Privacy Policy
Matt3r™ Technologies Inc. Privacy Policy
This Privacy Policy, and any amendments thereto, apply to K3Y devices (and related software).
Last Updated: March 12,2025, and effective from that date.
Introduction
This Privacy Policy describes how Matt3r Technologies Inc. (“Matt3r”, “us”, “our”, or “we”) may collect, use, and share your personal information (any information that can be used, either alone or in combination with other information, to identify you and/or your vehicle, “Information”) collected from your vehicle (the “Connected Vehicle”) and its advanced driver-assistance system (“ADAS”) while using our K3Y™ device, which is remotely transmitted to us for certain business purposes and to provide you with services through the K3Y device and/or the K3Y companion mobile application, the Consol3™ app (the “app”) (collectively, the “Products and Services”).
This Privacy Policy only applies to the collection, use and sharing of Information obtained from the Connected Vehicle, the Products and Services, and information you provide related to such Products and Services, or in any other contexts, such as: any other websites, applications, or other products or services that we may provide. This Privacy Policy does not apply to data or information collected by any third-party websites or applications that we do not own, operate, or control; or features available through your Connected Vehicle’s infotainment system.
Please read this Privacy Policy carefully and if you do not agree with it, please do not provide us with any Information. Your use of the Products and Services constitutes your acknowledgment and acceptance of our information handling practices as set out in this Privacy Policy and any modifications thereto. If the terms of this Privacy Policy are at any time unacceptable to you, do not provide us with any of your personal information through the Products and Services.
What Information Do We Collect and When?
Matt3r collects personal information about you that is reasonably necessary for the purposes described below. If you interact with the Products and Services or other digital features, we may automatically collect technical data (including personal information) about you, the Connected Vehicle, and the operation of the Connected Vehicle’s ADAS.
When you download the Consol3 App onto your Device
-
Account and Contact Data: username, password, name, email address, phone number, payment information (billing data, name, address, card information and expiry date).
-
K3Y Device Data: Data about your K3Y device, and if it is plugged into your Connected Vehicle, any data collected from your linked Connected Vehicle.
-
Vehicle Data: VIN, Driving Data, Location Data, Vehicle Health Data, Vehicle Sensor Data.
-
Device Data: device ID, device type, device operating system, Internet Protocol (IP) address, unique identifier, type of browser, Internet service provider, phone number, and information about the use of the products and services, including screen time, scrolling, specific actions and taps, reactions to alerts, the progress, completion and/or abandonment of in-application purchases, and crash reports.
-
App Data: If you use the Consol3 app, we collect the location of your username and password, device, device type, device operating system, Internet Protocol (IP) address, unique identifier, type of browser, Internet service provider, phone number, and information about your use of the Products and Services, including screen time, scrolling, specific actions and taps, reactions to alerts, the progress, completion and/or abandonment of in-application purchases, and crash reports.
When you install the K3Y device in your Connected Vehicle
When you install the K3Y device in your Connected Vehicle, activate it using the Consol3 App and register for the Services, your Connected Vehicle and K3Y device will begin transmitting certain Information to us, including:
-
Location Data: geo-location coordinates of your Connected Vehicle, when authorized by you through your mobile device’s operating system;
-
Driving Data: driving behaviour data, which includes the acceleration and speed at which your Connected Vehicle is driven, travel direction, and use of the steering and braking functions in your Connected Vehicle, timestamps, sensor data, speed, system operations, movement, position, environment (weather, road conditions, traffics signs, and other surroundings);
-
Vehicle Health Data: includes Vehicle Identification Number (VIN); odometer, fuel level and consumption, and oil life readings; Diagnostic Trouble Codes (DTCs), engine coolant temperature, fuel injection volume, engine Rotation Per Minute (RPM), and the status of doors, hood, trunk, and hazard lights, Diagnostic Trouble Codes (DTCs) and vehicle faults, battery voltage and other engine data;
-
Audio Data: the K3Y device has a microphone that collects audio data and monitors sound signals for certain audio signatures relevant to ADAS functioning or driving incidents (e.g. driver alert sounds played by the Connected Vehicle; sounds of crashes, horns, screeching tires) and transmits data relating thereto, but will not transmit raw audio data unless specifically controlled to do so by the User (e.g. through the Consol3 app, or by saying “Hey Matt3r …”); and
-
Video Data: footage from the dashcam and any other cameras of your Connected Vehicle.
