Trust at Phunware

General Data Protection Regulation (GDPR)

Phunware has implemented the following practices to ensure that we handle customer data in compliance with GDPR laws.

• Every Phunware employee has to undergo extensive privacy training and sign an employee privacy pledge.
• All company policies and procedures are updated to include GDPR priorities.
• Data subject rights are incorporated into our product capabilities and ongoing product maintenance roadmap.
• All third-party vendors are vetted to provide adequate customer privacy protections, including the use of Data Privacy Agreements where necessary.
• We created a Privacy Team focused on maintaining, enforcing and responding to user privacy needs. We are also committed to carrying out data impact assessments and proactively updating privacy practices as regulations evolve over time.
• A compliance assessment of data inventory and data maps, including Article 30 review, will be conducted annually.

Privacy Policy

Our detailed privacy policy covers our commitment to protecting your privacy. Our privacy policy is constantly updated and evolves with changing global laws and regulations.

Certifications

We ensure the privacy of your data through trusted independent third parties.

• Phunware complies with the EU-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use and retention of personal information transferred from the European Union to the United States.

Other Privacy Practices

• We appointed a Data Protection Officer (DPO) who provides extensive privacy expertise to all areas of our business.
• We maintain a Privacy roadmap including technical and organizational controls to maintain proper compliance.

• We implement a Secure Development Lifecycle (SDL) process across all products. Our SDL ensures that security assurance activities such as penetration testing, code review, architecture analysis, Static Application Security Testing (SAST), and Open Source Analysis (OSA) are an integral part of the development lifecycle.
• We include Product Security Features for software handling PII data. Features include encrypted data transportation (HTTPS), multi-factor authentication, API / SDK authentication and authorization layer, role-based access controls and database encryption.
• Our in-house security team works with some of the best security firms in the industry and their tools to monitor and assess our systems and applications.
• All of our data is hosted in secure SOC and ISO compliant enterprise hosting facilities with best of class security measures.

• We conduct audits on all vendor and service providers to ensure privacy and security compliance standards are maintained.
• We established a Planning and Operations department that provides strategic direction and governance of ongoing privacy needs.
• We plan to continually improve our compliance standards by building a “see something, say something” culture.