Our Commitment to Protecting Customer Privacy

At Samsara, all of our products are built from the ground up with privacy in mind. We firmly believe that your data belongs to you and that protecting it is one of our most important responsibilities.

To that end, we hold data security and privacy to the highest standards and invest continuously in our infrastructure and processes to provide you with the most secure solutions in the industry. We’re committed to being transparent about our security practices and helping you understand our approach.

Our Global Approach to Privacy

Whether you operate in the United States or Europe, Samsara has you covered. We support compliance with GDPR and CCPA requirements, among others.

• European Union: Samsara supports compliance with the GDPR. The EU General Data Protection Regulation (GDPR), effective 25 May 2018, is a regulation that strengthens data protection for all individuals in the European Union (EU). The GDPR places requirements on the way organisations and companies must collect, store, and process personal data. It also addresses the movement of such personal data outside the EU, and stipulates the controls and safeguards which must be in place to do so.

  As a complete telematics solution, Samsara products must sometimes collect, store, and use an array of personal data, including video footage. When designing and improving our products and features, Samsara has carefully considered data protection in order to help ensure personal data is processed in accordance with its legal requirements. Data is therefore processed in a transparent way and is retained only as is necessary, with appropriate safeguards in place to secure and protect it.

  Under the GDPR, Samsara will serve as the data processor in our customer relationships in order to process personal data provided by the customer. Under our agreements, customers will always have the power and control over their data. Within our products, Samsara also provides certain functionality to help customers with their compliance with applicable legal requirements.

  Samsara has always believed in the importance of securely and thoughtfully handling customer data and will continue to protect customer data in accordance with all applicable legal requirements, including the GDPR.

  For more information about how Samsara supports compliance with the GDPR in your region, please contact your representative for access to our privacy white papers for the United Kingdom and Ireland, Netherlands, Germany, France and Spain. If you do not have a representative, please contact sales@samsara.com or reach out through our website.

  California: Samsara supports compliance with the CCPA. The California Consumer Privacy Act of 2018 (CCPA) was enacted into law on June 28, 2018, and many of its provisions went into effect on January 1, 2020. The CCPA grants California residents certain rights with respect to their ability to know and access the personal information that businesses collect about them. Those rights include the right to say no to the sale of their personal information. However, please note that Samsara does not sell personal information. Our Privacy Policy [https://www.samsara.com/support/privacy] describes how Samsara may collect and use personal data consistent with other CCPA-related rights when we act as a “business” (as defined under the CCPA).

  When we process personal information provided by our customers, Samsara acts as a “service provider” (as defined under the CCPA). In that capacity, we only process and transfer the personal information of our customers and our customers’ end-users for the purpose of performing our rights and obligations under our existing contract(s) with our customers and for no other commercial purpose.

  More

How We Protect Privacy

Product

Samsara’s products are designed to help customers balance their business needs against privacy needs. Our hardware and software products include customizable control measures, features and tools to protect customer data.

• Samsara’s commitment to privacy is reflected in our products’ features and your ability to customize many of our products to fit your specific needs and country-specific regulations. For example, Samsara dashcams enable strong privacy controls for customers to utilize, including:

  Limited data captured and uploaded: Only ‘harsh event’ video (10 seconds before/after) and video specifically requested by a customer is stored on the cloud / available in the dashboard;

  Limited data retention: only 40 to 60 hours of recorded footage is available on any dashcam by default, with customizable data-retention features for footage sent to the cloud;

  Restricted data access: Customers can set permissions so videos may be viewed only on a need-to-know basis (for example, a customer may restrict viewing permissions to safety managers);

  Strong security: Samsara uses industry standard standards and protocols to protect data in transit (including TLS 1.2 and 256 AES encryption) and at rest (including FIPS 140-2 compliant encryption standards);

  Physical lens caps: to cover either inward-facing lens only or inward- and outward-facing lenses.

  EU data center: EU-customers’ data is stored in Ireland using Amazon AWS, which is rated as the leader in cloud security by research firm Forrester.

  We have materials to help support customers in their use of our products in order to stay compliant with local laws. Please reach out to your representative for more information and we would be happy to provide them to you. If you are not in contact with a representative, please fill out a form or contact sales@samsara.com and we will connect you with the right person.

  More

Policies and Safeguards

Samsara is committed to transparency around how we hold and use personal data. Company-wide policies, contractual terms and other safeguards emphasize our responsibility to protect customer data and to stay compliant with the law.

• Privacy Policy: Samsara may collect personal data in support of its business. For more information about how Samsara may collect and use such personal data, please see our Privacy Policy.

  DPA: Under the GDPR, Samsara will serve as the data processor for our customers, who in turn act as the data controller.

  To learn more about how Samsara processes customer data as part of this controller-to-processor relationship and our customer contracts, please see our DPA here.

  Data Transfers: To comply with EU data protection legislation on international data transfer mechanisms, we self-certify under the EU-US Privacy Shield and the Swiss-US Privacy Shield as set by the U.S. Department of Commerce. These frameworks were developed to establish a way for companies to comply with data protection requirements when transferring personal data from the European Union, UK, and Switzerland to the United States. To the extent these frameworks are deemed invalid or no longer apply to Samsara, we agree to abide by and process your data in accordance with the European Commission approved Standard Contractual Clauses we include within our Data Protection Addendum to provide adequate protection for such personal data transfers.

  To learn more, please see our Privacy Policy.

  DPIA: The GDPR requires organisations to undertake a data protection impact assessment (DPIA) where using new technologies is likely to result in a high risk to individuals. Samsara can provide supporting materials to help demonstrate your compliance with carrying out such DPIAs where you believe they are required before using our products.

  Marketing Communications: Samsara collects personal data for marketing purposes only pursuant to GDPR and other applicable local laws. Marketing communications are easily opted out of at any time via this page or through the unsubscribe feature on our emails.

  More

Security

Protecting our customers’ privacy and respecting confidential information is fundamental to our core values. Samsara products are built from the ground up with security and privacy in mind. As part of our commitment to privacy and security, we’ve adopted the highest standards and also conduct regular audits pursuant to the Service Organization Controls (SOC 2) reporting process to ensure our customers’ data is safe and available.

• Security Practices: Samsara implements the highest industry standards for encryption, storage, privacy, network and endpoint security.

  Audits: Samsara regularly conducts security audits to ensure our systems are properly safeguarded. For example, our SOC 2 reports include descriptions of our software infrastructure and the processes we have in place to keep our customers’ data safe and available. We also engage independent entities to conduct application-, infrastructure-, and hardware-level penetration tests at least annually.

  Incident Response: We have implemented a data breach and incident response plan. In case of an incident involving your customer data, we will inform you per the terms of your agreement with us.

  Learn More: To learn more about Samsara's commitment to upholding the highest security standards, please visit our security page.

  More