When you contact us or provide us with feedback
We also collect customer feedback information submitted through the app, email, our website, or otherwise, including recordings of any calls for customer support, which we use for quality assurance purposes, when you contact us, provide feedback, make a complaint or other inquiry.
Additionally, when certain features are activated, you might be prompted to enter specific credentials via partnered portals integrated within our applications. For more information regarding our third-party integrations, please refer to the section with the same title, below.
In general, you are not required to provide Information for the above purposes, however your decision to not provide your data may result in reduced features and functionalities, the impossibility to use our information and Products and Services offered in this context, the denial of access to our Products and Services and/or exclusion from our business activities to the extent the processing of your personal information is key in these contexts.
Why Do We Collect Information?
We gather Information when you use our applications or when specific devices connected to our Products and Services are active as outlined above.
We may use the Information we collect from you in the following ways:
-
To provide our Products and Services to you and to administer your accounts.
-
For internal purposes including research and development, to analyze safety concerns and trends, provide support, to analyze quality, and to improve, troubleshoot, and evaluate the use of our Products and Services.
-
To communicate with you, including by email, phone, and direct mail.
-
To monitor driving behaviors and ADAS operation for the purposes of crowdsourced community data sharing.
-
To monitor environmental, road and traffic conditions for the purposes of providing accurate weather, map and traffic data.
-
To reconstruct scenarios in which accidents or other driving incidents have occurred, in order to better understand and improve ADAS functionality by making anonymized and/or de-identified scenarios available to third party ADAS developers.
We may also anonymize Information in order to use it for research and development purposes. We may combine the nonpersonal data with other data we hold and use it to reconstruct scenarios, to identify trends, and to generate statistics, which may be provided in anonymized format to third-parties in order to better understand and improve ADAS functionality and related technologies.
In the course of providing our Products and Services, we may make use of certain third party service providers located in Canada and/or the United States. When we share your personal information with such third parties, we require them to protect and handle your personal information in a manner consistent with our privacy practices and applicable laws.
In the course of our activities and for the same purposes as those listed in this Privacy Policy, your personal information can be accessed by, or transferred to the following categories of recipients on a need-to-know basis to achieve such purposes:
-
our personnel, including staff and contractors, in departments such as customer service, billing, call centre, and IT;
-
our suppliers and services providers providing us with services, such as payment processing;
-
our systems providers that provide us with IT solutions, including web service providers, web hosting, cloud service providers, database providers; and
-
our professional advisors, including accountants and lawyers, as part of requesting advice or as part of a business transaction involving part of our business or its assets.
Your personal information will remain protected in accordance with this Privacy Policy. Prior to any transfer of personal information, we ensure to have agreements in place with third-party service providers to ensure they only use personal information as necessary and for the purposes listed above, to protect the personal information with security safeguards appropriate to the sensitivity of the information, and not to use, disclose, or otherwise process it except as may be permitted by us, as required by law, or as stated in this Privacy Policy.
How Do We Protect Your Information?
We take data and information security seriously. We continuously strive to protect the Information against loss and unauthorized access or use by maintaining and continually updating our formal security program, which employs physical, organizational, and technical security practices to protect the Information, such as:
-
All data transmissions are encrypted via Secure Socket Layer (SSL) technology.
-
The Information is accessible only by a restricted number of individuals with special access rights to our systems.
-
We take numerous security measures to ensure the safeguarding of the Information, including:
-
Firewall Protection: The office is secured by advanced hardware firewall and intrusion detection.
-
Access Control Lists (ACLs): The office router enforces stringent ACLs to regulate incoming and outgoing traffic, enhancing network security.
-
Virtual Private Network (VPN) Access: Employees must use a VPN (certificate-based and not Pre-Shared-Key) to securely access the office network and internal resources when working remotely.
-
Secure Shell (SSH) Security: SSH access is strictly controlled using certificate-based authentication, with password logins completely disabled to prevent unauthorized access.
