Privacy Policy

When you register for an account, we collect information necessary to create and maintain your account and verify your identity. This may include:

• Full name, email address, phone number, and date of birth
• Business name, business registration number, and business address (fleet operators and suppliers)
• Government-issued identification documents (service providers, as part of KYC verification)
• Professional licenses and certifications (service providers)
• Proof of insurance documentation (service providers)
• Payment and banking information for billing and payment processing
• Profile photographs and other optional profile information

When you use the fleetOS mobile application or web platform, we automatically collect:

• Device type, operating system, app version, and unique device identifiers
• IP address, browser type, and general geographic region derived from IP
• App usage logs, feature interactions, and session duration
• Crash reports and performance diagnostics
• Push notification tokens for dispatch and alert delivery

The fleetOS Link hardware device is the primary source of vehicle and operational data. This data is collected continuously during vehicle operation and transmitted to the fleetOS platform via cellular or Bluetooth relay through the user's smartphone. The full scope of hardware-collected data is described in Sections 4, 5, and 6 below.

We collect records of communications between users and Winixx support, including emails, in-app messages, and support tickets. We also collect feedback, reviews, and ratings submitted through the platform.

This data supports real-time breakdown detection, maintenance alerts, and emergency dispatch. It is collected continuously during vehicle operation:

• Diagnostic Trouble Codes (DTCs) — engine fault codes read from the vehicle's ECU in real time
• Battery voltage — monitored continuously for degradation and failure prediction
• Engine coolant temperature and oil pressure — critical failure indicators
• Fuel level — monitored for low-fuel alerts and consumption tracking
• Engine RPM, throttle position, and mass air flow readings
• Vehicle speed via OBD-II — used for telematics and crash detection algorithm
• Ignition status — determines device operating mode
• Vehicle Identification Number (VIN) — decoded on first connection for make, model, year, engine type, and active recall identification

This data enables proactive service recommendations and helps prevent breakdowns before they occur:

• Odometer and mileage tracking — triggers service reminders based on actual miles driven
• Engine load and fuel trim readings — identifies fuel system and intake issues
• Transmission temperature and alternator output — early failure indicators
• Brake application frequency and intensity — derived from deceleration data for brake wear prediction
• Idle time accumulation and cold start frequency — engine wear indicators
• Oxygen sensor readings and catalyst temperature — emissions and fuel system health

Location data is collected continuously during vehicle operation and at defined intervals when the vehicle is parked. This data is essential for dispatch, coverage mapping, and emergency response:

• Real-time GPS coordinates — updated every five (5) seconds while moving, every sixty (60) seconds while stationary
• Historical trip data — complete trip logs including start/end locations, routes traveled, distances, and timestamps
• Geofence events — entry and exit from user-defined geographic zones
• Tow detection — vehicle movement detected while ignition is off, indicating potential theft or unauthorized movement

In addition to the above, the fleetOS Link collects broader vehicle performance and environmental data that supports platform improvement, network optimization, and commercial data products. This data is collected in aggregate and is processed in anonymized and de-identified form for commercial purposes as described in Section 9. It includes:

• Steering angle and rotational data at speed — road curvature and handling behavior
• Speed profiles mapped to specific road segments and geographic coordinates
• Road surface anomaly detection via accelerometer — potholes, speed bumps, road damage
• Intersection approach and departure behavior — speed, braking, and acceleration patterns at identified intersections
• Near-miss event signatures — sudden evasive maneuvers detected by accelerometer and gyroscope
• Weather-correlated driving behavior — pattern changes associated with ambient temperature and road conditions
• Component failure patterns aggregated by vehicle make, model, year, and mileage

The forward-facing camera continuously records the road environment ahead of the vehicle. Captured footage and derived data includes:

• Continuous 2K video recording of the road ahead during vehicle operation
• ADAS event detection — lane departure, forward collision warnings, tailgating alerts, and traffic light status
• Road hazard identification — obstacles, debris, and adverse road conditions
• Footage is stored locally on the device and selectively uploaded to the fleetOS platform based on event triggers and fleet operator settings

The cabin camera monitors the driver's face and upper body to detect safety-relevant behaviors. This camera uses infrared illumination and operates in all lighting conditions:

• Continuous monitoring for drowsiness indicators — eye closure, head nodding, and reduced alertness
• Distraction detection — driver looking away from road for extended periods
• Phone use detection — device detected in driver's hand or field of view
• Seatbelt compliance monitoring
• Smoking detection within the cabin

Rear and side cameras capture the environment surrounding the vehicle for safety, coverage verification, and incident documentation. These cameras operate continuously during vehicle operation and capture footage that may include pedestrians, cyclists, other vehicles, and public spaces.

