Privacy Policy

Odomotive is a fleet-maintenance platform provided by PathMarkr LLC, a Tennessee limited liability company located in Franklin, Tennessee. In this Policy, “Odomotive,” “we,” “us,” and “our” refer to PathMarkr LLC.

This Policy describes how we handle information when you use the Odomotive dashboard, text with our AI agent “Odo”, receive phone calls placed by Odo, or otherwise interact with the Service.

2.1 Account information

When you sign up or are invited to a tenant, we collect: your name, email address, role (owner, manager, viewer), and your U.S. mobile phone number if you choose to enroll in SMS. We also store hashed password material via our authentication provider; we never see your plaintext password.

2.2 Fleet & vehicle data

For each vehicle you connect we collect: vehicle name, year, make, model, VIN, license plate, fuel type, home-base address (optional), and home-base timezone. We poll your telematics provider on a 60-second cadence and store: fault codes (DTCs), odometer readings, engine hours, battery voltage readings, engine coolant temperature readings, and last-synced timestamps. These signals drive alert detection and predictive maintenance.

When you have a scheduled shop appointment, we also read device position to confirm drop-off and departure against the shop’s geofence. The position itself is not stored— only the resulting timestamps (e.g., at-shop, left-geofence, dropped-off).

We do not pull or store continuous GPS / route history, trip records, driver hours/HOS, speeding events, harsh-braking events, fuel transactions, or dashcam footage. See our Security page for the complete telematics-access disclosure.

2.3 Service history

When you log a service event (oil change, tire rotation, inspection, etc.) we store the date, mileage, service type, shop name, and any cost or notes you choose to add. If you bulk-import historical service records we store those too.

2.4 SMS conversation content

We store the text of every SMS message sent to or from your phone number through the Service, the timestamp, the direction (inbound/outbound), the intent our AI parsed from your message, and the related vehicle or alert if applicable. This is used to maintain conversational context across turns and for audit and support purposes.

2.5 Voice call data

When Odo places an outbound call to a repair shop on your behalf, we store the audio recording, the transcript, the called number, call duration, and the booking outcome. We disclose to the called party that the call may be recorded before substantive conversation begins.

2.6 Preferred shops & contacts

For shops you add to your preferred list we store: shop name, address, phone number, specialties, geofence coordinates (for drop-off detection), and any notes you provide.

2.7 Usage & technical data

We collect standard server logs (IP address, user agent, request timing, error traces) for security, debugging, and reliability. We may collect aggregated usage data such as which dashboard pages are visited and which features are used to improve the Service.

2.8 Payment information

Subscription payments are processed by Stripe. We don’t store your full credit card number on our servers; Stripe returns a tokenized reference that we store alongside the last 4 digits of the card and the brand for display purposes.

Driver phone numbers and consent records.When a fleet manager adds a driver’s mobile phone to a vehicle, we store that number, the timestamp it was added, the version of the consent disclosure shown, the Twilio message ID of the confirmation prompt we sent, the timestamp and verbatim text of the driver’s YES reply (if any), and any subsequent opt-out timestamp and reason. We retain these records for the audit-trail purpose described in §6.8 of our Terms.

We use the information described above to:

• Provide the Service — watch your fleet for fault codes and mileage thresholds, surface maintenance recommendations, send SMS prompts, and place approved voice calls to shops on your behalf.
• Maintain conversational context when you text with Odo, so you can say “and what about the F350?” and Odo knows what you mean.
• Bill you and process payments through Stripe.
• Diagnose and fix problems, monitor for security incidents, and improve the reliability and performance of the Service.
• Communicate with you about the Service — outage notices, security alerts, product updates, and (rarely) marketing communications you can opt out of.
• Comply with applicable law, respond to lawful government requests, and enforce our Terms.

We do not sell personal information. We do not use Customer Data to train external AI models. We do not target end-users of your fleet with advertising.

No mobile information will be shared with third parties or affiliates for marketing or promotional purposes. All other categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.

