Privacy Policy
Your trust is fundamental to everything we do. This policy explains how Logifit collects, uses, and protects your personal and biometric data.
updateLast updated: March 2026
Information We Collect
Logifit collects several categories of data to deliver our fatigue management services. This includes personal identification information (name, email, employee ID, job role), biometric data (sleep patterns including deep, REM, and light sleep phases captured via smartband devices, facial recognition data from in-cabin monitoring systems, and psychomotor reaction times from PVT assessments), and health-related data (fitness-for-duty status, clinical evaluation outcomes, and occupational health records).
We also collect device and technical data (smartband identifiers, camera device IDs, IP addresses, browser type, and operating system), usage data from our Ops Platform (login times, feature usage, report generation), and location data when required for fleet monitoring through our In-Cabin DMS system.
All biometric data is classified as sensitive personal data and is subject to enhanced protection measures as described in this policy.
How We Use Your Data
We process your data for the following purposes: delivering our fatigue management services (Pre-Work Assessment, In-Cabin DMS, and Ops Platform), generating fitness-for-duty evaluations (APTO / NO APTO / APTO CON OBSERVACIONES), real-time safety monitoring and alert generation, and clinical case management when health interventions are required.
We also use data for compliance with occupational safety regulations (SUNAFIL, NOM, DS 594, OSHA, ISO 45001), product improvement through aggregated and anonymized analytics, generating safety reports and dashboards for authorized supervisors, and training and improving our machine learning models using de-identified datasets.
We process biometric data exclusively on the legal basis of legitimate interest in workplace safety, contractual necessity with your employer, and — where required by applicable law — your explicit consent.
Data Sharing & Third Parties
Logifit does not sell, rent, or trade your personal data to any third party. We share data only in the following limited circumstances:
With your employer (our client), who is the data controller, to the extent necessary for fatigue management and occupational safety purposes. With trusted subprocessors who help us deliver our services, including Amazon Web Services (AWS) for cloud infrastructure and data hosting, Google Cloud Platform for analytics and ML processing, and Twilio for communication services. Each subprocessor is bound by strict Data Processing Agreements.
We may also disclose data when required by law, regulation, legal process, or governmental request, or to protect the rights, safety, or property of Logifit, our clients, or the public. In such cases, we will notify affected parties to the extent legally permitted.
Data Security
We implement industry-leading security measures to protect your data. All data is encrypted using AES-256 at rest and TLS 1.3 in transit. Zero plaintext storage of sensitive biometric information is maintained at all times.
Our security infrastructure includes role-based access control (RBAC) with least-privilege policies, multi-factor authentication (MFA) for all platform access, multi-tenant architecture with logical data isolation per client, 24/7 Security Operations Center (SOC) monitoring via AWS CloudWatch, automated key rotation and vulnerability scanning, and regular penetration testing by independent security firms.
In the event of a data breach, we will notify affected clients and relevant supervisory authorities within 72 hours, in compliance with GDPR Article 33 and equivalent requirements under LGPD, Ley 29733, and other applicable regulations.
Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal data, in accordance with GDPR Articles 15-22 and equivalent provisions under applicable laws:
Right of Access (Article 15): Request a copy of the personal data we hold about you. Right to Rectification (Article 16): Request correction of inaccurate or incomplete data. Right to Erasure (Article 17): Request deletion of your personal data under certain circumstances. Right to Restrict Processing (Article 18): Request that we limit how we use your data. Right to Data Portability (Article 20): Receive your data in a structured, machine-readable format. Right to Object (Article 21): Object to processing based on legitimate interests. Right to Withdraw Consent (Article 7): Where processing is based on consent, you may withdraw it at any time.
To exercise any of these rights, please contact our Data Protection Officer at privacy@logifit.io. We will respond to your request within 30 days. Note that certain rights may be subject to limitations under applicable law, particularly where data processing is required for workplace safety compliance.
International Data Transfers
Logifit operates across 12+ countries, and your data may be processed in a country other than where it was originally collected. Our primary data infrastructure is hosted on AWS in regions that provide adequate data protection safeguards.
For transfers of data from the European Economic Area (EEA), United Kingdom, or Switzerland to countries that do not have an adequacy decision from the European Commission, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission, as supplemented by additional technical and organizational measures where necessary.
For transfers involving Latin American jurisdictions, we comply with the applicable cross-border transfer requirements of Ley 29733 (Peru), LGPD (Brazil), Ley 1581 (Colombia), LFPDPPP (Mexico), and LPDP (Chile). We ensure that all receiving jurisdictions provide an adequate level of data protection or that appropriate contractual safeguards are in place.
Cookies & Tracking
Our website and platform use cookies and similar tracking technologies. Essential cookies are required for the platform to function properly and cannot be disabled. These include session management, authentication tokens, and security cookies.
Analytics cookies help us understand how visitors interact with our website and platform. We use these to improve our services and user experience. Marketing cookies may be used to deliver relevant content and measure campaign effectiveness. These are only placed with your explicit consent.
You can manage your cookie preferences through your browser settings or our cookie consent banner. Please note that disabling essential cookies may affect the functionality of our platform. For our Ops Platform SaaS application, only essential cookies required for service delivery are used.
Data Retention
We retain personal and biometric data only for as long as necessary to fulfill the purposes described in this policy, comply with legal obligations, and support legitimate business needs.
Biometric data from Pre-Work Assessments (sleep patterns, PVT results) is retained for the duration of the service contract plus a regulatory compliance period, which varies by jurisdiction. In-Cabin DMS recordings are retained for a maximum of 90 days unless a safety event requires longer retention for investigation purposes. Clinical and health data is retained in accordance with occupational health regulations in the applicable jurisdiction, typically between 5 and 30 years.
Upon termination of a service contract, or upon a valid deletion request, we will securely delete or anonymize your data within 90 days, except where longer retention is required by law. Data destruction follows certified processes with documented audit trails.
Children's Privacy
Logifit's services are designed exclusively for B2B workplace safety applications and are not directed at individuals under the age of 16. We do not knowingly collect personal data from children.
If we become aware that we have inadvertently collected personal data from a child under 16, we will take immediate steps to delete such data from our systems. If you believe we may have collected data from a minor, please contact us immediately at privacy@logifit.io.
Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or business operations. When we make material changes, we will notify you through a prominent notice on our website, via email to registered platform users, or through your employer's designated contact.
We encourage you to review this policy periodically. The 'Last Updated' date at the top of this page indicates when the policy was most recently revised. Your continued use of our services after any changes constitutes acceptance of the updated policy.
Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data protection practices, please contact us:
Data Protection Officer: privacy@logifit.io | Logifit S.A.C. | RUC: 20607315699 | Lima, Peru. For general inquiries: contact@logifit.io. For security concerns: security@logifit.io.
We are committed to resolving any complaints about your privacy and our collection or use of your personal data. If you are not satisfied with our response, you have the right to lodge a complaint with the relevant supervisory authority in your jurisdiction.
Questions About Your Privacy?
Our data protection team is here to help. Reach out to us for any questions about how we handle your data.