Samsara Products

---

Samsara’s commitment to privacy is reflected in our product features and in our customers’ ability to customize many of our solutions to fit their specific needs and any country-specific regulations. We develop all of our products with the following foundational privacy controls:

Restricted Data Access

Customizable data access controls make it easy to limit access to your organization’s data. For example, with these controls, your organization can specify that only properly trained or approved employees are granted access to restricted data. Moreover, you can configure these controls to align with company policies and any localized requirements.

Strong Security

All data that is captured, stored, or processed by Samsara’s products is encrypted when in transit to (including TLS 1.2 and 256 AES encryption) or at rest in (including FIPS 140-2 compliant encryption standards) the Samsara cloud production environment. Additional security measures include hardened cloud-hosted infrastructure, over-the-air updates, and physical device protections, among others.

Secure Data Storage

All of our customers’ data is primarily stored using Amazon AWS, which is rated as the leader in cloud security by research firm Forrester. Our EU- and UK- customers’ data is stored in Ireland, and our US-, Mexico-, and Canada customers’ data is stored in the US in Oregon.

We have materials to help support our customers in their use of our products in compliance with local laws. Please reach out to your representative for more information and we would be happy to provide them to you. If you are not in contact with a representative, please fill out a form or contact sales@samsara.com and we will connect you with the right person.

Samsara’s Privacy and Ethics Board

---

Samsara’s Privacy and Ethics Board is a cross-functional group of Samsara stakeholders that meets regularly to discuss potential privacy and ethical issues as they relate to our products and our industry. This board helps make sure that key stakeholders across our company are thinking critically and communicating often about how the technology we design and develop affects our environment and society. The Privacy and Ethics Board is one of the means by which Samsara makes sure privacy considerations remain an important part of our decision-making technical and organizational processes.

If you are a Samsara customer, contact your account representative for more information about the Privacy and Ethics Board and its ongoing work. If you are not already in contact with a representative, please fill out this form or contact sales@samsara.com to learn more.

Samsara’s DPA, and Additional Safeguards

---

Samsara is committed to being transparent about how we maintain and use personal data. Company-wide policies, contractual terms and other safeguards reinforce Samsara’s responsibility to protect your data to stay compliant with the law.

Samsara’s Data Protection Addendum (DPA)

Under the EU and UK GDPR, as well as under the FADP, Samsara will serve as the “data processor” for our customers, who in turn, act as the “data controller.” To learn more about how Samsara processes customer personal data as part of this controller-to-processor relationship and our customer contracts, please see our DPA here.

Data Transfers

To comply with EU, Swiss, and UK data protection legislation on international data transfer mechanisms as part of our controller-to-processor relationship and our customer contracts, Samsara agrees to abide by and process customer personal data in accordance with the European Commission approved Standard Contractual Clauses (SCCs). Such SCCs are included within our data protection addendum to provide adequate protection for such personal data transfers. To learn more, please see our DPA here.

Samsara’s Data Protection Impact Assessment (DPIA)

The EU and UK GDPR, as well as the FADP, requires organizations to undertake a data protection impact assessment (DPIA) (or equivalent ‘balancing exercise’) where using new technologies is likely to result in a high risk to individuals. Samsara can provide supporting materials and templates to assist you in your assessment of such risks, helping you demonstrate your compliance with applicable laws and regulations.

Security

---

Protecting our customers’ privacy and respecting confidential information is fundamental to our core values. Samsara products are built from the ground up with security and privacy in mind. As part of our commitment to privacy and security, we’ve adopted the highest standards and also conduct regular audits pursuant to the Service Organization Controls (SOC 2) reporting process to ensure our customers’ data is safe and available.

Security Practices

Samsara implements the highest industry standards for encryption, storage, privacy, network, and endpoint security.

Audits

Samsara regularly conducts security audits to ensure our systems are properly safeguarded. For example, our SOC 2 reports include descriptions of our software infrastructure and the processes we have in place to keep our customers’ data safe and available. We also engage independent entities to conduct application-, infrastructure-, and hardware-level penetration tests at least annually.

Incident Response

Incident Response: Samsara has a data breach and incident response plan in place. In case of an incident involving your customer data, we will inform you in accordance with the terms of your Samsara customer contract.