This means:

• Your phone number will not be sold, rented, or shared with marketers, data brokers, or any third party for advertising or promotional purposes.
• The fact that you opted in to receive SMS from Odomotive will not be shared with any third party.
• The content of SMS messages you exchange with Odo will not be shared with third parties except as strictly necessary to provide the Service (e.g., transmission through our SMS carrier, Twilio; AI processing by our model provider, Anthropic), in response to a lawful legal request, or with your explicit consent.

Driver phone numbers and per-driver consent records are treated under the same restriction as any other mobile information: we don’t sell them, don’t share them with affiliates or third parties for marketing or promotion, and don’t use them for any purpose other than operating the Service and proving compliance with TCPA / CTIA rules. STOP keywords and consent timestamps are retained as part of the audit trail and are not shared with marketing partners.

We share information only with the vendors required to operate the Service. Each vendor is bound by data-processing terms that require them to protect your data and use it only to provide their service to us. Current subprocessors:

• Supabase— managed Postgres database, authentication, file storage. SOC 2 Type II. Privacy.
• Vercel — application hosting and edge network. SOC 2 Type II. Privacy.
• Fly.io— runs our background workers (telematics polling, alert dispatch, GPS drop-off detection). Privacy.
• Twilio— SMS delivery and inbound webhook routing for Odo text messages, and voice infrastructure for Odo calls. Privacy.
• Anthropic— large-language-model inference for parsing SMS replies and generating Odo’s conversational understanding. Anthropic contractually does not train on our API inputs. Privacy.
• Vapi— voice-AI engine that synthesizes Odo’s voice and handles the live phone call audio when Odo books service. Privacy.
• Stripe— payment processing, billing, and invoicing. PCI-DSS Level 1. Privacy.
• Sentry— error tracking and performance monitoring. Server stack traces and limited request metadata only; no Customer Data. Privacy.
• RepairPal, Inc.— When you select a RepairPal-certified shop as your preferred shop, we share booking-related data with RepairPal so the shop’s scheduling system can create your appointment. The data shared is limited to: your name, contact phone and email, vehicle details (year/make/model), and the symptoms/services requested. You can opt out at any time by selecting a non-RepairPal shop in your settings, or by emailing support@odomotive.com to revoke data sharing for an existing RepairPal preferred shop.

When we add a subprocessor that touches Customer Data, we’ll update this list before that subprocessor goes live. Email justin@odomotive.com to subscribe to subprocessor change notifications.

When you text Odo or receive a text from Odo, we store the message body, direction, timestamp, your phone number, the intent we parsed from your message (e.g. approve, retarget_shop, vehicle_status), and any related alert or vehicle. This data lives in the same database as the rest of your tenant data and is subject to the same row-level security isolation.

We use SMS content to (a) deliver the Service’s SMS workflows, (b) maintain conversational context across turns, and (c) audit and support requests. We don’t use SMS content for advertising, training third-party AI models, or cross-tenant analytics.

You can opt out of SMS at any time by replying STOP. When you opt out we stop sending SMS to your number; we retain the prior conversation history per our standard retention policy. To request deletion of past SMS conversation history, email justin@odomotive.com.

Driver confirmation prompts and YES/STOP replies from drivers are also logged in the conversation table and in a separate driver_consentsaudit table. We retain these records for as long as your account is active and for at least four years thereafter, consistent with TCPA defense practice.

Odo’s outbound calls to repair shops are placed on your behalf and may be recorded for quality, training, and auditability. The called party hears a disclosure (default: “This call may be recorded for quality and accuracy.”) at the start of the call.

We store the audio recording, transcript, called number, call duration, and booking outcome (e.g., appointment confirmed, voicemail reached, no answer). Audio and transcripts are accessible from your dashboard for 90 days, then deleted from primary storage. Backups age out within an additional 90 days.

We don’t use call audio for advertising, voice-cloning, training third-party models for purposes outside the Service, or cross-tenant analytics. We may use aggregated, de-identified call performance data (call success rates, average duration) to improve Odo’s booking quality.

When you connect Geotab (or another supported telematics provider), we use the credentials you supply to poll a narrow set of read-only endpoints. We collect fault codes (DTCs), odometer readings, engine hours, battery voltage, engine coolant temperature, and a limited set of vehicle metadata required to identify and group records by vehicle.

Around scheduled shop appointments we also read device position to confirm drop-off against the shop’s geofence; the position is not stored, only the resulting at-shop/left-geofence timestamps.

