1. Who we are
Fastlane Grupp OÜ is the data controller for personal data processed through our own websites and services. Our products include: the Lither platform for logistics, fleet, route and warehouse management and its Lither Driver mobile app; and the Avyndo platform for mobile device management (MDM) and its Avyndo Agent mobile app.
For devices and accounts that an organization (for example, your employer) manages using our platforms, that organization is the controller of the data and we act as its processor, handling the data on its instructions. Contact us at [email protected] for any privacy question or to exercise your rights.
2. Information we collect
Depending on which products and features you use, we may collect the following categories of data:
- Account and identity data: name, email address, phone number, company and job role, username, and a securely hashed password.
- Location data: precise and approximate geolocation from the Lither Driver app and from tracked devices. This location is collected while tracking is enabled and, where you have granted permission, continuously in the background — even when the app is closed or not in use — to display vehicles on a live map, provide route navigation, record delivery routes, and include your location with emergency SOS alerts. See section 3.
- Device and management data: for devices enrolled in Avyndo we collect device identifiers (such as serial number and hardware identifiers), device make and model, operating system and version, security-patch level, installed applications and software inventory, network and connectivity details, battery and storage status, security and compliance status, and device configuration. The Avyndo Agent obtains and installs digital certificates on managed devices. See section 4.
- Content you provide: messages, support requests, notes, form submissions, and uploaded files and media (for example, proof-of-delivery photos).
- Usage and diagnostic data: interactions with our apps and websites, log data, IP address, browser and device type, crash reports, analytics, and cookies.
- Transaction and billing data: billing contact and subscription details. Payments are handled by our payment provider; we do not store full payment-card numbers.
3. Location data and background location
The Lither Driver app and tracked devices collect location data to deliver core features: showing a vehicle’s real-time position to dispatch, live-map display, route navigation, recording completed routes, and sending your location together with emergency SOS alerts.
Where you grant the permission, location is collected in the background — that is, even when the app is closed or not in use — but only while you are on shift with tracking turned on. You can turn tracking off at any time inside the app, and you can revoke background-location access at any time in your device settings. Location data is sent securely to your organization’s workspace.
4. Device management and the Avyndo Agent
Avyndo is a mobile device management service. When your organization enrolls a device, an IT administrator installs the Avyndo Agent and applies management policies. The Agent’s purpose is to keep the device secure and connected: it requests and installs the digital certificates the device needs for corporate Wi-Fi, VPN and 802.1X networks, and it reports device and compliance status back to your organization’s Avyndo instance.
The Avyndo Agent does not collect personal content such as your photos, messages or files. It exchanges only the technical information required to manage the device and issue certificates. This data is processed on behalf of, and under the instructions of, the organization that manages the device.
5. How we use your data and our legal bases
We use personal data to:
- provide, operate and maintain our services (legal basis: performance of a contract);
- manage logistics, fleets, routes and live tracking, and enable safety features such as SOS (contract; your consent for background location; and our legitimate interest in safety);
- manage and secure enrolled devices and deliver certificates (contract; and the legitimate interest of the managing organization);
- communicate with you — service messages, support and notifications (contract and legitimate interest);
- process payments and manage subscriptions (contract and legal obligation);
- improve, develop and secure our services and prevent fraud and abuse (legitimate interest);
- comply with legal obligations and respond to lawful requests (legal obligation).
6. How we share your data
We do not sell your personal data. We share it only as needed to run our services:
- Service providers and sub-processors that support us, such as cloud hosting, push-notification and messaging (SMS/email) providers, payment processing, analytics, and Google’s Android Management API used to manage Android devices.
- Your organization or employer, for accounts, fleets and devices they manage.
- Authorities or third parties where required by law, to protect our rights, or to prevent harm.
- A successor entity in the event of a merger, acquisition or reorganization, subject to this Policy.
7. Data retention and international transfers
We keep personal data only for as long as necessary for the purposes described above or as required by law. Location and telemetry data are pruned on a regular retention schedule, and account data is kept until the account is deleted or upon request.
We primarily process data within the European Union. Where data is transferred outside the European Economic Area, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses.
8. Security
We implement appropriate technical and organizational measures to protect personal data, including encryption in transit and at rest, access controls, and regular review of our systems. No method of transmission or storage is completely secure, but we work to protect your data against unauthorized access, loss or misuse.
9. Your rights under the GDPR
Subject to applicable law, you have the right to access your personal data; to have it corrected or deleted; to restrict or object to its processing; to data portability; and to withdraw consent at any time where processing is based on consent. To exercise these rights, contact [email protected]. If your data is managed by your organization, please also contact that organization. You have the right to lodge a complaint with a supervisory authority, in Estonia the Data Protection Inspectorate (Andmekaitse Inspektsioon).
10. Children, cookies, changes and contact
Our services are intended for businesses and are not directed to children under 16, and we do not knowingly collect their personal data.
Our websites use essential cookies and, with your consent where required, analytics cookies; you can manage cookies through your browser settings.
We may update this Privacy Policy from time to time; the “Last updated” date above shows the latest revision, and material changes will be notified where appropriate.
Data controller: Fastlane Grupp OÜ, Estonia, European Union. Privacy contact: [email protected]. Where a translated version of this Policy differs from the English version, the English version prevails.
