact form indicating "Privacy" in the subject.