Privacy Policy

Powered by Damoov Pte.Ltd (former name Data Motion Pte.Ltd)
and its parents, subsidiaries, and affiliates

Effective Date: March 2025 

This Privacy Policy (“Policy”) describes how Damoov Pte. Ltd. (“Damoov”, “we”, “us”, or “our”) collects, processes, stores, discloses, and protects Personal Data in connection with our telematics software development kit (“SDK”), DataHub platform, APIs, analytics services, and related products (“Services”).

  • Damoov Pte. Ltd. is incorporated in Singapore and operates globally. 
  • Registered Entity: Damoov Pte. Ltd. 
  • Registered Jurisdiction: Singapore 
  • Corporate Address: 68 Circular Road, #02-01, Singapore, 049422
  • Contact Email: [email protected] 

1. DEFINITIONS

1.1 “Personal Data” means any information relating to an identified or identifiable natural person as defined under applicable data protection laws. 

1.2 “Institution” or “Client” refers to an organization (e.g., university, business) that engages Damoov and determines the purposes and means of processing Personal Data. Damoov acts as the Data Processor for such Clients. 

1.3 “End User” means an individual who uses a mobile application or platform integrating Damoov’s SDK or telematics services. 

1.4 “DeviceToken” refers to a pseudonymised identifier generated by the SDK used to process telematics data without direct personal identifiers.

2. SCOPE OF THIS POLICY

2.1 This Policy applies to all processing of Personal Data performed by Damoov in relation to: 

  • Telematics data transmitted via SDK,
  • Institutional integrations,
  • DataHub administrative platform,
  • Cloud and on‑premise data processing pipelines.

2.2 For Client deployments, the Institution acts as the Data Controller and Damoov acts as the Data Processor. 

2.3 For direct consumers, Damoov acts as Data Controller.

3. PERSONAL DATA WE PROCESS

3.1 Identifiers 

Damoov processes only minimal identifiers necessary for telematics analytics, including: 

  • DeviceToken (UUID) generated by Damoov User Service;
  • TrackToken (UUID) generated by SDK;
  • Institution‑provided user identifiers (e.g., email or driver ID), if applicable;
  • No PHI, academic records, financial information, or sensitive demographic data are collected.

 

3.2 Telematics and Mobility Data 

  • GPS coordinates
  • Accelerometer and gyroscope data
  • Time stamps, motion signals, trip start/stop data
  • Driving behavior events
  • Aggregated mobility analytics

All telematics processing uses pseudonymised identifiers (DeviceToken) and does not include personal identity attributes.

4. PURPOSES OF PROCESSING

4.1 Damoov processes Personal Data strictly for: 

  • Trip detection, segmentation, and reconstruction;
  • Driver/passenger classification;
  • Safety scoring and behavior analytics;
  • Generating institutional or operational reports;
  • Improving service performance using pseudonymised data only;
  • Maintaining system security and integrity.

4.2 Prohibited Uses 

WE DO NOT:

  • Sell, license, or commercialize Personal Data;
  • Share data with advertisers or data brokers;
  • Use Personal Data for profiling or automated decision‑making unrelated to telematics analytics;
  • Transfer Personal Data to external AI or LLM services.

5. LEGAL BASIS FOR PROCESSING

5.1 When acting as Data Processor, Damoov processes Personal Data solely under the documented instructions of the Institution.

5.2 For direct End Users, processing is carried out under:

  • Contract performance,
  • Legitimate interests in providing secure telematics services,
  • Consent when required by applicable law.

6. PSEUDONYMISATION AND DATA MINIMISATION

6.1 Damoov employs strong pseudonymisation measures, including: 

  • DeviceToken as the primary processing key,
  • Separation of identity data from telematics data,
  • No re-identification without Client instruction.

6.2 Personal identity information is never stored within the telematics analytics pipeline.

7. CROSS‑BORDER DATA TRANSFERS

7.1 Personal Data may be stored or processed in Singapore, the EU (Germany), or the United States. 

7.2 All cross‑border transfers comply with: 

  • GDPR Standard Contractual Clauses (SCCs),
  • PDPA requirements,
  • Encryption in transit and at rest.

