SalesFleet
Start free
Legal

Privacy Policy

This Privacy Policy explains how B2 Group LLC (“we”, “us”, “SalesFleet”) processes personal data when you visit salesfleet.ai or use our service. Because we offer our service to users in the EU/EEA and the DACH region, we process personal data in accordance with the EU General Data Protection Regulation (GDPR/DSGVO). Last updated: June 2026.

1. Controller

B2 Group LLC, 1309 Coffeen Ave, Sheridan, WY 82801, USA.
E-mail: [email protected] · See also our Imprint.

Controller vs. processor. For data about website visitors and account holders (e.g. your account, billing and usage), we are the controller. For the customer data that account holders upload into the product (their own clients, contacts and visit records), we act as a processor on the customer’s behalf and process it only under their instructions and a Data Processing Agreement (Art. 28 GDPR). This Policy describes our processing as a controller.

2. What we process, why, and on what legal basis

  • Server log data (IP address, date/time, requested resource, referrer, user agent) — to operate and secure the site. Legal basis: Art. 6(1)(f) GDPR (our legitimate interest in a secure, functioning service).
  • Account data (name, e-mail, hashed password, organisation, role, preferences) — to create and run your account. Legal basis: Art. 6(1)(b) GDPR (performance of a contract).
  • Billing data (subscription tier, seats, payment status) — processed via our payment provider (see §6). Legal bases: Art. 6(1)(b) and (c) GDPR.
  • Customer/CRM content you upload (your clients, contacts, addresses, visits) — processed on your behalf as a processor under a DPA. Legal basis between you and your data subjects is determined by you as controller.
  • Communications (e.g. support or sales e-mail) — to respond to your enquiry. Legal basis: Art. 6(1)(b) or (f) GDPR.
  • Cookies / local storage — strictly necessary entries run on the basis of Art. 6(1)(f) GDPR and the ePrivacy “strictly necessary” exemption; any non-essential entries would run only with your consent, Art. 6(1)(a) GDPR. See our Cookie Policy.

3. Cookies & local storage

We use only strictly necessary cookies and local-storage entries (sign-in session, CSRF protection, your theme and your cookie choice). We do not use advertising, profiling or third-party tracking cookies. Full details and how to manage them are in our Cookie Policy. You can change your choice any time via “Cookie settings” in the footer.

4. Hosting

The website and application are hosted on servers located in the European Union. Our hosting provider processes data on our behalf under a data processing agreement and only as instructed.

5. Fonts & maps

We load web fonts from fonts.bunny.net, a privacy-friendly, GDPR-compliant font delivery service that does not set cookies or build user profiles. Map tiles are served from our own infrastructure (self-hosted Protomaps/PMTiles); your map usage and client locations are not shared with any third-party map provider.

6. Payments (Stripe)

Subscription payments are handled by Stripe, Inc. (USA) as our payment processor. When you subscribe, the payment data you enter is collected and processed by Stripe under their own privacy policy (stripe.com/privacy). We do not store full card numbers on our systems. Legal basis: Art. 6(1)(b) GDPR.

7. E-mail

We send transactional e-mails (e.g. account, invitations, and tour/arrival notifications you configure). Organisations may connect their own SMTP server (“bring your own SMTP”), in which case outbound e-mail is delivered through that server under your control. Every contact e-mail includes a one-click unsubscribe.

8. Service providers / processors

We use a small number of processors who act only on our instructions and are bound by data processing agreements: our EU hosting provider, Stripe (payments), and our font delivery provider (bunny.net). We do not sell personal data.

9. International data transfers

B2 Group LLC is established in the United States. Where personal data is transferred to the USA or other countries outside the EU/EEA (including to us as controller and to Stripe), we rely on appropriate safeguards under Art. 46 GDPR — in particular the EU Standard Contractual Clauses and, where applicable, the EU–US Data Privacy Framework — together with supplementary measures as needed. A copy of the safeguards is available on request.

10. Retention

We keep personal data only as long as necessary for the purposes above or as required by law (e.g. tax/commercial retention periods for billing records). Account and customer content are deleted or returned after the end of the contract, subject to legal retention duties. Server logs are kept only for a short period for security and then deleted or anonymised.

11. Your rights (GDPR)

Subject to the conditions of the GDPR, you have the right to: access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), data portability (Art. 20), and to object to processing based on legitimate interests (Art. 21). Where processing is based on consent, you may withdraw it at any time with effect for the future (Art. 7(3)). To exercise these rights, contact [email protected].

You also have the right to lodge a complaint with a supervisory authority, in particular in the EU/EEA member state of your residence, place of work or the place of the alleged infringement.

12. US privacy rights

Depending on your US state of residence (e.g. California under the CCPA/CPRA), you may have rights to know, access, delete, and to opt out of the “sale” or “sharing” of personal information. We do not sell or share personal information as defined by those laws. To exercise any such right, contact [email protected].

13. Children

Our service is a business tool intended for professional use and is not directed to children. We do not knowingly collect personal data from children under 16.

14. Security

We use technical and organisational measures to protect personal data, including transport encryption (TLS), encryption of sensitive secrets at rest, tenant isolation, role-based access control and row-level visibility. No method of transmission or storage is 100% secure, but we work to protect your data using industry-standard practices.

15. Changes to this Policy

We may update this Policy to reflect changes to our service or legal requirements. The current version is always available on this page with the “Last updated” date above.

16. Contact & DPA

For privacy questions, to exercise your rights, or to request a Data Processing Agreement (Auftragsverarbeitungsvertrag) for business customers, contact [email protected].