We recognize the importance of protecting personally identifiable information (“Personal Information” or “PII”) collected about you and other visitors (collectively, “Users”) to our website and mobile application (the “Services”) while delivering the mileage logging you enjoy. MileIQ recognizes that using our service is a choice you make, and you can change your mind at any time. If you need assistance with canceling your subscription or deleting your account, please reach out to MileIQ support.
This Policy is drafted to comply with the California Consumer Privacy Act (“CCPA”) (as amended by the California Privacy Rights Act (“CPRA”)). In addition, this Policy is applicable to data subjects within the European Economic Area and the United Kingdom (collectively, the “EEA”). Therefore, this Policy is drafted to comply with the EU General Data Protection Regulation (EU) 2016/679 and the U.K. GDPR (collectively, the “GDPR”). Users of the Service are under no statutory or contractual obligation, or other obligation to provide PII to us. For the purposes of compliance with the GDPR, we are the data controller of information we collect from data subjects through the Services. For the purposes of this Policy, “data subject” means an identified or identifiable natural person located in the EEA.
This Policy applies to the Service, which includes the MileIQ mobile application, the website located at www.mileiq.com, its subdomains, and all of the websites and internet properties owned or operated by us, regardless of the medium by which the Services are accessed by Users (e.g., via a web or mobile browser).
When you create an account, the onboarding screens provide guidance around collecting location data and optimizing your device for drive detection. The app runs in the background to detect drives based on the movement of your mobile device, so there is no need to press a start or stop button. You can customize the hours you work, location names and more, to make identifying and classifying drives easier. You can classify drives as business or personal (or delete them altogether) from the mobile app or the web dashboard. When you need to share drives, whether it's for taxes, employer reimbursement or other records, you can create a report and share it by email.
Automatic drive detection is dependent on factors you control (such as location services and battery usage) as well as factors outside of your control (such as no cellular reception). Best practices include enabling location services, avoiding force-quitting the app or pausing drive detection, staying up-to-date with the latest OS on your device, optimizing low battery settings and staying logged in to the app. You can learn more about drive detection best practices and how to avoid missed drives at the MileIQ Help Center.
MileIQ collects precise geolocation information to provide you with drive data whenever you are logged in to the app and have location services turned on and available. Additional telemetry around how you interact with the app (what buttons are/aren't pushed, etc.) is collected to provide troubleshooting and improve the user experience. If you do not want drive data collected, you can pause, log out of or delete the app. Logging out or deleting the app also stops additional telemetry from being collected. Under the CCPA, precise geolocation information is considered “Sensitive Personal Information.” As a result, California residents have a right to limit our use of such information.
While you must input an email address and password to create an account and use MileIQ, providing the following information is optional:
We may also collect deidentified information from you that may not by itself reasonably identify you as the source when you utilize the Services (“Deidentified Information”). Deidentified Information may include: (i) device type, (ii) device operating system, (iii) internet browser type, (iv) internet service provider, (v) referring/exit pages, (vi) date/time stamp, and (vii) clickstream information. We will take reasonable measures to ensure that Deidentified Information we collect is not personally identifiable and may not later be easily used to identify you as required by applicable law.
We do not offer our Services or promote the Services to, nor do we intentionally collect or retain PII from, children who are younger than 13 years of age. If we discover that we have inadvertently collected information from a child under 13 years of age, we will promptly take all reasonable measures to delete such information from our systems.
The information we collect depends on what Users do when they utilize the Services. We collect PII and Deidentified Information in various ways, including:
Directly from You: We collect PII when you voluntarily submit PII to us while completing forms on the Services and in connection with other activities, services, features, or resources we make available on the Services. The PII we collect depends on what you do when you utilize the Services or how you choose to communicate with us.
Through Your Use of the Services: We may collect PII and Deidentified Information that your browser transmits when you utilize the Services. We may also collect Deidentified Information about how you access and interact with the Services through the use of automated tracking technologies, such as session cookies, persistent cookies, and web beacons.
A cookie is a small data file that is transferred to an internet browser, which enables the Services to remember and customize your subsequent visits. We may use session cookies to make it easier for you to navigate the Services. In particular, we may use session cookies to record session information, such as which web pages you visited and to track your activity on the Services. Session cookies expire when you close your browser. We may also use persistent cookies to track and target your interests to enhance your experience on the Services. Persistent cookies remain on your device for an extended period of time.
Most internet browsers automatically accept cookies. However, you can instruct your internet browser to block cookies or to provide you with a warning prompt before you accept cookies from the Services. Please refer to your internet browser’s instructions to learn more about these functions. If you reject cookies, the functionality of the Services may be limited and you may not be able to participate in several of the Services’ features.
Additionally, we may use web beacons, which are single-pixel, electronic images embedded in the Services that allow us to gather information about your browsing activities on the Services.
From Third Party Services: We may collect PII about you from third parties whose privacy practices may differ from the practices described in this Policy. We do not make any representations or warranties concerning, and will not in any way be liable for, any informational content, products, services, software, or other materials available through third parties. Your use of third parties’ services and/or third party websites is governed by and subject to the terms and conditions of those third parties and/or third party websites. We encourage you to carefully review the privacy policies and statements of such third parties and/or third party websites.
