Samsara Products

---

Samsara’s commitment to privacy and compliance is reflected in our product features and in our customers’ ability to customize many of our solutions to fit their specific employee and community needs and any country-specific regulations. We develop all of our products with the following foundational privacy controls:

Customizable privacy features

Samsara’s products offer a host of configurable privacy features and functionalities to help fit with your specific needs and protect employee and community personal information. Examples of these configurable privacy features include but aren’t limited to Parking Mode (change how long to continue recording after a trip ends), Privacy Button (turn off GPS location tracking), limited data collection (customize the amount of footage that is uploaded and saved), customizable data retention settings, and configurable user access permissions.

Restricted data access

Customizable data access controls make it easy to limit access to your organization’s data. For example, with these controls, your organization can specify that only properly trained or approved employees are granted access to restricted data. Moreover, you can configure these controls to align with company policies and any other applicable requirements.

Strong security

All data that is captured, stored, or processed by Samsara’s products is encrypted when in transit to (including TLS 1.2 and 256 AES encryption) or at rest in (including FIPS 140-2 compliant encryption standards) the Samsara cloud production environment. Additional security measures include hardened cloud-hosted infrastructure, over-the-air updates, and physical device protections, among others.

Secure data storage

All of our customers’ data is primarily stored using Amazon AWS, which is rated as the leader in cloud security by research firm Forrester. Our EU and UK customer data is stored in Ireland, and our US, Mexico, and Canada customer data is stored in the US in Oregon.

We have materials to help support our customers in their use of our products in compliance with local laws. Please reach out to your representative for more information and we would be happy to provide them to you. If you are not in contact with a representative, please fill out a form or contact sales@samsara.com and we will connect you with the right person.

Samsara’s Privacy and Ethics Board

---

Samsara’s Privacy and Ethics Board is a cross-functional group of Samsara stakeholders that meets regularly to discuss potential privacy and ethical issues as they relate to our products and our industry. This board helps make sure that key stakeholders across our company are thinking critically and communicating often about how the technology we design and develop affects our environment and society. The Privacy and Ethics Board is one of the means by which Samsara makes sure privacy considerations remain an important part of our decision-making technical and organizational processes.

If you are a Samsara customer, contact your account representative for more information about the Privacy and Ethics Board and its ongoing work. If you are not already in contact with a representative, please fill out this form or contact sales@samsara.com to learn more.

Agreements and Regulatory Compliance

---

Samsara is committed to being transparent about how we maintain and use personal data. Company-wide policies, contractual terms and other safeguards reinforce Samsara’s responsibility to protect your data to stay compliant with the law.

GDPR and CPRA

We are committed to our customers’ success, including assisting with your efforts to comply with the EU and UK General Data Protection Regulation (“GDPR”) and/or the California Privacy Rights Act (“CPRA”). We understand that many of our customers need to be able to move their data seamlessly and safely between countries to serve their workforces and manage their operations. Whether you are in the US, the UK, the EU, or elsewhere, Samsara has you covered. We are pleased to provide one-pagers for our customers to help them understand Samsara’s commitment to GDPR and CPRA compliance.

*Please note that this content is not legal advice and is only provided for informational purposes. For legal advice, please consult your organization’s legal team or an outside attorney.

Samsara’s Data Protection Addendum (DPA)

Under the EU and UK GDPR, the Swiss Federal Act on Data Protection (“FADP”), the CPRA, and other relevant privacy laws, Samsara will serve as the “data processor” or “service provider” for our customers, who in turn, act as the “data controller” or “business.” To learn more about how Samsara processes customer personal data as part of this controller-to-processor relationship and our customer contracts, please see our DPA here.

Data transfers

To comply with EU, Swiss, and UK data protection legislation on international data transfer mechanisms as part of our controller-to-processor relationship and our customer contracts, Samsara agrees to abide by and process customer personal data in accordance with the European Commission approved Standard Contractual Clauses (SCCs). Such SCCs are included within our data protection addendum to provide adequate protection for such personal data transfers. To learn more, please see our DPA here.

Samsara’s Data Protection Impact Assessment (DPIA)

The EU and UK GDPR, as well as the FADP, require organizations to undertake a data protection impact assessment (DPIA) (or equivalent “balancing exercise”) where using new technologies is likely to result in a high risk to individuals. Samsara can provide supporting materials and templates to assist you in your assessment of such risks, helping you demonstrate your compliance with applicable laws and regulations.