-
Multi-Factor Authentication (MFA): Company-wide MFA policies (using hardware security keys, Google Authenticator, or phone) are enforced, and employees are required to use their company domain emails (provided by Google).
-
Cloud Platform Providers: We leverage Amazon Web Services (AWS) and Google Cloud Platform as our cloud platform providers, both renowned for their industry-leading security practices.
-
AWS Services: We employ standard AWS services to implement Internet of Things (IoT), Application Programming Interface (API) backend, file storage, and databases, ensuring robust security and compliance.
-
Database Security: Databases are backed up daily, with encryption applied at rest and in transit (HTTPS) to safeguard data integrity and confidentiality.
-
File Storage Security: File storage is secured using server-side encryption with Amazon S3 managed keys (SSE-S3) to protect against unauthorized access.
-
Key and Certificate Management: Private keys and certificates are never exposed to users, and their exchange is secured using HTTPS, Advanced Encryption Standard (AES) encryption and Public Key Infrastructure (PKI) key exchange mechanisms.
-
API Endpoint Protection: API endpoints are fortified with JSON Web Token (JWT) based authorizers (using AWS Cognito authentication/authorization service) or user API keys and are protected by AWS Web Application Firewall (WAF).
-
Role-Based Access Control (RBAC): Implemented RBAC to ensure internal services and users only have minimum access to the resources necessary for their roles.
We store the Information for as long as reasonably necessary (i) for us to provide you with the Products and Services; (ii) for us to support all other uses we make of the Information as detailed in this Privacy Policy; and (iii) as required by law or legal process, or as may be needed in the event of anticipated or pending litigation. We have personal information retention processes designed to retain personal information for no longer than necessary for the purposes stated in this Privacy Policy or to otherwise meet legal requirements. We will dispose of information that is no longer required for the purpose for which it was collected.
Information that we collect may be stored and processed inside and outside your province of residence in Canada or in any other country in which we or our service providers maintain facilities, including in the United States. Information processed and stored in another country may be subject to the laws of general application in the jurisdiction where it is stored, including disclosure or access requests by the governments, courts or law enforcement or regulatory agencies in that country according to its laws.
If your personal information is transferred outside of your jurisdiction, we will take steps to ensure your personal information is adequately protected in accordance with applicable privacy and data protection laws. We use contractual and other means to ensure the information is protected while in the foreign jurisdiction. If you have questions about our policies and practices regarding service providers outside of Canada, please contact our Privacy Officer using the contact information at the end of this Privacy Policy.
By using our Products and Services or by providing us with the Information, you consent to any such transfer of the Information outside of your country.
Even though we have taken steps to help protect the Information in our control, you should know that we cannot fully eliminate security risks associated with such Information. No security measures can provide absolute protection. We cannot ensure or warrant the security of any Information you provide to us.
How Do We Share or Disclose Your Information?
The Information will not be sold or shared with external parties for marketing, advertising, or other unrelated or secondary uses other than the purposes listed above. However, Information may be shared, in de-identified or anonymous form, with third parties with which we have a non-disclosure agreement in place, strictly for research and development purposes, for providing accurate weather, map and traffic data, or for crash reporting.
We may disclose your Personal Information to third parties only under one or more of the following circumstances:
-
Personal information you have given us express permission to disclose to a specific third-party;
-
In an emergency to protect your safety, or where we have a good faith belief it is necessary to do so to prevent harm, injury, or loss, and we may use the Information to pursue or defend legal actions, even if harm, injury, or loss has already occurred;
-
In response to a search warrant or other legally valid inquiry, request or order, or to an investigative body in the case of a breach of an agreement or contravention of law, or as otherwise required or permitted by law;
-
If the disclosure is necessary or appropriate for the establishment, exercise or defense of legal claims, to protect our rights or those or our employees, contractors and/or customers, to prevent actual or suspect loss or harm to persons or property or to resolve a dispute between us; or
-
in connection with business transaction (e.g. a merger or sale (including transfers made as part of insolvency or bankruptcy proceedings)) involving all or part of our business.