Delivery of the Services: We may use your PII and/or Deidentified Information to deliver automatic mileage tracking services and prepare reports on your driving activity.
Direct Marketing: We may use your PII to send you promotional materials. You have the right to opt-out of receiving direct marketing.
Customer Service and User Communications: We may use your PII to help us respond to your inquiries, questions, requests, and support needs more efficiently.
User Experience Personalization: We may use Users’ PII and/or Deidentified Information in the aggregate to analyze Users’ browsing and usage activities and patterns in order to understand Users’ interests and preferences with respect to the Service and our services. This will help us optimize your experience on the Service.
Business Optimization: We may use your PII and/or Deidentified Information to improve the content on our web pages, to customize the content and layout of our web pages, and in managing our everyday business needs. We may also use your feedback to improve the Service and our other products and services. All of this is done with the intention of making the Service more useful for you.
Safety and Security: We may use your PII and/or Deidentified Information to promote the safety and security of the Service, our users, and other parties. For example, we may use the information to authenticate users, facilitate secure payments, protect against fraud and abuse, respond to a legal request or claim, conduct audits, and enforce our terms and policies.
Company will not collect additional categories of PII or use PII we collect for materially different, unrelated, or incompatible purposes without providing you notice.
We may disclose Users’ PII to third parties as described below. Otherwise, we do not sell, rent, lease, or “share” PII and will not disclose Users’ PII to third parties without your permission. The CCPA defines “sharing” as the disclosure of PII for cross-context behavioral advertising.
To Our Affiliates: We may disclose your PII to affiliates, including companies within the MileIQ network of connected applications.
Law Enforcement, Safety, and Legal Processes: We may disclose your PII to law enforcement or other government officials if it relates to a criminal investigation or alleged criminal activity. We may also disclose your PII: (i) if required or permitted to do so by law; (ii) for fraud protection and credit risk reduction purposes; (iii) in the good-faith belief that such action is necessary to protect our rights, interests, or property; (iv) in the good-faith belief that such action is necessary to protect your safety or the safety of others; or (v) to comply with a judicial proceeding, court order, subpoena, or other similar legal or administrative process.
Sale or Acquisition of Assets: If we become involved in a transaction involving the sale of our assets, such as a merger or acquisition, or if we are transferred to another company, we may disclose and/or transfer your PII as part of the transaction. If the surviving entity in that transaction is not us, the surviving company may use your PII pursuant to its own privacy policies, and those policies may be different from this Policy.
We have disclosed the following categories of PII to third parties for a lawful business purpose:
The security and confidentiality of your PII is very important to us. We use commercially reasonable security measures to protect your PII on the Service. However, no data transmitted over or accessible through the internet can be guaranteed to be 100% secure. As a result, while we attempt to protect your PII, we cannot guarantee or warrant that your PII will be completely secure (i) from misappropriation by hackers or from other nefarious or criminal activities, or (ii) in the event of a failure of computer hardware, software, or a telecommunications networks.
If you choose to report and share your drive data with a third party, it is no longer under our control or subject to our data security. This includes choosing to report via integrations on the web dashboard with Concur, sending a report via email or any time a report is downloaded.
If you are a data subject located in the EEA, the GDPR grants you certain data privacy rights. Your rights include the:
To exercise your rights, please use the Verifiable Consumer Request method described below. Please be aware that your rights are limited to the extent permitted by the GDPR.
California’s “Shine the Light” law permits users of the Services that are California residents to request certain information regarding our disclosure of PII to third parties for their direct marketing purposes. To make such a request, please contact us at the Contact Information provided below.
Under the CCPA, California residents have certain rights and privileges. These rights include the:
To exercise your rights, please use the Verifiable Consumer Request method described below. Please be aware that your rights (including those enumerated elsewhere in this Policy) are limited to the extent permitted by the CCPA.
If you are a California resident, you have the right to direct us to limit our use of your Sensitive Personal Information to that use which is necessary to perform the services. To exercise your right to limit our use of your Sensitive Personal Information, you may submit a request to us by clicking the “Limit the Use of My Sensitive Personal Information” link on our homepage or by visiting the following link: https://support.mileiq.com/hc/en-us/requests/new
You do not need to create an account with us to exercise this right. We will only use PII provided in a rights request to review and comply with your request.
If you are a California resident, you can exercise your legal rights by submitting a Verifiable Consumer Request to us by:
Only you, or someone legally authorized to act on your behalf, may make a Verifiable Consumer Request related to your PII. Making a Verifiable Consumer Request does not require you to create an account with us. California residents may only make a Verifiable Consumer Request for access to PII twice in a 12-month period.
The Verifiable Consumer Request must:
We cannot respond to your request or provide you with PII if we cannot verify your identity or authority to make the request and confirm the PII relates to you. We will only use PII provided in a Verifiable Consumer Request to verify the requestor’s identity or authority to make the request.