We do not collect: continuous GPS / route history, trip records, driver hours/HOS, speeding or harsh-braking events, fuel transactions, or dashcam footage. For details on what queries we make and the scope of access we request, see our Security page.

Telematics credentials are encrypted at rest with XChaCha20-Poly1305 using per-tenant keys. They’re never returned to the client after the initial connection and never logged in plaintext.

The Odomotive dashboard uses essential cookies for authentication and session management. These are strictly necessary to keep you signed in and to protect against CSRF. We don’t use third-party advertising cookies.

We may use first-party or privacy-respecting analytics to understand which pages and features are used. When we do, we’ll list the analytics provider in the Subprocessors section above. We do not run cross-site tracking pixels for ad networks.

Active tenant data— fault codes, alerts, service history, SMS conversations, call recordings — is retained for the life of your subscription plus 30 days for one-time export or reconnection. After that we permanently delete it from primary storage. Backups age out within 90 days.

Telematics credentials are revoked within seconds of cancellation or disconnection and removed from primary storage within 24 hours.

Call recordings and transcriptshave a 90-day retention regardless of subscription status, after which they’re purged from primary storage.

Server logs and request metadata are retained for 30 days for security and reliability investigation, then rotated out.

You can request earlier deletion at any time by emailing justin@odomotive.com. We process those within 5 business days and send a deletion confirmation.

You have the following rights with respect to personal information we hold:

• Access— request a copy of the personal information we hold about you.
• Correction— ask us to correct inaccurate or incomplete information. Most fields are also editable from the dashboard.
• Deletion— ask us to delete your personal information, subject to legal retention obligations.
• Portability— request a structured export of your tenant data (CSV or JSON).
• Opt-out of SMS — reply STOP to any Odo message, or contact us.
• Withdraw consent— withdraw consent for any processing based on consent, without affecting the lawfulness of prior processing.

Revoking RepairPal data sharing:Contact us and we’ll switch your preferred shop to a non-RepairPal entry. Future bookings will route via voice-call with no data transmitted to RepairPal.

To exercise any of these rights, email justin@odomotive.com. We’ll respond within 30 days. We may need to verify your identity before acting on a request involving sensitive information.

We use TLS 1.3 in transit, XChaCha20-Poly1305 for sensitive at-rest data, Postgres row-level security for tenant isolation, and short-lived authentication tokens. We rotate application secrets quarterly. For the full security posture, see our Security page.

No system is 100% secure. If we become aware of a breach affecting your personal information, we’ll notify you in accordance with applicable law, typically within 72 hours of discovery.

If you’re a California resident, you have additional rights under the California Consumer Privacy Act and the California Privacy Rights Act, including the right to know what categories of personal information we’ve collected, disclosed, or sold in the prior 12 months; the right to delete personal information; the right to correct inaccurate personal information; and the right to opt out of the “sale” or “sharing” of personal information.

We do not sell or share personal information for cross-context behavioral advertising. We do not knowingly collect or sell the personal information of minors under 16.

To exercise your California rights, email justin@odomotive.com with “CCPA Request” in the subject line. We won’t discriminate against you for exercising your rights.

The Service is primarily intended for U.S.-based commercial vehicle operators. If you’re located in the European Economic Area, United Kingdom, or Switzerland, we process your personal information based on (a) the contract between us when you use the Service, (b) our legitimate interests in operating and improving the Service where those interests aren’t overridden by your rights, and (c) your consent where required (e.g., enrolling in SMS).

You have the right to lodge a complaint with a data protection authority. A Data Processing Addendum is available on request for customers who need one for their own GDPR compliance. Email justin@odomotive.com.

The Service is not intended for children under 18. We don’t knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we’ll delete it.

We may update this Policy from time to time. When we make material changes, we’ll post the updated Policy on this page, update the “Effective” date, and notify account owners by email or in the dashboard. Your continued use of the Service after the new Policy takes effect is your acceptance of the updated terms.

For privacy questions, data requests, or any concern about how your information is handled:

PathMarkr LLC (d/b/a Odomotive)
Franklin, Tennessee, USA
justin@odomotive.com