Privacy Policy

Additional Links

Last Updated: February 19, 2026

Protecting your privacy is fundamental to the way One Step GPS (“we,” “us,” or “our”) conducts business. If you are a One Step GPS customer (“Customer”) or a visitor to our website, this Privacy Policy applies to you. This Privacy Policy explains how we collect, use, safeguard, and disclose your Personal Information when you access and use our products and services, including our website (https://onestepgps.com) and the One Step GPS platform (collectively, the “Services”).

This Privacy Policy may be updated or modified from time to time. Any updates will be posted on this page, and your continued use of the Services constitutes your acceptance of the changes. Where required by applicable data protection law, we will notify you in advance and, where appropriate, seek your consent to material changes. We encourage you to review this policy periodically to stay informed about how we are protecting your data. If you are our customer, we will notify you of any important changes to this policy.

You can jump to particular topics by going to the headings below:

What is Personal Information/Data?

Personal Information/Data refers to any information that identifies, relates to, or is reasonably capable of being associated with an identifiable individual or household. This includes, but is not limited to names, addresses, geolocation data, online identifiers, and other unique characteristics. Personal Information can also include indirect identifiers such as device identifiers and aggregated data if it can reasonably be linked to an individual.

An identifiable natural person, or "Data Subject," is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location information, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

Our ResponsibilitiesWe will inform you, by publishing this Privacy Policy, about how we collect, use, process, and store your data. If the way in which we collect, use, process, or store your data changes, we will publish updates to this policy to inform you.

Your Responsibilities

Read this Privacy Policy and our Cookie Policy

If you are our Customer, please also check our Terms and Conditions or any signed agreement between us, as these may contain further details on how we collect and process your data.

If you provide us with personal information about other people, or if others give us your information, we will only use that information for the specific reason for which it was provided to us. By submitting the information, you confirm that you have the right to provide us with the data and to allow us to collect, use, process and store it. You are responsible for providing accurate, up-to-date information and ensuring its continued accuracy while using our services.

Consult this Privacy Policy periodically to check for updates.

Minimum Age to Use the WebsiteYou must be at least 18 years of age to use this website. We may ask you to confirm your age when providing certain services to ensure compliance with this requirement.

Important Notice for Drivers

If our products and services collect data about you but you are not our Customer (including for example if you are an employee or contractor of one of our Customers, or you receive our device via your insurance company), you should consult the business that operates our devices to learn about their privacy practices. This Privacy Policy applies only when the purposes and means of processing your personal data are determined by One Step GPS, meaning when we are a “controller” or “business” as defined by applicable data protection laws. It does not apply to any of your personal data that we process on behalf of our customers, meaning when we are a “processor” or “service provider” as defined by applicable data protection laws.

Please contact the relevant controller or business (this would be your employer if you are an employee or contractor of a One Step GPS Customer, or your insurance company if they provided your device) for more information about their privacy practices.

When and How We Collect DataWhen you visit our website or use our products or Services, we collect data. Sometimes you provide us with data, sometimes data about you is collected automatically through your interactions with our Services.We collect your data automatically when you:Browse any page of our website, use the chat feature of our website, request a demo, use our products or services, and when you contact us for support, or when we send emails to you.You give us your data when you:Opt-in to marketing communications, use the chat feature of our website, request a demo, place an order, use our products or Services, contact us for support, send us emails, and when we call you or you call us.

Legal Basis for Processing Your InformationIf you are located in the EU or UK, this section applies to you.The General Data Protection Regulation (GDPR) and UK GDPR require us to explain the valid legal bases we rely on in order to process your personal information. As such, we may rely on the following legal bases to process your personal information:

Consent: We may process your information if you have given us permission (i.e., consent) to use your personal information for a specific purpose. You can withdraw your consent at any time.
Performance of a Contract: We may process your personal information when we believe it is necessary to fulfill our contractual obligations to you, including providing our Services or at your request prior to entering into a contract with you.
Legitimate Interests: We may process your information when we believe it is reasonably necessary to achieve our legitimate business interests and those interests do not outweigh your interests and fundamental rights and freedoms. For example, we may process your personal information for some of the purposes described in order to:
- Send users information about special offers and discounts on our products and services.
- Develop and display personalized and relevant advertising content for our users.
- Analyze how our Services are used so we can improve them to engage and retain users.
- Support our marketing activities.
- Diagnose problems and/or prevent fraudulent activities.
- Understand how our users use our products and services so we can improve user experience.
Legal Obligations: We may process your information where we believe it is necessary for compliance with our legal obligations, such as to cooperate with a law enforcement body or regulatory agency, exercise or defend our legal rights, or disclose your information as evidence in litigation in which we are involved.
Vital Interests: We may process your information where we believe it is necessary to protect your vital interests or the vital interests of a third party, such as situations involving potential threats to the safety of any person.