The three-axis accelerometer and gyroscope monitor vehicle dynamics continuously at 200Hz sampling frequency. Data collected includes:

• G-force measurements across all three axes — critical for crash detection and harsh driving behavior identification
• Rotational data — vehicle spin, rollover detection, and impact direction
• Vibration patterns — road surface quality mapping and component stress detection
• Barometric pressure — altitude tracking and crash event confirmation

The integrated microphone serves two functions: (1) ambient audio analysis to supplement crash detection by identifying impact sound signatures, and (2) providing audio relay capability during automated emergency response communication with 911 dispatchers. The microphone does not continuously record or transmit audio during normal vehicle operation. Audio capture is triggered only by crash detection events or active emergency response sequences.

Routine video footage is stored locally on the device in a rolling buffer. Event-triggered footage — activated by harsh driving events, collision alerts, or manual flagging by fleet operators — is uploaded to the fleetOS platform and retained for a period of ninety (90) days unless extended by the fleet operator for compliance or legal purposes. Winixx does not sell raw video footage to third parties. Access to stored footage is restricted to the fleet operator account holder, authorized Winixx personnel, and as required by law.

When a crash event is detected by the device's multi-signal algorithm, the system immediately begins preserving the following data in an immutable crash record that cannot be deleted by the user:

• Sixty (60) seconds of pre-impact sensor data including G-force readings, speed, RPM, and GPS coordinates
• Complete crash event record including impact magnitude, direction, time, and precise GPS location
• Post-impact sensor readings for a minimum of four (4) hours or until manually cleared by authorized Winixx personnel
• Audio signature data from the thirty (30) seconds surrounding the impact event

If the emergency response sequence reaches the automated 911 communication stage — activated ninety (90) seconds after crash detection if the driver does not respond — the following data is transmitted to the 911 Public Safety Answering Point via our AI voice agent:

• Precise GPS coordinates and reverse-geocoded nearest address
• Vehicle make, model, year, color, and VIN
• License plate number (if registered to the account)
• Time and severity of the detected impact
• Driver responsiveness status
• Number of registered vehicle occupants (if provided)
• A link to the fleetOS emergency portal for real-time GPS tracking by emergency services

This data sharing with emergency services is a condition of device activation and cannot be disabled. The transmission of this data to emergency services in genuine crash scenarios does not require separate consent because it serves the vital interest of protecting the life of the vehicle occupant.

Simultaneously with the 911 communication, the following information is sent via SMS to all registered emergency contacts:

• Driver's registered name
• Notification that a crash has been detected and emergency services have been contacted
• GPS location as a mapping link updated in real time
• Vehicle description
• Timestamp of the incident

Crash event data is used for emergency response coordination, incident documentation for insurance and legal purposes, and platform safety improvement. Crash data associated with a specific user account may be subject to legal hold if litigation is pending or anticipated. Winixx will comply with valid legal process requesting crash event records.

The primary use of all data collected is to operate and deliver the fleetOS Services. This includes:

• Monitoring vehicle health and generating proactive breakdown alerts
• Dispatching service providers to vehicles requiring roadside assistance
• Processing parts orders and coordinating fulfillment through the supplier network
• Operating the emergency response system in crash and safety scenarios
• Providing fleet operators with operational dashboards, reports, and compliance tools
• Processing subscription payments and service billings
• Paying service providers for their availability and work completed

• Detecting and responding to crash events and other emergency situations
• Identifying unsafe driving behaviors and providing coaching and alerts to fleet operators and drivers
• Detecting theft, unauthorized vehicle movement, and device tampering
• Verifying the identity and credentials of service providers and suppliers

• Analyzing platform performance and usage patterns to improve features and reliability
• Training and improving our AI-based driver monitoring and crash detection systems using aggregated and de-identified data
• Optimizing our nationwide service provider dispatch algorithms
• Improving parts matching accuracy within our supplier network

• Sending service alerts, dispatch notifications, and platform updates
• Responding to support inquiries and resolving disputes
• Sending renewal reminders and billing notifications
• Providing product updates and new feature announcements (you may opt out of non-essential communications)

• Complying with applicable laws, regulations, and legal process
• Enforcing our Terms and Conditions and other platform policies
• Detecting, investigating, and preventing fraudulent activity
• Protecting the rights, property, and safety of Winixx, our users, and the public

In the event of a merger, acquisition, corporate reorganization, or sale of all or substantially all of Winixx's assets, user information may be transferred to the acquiring entity as part of the transaction. We will provide notice of such a transfer and, where required by law, an opportunity to opt out of the transfer of your personal information.

Aggregated data refers to information derived from the collective activity of all vehicles, users, and service events on the fleetOS platform, processed in a way that does not identify any individual person or specific vehicle. Before any data is aggregated for commercial purposes, it undergoes a de-identification process that removes or obscures all direct and indirect personal identifiers, including name, VIN, license plate, precise GPS coordinates, and account identifiers.

