SECURITY & TRUST

Your fleet data. Hosted in the EU. Protected by design.

Movcar runs entirely on EU infrastructure with GDPR-compliant architecture from day one. No GPS hardware in your vehicles. No data leaving the EU. Just fleet management software you can trust your customers with.

  • EU data hosting
  • GDPR-compliant by architecture
  • Software-only — no hardware
Movcar fleet management security — EU data hosting and GDPR compliance illustration

WHY YOU CAN TRUST MOVCAR

Five things every fleet manager should know about our security posture.

Movcar serves 1,100+ paying fleets across 22 locales. The same architectural choices that make us deployable in minutes also make us safer to entrust with sensitive fleet data.

EU data hosting icon

EU data hosting

All customer data hosted exclusively on AWS infrastructure in the European Union. No transatlantic transfer, no third-country processing.

GDPR compliance icon

GDPR by architecture

Compliance is built into the platform, not retro-fitted. Data minimisation, purpose limitation, and retention controls are first-class features.

Data Processing Agreement icon

DPA on request

A signed Data Processing Agreement is available on request, for any plan. Standard EU template — usable directly in your procurement review.

No GPS hardware icon

No hardware, no telemetry

Movcar is software-only. We never install GPS trackers, telematics dongles, or vehicle hardware. Drivers self-log via the mobile app.

Private cloud and on-premise icon

Private cloud & on-premise

For organisations requiring dedicated infrastructure, Movcar offers Private Cloud and On-Premise deployments with full data isolation.

DATA RESIDENCY

Where your fleet data lives.

Movcar's SaaS infrastructure runs entirely on Amazon Web Services in the European Union. Customer data — vehicle records, documents, mileage logs, expenses, driver profiles, claims — is stored and processed inside the EU. We do not move SaaS customer data outside the EU.

  • Primary region: AWS eu-west-1 (Ireland)
  • No production data transfer outside the EU
  • Backups inside the EU, AWS-managed encryption
  • AWS holds ISO 27001, SOC 1/2/3, PCI DSS Level 1 as the underlying infrastructure provider
Movcar data residency — AWS EU eu-west-1 infrastructure diagram
Movcar security controls — encryption, role-based access, audit logs

SECURITY CONTROLS

How we keep it safe.

Movcar inherits AWS's hardened infrastructure for the underlying stack and adds application-level controls on top. Encryption is on by default; access is least-privilege; payment data never touches our database.

  • All traffic served over HTTPS / TLS 1.2+
  • Storage and database encrypted at rest (AWS-managed keys)
  • Role-based access — Fleet Admins get operational access without billing rights
  • Per-driver permissions and Fleet Code linking — drivers see only their assigned vehicles
  • Payments processed by Stripe — card data never stored on Movcar's servers

YOUR DATA, YOUR RIGHTS

GDPR rights, on request.

Movcar acts as a Data Processor for fleet data you upload, and as a Data Controller for your account itself. Under GDPR, you have the right to access, correct, export, and erase your data. We honour every one of those rights — without legal gymnastics.

  • Right of access — subject access requests answered by support
  • Right to data portability — full Excel export available in-app for any account
  • Right to erasure — request via support, processed within statutory windows
  • Data Processing Agreement — standard EU template, available on request for any plan
Request DPA

SUB-PROCESSORS

Vendor Purpose Region
Amazon Web Services Hosting & storage EU (eu-west-1)
Stripe Subscription payments Subscription payments
Microsoft 365 Business email & bookings EU

A full sub-processor list is provided with the DPA on request.

Want the DPA or sub-processor list before you go further?

One email, one business day. No procurement gauntlet.

Movcar private cloud and on-premise deployment options

FOR ENTERPRISE FLEETS

Private cloud and on-premise deployments.

When the standard multi-tenant SaaS deployment doesn't fit — because of regulator requirements, data isolation policies, or specific SLA frameworks — Movcar can run on dedicated infrastructure inside your own AWS account or your own data centre.

Contact our team

FREQUENTLY ASKED QUESTIONS

Security & compliance FAQ

  • Where is Movcar's data hosted?

    AWS, in the European Union. All customer data is stored and processed on Amazon Web Services infrastructure in the EU (primary region: eu-west-1, Ireland). No production SaaS data is transferred outside the EU.

  • Is Movcar GDPR-compliant?

    Yes — by architecture, not by policy. The platform is designed around GDPR principles: data minimisation, purpose limitation, retention controls, subject rights. A Data Processing Agreement is available on request for any plan.

  • How do I get a Data Processing Agreement (DPA)?

    Email support@movcar.app with the subject "DPA request". A signed DPA on the standard EU template will be returned. Available for any plan, including the Free plan.

  • Who are Movcar's sub-processors?

    AWS for hosting, Stripe for payments, Microsoft 365 for business email and bookings. A complete sub-processor list is provided alongside the DPA on request.

  • Does Movcar install hardware in my vehicles?

    No. Movcar is software-only. We do not sell, ship, or install GPS trackers, telematics dongles, OBD readers, or any other vehicle hardware. Drivers self-log mileage and trips through the mobile app.

  • Do you offer on-premise or private-cloud deployment?

    Yes, for organisations that require it. See Private Cloud and On-Premise. Full data isolation, custom SLA, dedicated infrastructure.

  • How does Movcar handle payment data?

    Stripe processes all card transactions. Movcar's database never stores card numbers or CVCs. Invoices generated by Stripe are available in your account's Subscription section.

  • Who do I contact for security questions?

    Email support@movcar.app. Include "Security" in the subject line for fastest routing.

Need a DPA, sub-processor list, or vendor security questionnaire?

Email support@movcar.app or book a 15-minute call with our team. We respond within one business day.

WhatsApp Contact