Our Role in Processing Personal InformationOne Step GPS provides business-to-business fleet tracking and related services. Depending on how you interact with us, we may process personal information in different roles:Controller / BusinessWe act as a controller (or “business” under certain U.S. state privacy laws) when we determine the purposes and means of processing personal information. This includes operating our website, communicating with prospective or existing customers, processing payments, managing accounts, and providing customer support.Processor / Service Provider

We act as a processor (or “service provider”) when we process Customer Data on behalf of our Customers in connection with providing our fleet tracking devices, software platform, and related Services. In these cases, the Customer determines the purposes and means of processing the personal information collected through the Services.

If you are a driver or other end user whose information is processed through our Services on behalf of a Customer (for example, your employer or insurer), that organization is generally responsible for responding to requests regarding your personal information. We assist our Customers in responding to verified requests as required by applicable law and our contractual obligations.

Types of Data We CollectWe collect the following information in the course of providing you with our services:

Context	Types of Information	Primary Purpose for Collection and Use of Information
Customer & Prospective Customer Contact Information	We collect the names, emails, and contact data of our Customers, prospective Customers, and their employees with whom we may interact.	We are executing on a contractual obligation in contacting our Customers and a legitimate interest in contacting our prospective Customers, to communicate with them concerning normal business administration such as billing, registration, and our services.
Customers and User Account Information	We collect personal information from our Customers and users of our Services when they create an account to access and use the Services. This information could include business contact data such as name, email address, title, company information, phone number and password for the Services.	We are executing on a contractual obligation by providing account-related functionalities to our users, monitoring account log-ins, and detecting potential fraudulent logins or account misuse.
Customer Employee & Vehicle Tracking and Operational Information	Our Customers use our Services to collect information on their employees and their workforce vehicles. Employee information may include data such as employee name, driver’s license information, date of birth, address, phone number, email address, and IP address. Vehicle information may include company addresses, vehicle make and model, VIN of vehicle, license plate information, vehicle computer data, device names, telematics device identification numbers, GPS location, vehicle speed, miles traveled, routes and places visited by vehicle, time spent in transit or idle, and screenshots, images, or recordings from vehicle cameras, Additionally, our Customers may store information related to their customers, such as addresses, appointments, and other business data entered into our products by their employees or users, or collected using our devices.	We are executing on a contractual obligation to provide our Customers and their employees with our Services or executing on contractual obligations to enable our Business. Partners to provider their services to those Customers that are also customers of such Business Partners. Our Customers have a legitimate interest to manage their workforce and employees, and they are responsible for managing this information in accordance with all applicable local laws and regulations. Similarly, our Business Partners offering services directly to our Customer have a legitimate interest in having access to such information in order to fully provide their services to Customers.
Cookies and First-Party Tracking	We use cookies and clear GIFs. “Cookies” are small pieces of data that a website sends to a computer’s hard drive while a website is viewed.	We have a legitimate interest in making our website operate efficiently and improving our marketing efforts and Services.
Cookies and Third-Party Tracking	We participate in behavior-based advertising and the gathering of analytics. This means that a third- party uses technology (e.g., a cookie) to collect data about your use of our website so that they can provide us with website and user analytics, as well as for the purposes of advertising products and services tailored to your interests on our website, or on other websites.	We have a legitimate interest in engaging in behavior-based advertising and capturing website analytics in improving our marketing efforts. For additional information on our use of cookies, please review our Cookie Policy. Additionally, you can manage your cookie consent preferences in the cookie consent manager via our website’s cookie banner.
Email Interconnectivity	If you receive an email from us, we may use certain tools to capture data related to when you open our message or click on any links or banners contained within.	We have a legitimate interest in understanding how you interact with our communications to you.
Employment	If you apply for a job posting or become an employee of One Step GPS, we collect the information necessary to process your application or to retain you as an employee. This may include, among other things, your name, address, email address, I-9 information, Social Security Number, work history, resume, EEO information, veteran status, disability status, healthcare information, and banking account information. Providing this information is required for employment.	We use information about current employees to fulfil our contract of employment or the anticipation of a contract of employment with you. In some contexts, we are also required by law to collect information about our employees. We are executing on a contractual obligation in using your information to have efficient staffing and workforce operations.
