FAQs

Answers to common questions about our intelligent vehicle ownership platform

Commercial & contractual

What is being provided (product vs data)?

AutoSymmetry’s role (including whether we act as a service provider and/or handle data on behalf of a partner) is defined in the relevant agreement and consent scope. Partner data rights are preserved, and access is purpose-limited.

Do we retain ownership of our data?

Yes – partners retain their underlying data rights;

AutoSymmetry operates as a processor/controlled intermediary per contract and consent.

Can we restrict use to specific purposes?

Yes – purpose limitation is enforced via scopes
(e.g., claims handling only, service reminders only).

What’s the minimum commitment and exit process?

Partner-friendly model: initial pilot term, then annual renewal;
data export + deletion workflows on termination.

Privacy, consent, and governance

How is consent captured and proven?

Consent is logged with scope, timestamp, user identity context, and revocation state; logs are exportable for audit.

What happens if consent is revoked?

Access is removed for that scope; downstream insights
should degrade gracefully and flag uncertainty.

What personal information is stored?

Minimisation by design: store only what is required for agreed purposes; separate PII from operational signals where possible.

Do you support data deletion requests?

Yes – process supports deletion and retention rules
aligned to contractual and legal obligations.

Is data shared with third parties?

Only as authorised by contract and consent scope;
disclosures are documented (including subprocessors).

Security & assurance

How is data protected (at rest/in transit)?

Encryption in transit (TLS) and at rest (industry standard encryption mechanisms); keys managed with strict access controls.

How do you manage access internally?

Role-based access control, least privilege, strong authentication, logging and monitoring.

Do you have vulnerability management?

Our security programme includes routine scanning, patch SLAs, and independent penetration testing at defined milestones.

Do you have an incident response plan?

Yes – defined triage/severity, notification procedures, and post-incident root cause process (attestation roadmap below).

Operational & technical

How do you integrate with our systems (DMS/CRM/POS/telematics)?

API-based integration patterns; supports staged onboarding
(start with one source, then add more).

What if data sources are inconsistent?

Lineage + validation; conflicting signals are flagged
and resolved by confidence rules (not silent overwrites).

What are your SLAs / uptime targets?

Define per tier; pilots commonly start with pragmatic targets
and then harden to enterprise SLAs.

Can we run a pilot without deep integration?

Yes – start with one narrow workflow (e.g., tyre condition + service reminders) to prove value, then expand.

Compliance & audit readiness

Can you support audit and regulator requests?

Yes – exportable logs for consent, access, lineage,
and key decisions.

Data residency requirements?

Supported by hosting configuration; specify residency
in contract and architecture.

Subprocessors list and change controls?

Procurement pack includes a maintained list
and a notification/change process.