Privacy Policy
Last updated: [Pending attorney review]
Attorney Review Pending
This privacy policy is placeholder language and will be replaced with an attorney-drafted privacy policy before the platform accepts any paying customers. The final policy will cover CCPA compliance, data retention, user rights, and third-party data sharing practices.
1. Information We Collect
Account Information: When you create an account, we collect your email address and organization name. We use Supabase for authentication and do not store passwords directly.
Usage Data: We log which carriers you search, when you search them, and which features you use. This data is associated with your organization and protected by Row Level Security — no other organization can access your search history.
Payment Information: Payment processing is handled entirely by Stripe. We do not store credit card numbers or banking information on our servers.
2. Carrier Data
All carrier risk data displayed in our platform is derived from publicly available government databases (primarily FMCSA). We do not collect personal information directly from motor carriers or their employees. Identity pattern signals are generated from observable patterns in public registration data and do not involve private data collection.
3. How We Use Your Information
We use your information to: provide the carrier risk assessment service, process payments, send monitoring alerts you have configured, improve our service, and communicate about your account. We do not sell your personal information to third parties.
4. Data Retention
Account data is retained while your account is active and for a reasonable period afterward. Search history and decision receipts are retained for audit and legal defensibility purposes. Source data from government databases is archived to immutable storage as a permanent record.
5. Data Security
We use industry-standard security measures including encrypted connections (TLS), Row Level Security at the database layer to prevent cross-tenant data access, and API key authentication for programmatic access. All infrastructure is hosted on Vercel and Supabase with SOC 2 compliance.
6. Your Rights
You may request access to, correction of, or deletion of your personal data by contacting us. California residents have additional rights under the CCPA. We will respond to verifiable requests within 45 days.
7. Canadian Carriers
We process publicly available government data regarding Canadian carriers operating in the United States pursuant to FMCSA regulations. Canadian carriers may request access to their data by contacting us at the email below.
8. Contact
For privacy-related inquiries, contact: privacy@daaswhatsup.com