Feedback and Support	We collect personal information from you contained in any inquiry you submit to us regarding the Services, such as completing our online forms, calling, or emailing for the purposes of general inquiries, support, and chat requests, or to report an issue. When you communicate with us through our live support chat or over the phone, your messages and calls may be recorded and analyzed for training, quality control, and for sales and marketing purposes. During such interactions, we will notify you of the recording via either voice prompt or script.	We have a legitimate interest in receiving and acting upon, your feedback, issues, or inquiries.
Mailing List and Demo Requests	When you sign up for one of our blogs, mailing lists, or webinars, or when you submit a demo request, we collect contact information such as your name, email address, and company affiliation.	We share information about our Services with individuals that consent to receive such information.
Payment Information	We collect payment and billing information when you register for certain paid Services. For example, we ask you to designate a billing representative, including name and contact information, upon registration. You might also provide payment information, such as bank account number, credit card number and CVV, or debit card details that you provide to pay for our products and services, which we collect via secure payment processing services.	We are executing on a contractual obligation in obtaining payments for certain Services.
Order Placement	We collect your name, billing address, e-mail address, phone number, and use a third-party PCI compliant service to process your payment card number when you place an order. Specifically, we use Stripe and Braintree for payment processing.	We use your data to perform our contract to provide you with Services. For questions about how Stripe or Braintree processes your data, please refer to their respective Privacy Policies: Stripe Privacy Policy or Braintree Privacy Policy.
Promotions	Promotions, incentives, or giveaways may be made available by us or third parties from time to time. You do not have to participate in these, however, if you choose to participate, you may be asked to disclose some personal information. Additionally, at the time of entering the promotion, we will disclose in the promotion’s materials specific terms and conditions regarding how your personal information will be used. Please do not participate in any promotion if you do not agree to such usage.	We obtain consent to share information about our Services and providing incentives to our customers.
Video & Online Reviews	When you participate in providing video or online reviews, we collect data that you provide through the review. If the review is provided by a third-party service provider, the third-party’s privacy policy applies to the collection, use, and disclosure of your information.	When you complete and submit reviews, you consent for us to use your reviews for our advertising or marketing purposes. One Step GPS has a legitimate interest in using and sharing your reviews to inform other Customers and perspective Customers about our services.
Surveys	When you participate in a survey, we collect data that you provide through the survey. If the survey is provided by a third-party service provider, the third-party’s privacy policy applies to the collection, use, and disclosure of your information.	We obtain consent for any surveys and use them to gain an understanding of your opinions and collecting data relevant to our organization.
Website Interactions	We use technology to monitor how you interact with our Services. When visiting our website, we may capture information on the links or products/services viewed, page response time, download errors, how long you stay on our pages, what you do on those pages, how often you view those pages, and other actions or information that you type into our online forms. This may also include information about your device or browser.	We have a legitimate interest in understanding how you interact with our Services to better improve them, and to understand your preferences and interests in order to select offerings that you might find most useful. We also have a legitimate interest in detecting and preventing fraud.
Social Media	When an individual interacts with our Services through various social media networks, such as when someone follows us or shares our content on Facebook, Twitter (X), LinkedIn, YouTube, or other social networks, we may receive some information about individuals that they permit the social network to share with third parties. The information we receive is dependent upon an individual’s privacy settings with the social network, and may include your profile information, profile picture, gender, username, user ID associated with your social media account, age range, language, country, and any other information you permit the social network to share with third parties.	We use this information to update and maintain the page to provide you with content and features of our Services, as well as to improve our product outreach. Individuals should always review and, if necessary, adjust their privacy settings on third-party websites and social media networks and services before sharing information and/or linking or connecting them to other services. We have a legitimate interest and/or may obtain your consent to collect this information.
Web Logs, Device, and Usage Information	We collect information, including your login information, device and browser type and version, browser plug-in types, operating system and version, Internet Protocol (IP) address, derived IP address location, geolocation information, time zone setting, domain name, URL clickstreams and click-activity, referring website, and/or a date/time stamp for visitors. Additionally, we collect user account activity to include when an activity is completed, the type of activity taken, and the related data for the activity (for example, if a user sends a message, etc.).	We have a legitimate interest in monitoring our networks and visitors to our Services. Among other things, it helps us to monitor performance and to understand which of our Services and features are the most popular.