Do Not Track and Cookies
We respect Do Not Track signals and do not use cookies for tracking purposes within our applications.
Third-Party Integrations
The Products and Services may contain links to other websites, which are not owned, operated, or controlled by Matt3r, including various extensions available in the Consol3 app which allow you to access third party services. For example, you may be able to access third party services such as Dropbox, FSD Community Tracker, Wham Baam, and DIMO for various purposes, such as to store your driving footage, report Connected Vehicle disengagements, and crowdsourced community data sharing. This Privacy Policy only relates to our collection and use of your data through the Products and Services, and we are not responsible for the privacy policies and practices of other third-party websites or services, including from any provided links, and you will be required to acknowledge that any such use of third-party websites or services is at your own risk before enabling any extensions. We urge you to review the privacy statements of each website or other services that you visit or access to ensure that you understand when, how and why those websites or services use and share your personal information.
For certain features, credentials are entered directly on partner portals integrated within our Control3 app. Matt3r does not access or store these credentials. Please refer to the partner’s privacy statement for information on its privacy practices.
Your Obligations
The nature of our Products and Services means that there may be circumstances where you might let someone else use a product or service that we provide to you (for example, you let someone else drive your Connected Vehicle). It is important that if you do let someone else use one of our products or Products and Services that you inform them of this Privacy Policy and of the privacy choices that you have made.
Your Rights
You have the following rights with respect to your personal information:
-
Access, Correct and Erase your personal information: Subject to limited exceptions prescribed by law, you have the right to obtain access to and correction of your personal information. This includes the right to request information about how we process your personal information, including what personal information we collect about you and to whom it is being shared. However, to the extent permitted by law, we reserve the right to charge a reasonable fee for copying and sending the information from your file. You also have the right to request that we correct or complete your inadequate, incomplete, or inaccurate personal information.
-
Right to opt-out: At any time, you may “opt-out” or withdraw your consent to the collection, use, disclosure or any other form of processing of your personal information, subject to contractual or legal restrictions. We will then stop the processing of your personal information, subject to legally permissible exceptions. Please note that your withdrawal has effect for future processing operations only, and note that if you withdraw your consent to some processing of your personal information, we may not be able to provide you with a particular offering, which may include the ability to view footage on your mobile device and other functionality provided by the K3Y device and its companion Consol3 app and related services. If you delete your account, we will cease collecting your personal information.
-
Unsubscribe from email marketing: You may remove yourself from our contact lists by following the unsubscribe instructions in each of the e-mails. You may also remove yourself from our list by contacting us as set out in the “Contact Us” section below. Please note that even if you unsubscribe to such communications, we may contact you for other purposes such as the status of your vehicle or account, or other service-related purpose and update as permitted by law.
Residents of certain jurisdictions may also have additional rights as required by local laws.
When you exercise these rights and submit a request to us, we may verify your identity by asking you to authenticate your identity via standard authentication procedures.
We will respond to your request in writing within the time required by law. In certain cases, for instance, when the request involves large volumes of information or we must contact multiple third parties to obtain the information requested, we may need additional time to respond.
If we refuse your request, we will respond to you in writing, provide the reasons for the refusal, and inform you of what remedies you may have.
You may exercise your privacy rights by sending a request to info@matt3r.ai.
Children’s Privacy
We do not knowingly target or collect any information from children under the age of 13. If you are above 13, and above the legal driving age where you reside, but under the age of majority, you must have the consent of your parent/legal guardian to our Privacy Policy to use the Products and Services.
If you are a parent or guardian who has discovered that your minor child has provided us with personal information, we ask that you contact us at info@matt3r.ai to have this information deleted from our records.
Changes to this Privacy Policy
We reserve the right to modify this Privacy Policy at any time and at our sole discretion. Changes to this Privacy Policy will be effective immediately on posting to the website found at: MATT3R PRIVACY POLICY, and when required by law, we will notify you. You agree to review this Privacy Policy on each visit to such website to inform yourself of any such modifications. You also agree to be bound by any such modifications.
If required by law, we may seek your prior consent.
Contact Us
For any inquiries or complaints concerning this Privacy Policy, please reach out to our Privacy Officer at info@matt3r.ai.