Learn More: To learn more about Samsara’s commitment to upholding the highest security standards, please visit our security page.

Samsara and the General Data Protection Regulation

---

At Samsara, we understand that many of our customers need to be able to move their data seamlessly and safely between countries to serve their workforces and manage their operations. Whether you are in the US, the UK, the EU, or elsewhere, Samsara has you covered.

Samsara can help you meet your compliance requirements with the European Union General Data Protection Regulation (“EU GDPR”). Please note that the content on this page is not legal advice and is only provided for informational purposes. For legal advice, please consult your organization’s legal team or an outside attorney.

What is the EU GDPR?

The EU GDPR, effective 25 May 2018, is a landmark privacy law that strengthens data protection for all individuals in the EU. The EU GDPR was put into place to strengthen legal protections relating to individuals’ personal data, particularly in the face of rapidly evolving technologies that have transformed—and continue to transform—the scale on which personal data is accessed and transferred. This regulation also created a comprehensive approach to personal data protection across EU member countries, overhauling the legacy patchwork of data protection laws and regulations that was previously in place.

At its core, the EU GDPR limits and regulates how organizations and companies collect, store, and process personal data. It also impacts how personal data moves outside of the EU, and stipulates certain controls and safeguards accordingly. The EU GDPR defines “personal data” broadly to cover any information relating to an identified or identifiable individual (e.g., name, address, telephone number, email address, location data, etc.). It applies to any organization that processes the personal data of EU citizens or residents, regardless of whether the organization is located in the EU.

Despite Brexit, the EU GDPR as implemented into the law of England and Wales still functions much the same as the EU GDPR itself, and Switzerland has adopted similar principles into its Federal Act on Data Protection (“FADP”).

Samsara’s Commitment to EU/UK GDPR Compliance

For the purposes of the EU/UK GDPR, Samsara serves as the “data processor” in our customer relationships to process any personal data provided by you, the customer as the “data controller.” Under our customer contracts, customers always retain power and control over their data.

Samsara’s products must sometimes collect, store, and use an array of personal data, including video footage. When designing and improving our products and features, Samsara has carefully considered data protection to help ensure personal data is processed in accordance with legal requirements. Data is processed in a transparent way and is retained only as is necessary, with appropriate safeguards in place to secure and protect it, in accordance with our customer contracts. Samsara’s solutions also offer certain customizable features that give customers the flexibility to decide how best to comply with applicable legal requirements.

Additionally, following the Court of Justice for the European Union’s Schrems II ruling in July 2020, Samsara provides additional safeguards to support transfers of personal data. Samsara can provide supporting materials to help your assessment of such transfer risks and the additional safeguards implemented to help support and demonstrate your compliance with such ruling.

Samsara is committed to securely and thoughtfully handling customer data and will continue to protect customer data in accordance with all applicable legal requirements, including the EU/UK GDPR.

For more information about how Samsara supports compliance with applicable legal requirements in your region, please contact your Samsara representative, who can give you access to our privacy white papers for the United Kingdom and Ireland, Germany, and France. If you do not have a representative, please contact sales@samsara.com or reach out through our website.

Samsara and the California Consumer Privacy Act (CCPA)

---

Samsara can help you meet your requirements for compliance with the CCPA. Please note that the content on this page is not legal advice and is only provided for informational purposes. For legal advice, please consult your organization’s legal team or an outside attorney.

What is the CCPA?

On January 1, 2020, the CCPA took effect in California, requiring that companies take certain steps to protect the personal information of California residents. Specifically, the CCPA focuses on data security obligations, rights for individual consumers, and transparency requirements regarding how businesses collect, store, use or transfer consumers’ personal information.

A cornerstone of this legislation is the set of rights it grants California residents concerning their ability to know about and to access the personal information that businesses collect about them. The CCPA also gives California consumers the right to opt-out of the sale of their personal information.

Samsara’s Commitment to CCPA Compliance

When we process personal information provided by our customers, Samsara acts as a “service provider” (as defined under the CCPA). In that capacity, we only process and transfer the personal information of our customers and our customers’ end-users for the purpose of performing our rights and obligations under our existing contract(s) with our customers and for no other commercial purpose. This is clearly specified in our agreements with our customers.