All personal information that you provide to us must be true, complete, and accurate, and you must notify us of any changes to such personal information.

In addition to the information that we collect from you directly, we may also receive information about you from other sources, including third parties, Business Partners, our affiliates, or publicly available sources. For example, if you submit a job application, or become an employee, we may conduct a background check.

Through your account settings, you can control location tracking, data sharing, and notifications. You can opt-out of marketing emails or personalized ads easily. You have the right to access or delete your data by contacting us. For sensitive data uses, we will always request your explicit consent.

What about sensitive data?

We collect precise geolocation data (within 1,750 feet or less) about your vehicles in order to provide our services to you. We do not sell geolocation data or use it for advertising purposes, although we may share such information with Business Partners, suppliers and service providers that are engaged in providing our, or their services, directly to our Customers.

Under certain U.S. state privacy laws, “sensitive personal information” may include precise geolocation data, account login credentials, government identifiers, financial account information, and certain other categories. We do not sell sensitive personal information. We process sensitive personal information only as reasonably necessary to provide our Services, comply with legal obligations, or with your consent where required by law.

We do not collect any other “sensitive data” (like racial or ethnic origin, political opinions, religious/philosophical beliefs, union membership, genetic data, biometric data, health data, data about your sex life or orientation, or criminal history) except when we have your specific consent, or when the law requires us to. We ask that you not provide us with sensitive data or use our products to process sensitive data.

What about children’s data?One Step GPS is primarily a business-to-business service directed to and intended for use only by those who are 18 or over. We do not target One Step GPS at children, and we do not knowingly collect any personal data from any person under 13 years old.

How and Why We Use Your DataData protection laws applicable in some places provide that we can only use your data for certain reasons and when we have a legal basis or your permission to do so. Here are the reasons for which we process your data:Operating our Products and ServicesManaging your use of our products and services, login and authentication, remembering your settings, processing payments, hosting and back-end infrastructure.Improving our Products and ServicesTesting features, interacting with feedback platforms and questionnaires, managing landing pages, heat mapping our site, traffic optimization and data analysis and research, including profiling and the use of machine learning and other techniques using your data.Improving our WebsiteWe allow third-party providers to record information about the usage of our site, demographics, location and other information, and report that information to us so we can understand how people interact with our website and services and continually improve it for users.Customer supportNotifying you of any changes to our service, solving issues via live chat support, phone or email including any bug fixes or scheduled downtime.To Enforce our Rights

Enforcing our rights under our Terms and Conditions or any other agreements between us, or to enforce other rights of One Step or others under applicable law.

Marketing purposesIf you provide us with your contact information, we may send you emails and messages (including via social media) about new features, products and services, and content.

We may also use data collected by third parties to serve retargeting ads to you about our products and services, and we may permit third-party providers such as Google, LinkedIn, Facebook, and Mail Chimp to match our customer data to their user data and serve our ads to you. Those third parties’ use of your data is subject to their privacy policies. If you have previously given consent to send you marketing emails or to use your data to advertise to you, and you wish to withdraw your consent, please see the of this policy to withdraw your consent.

How we share your data

Group	Data Shared	Why Data is Shared
Service Providers: Companies (e.g., hosting, analytics, payment processing).	Server logs, IP addresses, usage data, Website traffic, user behavior, billing information.	This helps One Step GPS operate its services effectively.
Acquiring Entities	Personal information, location history, usage data, and billing information.	Facilitating the transfer of ownership or assets in a merger, acquisition, or sale.
Law enforcement or courts	Customer information, location data, communication logs.	Complying with legal requirements, such as subpoenas, court orders, or investigations.
Business Partners: Companies we collaborate with for specific offerings, including use of AI tools.	Specific location data and vehicle operation and tracking data (only shared with Business Partners that have an existing customer relationship with our Customers and where Customers have so authorized), aggregated location data, customer demographics, usage statistics, or data related to specific joint offerings. For use of AI tools, in addition to the foregoing, vehicle operation and other relevant data may be provided depending on the functionality provided by the tool.	Collaborating on new products or services, marketing initiatives, or data sharing for mutual benefit.

Mobile Contact Information and SMS DataWe do not share mobile contact information with third parties or affiliates for marketing or promotional purposes. Mobile information may only be shared with service providers that support the delivery of our services, such as messaging platforms. Text messaging originator opt-in data and consent will not be shared with any third parties.

