GDPR-Compliant
Fleet Management Software
Most fleet platforms ship driver, location, and trip data to a US-controlled cloud. MobilityManager doesn't. Deploy on your own infrastructure or with an EU partner — and keep every byte of personal data under your control.
Built for the GDPR
Six compliance pillars baked into the architecture
On-premise / EU hosting
Deploy on your own infrastructure or with an EU cloud provider. Your data never crosses jurisdictions you didn't choose.
Immutable audit logs
Append-only audit trail for every state change — actor, timestamp, before/after. Survives pseudonymization.
Pseudonymization on deletion
Art. 17 erasure is honored without breaking historical records — personal fields are unlinked, audit IDs preserved.
Role-based access (RBAC)
Five default roles, fine-grained permissions, multi-tenant isolation. Least-privilege by default.
SSO / OIDC
Azure AD, Keycloak, ADFS. Integrate with your existing identity provider — no parallel password store.
Retention controls
Configurable retention per data class (bookings, audit logs, driver licenses). Automated purge jobs.
SaaS vs. self-hosted
Where the GDPR risk actually lives
| Concern | Typical SaaS fleet tool | MobilityManager |
|---|---|---|
| Data location | US or multi-region cloud | Your infrastructure or EU partner |
| Sub-processors | Often 10+ undisclosed | None — you operate the system |
| Cross-border transfer (Art. 44+) | ⚠️ SCC-dependent | ✅ Not applicable |
| Schrems II exposure | ⚠️ Possible | ✅ None |
| Telemetry / phone-home | Often enabled | ❌ None |
| DPA required with vendor | Yes | No (vendor isn't a processor) |
| Audit log immutability | Vendor-controlled | Your DB, your retention |
| Right to be forgotten | Ticket → vendor | API + UI you control |
Read more
FAQ — GDPR fleet management
What makes MobilityManager GDPR-compliant? +
MobilityManager is designed around data minimization, lawful processing, immutable audit logs, configurable retention windows, and pseudonymization on deletion. Because it runs on your own infrastructure, your data never leaves the EU (or your data center) — eliminating the cross-border transfer risk that affects most US-based SaaS fleet tools.
Where is the data physically stored? +
Wherever you deploy MobilityManager. On-premise in your own data center, in your private cloud, or with an EU cloud provider — the choice is yours. There is no MobilityManager-operated cloud, no telemetry, no phone-home. The vendor (Cloudkasten GmbH, Germany) never sees your fleet data.
How does MobilityManager handle data subject rights (Art. 15-22 GDPR)? +
Built-in tooling supports access requests, rectification, erasure, restriction, and portability. Deletion is implemented as pseudonymization — driver records are unlinked from personally identifying fields while audit trails remain valid. Reports for data subject requests can be exported in PDF or CSV.
Are audit logs immutable? +
Yes. Every state change in the system writes an append-only audit log entry with timestamp, actor, action, and affected entity. Logs cannot be edited or deleted from the application UI and survive pseudonymization, satisfying both GDPR Art. 30 (records of processing) and common security audit requirements.
Does MobilityManager require a Data Processing Agreement (DPA)? +
Not for the software itself — because Cloudkasten GmbH does not process your data. We only ship the software. You operate it. A DPA only becomes relevant if you use a hosting partner; in that case you sign a DPA with that hosting provider, not with us.
Is MobilityManager suitable for organizations subject to BDSG and NIS2? +
Yes. The on-premise deployment model, immutable audit logs, role-based access control with five default roles, and SSO/OIDC integration make it suitable for organizations under the German BDSG, the NIS2 directive (KRITIS), and sector-specific regulations such as those in healthcare or public administration.
Compliance-first fleet management
Bring fleet data home — without giving up modern tooling
See how a 30-minute on-premise install replaces a multi-region SaaS contract.
By submitting you agree that Cloudkasten GmbH may store your data for the purpose of contacting you. More details in our Privacy Policy .