Data Processing in FleetManager

This document describes how Brinkhaus GmbH processes data submitted by edge devices, security agents, and connected applications to the Brinkhaus FleetManager. It supplements our Privacy Policy, which covers data processing when visiting this website.

1. What Data is Collected?

FleetManager receives the following data from connected devices and applications:

Heartbeats

Periodic health signals from monitored software. These include: software version, uptime, process ID, device IP addresses, and timestamps.

Diagnostics

Structured messages with severity levels (Info, Warning, Error), a diagnostic code, a message, and optional context data. These messages are generated by the monitored software or the security agent.

Status Updates

Explicit state transitions (e.g. running, degraded, error, stopped) with optional JSON snapshots describing the current state of the software.

Security Checks

Results of automated security assessments by the FleetManager Security Agent. These include checks on user accounts, firewall rules, services, patch levels, file integrity, network configuration, and other CIS Benchmark-based controls.

Metadata

Technical metadata is recorded with every submission: operating system type and version, hostname, customer identifier, and machine identifier.

2. How is Data Transmitted?

All data is transmitted exclusively via HTTPS (TLS-encrypted) to the FleetManager Ingest API. Authentication uses bearer tokens assigned to the respective customer. New devices are automatically registered on first contact. Unencrypted transmission is not possible.

3. Where and How is Data Stored?

  • Database: PostgreSQL on the respective FleetManager server.
  • SaaS operation (hosted by Brinkhaus): Hosted on a Virtual Private Server in Germany.
  • Self-hosted operation: Data remains entirely on the customer's infrastructure.
  • Tenant isolation: Strict data isolation through customer hierarchy — each tenant can only see their own data and that of their sub-customers.
  • Encryption: Transport encryption (TLS) and server-side disk encryption.

4. Retention and Deletion

Retention periods are configurable per data type:

  • Heartbeat logs, diagnostic logs, status logs: Configurable retention in days.
  • Snapshot data: Configurable retention in hours.
  • Customer-specific periods: Customers can set shorter retention periods.
  • Automatic cleanup: Expired data is automatically deleted every 6 hours.
  • Exception: Unacknowledged alerts are retained regardless of the retention period until they are manually acknowledged.

5. Access and Permissions

Access to stored data is strictly role-based:

  • Admin: Full access to the assigned customer and its sub-customers.
  • Manager: Management of sub-customers.
  • Viewer: Read-only access to own data.

Authentication uses JWT tokens with optional two-factor authentication (TOTP). All security-relevant actions (e.g. alert acknowledgments) are recorded in an audit trail.

6. Anonymized Analysis for Product Improvement

Brinkhaus analyzes the submitted data in aggregated and anonymized form to continuously improve FleetManager's detection quality.

Purpose

By analyzing patterns and trends across specific operating system versions, software configurations, or security findings, we derive improved detection rules, filters, and default configurations that benefit all customers. For example, if certain security findings frequently occur on Debian 12 systems, we can develop targeted filters that better classify and prioritize these findings.

What is Anonymized?

Before any analysis, all customer-specific and personal identifiers are removed:

  • Customer names and customer identifiers
  • Machine names and hostnames
  • IP addresses
  • Any other data that could identify individual customers or persons

What is Analyzed?

  • Operating system type and version (e.g. "Debian 12", "Windows Server 2022")
  • Diagnostic codes and their frequency
  • Severity distribution
  • Patterns in security check results

Legal Basis

The anonymized analysis is based on our legitimate interest pursuant to Art. 6(1)(f) GDPR. The legitimate interest lies in improving the security detection quality for the benefit of all FleetManager users.

Right to Object

The anonymized analysis is active by default. You can object to the inclusion of your data in the anonymized analysis at any time by contacting us by email at office@brinkhaus-gmbh.de. After receiving your objection, your data will be excluded from future analyses.

7. Disclosure to Third Parties

  • No disclosure of raw data: Customer data is not shared with third parties.
  • Product improvements: Insights from anonymized analysis are used exclusively for product improvements (e.g. improved default filters or detection rules) that are available to all customers.
  • No advertising: Data is not shared or used for advertising purposes.

8. Rights of Data Subjects

With regard to the data stored in FleetManager, you have the following rights:

  • Access to data stored for your customer account (Art. 15 GDPR)
  • Rectification of inaccurate data (Art. 16 GDPR)
  • Erasure of your data (Art. 17 GDPR)
  • Restriction of processing (Art. 18 GDPR)
  • Data portability in a machine-readable format (Art. 20 GDPR)
  • Objection to processing (Art. 21 GDPR)

You also have the right to lodge a complaint with the competent supervisory authority (The State Commissioner for Data Protection of Lower Saxony).

9. Contact

Brinkhaus GmbH
Schneekoppenweg 6
30916 Isernhagen, Germany

Managing Director: Dr. Jan Brinkhaus
Email: office@brinkhaus-gmbh.de
Phone: +49 179 3939 733

Last updated: March 2026