Your Privacy RightsYou can choose not to provide us with personal dataIf you choose to do this, you can continue to use the website and browse its pages, but we will not be able to process transactions without personal data.Right to Opt Out of Sale, Sharing, or Targeted Advertising

Depending on where you reside, you may have the right to opt out of the sale, sharing, or processing of your personal information for targeted advertising purposes under applicable U.S. state privacy laws.

We do not sell personal information for monetary consideration. However, certain disclosures of personal information to advertising or analytics partners (including through cookies and similar technologies) may be considered a “sale,” “sharing,” or “targeted advertising” under applicable law.

You may exercise your opt-out rights by:

Adjusting your cookie preferences through our website’s cookie banner;
Enabling Global Privacy Control (GPC) or another legally recognized universal opt-out mechanism; or
Contacting us at [email protected] to submit a request.

Right to Access Your Personal Information

You have the right to access your personal data. You may request access to your information by contacting us at [email protected]. If required by law, upon request, we will grant you reasonable access to the personal information that we have about you.

You have the right to ask us to provide information about:

the types of data we collect
why we collect it
how we use it
which third parties may have access to it
how long the data will be stored or the criteria used to determine that period

We will do our best to provide you with the information within one month of your request.Appealing our decisions

If we do not honor your data access request, and you disagree with our decision, you may appeal our decision by contacting us within a reasonable period of time to request an appeal. See the "" section at the bottom of this policy.

If we decline to take action on your request, you may appeal our decision by contacting us at [email protected] within a reasonable period of time. We will review your appeal and respond in accordance with applicable law. If your appeal is denied, we will provide you with information about how to contact your state Attorney General if required by law.

You may ask us to correct any inaccurate personal data about youWe will do our best to make the requested changes to your information within one month of your request. See the “How to contact us” section at the bottom of this policy.You can object to us using your data to profile you or make automated decisions about youWe may use your data to determine whether we should let you know information that might be relevant to you (for example, tailoring emails to you based on your behavior). Otherwise, the only circumstances in which we will do this is to allow you to use our products and services.You will not receive your data if you stop using our products

If you cancel your service or your account is suspended for non-payment, your access to the platform and stored data through the service will terminate. We are not obligated to retain operational or device-level data beyond our standard retention periods.

However, nothing in this section limits your right to submit a verified request to access, obtain, or delete your personal information as provided under applicable privacy laws.

You have the right to delete your data

You can do this by asking us to erase any personal data we hold about you or any consumer if it is no longer necessary for us to hold the data for purposes of your use of our products or services. See the “How to contact us” section at the bottom of this policy. To the extent that you have submitted your personal data when placing an order, it is necessary for us to hold that data to enable you to use our products and services. You can also delete your account information by clicking here.

If you or a consumer whose data you have provided asks for access to their personal data, information about the categories of sources from which it is collected, or information about the categories or specific pieces of personal data, we will cooperate, including by providing the requested information in a portable and, to the extent technically feasible, readily useable format.

If we are unable to delete personal data for a valid legal reason, we will tell you why, we will only retain the personal data for that reason, and we will delete the personal data after the reason for keeping it no longer exists.

If you have a concern about how we are using your data, please see the “How to Contact Us” information at the bottom of this policy.

How Secure is the Data We Collect?

We implement appropriate and reasonable technical, physical, and organizational safeguards to protect your personal information from accidental loss, unauthorized access, disclosure, alteration, or destruction. These measures include access restrictions, encryption, procedural safeguards, and secure data hosting environments. For more details on our security protocols and certifications, please visit our Trust Page

Access to your personal information is limited to authorized personnel who require the data to perform their duties and who are trained on the importance of maintaining its confidentiality. Our service providers and business partners are contractually obligated to protect personal information and are prohibited from using it for unauthorized purposes.

In the event of a data breach, we will notify affected users without undue delay and, where applicable, within 72 hours of becoming aware of the breach. We will also take all necessary measures to mitigate the impact of the breach.

Please remember, however:

You provide personal data at your own risk. While we implement appropriate safeguards, no method of transmission over the internet or method of storage is completely secure.
You are responsible to protect your username and password: keep them secret and secure
If you believe your privacy has been breached, please contact us immediately.

For additional information on our security practices, controls, and measures, please visit our Trust Page.

How Long Do We Store Your Data?

