Our Commitment to Protecting Customer Privacy
At Samsara, all of our products are built from the ground up with privacy in mind. We firmly believe that your data belongs to you and that protecting it is one of our most important responsibilities.
To that end, we hold data security and privacy to the highest standards and invest continuously in our infrastructure and processes to provide you with the most secure solutions in the industry. We’re committed to being transparent about our security practices and helping you understand our approach.
Our Global Approach to Privacy
Whether you operate in the United States or Europe, Samsara has you covered. We support compliance with GDPR and CCPA requirements, among others.
European Union: Samsara supports compliance with the GDPR. The EU General Data Protection Regulation ("EU GDPR"), effective 25 May 2018, is a regulation that strengthens data protection for all individuals in the European Union (EU). The EU GDPR places requirements on the way organizations and companies must collect, store, and process personal data. It also addresses the movement of such personal data outside the EU, and stipulates the controls and safeguards which must be in place to do so. The EU GDPR continues to be retained within UK domestic law now the Brexit transition period has officially ended and is now known as the "UK GDPR". Very similar principles have been adopted under the Swiss Federal Act on Data Protection (“FADP”).
As a complete telematics solution, Samsara products must sometimes collect, store, and use an array of personal data, including video footage. When designing and improving our products and features, Samsara has carefully considered data protection in order to help ensure personal data is processed in accordance with its legal requirements. Data is therefore processed in a transparent way and is retained only as is necessary, with appropriate safeguards in place to secure and protect it.
Under the GDPR, Samsara will serve as the data processor in our customer relationships in order to process personal data provided by the customer. Under our agreements, customers will always have the power and control over their data. Within our products, Samsara also provides certain functionality to help customers with their compliance with applicable legal requirements.
Samsara has always believed in the importance of securely and thoughtfully handling customer data and will continue to protect customer data in accordance with all applicable legal requirements, including the GDPR.
For more information about how Samsara supports compliance with applicable legal requirements in your region, please contact your representative for access to our privacy white papers for the United Kingdom and Ireland, Netherlands, Germany, France and Spain. If you do not have a representative, please contact firstname.lastname@example.org or reach out through our website.
When we process personal information provided by our customers, Samsara acts as a “service provider” (as defined under the CCPA). In that capacity, we only process and transfer the personal information of our customers and our customers’ end-users for the purpose of performing our rights and obligations under our existing contract(s) with our customers and for no other commercial purpose.
How We Protect Privacy
Samsara’s products are designed to help customers balance their business needs against privacy needs. Our hardware and software products include customizable control measures, features and tools to protect customer data.
Samsara’s commitment to privacy is reflected in our products’ features and your ability to customize many of our products to fit your specific needs and country-specific regulations. For example, Samsara dashcams enable strong privacy controls for customers to utilize, including:
Limited data captured and uploaded: Only video relating to safety events and video specifically requested by a customer is stored on the cloud / available in the dashboard;
Limited data retention: only 40 to 60 hours of recorded footage is available on any dashcam by default, with customizable data-retention features for footage sent to the cloud;
Restricted data access: Customers can set permissions so videos may be viewed only on a need-to-know basis (for example, a customer may restrict viewing permissions to safety managers);
Strong security: Samsara uses industry standard protocols to protect data in transit (including TLS 1.2 and 256 AES encryption) and at rest (including FIPS 140-2 compliant encryption standards);
Physical lens caps: to cover either inward-facing lens only or inward- and outward-facing lenses.
EU data center: EU-customers’ data is stored in Ireland using Amazon AWS, which is rated as the leader in cloud security by research firm Forrester.
We have materials to help support customers in their use of our products in order to stay compliant with local laws. Please reach out to your representative for more information and we would be happy to provide them to you. If you are not in contact with a representative, please fill out a form or contact email@example.com and we will connect you with the right person.
Policies and Safeguards
Samsara is committed to transparency around how we hold and use personal data. Company-wide policies, contractual terms and other safeguards emphasize our responsibility to protect customer data and to stay compliant with the law.
DPA: Under the EU and UK GDPR, as well as under the FADP, Samsara will serve as the data processor for our customers, who in turn act as the data controller.
To learn more about how Samsara processes customer data as part of this controller-to-processor relationship and our customer contracts, please see our DPA here.
Data Transfers: To comply with EU, Swiss and UK data protection legislation on international data transfer mechanisms, we self-certify under the EU-US Privacy Shield and the Swiss-US Privacy Shield as set by the U.S. Department of Commerce. These frameworks were developed to establish a way for companies to comply with data protection requirements when transferring personal data from the European Union, UK and/or Switzerland to the United States. To the extent these frameworks are deemed invalid or no longer apply to Samsara, we agree to abide by and process your data in accordance with the European Commission approved Standard Contractual Clauses which we include within our data protection addendum to provide adequate protection for such personal data transfers.
DPIA: The EU and UK GDPR, as well as the FADP require organisations to undertake a data protection impact assessment (DPIA) (or equivalent balancing exercise) where using new technologies is likely to result in a high risk to individuals. Samsara can provide supporting materials to help your assessment of such risks and help you demonstrate your compliance with carrying out such DPIAs where you believe they are required.
Marketing Communications: Samsara collects personal data for marketing purposes only pursuant to GDPR and other applicable local laws. Marketing communications are easily opted out of at any time via this page or through the unsubscribe feature on our emails.
Protecting our customers’ privacy and respecting confidential information is fundamental to our core values. Samsara products are built from the ground up with security and privacy in mind. As part of our commitment to privacy and security, we’ve adopted the highest standards and also conduct regular audits pursuant to the Service Organization Controls (SOC 2) reporting process to ensure our customers’ data is safe and available.
Security Practices: Samsara implements the highest industry standards for encryption, storage, privacy, network and endpoint security.
Audits: Samsara regularly conducts security audits to ensure our systems are properly safeguarded. For example, our SOC 2 reports include descriptions of our software infrastructure and the processes we have in place to keep our customers’ data safe and available. We also engage independent entities to conduct application-, infrastructure-, and hardware-level penetration tests at least annually.
Incident Response: We have implemented a data breach and incident response plan. In case of an incident involving your customer data, we will inform you per the terms of your agreement with us.
Learn More: To learn more about Samsara's commitment to upholding the highest security standards, please visit our security page.
Privacy and Ethics Board
At Samsara, we have an ethical obligation to critically and continuously consider how the technology we design and develop affects our environment and society, and the people our products may impact. Samsara set up a “Privacy and Ethics Board” to help with this effort. It is a cross-functional group of Samsara stakeholders who regularly meet to discuss potential privacy and ethical issues in relation to our products. Should you want any more information, please reach out to your representative. If you are not already in contact with a representative, please fill out this form or contact firstname.lastname@example.org.