8. DATA SHARING AND SUBPROCESSORS

8.1 Damoov may disclose Personal Data only to authorized subprocessors that provide strictly limited services such as:

  • Hosting and compute infrastructure,
  • Firewall, DDoS, and network protection services,
  • System performance monitoring and uptime management (without access to user data).

System monitoring providers receive only operational metrics and do not receive any Personal Data, as logs are stripped of identifiers and include only internal technical references.

8.2 Subprocessors do not access raw telematics data or identifiable user information.

All telematics data processed internally is pseudonymised using DeviceToken (UUID), and no identity data is included in analytics pipelines.

8.3 For map-enrichment purposes, Damoov may transmit anonymised telematics elements, such as GPS waypoints or road geometry inputs, to third-party location services (e.g., HERE Maps, Google Maps).

These data points:

  • contain no identifiers,
  • cannot be linked back to any individual,
  • are used solely to obtain contextual data such as speed limits or road attributes.

8.4 Damoov does not disclose Personal Data to any third party, including these enrichment providers, unless required by law or expressly instructed by the Client.

9. DATA RETENTION AND DELETION

9.1 Personal Data is retained only as necessary to deliver Services or as instructed by the Institution. 

9.2 Backups are maintained for a maximum of seven (7) days. 

9.3 Upon Client request or contract termination, Damoov will: 

  • Export Personal Data to the Client,
  • Delete Personal Data,
  • Provide a deletion certificate.

10. DATA SUBJECT RIGHTS

10.1 Damoov supports all rights under GDPR, PDPA, and CCPA, including: 

  • Right of access,
  • Right to rectification,
  • Right to deletion,
  • Right to portability,
  • Right to restrict or stop processing.

10.2 For institutional deployments, all rights requests must be submitted through the Institution.

11. SECURITY MEASURES

Damoov employs administrative, physical, and technical safeguards including: 

  • TLS 1.2/1.3 encryption in transit,
  • AES‑256 encryption at rest,
  • OPNsense firewall and VPN network segmentation,
  • Cloudflare WAF and DDoS mitigation,
  • Role‑based access controls,
  • Audit logging and monitoring,
  • Zero direct access to raw telematics data for developers or contractors unless explicitly authorized.

12. AI AND MACHINE LEARNING

12.1 Damoov uses machine learning solely for telematics analytics, including: 

  • Motion pattern detection,
  • Driver/passenger classification,
  • Trip integrity validation.

12.2 ML models use only pseudonymised data. 

12.3 No institutional data is used for external model training. 

12.4 Institutions may opt out of ML-based analytics.

13. LAW ENFORCEMENT AND LEGAL REQUESTS

 We do not release Personal Data to law enforcement without a valid warrant, court order, or legal obligation.

14. CHILDREN’S DATA

14.1 Damoov does not intentionally process Personal Data relating to children below the applicable age of digital consent under relevant laws (including COPPA, GDPR-K, and similar regulations).

14.2 Damoov does not collect identity information, age, or any attributes that would allow the Company to determine whether a data subject is a child.

The Damoov SDK is implemented within third-party applications, and the Company processes only pseudonymised telematics data (e.g., DeviceToken, sensor readings) that cannot be used to identify an individual or determine age.

14.3 Responsibility for verifying user age and obtaining all necessary parental or guardian consents rests exclusively with the Client or third-party application provider acting as the Data Controller.

14.4 By using Damoov Services, the Client confirms that all required consents have been obtained and that no Personal Data of children is submitted to Damoov without such consents.

15. CHANGES TO THIS POLICY

We may update this Policy periodically. Material changes will be communicated to affected Clients.

CONTACT INFORMATION

For privacy inquiries, contact

Damoov Pte. Ltd.

Email: [email protected] 

Corporate Address: 68 Circular Road, #02-01, Singapore, 049422