We will promptly delete and cease actively using any personally identifiable information about you or any individual upon your request for removal. We will retain your personal data only for as long as it is necessary to achieve the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

The specific retention period depends on the nature of the personal information and the reasons for which it was collected. When determining how long to retain personal information, we consider several factors, including:

The amount, nature, and sensitivity of the information.
The potential risk of harm from unauthorized use or disclosure.
The purposes for processing and whether those purposes can be achieved through other means.
Any applicable legal, regulatory, or contractual requirements.

When we no longer have a legitimate business need to process your personal information, we will either delete or anonymize it. If immediate deletion is not possible (for example, because the information is stored in backup archives), we will securely store and isolate it from further processing until deletion becomes feasible.

In some cases, we may anonymize your personal information (so that it can no longer be associated with you) for research, statistical, or other business purposes. Aggregated, anonymized, or de-identified data may be retained indefinitely. Additionally, we may retain personal data for a commercially reasonable period to meet backup, archival, audit, dispute resolution, or legal compliance needs.

Third Parties Who May Receive Your DataSometimes, we may need to share your data with third parties. For example, we submit geolocation data to Google to improve geocoding. We store data on Amazon servers, and have partnerships with SpeedGauge, Inc., Rarestep, Inc. (providers of Fleetio), Autonation Company, and ServiceTitan, Inc., among others. We may share your data with your insurance carrier, with your permission. Your data is shared with third parties only when necessary and according to the safeguards and good practices detailed in this Privacy Policy, but third parties’ use and processing of your data will be governed by those companies’ privacy policies.

For additional information regarding One Step GPS’s partnerships and use of third party services, please review our Subprocessor List

Transfers of DataWe may transfer your personal data to any countries where we have data processing locations, including the United States, and may process it globally. For transfers outside regions with strict data protection laws, such as the EU/EEA, we use Standard Contractual Clauses (SCCs) or other legal mechanisms to safeguard your data. If you do not consent, please do not use our site or submit your data.

One Step GPS complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. One Step GPS has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. One Step GPS has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, One Step GPS commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF.

We are committed to taking all necessary steps to ensure that your data is treated securely and in accordance with this Privacy Policy. If you would like more information on our data protection measures, please contact us at [email protected].

One Step is responsible for the processing of personal data it receives and subsequently transfers to a third party acting as an agent on its behalf. One Step GPS complies with the EU-U.S. DPF Principles, the UK Extension to the EU- U.S. DPF and the Swiss-U.S. Data Privacy Framework Principles for onward transfers of personal data, including the onward transfer liability provisions.

One Step GPS remains responsible and liable under the EU-U.S. DPF Principles, the UK extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework Principles if third-party agents that it engages to process the personal data on its behalf do so in a manner inconsistent with the Principles unless One Step GPS proves that it is not responsible for the event giving rise to the damage.

Under Annex I of the EU-U.S. Data Privacy Framework (DPF) Principles, One Step GPS provides you with the right to pursue binding arbitration if you believe your personal data has been mishandled and other dispute resolution methods have been unsuccessful. This arbitration mechanism ensures an independent review of claims related to violations of the DPF Principles, offering a fair and transparent resolution process for your concerns.

The Federal Trade Commission has jurisdiction over One Step GPS’ compliance with the EU-U.S. DPF, the UK Extension to the EU- U.S. DPF and the Swiss-U.S. Data Privacy Framework. In certain situations, One Step GPS may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

We use cookies and similar technologies, including pixels, web beacons, and local storage, to operate our website and Services, analyze usage, improve performance, and support marketing and advertising activities.

Some of these technologies may collect personal information such as online identifiers, IP address, browser type, device information, and interactions with our website. Certain cookies and tracking technologies may be used for analytics or targeted advertising purposes, including cross-context behavioral advertising as defined under applicable U.S. state privacy laws.

You may manage your cookie preferences through our cookie consent banner at any time. In addition, where required by applicable law, we recognize and honor Global Privacy Control (GPC) signals and other legally recognized opt-out mechanisms.

For more detailed information about the categories of cookies we use, the purposes for which they are used, and how you can control them, please refer to our Cookie Policy. For information regarding your rights to opt out of targeted advertising, sale, or sharing of personal information under applicable U.S. state privacy laws, please see the Supplemental U.S. State Privacy Rights Notice above.

How to contact us

If you have any questions regarding our privacy practices, if you wish to exercise your privacy rights under this policy, if you believe your privacy has been breached, or if you need to contact us for any other reason, you may email us at [email protected], call us at or (toll-free in the US only) between the hours of 5 am to 5 pm Pacific time, or write to us at 675 Glenoaks Blvd, San Fernando, CA 91340, USA.