Transparency report

Samsara is a steward of its customers’ data and their privacy, and we will not disclose our customers’ data to third parties without their permission unless we are legally compelled to do so, or if we reasonably believe that emergency disclosure to a government agency would prevent someone from dying or suffering serious physical harm, such as in the case of kidnapping or suicide prevention, to the extent permissible under applicable laws and our policies. While not often, there are times we must provide such data in response to valid legal process requests, and we are committed to being transparent about how and why we do this - our Transparency Report provides insight into the third party data requests we receive.

For more information about how Samsara supports compliance with applicable legal requirements in your region, please contact your Samsara representative, who can give you access to our privacy white papers for the United Kingdom and Ireland, Germany, and France. If you do not have a representative, please contact sales@samsara.com or reach out through our website.

Security and Data Protection

---

Protecting our customers’ privacy and respecting confidential information is fundamental to our core values. Samsara products are built from the ground up with security and privacy in mind. As part of our commitment to privacy and security, we’ve adopted the highest standards and also conduct regular audits pursuant to the Service Organization Controls (SOC 2) reporting process to ensure our customers’ data is safe and available.

Security practices

Samsara implements the highest industry standards for encryption, storage, privacy, network, and endpoint security.

Audits

Samsara regularly conducts security audits to ensure our systems are properly safeguarded. For example, our SOC 2 reports include descriptions of our software infrastructure and the processes we have in place to keep our customers’ data safe and available. We also engage independent entities to conduct application-, infrastructure-, and hardware-level penetration tests at least annually.

Learn More: To learn more about Samsara’s commitment to upholding the highest security standards, please visit our security page.

Supporting our Customers

---

Our customers’ success is paramount. We constantly seek feedback to better understand our customers’ needs in order to develop products and services that will benefit them the most. In encouraging a constant feedback loop, we learn of the challenges and obstacles our customers may face when adopting new technology within their organization and with their workforce. At Samsara, we believe that customer trust is strengthened not just through contractual obligations, but through operational support and guidance. We understand that our customers care about their employees’ safety and security, and how their privacy and personal data are protected. To that end, Samsara has published resources to help support customer efforts in their roll-out, including the following:

Creating a Dash Cam Program with employee representative organizations (e.g., trade unions or works councils):

Implementing dash cams for the first time can be daunting. From installation to training, coaching, rewards, and beyond, there are a lot of factors to consider. Perhaps nothing is more important than driver buy-in, especially if you work with employee representative organizations. Read our interview with a customer on best practices for creating a successful dash cam program with union drivers. We’ve also published nine essential tips for getting driver buy-in to share more industry best practices and learnings from our most successful customers.

Dash Cam Policy templates and sample driver notices:

Our customers care about employee and community privacy, and often field questions about how Samsara products collect and process personal data. Trust is earned through transparency - we believe that being transparent and providing clear notices and policies help drivers feel informed and comfortable about the use of dash cams. As such, we support our customers by sharing dash cam policy templates, sample driver notices and consent memos, and other relevant resources to help them provide clarity to their drivers. Please reach out to your representative for more information and we would be happy to provide them to you. If you are not in contact with a representative, please fill out a form or contact sales@samsara.com, and we will connect you with the right person.

Research and Whitepapers

---

Samsara believes in transparency and accountability, data-driven decision making, and empowerment of our people and communities. These principles are at the forefront of the work we do and will continue to guide us on our mission. As part of this journey, we have proactively collected data, tracked metrics, conducted research, and published results and findings on the topics most important to our customers, community, and Samsara itself.

2023 State of Privacy in Physical Operations:

We surveyed hundreds of executives about their biggest concerns around privacy in the physical operations space. In our inaugural State of Privacy in Physical Operations report, we share the data and findings of the study, highlighting the industry's current privacy concerns and challenges, as well as how their organizations are working to address them.

Environmental, Social, and Governance (ESG) Report:

In our ESG Report, we uphold our commitments and share how we use data to drive change within Samsara and for tens of thousands of customers globally.

A Practical Guide to Video-Based Safety Technologies in Commercial Fleets:

Given the increasing importance of technology in emerging transportation safety efforts, Samsara published a white paper in collaboration with the Future of Privacy Forum (FPF), taking a closer look at video-based safety systems and its use and impact in commercial motor vehicle fleets. The paper provides an overview of video-based safety systems, and documents the ways commercial carriers are using this technology to reduce distracted driving and other unsafe driving behaviors, provide real-time feedback to drivers, improve driver coaching, enhance operational visibility and efficiency, and support incident investigation and driver exoneration.