Response Timing and Format
We will acknowledge receipt of a Verifiable Consumer Request within ten (10) days. We endeavor to respond to Verifiable Consumer Requests within thirty (30) days (for data subjects located in the EEA) or forty-five (45) days (for California residents) of its receipt. If we require more time (up to ninety (90) days), we will inform you of the reason and extension period in writing. Any disclosures we provide will only cover the 12-month period preceding the Verifiable Consumer Request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable.
We do not charge a fee to process or respond to Verifiable Consumer Requests, unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
In the event that we process your PII pursuant to your consent, you have the right to withdraw your consent at any time, without affecting the lawfulness of the processing based on said consent before its withdrawal. If you would like to withdraw your consent, please contact us at the Contact Information provided below.
If you would like to file a complaint with us about our privacy practices, please contact us at the Contact Information provided below. If you are a data subject located in the EEA, the GDPR grants you the right to lodge a complaint with a competent supervisory authority as well. To find a competent supervisory authority, please use the following resource: https://edpb.europa.eu/about-edpb/board/members_en. UK data subjects can utilize the following resource: https://ico.org.uk/global/contact-us/.
Your information, including PII, may be transferred to and maintained on computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction.
If you are located outside the United States and choose to provide information to us, please note we transfer your information, including PII, to the United States and process it there.
In the event we transfer PII outside the EEA, we will take commercially reasonable measures to ensure the transfer complies with applicable data protection laws and PII is securely transferred. Please note the EU has not adopted an adequacy decision with respect to data transfers to the United States. As a result, our standard practice is to use standard contractual clauses approved by the European Commission to facilitate such data transfers. If you have any questions about our data transfer practices, please contact us at the Contact Information provided below.
Upon transfer to the United States, any PII would then be subject to United States laws, and may be subject to disclosure to the United States’ government authorities, courts, law enforcement, or regulatory agencies of that country, pursuant to United States laws.
MileIQ provides different retention periods depending on the specific plan a user or organization may be on. MileIQ will retain Users’ PII while they maintain a premium account with MileIQ or to the extent necessary to provide the Services. Thereafter, MileIQ will keep PII for as long as reasonably necessary: (i) to respond to any queries from Users; (ii) to demonstrate MileIQ treats Users fairly; (iii) for ordinary business continuity procedures; or (iv) to comply with any applicable laws. MileIQ deletes PII within a reasonable period after it is no longer needed for the purposes set out in this Policy. You can request deletion of your data at any time by contacting MileIQ Support.
Some internet browsers may transmit “do-not-track” signals to websites with which the browser communicates. The Service does not currently respond to these “do-not-track” signals.
We do not participate in bulk email solicitations that you have not consented to receiving. We do not sell or disclose customer lists or email address lists to unrelated third parties. Except as otherwise provided herein, we do not share PII with any third party advertisers.
The Service may contain links to other websites or applications (“Linked Sites”) that we do not own. We do not control the collection or use of any information, including PII, which occurs while you visit Linked Sites. Therefore, we make no representations or warranties for—and will not in any way be liable for—any content, products, services, software, or other materials available on Linked Sites, even if one or more pages of the Linked Sites are framed within a page of the Service.
Furthermore, we make no representations or warranties about the privacy policies or practices of the Linked Sites, and the Company is not responsible for the privacy practices of those Linked Sites. We encourage you to be aware of when you leave the Service and read the privacy policies of Linked Services.
All drives, classified or unclassified, can be viewed at the web dashboard or the mobile app by going to the menu and tapping All Drives.
Account, Named Locations and Custom Purposes deletions can be requested via support at MileIQ Support. Deletion requests will be honored within 30 days of receipt acknowledgement by our support team. Drives, Work Hours, reports, notes, tolls and parking can be deleted via the mobile app and/or web dashboard.
Otherwise, if you ever wish to access, update, change, or delete any other PII, or cancel your user account (if applicable), you may make such changes through your user account or by contacting us at the Contact Information provided below. To help us process your request, please provide sufficient information to allow us to identify you in our records. We reserve the right to ask for additional information verifying your identity prior to disclosing any PII to you. Should we ask for verification, the information you provide will be used only for verification purposes, and all copies of the information will be destroyed when the process is complete.
Attn: Privacy Dan
548 Market Street
San Francisco, CA 94104-5401
Contact MileIQ Support
If you do not wish to receive update messages and/or direct marketing communications from us, you may opt-out by making such changes through your user account, following any instructions included in the communication, or by contacting us at the Contact Information provided below. To help us process your request, please include sufficient information for us to identify you in our records. Please be aware that although you may opt-out of update messages and/or direct marketing communications, we reserve the right to email you administrative notices regarding the Service, as permitted under the CAN-SPAM Act.
We will make commercially reasonable efforts to respond to opt-out requests, respond to account cancellation requests, and handle requests to access, update, change, or delete PII as quickly as possible.
If you have questions about this Policy or wish to contact us with questions or comments, please contact us at:
548 Market Street
San Francisco, CA 94104
Contact MileIQ Support