Residents of certain U.S. states with comprehensive privacy laws — including California (CCPA/CPRA), Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Delaware, New Jersey, Montana, Iowa, and others — may have additional rights under applicable state privacy laws.

This Supplemental U.S. State Privacy Rights Notice describes those rights and explains how eligible residents may exercise them. This section supplements the information provided in our Privacy Policy.

For purposes of this section, “personal information” has the meaning assigned under applicable state privacy laws and does not include publicly available information, de-identified information, or aggregated information as defined by those laws.

Your RightsSubject to applicable law and verification of your identity, residents of certain U.S. states may have the following rights:

Right to Know / Access: You may request confirmation of whether we process your personal information and request access to the personal information we have collected about you.
Right to Data Portability: You may request a copy of your personal information in a portable and, to the extent technically feasible, readily usable format.
Right to Correction: You may request that we correct inaccuracies in your personal information, taking into account the nature of the information and the purposes of processing it.
Right to Deletion: You may request that we delete personal information we have collected from you, subject to certain legal exceptions.
Right to Opt-Out of Sale, Sharing, or Targeted Advertising: You may have the right to opt out of:
- The sale of your personal information (as defined under applicable law);
- The sharing of your personal information for cross-context behavioral advertising; and
- The processing of your personal information for targeted advertising purposes.
We recognize and honor legally required universal opt-out mechanisms, including Global Privacy Control (GPC) signals, where required by applicable law.
Right to Limit Use of Sensitive Personal Information: Where applicable, you may have the right to limit our use and disclosure of sensitive personal information to purposes permitted by law.
Right to Opt-Out of Profiling / Automated Decision-Making: Where applicable, you may have the right to opt out of certain types of automated decision-making or profiling that produce legal or similarly significant effects.
Right to Appeal
: If we deny your request, residents of certain U.S. states may have the right to appeal our decision, as permitted by applicable law. You may submit an appeal by contacting us at [email protected] We will review and respond to your appeal within the timeframe required by applicable law.

Non-Discrimination

We will not discriminate against you for exercising your rights under applicable U.S. state privacy laws.

Based on the nature and complexity of your request, and as permitted by applicable law, we may charge a reasonable fee or decline to act on a request that is manifestly unfounded, excessive, or repetitive.

We may offer a financial incentive or price or service difference permitted by law. Participation in any such program requires your prior opt-in consent, which you may revoke at any time.

Exercising Your Rights

You may make a verifiable request to exercise your privacy rights by contacting us via email at [email protected], or by providing a written request by mail to One Step GPS at 675 Glenoaks Blvd, San Fernando, CA 91340, USA.

Please note that the above rights depend on a few things, and we may refuse requests if there are exceptions under the applicable law.

If we cannot verify you (or your authority to act on behalf of another person) we have the right to deny the requests. While verifying your identity we generally avoid requesting additional information from you for verification purposes. If, however, we cannot verify your identity from the information already maintained by us, we may request additional information from you, which shall only be used to verify your identity while you are seeking to exercise your rights under applicable law, and for security or fraud-prevention purposes.

We delete any new Personal Information collected for verification as soon as practical after processing your request, except as required to comply with applicable legislation.

An "authorized agent" means a natural person, or a business entity registered with the Secretary of State that you have authorized to act on your behalf, provided you have:

Provided the authorized agent written permission to do so, and we could verify this; and
Verified your own identity directly with the business.

Subsection 1 does not apply when you have provided the authorized agent with a valid power of attorney.

We do our utmost to timely respond to a verifiable Individual, and in a portable format unless it is excessive, repetitive, or materially unfounded. If we require more time, we will inform you of the reason thereof and the extension period in writing.

Do Not Sell or Share My Personal Information

You may opt out of these activities by:

Adjusting your cookie preferences through our website’s cookie banner;
Enabling Global Privacy Control (GPC) or another legally recognized universal opt-out mechanism, which we honor where required by applicable law; or
Submitting a request to [email protected].

When a valid GPC signal is detected, we treat it as a request to opt out of the sale or sharing of personal information and targeted advertising, where required by law.Employees and Candidates

If you are a current employee or candidate of One Step GPS, please refer to our Candidate and Employee Privacy Notice for additional information on how we may collect, process, disclose, and retain your personal data.

If you need to contact us for any other reason, you may email us at [email protected], call us at or (toll-free in the US only) between the hours of 5 am to 5 pm Pacific time, or write to us at 675 Glenoaks Blvd, San Fernando, CA 91340, USA.

