FleetPilot is built to keep your fleet finances private, isolated, and secure — from the moment you sign in to the moment a statement lands in your owner's inbox.
FleetPilot uses Clerk — a dedicated, security-focused authentication platform — to manage all sign-in and session management. Clerk supports Google Sign-In (OAuth 2.0) and other identity providers. FleetPilot never stores your passwords. This means FleetPilot cannot be compromised by a password database breach, because there is no password database.
Clerk implements the OAuth 2.0 PKCE (Proof Key for Code Exchange) standard — the modern security baseline for delegated authentication. Authorization codes are single-use and cryptographically bound to the originating session, preventing interception and replay attacks.
Clerk manages session tokens using HttpOnly, Secure, SameSite cookies — making them invisible to JavaScript running in the browser. This prevents cross-site scripting (XSS) attacks from stealing authentication credentials.
Clerk automatically refreshes session tokens before expiry, maintaining a seamless and secure session without requiring you to re-authenticate. Short-lived tokens limit the window of exposure if a token were ever compromised.
Every piece of data in FleetPilot — your vehicles, owners, expenses, statements, receipts, and tax records — is scoped to your individual workspace. Workspace isolation is enforced at the application layer: every database query is filtered by your workspace ID, so no query can return data belonging to another account. No other user can access, read, or modify your data through the Service.
Receipt uploads, document attachments, and exported files are stored in isolated, user-scoped paths. Storage access policies are enforced so that only you — authenticated as yourself — can access files you have uploaded. No other user can retrieve your documents.
We will never share your financial data with other FleetPilot users.
Your owner names, vehicle details, earnings, expenses, bank transactions, and tax records are never visible to, accessible by, or shared with any other account on the platform. FleetPilot does not aggregate or cross-reference user data across accounts for any commercial purpose.
All communication between your browser and FleetPilot is encrypted using TLS (HTTPS). This applies to the marketing website, the application, and all API calls made by the Service.
Your data is stored in an encrypted managed database. Database-level encryption at rest is provided by our infrastructure and is always on — no configuration needed on your end.
We use Sentry for application error monitoring. Error reports capture anonymized stack traces and event metadata to help diagnose issues. Sensitive credentials — such as banking access tokens — are explicitly redacted before events are transmitted to Sentry. We rely on Sentry's standard data minimization practices for other fields.
All subscription payments are processed by Stripe, Inc., a PCI-DSS Level 1 certified payment processor. When you enter payment card information, it is submitted directly to Stripe's secure servers — FleetPilot never sees, transmits, or stores your card number, CVV, or billing details.
The only billing data FleetPilot retains is your Stripe customer ID and your current subscription status — both of which are opaque identifiers with no payment card information embedded. This is the minimum required to manage your plan.
FleetPilot offers optional AI-powered expense categorization and transaction matching, powered by Anthropic (Claude). When this feature is enabled, transaction descriptions, amounts, and vehicle identifiers (VIN) are sent to Anthropic's API — no owner names or personal contact details are included in these requests.
The AI fleet chat feature provides advisory insights about your fleet and may include workspace context — such as owner names — in the prompt to generate relevant responses. This data is processed transiently and not retained by Anthropic beyond the request.
When you upload or text in receipts, document content is processed by Anthropic's Claude API to extract expense data (vendor, amount, date, category) and match it to the relevant vehicle using its VIN. Claude is also used to generate CFO-style fleet insights. Extracted results are saved to your account; document content is not retained by Anthropic beyond the API request.
All fleet data is stored in Neon — a fully managed, enterprise PostgreSQL platform with automatic backups, encryption at rest, and high availability. Neon uses serverless architecture with strict network isolation between tenants.
FleetPilot is hosted on Vercel, providing edge-cached delivery and automatic HTTPS. Uploaded files — receipts, statements, and documents — are stored in Vercel Blob, a managed object storage service with access controls enforced at the API level.
Owner statements and account notifications are delivered via Resend, a dedicated transactional email provider. Outbound email is authenticated with SPF, DKIM, and DMARC records on our sending domain to prevent spoofing and impersonation.