1. Scope

This policy explains what we collect when you use the MPG Smart platform (mpgsave.com, app.mpgsave.com, driver.mpgsave.com, support.mpgsave.com, admin.mpgsave.com) or interact with our marketing pages or sales team. It applies to fleet managers, drivers, channel partners, and prospective customers.

2. What we collect

Information you give us directly

• Account info: name, email, password (hashed), phone number, organization, role.
• Fleet data: truck identifiers, vehicle info, driver names, license numbers, and 4-digit PINs you assign for the driver app.
• Billing info: billing email, payment details processed via Stripe (we never see your card numbers — Stripe handles them).
• Communications: messages you send through in-app support chat, emails, and texts you send to drivers via the platform.

Information from connected services

• Telematics: when you connect Samsara or Motive, we pull miles driven, fuel consumption, idle time, GPS trip data, driver-vehicle assignments, and HOS records — only for the trucks you import.
• Stripe: payment status and invoice records.

Information collected automatically

• Usage: pages visited, features used, IP address, browser type, device info — for security and product improvement.
• Cookies / localStorage: session tokens, language preference, partner referral code (30-day TTL).

3. How we use your data

• Operate the MPG Smart platform — calculate baselines, target MPG, savings, driver bonuses, invoices.
• Send transactional notifications (push, SMS, email) tied to your use of the service: bonus updates, payout confirmations, sync errors, support replies.
• Communicate program updates, support responses, and service changes.
• Detect fraud, debug crashes, secure accounts.
• Comply with legal obligations.

4. SMS / text messages — A2P 10DLC disclosure

When a driver, fleet manager, or partner provides a phone number AND explicitly checks the consent box, we may send conversational text messages directly related to MPG Smart services. This includes:

• Bonus payout notifications.
• Onboarding reminders and program updates.
• Replies to messages you send us first.
• Critical service notices (account, billing, security).

Message and data rates may apply. Message frequency varies. Reply HELP for help or STOP to unsubscribe at any time. Phone-number consent is collected separately from any other consent and is never bundled.

SMS-specific data sharing: phone numbers and SMS message content are NOT shared with third parties or affiliates for marketing purposes. We use compliant carriers (Samsara/Motive native SMS APIs and our own A2P 10DLC infrastructure) solely to deliver messages to your device.

5. How we share data

We do not sell, rent, or trade your data — full stop. We share data only in these limited cases:

• Service providers we contract: AWS (hosting), Stripe (billing), Samsara/Motive (telematics on your behalf), our SMS gateway. Each is bound by data-processing agreements that prohibit using your data for their own purposes.
• Within your organization: drivers see only their own data; fleet managers see their fleet's data; partners see only the orgs they personally onboarded.
• Legal requirements: if compelled by valid legal process. We will notify you unless legally prohibited.
• Business transfers: if MPG Smart is acquired, your data transfers under terms at least as protective as this policy.

6. Data retention

We retain account data for as long as your account is active. Fleet performance and invoice records are retained for 7 years for accounting and audit purposes. Communications (SMS logs, support chat) are retained for 2 years. You may request earlier deletion — see Section 8.

7. Security

Passwords are hashed with bcrypt. Telematics API keys are encrypted at rest with AES-256-GCM. JWTs are signed with HS256, rotated frequently. The platform is HTTPS-only with HSTS. Push subscriptions use VAPID. Database backups are encrypted. No system is 100% secure — if we ever experience a breach affecting your data, we'll notify you within 72 hours per applicable law.

8. Your rights

You can:

• Access the data we have about you — most of it is visible in your dashboard.
• Correct or update it via your profile settings.
• Delete your account and associated data by emailing privacy@mpgsave.com.
• Opt out of SMS at any time by replying STOP.
• Opt out of push notifications via your device settings or the app's notification toggle.
• Receive a portable export of your data on request.

If you're in California, the EEA, or another jurisdiction with specific privacy rights (CCPA, GDPR, etc.), those rights apply in full. Contact us to exercise them.

9. Children

MPG Smart is a B2B fleet management platform and is not directed at children under 13. We don't knowingly collect data from minors.

10. Changes to this policy

We'll update the "Last updated" date at the top whenever we change this policy. For material changes, we'll notify account holders via email or an in-app banner before the change takes effect.

11. Contact

Privacy questions or requests: privacy@mpgsave.com

General inquiries: hello@mpgsave.com