Examples of what aggregated data looks like in practice: average brake failure frequency by vehicle make and model year in a given climate region; median response time to battery-related breakdowns by metropolitan area; statistical correlation between driving pattern clusters and component failure rates across a vehicle class.

Winixx may develop, license, and sell aggregated data products derived from the fleetOS platform to commercial partners operating in the following sectors:

• Insurance carriers — aggregated vehicle reliability data, breakdown frequency by vehicle class, and driving behavior statistics that support underwriting model development and risk pricing. No individual policyholder data is shared without separate explicit consent.
• Automotive manufacturers and their research affiliates — aggregated vehicle performance data, component failure patterns by make and model, and real-world reliability statistics that support vehicle engineering, quality improvement, and warranty planning. No individual vehicle or owner is identified in this data.
• Transportation research and infrastructure organizations — aggregated road condition data, traffic pattern analysis, and geographic mobility statistics that support transportation planning and infrastructure development.
• Fleet management and logistics analytics firms — aggregated operational benchmarks, maintenance cost averages, and industry-level performance statistics.

• We do not sell data that identifies you, your drivers, or your specific vehicles to any third party
• We do not share real-time location data with advertisers or marketing platforms
• We do not allow commercial data partners to re-identify individuals from aggregated datasets — this is a contractual requirement in all data licensing agreements
• We do not share raw video footage from any camera with commercial partners
• We do not use crash event data for commercial data products

You may request that your vehicle data be excluded from aggregated commercial data products by contacting us at legal@winixx.net. Opting out of aggregated data use does not affect your access to any Services. We will honor opt-out requests within thirty (30) days of receipt. Note that data already included in previously processed aggregated datasets cannot be retroactively removed because it is no longer individually identifiable within those datasets.

• All data transmitted between the fleetOS Link hardware and our platform is encrypted using TLS 1.3
• All data transmitted between users and the platform via web or mobile app uses TLS 1.3 minimum
• Hardware device certificates are provisioned at manufacturing and used for mutual TLS authentication

• All data stored on the fleetOS Link device is encrypted at rest using AES-256
• Platform databases use encryption at rest with access controls limited to authorized personnel
• Payment card data is handled exclusively by PCI DSS-compliant third-party payment processors — we do not store full card numbers

• Access to user data within Winixx is limited to employees and contractors who need it to perform their job functions
• All internal access is logged and subject to regular access review
• Multi-factor authentication is required for all Winixx personnel accessing production systems

In the event of a data security incident that may affect your personal information, we will notify affected users in accordance with applicable law — generally within seventy-two (72) hours of becoming aware of the incident for high-risk breaches. Notification will describe the nature of the incident, the data potentially affected, and the steps we are taking in response.

Certain data cannot be deleted regardless of a deletion request. This includes crash event data subject to legal hold, financial transaction records required for tax and regulatory compliance, and data retained to resolve outstanding disputes or enforce our Terms. We will inform you of any limitations on your deletion request and the reason for those limitations.

You may opt out of non-essential marketing and product communications at any time by using the unsubscribe link in any email or by contacting us at legal@winixx.net. You cannot opt out of operational communications — such as dispatch notifications, payment receipts, and safety alerts — while your account is active, as these are necessary to deliver the Services.

In the preceding twelve (12) months, we have collected the following categories of personal information as defined by the CCPA: identifiers, personal information described in California Civil Code Section 1798.80, commercial information, geolocation data, sensory data (audio and visual from cameras and microphone), professional and employment-related information (service providers), and inferences drawn from the above categories.

California residents may request disclosure of the specific personal information we have collected about them, the categories of sources, the business purpose for collection, and the categories of third parties with whom we share it.

California residents may request deletion of personal information we have collected, subject to certain exceptions including information necessary to complete transactions, detect security incidents, or comply with legal obligations.

We will not discriminate against you for exercising any of your California privacy rights. We will not deny you goods or services, charge different prices, or provide a different level of quality of services because you exercised your rights.

California residents may request information about our disclosure of personal information to third parties for those third parties' direct marketing purposes. As described in this Policy, we do not share personal information with third parties for their direct marketing purposes without your consent.

• Essential cookies — required for the platform to function. These enable login sessions, security features, and core platform navigation. They cannot be disabled without disrupting the Services.
• Functional cookies — remember your preferences such as language, region, and dashboard layout settings.
• Analytics cookies — collect anonymized usage data to help us understand how users interact with the platform and identify areas for improvement. We use privacy-respecting analytics tools that do not build cross-site advertising profiles.

You may manage cookie preferences through your browser settings or through the cookie consent controls available on the platform. Disabling essential cookies will prevent you from accessing certain features of the Services. Our full Cookie Policy is available at /cookies.