Home Privacy Policy

Privacy Policy

Last updated: March 24, 2026

Last updated: March 24, 2026

Office Hero (“we,” “our,” or “us”) is committed to protecting the privacy of our users. This Privacy Policy describes how we collect, use, store, and share your personal data when you use our ERP management platform, website (officehero.io), and mobile applications.

1. Information We Collect

1.1 Account Information

When you create an account, we collect your name, email address, phone number, company name, and job title. This information is necessary to provide you with access to our platform.

1.2 Vehicle & Fleet Data

Our Fleet Manager module processes GPS coordinates, vehicle telemetry data (speed, fuel level, battery voltage, mileage), vehicle specifications, maintenance records, fuel records, and driver assignments. This data is stored within your company’s isolated tenant schema.

1.3 GPS & Location Data

Our GPS tracking service collects real-time location data from GPS devices installed in your fleet vehicles. This includes coordinates, heading, speed, altitude, and satellite information. Location data is processed for the sole purpose of fleet tracking and is stored in your company’s private database schema.

1.4 Usage Data

We automatically collect technical data such as IP addresses, browser type, operating system, page views, and feature usage patterns to improve our services.

1.5 Cookies

We use essential cookies for authentication (JWT tokens, CSRF tokens) and session management. We do not use third-party advertising cookies.

2. How We Use Your Information

  • Provide, maintain, and improve our ERP platform services
  • Process GPS telemetry data for real-time fleet tracking
  • Generate reports and analytics for your fleet operations
  • Send notifications, alerts, and reminders about your fleet
  • Provide customer support and respond to inquiries
  • Ensure platform security and prevent unauthorized access
  • Comply with legal obligations

3. Multi-Tenant Data Isolation

Office Hero uses PostgreSQL schema-based multi-tenant isolation. Each company’s data is stored in a separate database schema, ensuring complete data segregation between tenants. No company can access another company’s data. Shared resources (user accounts, device registrations) are stored in a separate public schema with strict access controls.

4. Data Sharing

We do not sell, rent, or trade your personal data. We may share data only in the following circumstances:

  • Service Providers: Hosting providers, email services, and infrastructure partners necessary to operate the platform
  • Legal Requirements: When required by law, court order, or governmental authority
  • Business Transfers: In the event of a merger, acquisition, or sale of assets
  • With Your Consent: When you explicitly authorize data sharing

5. Data Security

We implement industry-standard security measures including:

  • JWT-based authentication with CSRF protection
  • Two-factor authentication (2FA) support
  • Role-based access control (RBAC) with granular permissions
  • Encrypted data transmission (HTTPS/TLS)
  • Database-level tenant isolation
  • Regular security audits and vulnerability scanning

6. Data Retention

We retain your data for as long as your account is active or as needed to provide services. GPS telemetry data is retained according to your company’s configured retention policy. You may request data deletion at any time by contacting us.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Request deletion of your data
  • Export your data in a portable format
  • Object to or restrict processing
  • Withdraw consent at any time

8. International Data Transfers

Our servers are located in Europe. If you access our services from outside the European Economic Area, your data may be transferred to and processed in our server locations. We ensure appropriate safeguards are in place for international data transfers.

9. Children’s Privacy

Our services are not intended for individuals under the age of 18. We do not knowingly collect personal data from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and updating the “Last updated” date.

11. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at:

Email: [email protected]
Website: officehero.io/contact