Quick Links
DATA BREACH NOTIFICATION & RESPONSE POLICY
Last Updated: February 7, 2026
Our Commitment to You
If a data breach affects your personal information, we are committed to:
- β Notifying you within 72 hours of confirming the breach
- β Providing transparent information about what happened
- β Offering support and remediation options
- β Notifying regulatory authorities
What Triggers a Breach Notification?
We will notify you if unauthorized access to your data includes:
- π΄ Biometric data: Your selfies, government ID images
- π΄ Payment information: Full credit card numbers or payment details
- π΄ Government ID information: Driver license numbers, national ID numbers
- π΄ Large number of users affected: More than 100 users' personal information
- π΄ Data exfiltration: Evidence that an attacker downloaded your data
How We Will Notify You
Notification Method
We will contact you via:
- Email: To your registered email address
- SMS: To your registered phone number (if available)
- Website Notice: A notice on your account dashboard
What the Notification Will Include
Our breach notification will provide:
- β What data was affected (e.g., "your name, email, and booking history")
- β When the breach occurred (date range)
- β When we discovered it
- β Steps we're taking to secure systems
- β Steps you should take to protect yourself
- β How to contact us with questions
- β Link to our full Data Breach Response Procedure
Timeline: 72-Hour Notification Requirement
Per Trinidad and Tobago law, we must notify you within 72 hours of confirming the breach:
- Hour 0: Breach discovered
- Hour 4: Initial investigation begins
- Hour 24: Breach confirmed (if legitimate) - notification clock starts
- Hour 72: You are notified by email/SMS
Regulatory Notifications
Trinidad and Tobago Police Service (TTPS)
We will notify the TTPS Cybercrime Unit within 72 hours if the breach involves:
- Criminal activity (ransomware, theft, extortion)
- Use of your data for fraud or identity theft
- Vehicle theft or illegal use
Information Commissioner of Trinidad and Tobago
We will notify the Information Commissioner if required by law:
- π§ Email: [email protected]
- π Phone: (868) 622-3684
Support We Offer
Credit Monitoring (If Payment Data Exposed)
If your credit card information was compromised, we will provide:
- β 12 months of complimentary credit monitoring
- β Credit score alerts
- β Identity theft insurance (if applicable)
Dedicated Support
- β Breach hotline: [email protected]
- β FAQ page addressing common questions
- β Guidance on steps to take
Steps You Should Take
If Your Payment Information Was Compromised
- Contact your bank/card issuer immediately
- Monitor your credit statements for unauthorized charges
- Consider placing a fraud alert (contact local credit bureau if exists)
- Use the complimentary credit monitoring service we provide
- Update your Fleet password to something strong and unique
If Your Biometric Data (Selfie/ID) Was Compromised
- Contact us immediately at [email protected]
- Request deletion of your biometric data
- Watch for any suspicious use of your identity
- Monitor for unauthorized access to your Fleet account
- Report any suspicious activity to local authorities
General Steps
- Change your Fleet password to a strong, unique password
- Enable two-factor authentication on your account (if available)
- Update passwords on other services that use the same password
- Monitor your accounts for unauthorized activity
- Contact us if you notice anything suspicious
Our Security Measures
Prevention
- π AES-256 encryption for sensitive data
- π Regular security updates and patches
- π Multi-factor authentication for admin access
- π Regular penetration testing
- π Security awareness training for staff
Detection
- π SIEM (Security Information & Event Management) monitoring
- π Automated alerts for suspicious access patterns
- π Intrusion detection systems
- π Regular security audits
Response
- π Documented incident response procedure
- π Rapid system isolation and containment
- π Forensic investigation
- π User notification within 72 hours
Frequently Asked Questions
Q: How long will the investigation take?
A: Initial investigation typically takes 24-48 hours. We'll notify you within 72 hours of confirmation. Full forensic analysis may take longer.
Q: What if the breach wasn't your fault?
A: Even if a third-party processor (like AWS) experiences a breach affecting our servers, we are responsible for notifying you and providing support.
Q: Can I request deletion of my data after a breach?
A: Yes. You can request deletion of non-essential data (preferences, messages). However, transaction records must be retained for 7 years per Trinidad and Tobago tax law.
Q: Will you notify me of every attempted breach, or just successful ones?
A: We only notify you of confirmed breaches where unauthorized access actually occurred. Attempts that our security systems blocked won't trigger notification.
Questions or Concerns?
Contact our Data Protection Officer:
- π§ Email: [email protected]
- π§ Support: [email protected]
- π Escalation: (868) 622-3684 (Information Commissioner)
Last Updated: February 7, 2026
Trinidad and Tobago Data Protection Act Compliant
Notification Requirement: 72 Hours