FROM MAR 2023
Requests for Customer Data
Every day, Samsara customers use their own data, as collected by our products and services, to improve the safety, efficiency, and sustainability of their operations. From time to time, that data may become relevant to law enforcement, regulatory investigations, or civil litigation. Here are some core principles we adhere to:
Samsara is a steward of our customers’ data and their privacy, as set out in our commitment to protecting customer privacy;
As part of that commitment, we will not disclose our customers’ data to third parties without their permission unless we are legally compelled to do so or if we reasonably believe that emergency disclosure to a government agency would prevent someone from dying or suffering serious physical harm, such as in the case of kidnapping or suicide prevention, to the extent permissible under applicable laws and our policies.
How third parties may submit requests seeking customer data and how Samsara responds
Samsara customers’ data belongs to its customers, and protecting that data from unauthorized disclosure is one of our most important responsibilities. In accordance with Samsara’s Terms of Service, Customer Data is “data captured by Customer’s use of the Hardware, data submitted by Customer or by a third party (including from or through Non-Samsara Products) on Customer's behalf into Apps and Hosted Software, and the analysis, reports, and alerts generated by the Products containing such data.” All capitalized terms are defined in Samsara’s Terms of Service.
Law enforcement occasionally conducts investigations into accidents and other events involving our customers, including by requesting that Samsara disclose or facilitate the disclosure of data belonging to our customers. Samsara is committed to complying with its applicable legal obligations in responding to such requests, and will carefully screen all requests to confirm that they are valid and lawful. We may push back on requests that are invalid or nonconforming, including through the following principles:
Samsara assesses the legality of all requests and complies with requests where Samsara believes that they are valid, lawful, and compulsory, or where Samsara believes that an emergency involving a danger of death or serious physical harm requires disclosure without delay. We will decline to comply with, and where necessary and appropriate may undertake reasonable efforts to contest, any request Samsara determines is not required by applicable law.
Samsara retains, and, as appropriate, consults with, expert outside legal counsel.
Where appropriate, we will inform the requester that we are merely a processor of our customers’ data and, if legally permitted to do so, seek to refer the requester to the relevant customer so that the customer can respond directly. See Seeking Enterprise Customer Data Held by Cloud Service Providers, USDOJ (Dec. 2017).
If the requester declines to redirect its request to the relevant customer, we aim to provide the customer with prompt notice of the request, unless we are legally prohibited from doing so.
If a customer consents to Samsara providing a response to the request, and if Samsara considers the request sufficiently targeted, Samsara may disclose responsive data. If a customer objects, we may seek to quash or limit the request if appropriate, but may ultimately be required to comply with it.
If Samsara is prohibited from providing prompt notice of a request to a customer, we will provide such notice once we are allowed to do so.
On an annual basis, Samsara produces a report the details the number of requests for Customer Data made and responded to. Samsara's Transparency Report is available here.
Subject to the foregoing, and only as consistent with its applicable legal obligations, Samsara will take reasonable measures to honor valid legal process seeking Customer Data, to the extent such data exists, is reasonably accessible, and as that data is kept in the ordinary course of business and/or in the form in which it is typically maintained. While Samsara aims to promptly acknowledge receipt of requests, requesting parties should expect that it may take 30 days or more for Samsara to send a substantive response. Best practices for making legitimate requests for Customer Data are described below.
Samsara strongly encourages law enforcement to work directly with a Samsara customer when seeking Customer Data. In most situations, Samsara customers will have more ready access to the relevant data than Samsara does.
Alternatively, law enforcement seeking customer data from Samsara may submit a valid warrant suitable to obtain electronic communications held by a third party, and issued by a court of competent jurisdiction, to Samsara via LERS@samsara.com. Samsara will respond to requests from a government agency only if they are sent from an official government email domain. Warrants seeking customer information must specifically identify the relevant Samsara customer, the customer vehicle or other equipment or asset identifier, the relevant category or categories of data, and the date and time range (including relevant time zone) of the event under investigation.
Law enforcement personnel are advised that, unless there is a valid non-disclosure order attached to a search warrant, Samsara will notify its customers of the law enforcement request. Law enforcement personnel should also know that data stored on a Samsara customer’s device that has not yet been transmitted to the cloud is not in Samsara’s possession, custody or control. In such a situation, the best practice is to work with the customer to ensure all data is uploaded before taking any further action, including removing and obtaining the relevant device safely and securely. Ignoring this guidance could result in unintended data loss.
Non-U.S. law enforcement requests must be made in accordance with the Mutual Legal Assistance Treaty (MLAT) process or the CLOUD Act.
Samsara reserves the right to seek reasonable compensation for work performed to respond to law enforcement or other requests.
Individuals and attorneys involved in litigation to which Samsara is not a party should obtain the information they seek directly from Samsara’s customer, as party discovery is the most appropriate and efficient means of obtaining data in this context. In the majority of circumstances, Samsara customers have access to the same relevant data as Samsara. Civil litigants should also know that data stored on a customer’s Samsara device that has not yet been transmitted to the cloud is not in Samsara’s possession, custody or control. In such a situation, the best practice is to work with the customer to ensure all data is uploaded before taking any further action, including removing and obtaining the relevant device safely and securely. Ignoring this guidance could result in unintended data loss.
Subpoenas must be correctly domesticated and state the category or categories of data requested. Samsara Inc. is a Delaware Corporation headquartered in San Francisco, California. Subpoenas must also provide information sufficient to specifically identify the relevant Samsara customer, the customer vehicle or other equipment or asset identifier, the relevant category or categories of Customer Data, and the specific and narrowed date and time range (including relevant time zone) of the requested data. Civil litigants may send valid, correctly domesticated subpoenas to Samsara’s registered agent at the address below:
Government agencies seeking to serve a civil subpoena on Samsara may submit subpoenas via email@example.com. Samsara will respond to requests from a government agency only if they are sent via an official government email domain.
Law enforcement may submit valid preservation requests pursuant to 18 U.S.C. § 2703(f) via LERS@samsara.com. Such requests must provide information sufficient to specifically identify the relevant Samsara customer, the customer vehicle or other equipment or asset identifier, the relevant category or categories of Customer Data, and the specific and narrowed date and time range (including relevant time zone) of the requested data. Requests should also state a period of time to a date certain for how long the preservation request remains in effect; requests not including an end date will have no effect greater than 90 days. Samsara will fulfill preservation requests from a government agency only if they are sent via an official government email domain.
Please note: Samsara has no obligation to comply with requests to preserve customer data made by parties to litigation to which Samsara is not a party, unless ordered to do so by a court of competent jurisdiction.
Samsara customers seeking assistance preserving their own data may contact Samsara Support for assistance.