If you are a resident of the European Economic Area, we rely on our legitimate interest, contractual relationship, and you consent as described in this Privacy Notice to process your personal information. Additionally, subject to any exemptions as provided by law, you may have certain rights regarding the personal information we maintain about you. We offer you certain choices about what personal information we collect from you, how we use that information, and how we communicate with you. If at any time you wish to exercise your rights, please reach out to us in accordance with the “Contact Us” section below.

According to the GDPR, UK GDPR, BDSG, and FADP, you have the following rights:

Right of Access: If you ask us, we will confirm whether we are processing your personal information and, if so, provide you with a copy of that personal information along with certain other details. If you require additional copies, we may charge a reasonable fee.
Right to Rectification: If your personal information is inaccurate or incomplete, you may be entitled to ask that we correct or complete it.
Right to Erasure: You may ask us to erase your personal information in some circumstances, such as where we no longer need it, or you withdraw your consent (where applicable) and where there is no other legal basis for processing.
Right to Restrict Processing: You may ask us to restrict or ‘block’ the processing of your personal information in certain circumstances, such as if you contest its accuracy or object to us processing it.
Right to Data Portability: You may have the right to obtain your personal information from us that you consented to give us or that was provided to us as necessary in connection with our contract with you, and if the processing is carried out by automated means.
Right to Object: You may ask us at any time to stop processing your personal information, and we will do so: (a) if we are relying on a legitimate interest to process your personal information, unless we demonstrate compelling legitimate grounds for the processing or your data is needed to establish, exercise, or defend legal claims; or (b) we are processing your personal information for direct marketing and, in such case, we may keep minimum information about you (for example, in a suppression list) as necessary for our and your legitimate interest to ensure your opt out choices are respected in the future and to comply with data protection laws.
Right to Withdraw Consent: If we rely on your consent to process your personal information, you may have the right to withdraw that consent at any time, but this will not affect any processing of your data that has already taken place.
Right to Lodge a Complaint: If you have a concern about our privacy practices, including the way we handled your personal information, you can report it to the data protection authority that is authorized to hear those concerns.

Please note that the above rights are not absolute, and we may be entitled to refuse requests, wholly or partly, where exceptions under applicable law apply. We will not discriminate against you for exercising such rights.

Except as described in this Notice or provided for under applicable privacy laws, there is no charge to exercise your legal rights. However, if your requests are manifestly unfounded or excessive, in particular because of their repetitive character, we may charge a reasonable fee taking in account the administrative costs of providing the information or taking the action requested; or refuse to act on the request and notify you of the reason for refusing the request.

European Economic Area (EEA)

If you are a resident of the European Economic Area (EEA), One Step GPS is the “data controller” of your personal information for purposes of applicable data protection laws.

Pursuant to Article 27 of the General Data Protection Regulation (GDPR), we have appointed the following representative in the European Union:

Company Name: Instant EU GDPR Representative Ltd

Representative Contact: Adam Brogden

Office Telephone: +353 01 554 9700

Email: [email protected]

Website: www.gdprlocal.com

EU Address:

INSTANT EU GDPR REPRESENTATIVE LIMITED

Office 2

12A Lower Main Street

Lucan, Co. Dublin

K78 X5P8

Ireland

You may contact our EU representative directly regarding our processing of your personal information or to exercise your data protection rights. You may also submit a privacy request through the following link: https://onestepgps.gdprlocal.com/eu

United Kingdom

If you are a resident of the United Kingdom, One Step GPS is the “data controller” of your personal information for purposes of the UK GDPR and Data Protection Act 2018.

Pursuant to Article 27 of the UK GDPR, we have appointed the following representative in the United Kingdom:

Company Name: GDPRLocal Ltd.

Representative Contact: Adam Brogden

Office Telephone: +44 1772 217 800

Email: [email protected]

Website: www.gdprlocal.com

UK Address:

GDPRLocal Ltd.

1st Floor Front Suite

27–29 North Street

Brighton

England

BN1 1EB

United Kingdom

You may contact our UK representative directly regarding our processing of your personal information or to exercise your data protection rights. You may also submit a privacy request through the following link: https://onestepgps.gdprlocal.com/uk

If you have questions or comments about this Notice, you may send us an email at [email protected]. You may also call us at or (toll-free in the US only) between the hours of 5 am to 5 pm Pacific time, or write to us at 675 Glenoaks Blvd, San Fernando, CA 91340, USA.