Gistawareness

Privacy Note

Privacy Policy & Data Handling

Last Updated: October 15, 2024

1. Introduction

At GIST Awareness, we understand that Fleet Safety Managers handle sensitive data. This includes Driver Qualification Files (DQF), medical certifications, and detailed telematics data regarding vehicle location and driver behavior. We are committed to protecting the privacy of both the Carrier (the subscriber) and the Commercial Driver (the end user).

2. Data Collection Specific to Fleets

Unlike standard web applications, our platform processes specialized data types. We collect and store:

  • Driver PII: Name, CDL Number (optional for tracking), and Employee ID.
  • Training Records: Quiz scores, time-on-task, and completion certificates. This data is retained for a minimum of 3 years to comply with typical DOT audit look-back periods.
  • Safety Manager Notes: Any subjective notes added to a driver’s file during a Remedial Intervention session.
Important Note on Medical Data:

GIST Awareness is NOT a medical record repository. While you may track the *expiration date* of a DOT Physical, you should never upload the actual Long Form physical results or detailed medical history to our general servers, as this may implicate HIPAA compliance requirements that exceed standard training platform security.

3. Telematics Integration

If you utilize our API to connect with ELD providers (e.g., Samsara, Geotab), we receive data regarding “Safety Events” (hard braking, speeding, cornering).

Data Minimization: We only pull the *metadata* of the event to trigger training recommendations. We do not store continuous GPS breadcrumbs or route history. This ensures that driver location privacy is maintained when they are not generating safety alerts.

4. Data Sharing & Third Parties

We do not sell driver data to insurance companies, recruiters, or data brokers.

Employer Access: The Carrier (employer) has full administrative access to all data generated by their drivers. Drivers should be aware that their quiz scores and training completion times are visible to their management team and may be used for employment evaluations.

5. Data Retention & Deletion

Active Accounts: We retain training records for the life of the subscription.
Termination: Upon contract termination, a Carrier may request a “Compliance Export” (CSV format) of all training logs. After 90 days post-termination, all data is permanently purged from our active databases.

6. Security Measures

We employ AES-256 encryption for data at rest and TLS 1.3 for data in transit. Access to the “Trainer Dashboard” requires Multi-Factor Authentication (MFA) to prevent unauthorized access to the fleet roster.

If you have questions regarding this policy or need to execute a Data Subject Access Request (DSAR), please contact our Data Protection Officer at [email protected].