Privacy Policy

• Account information. Your email address, display name, optional profile photo, and the organization (carrier) you belong to — created when you sign up or are invited.
• Permit data. The permits you upload, photograph, or forward by email, and the routes, vehicle/trailer details, and commodities parsed from them.
• Location data. While you actively navigate a permit, your device’s GPS position is sampled periodically (roughly every 30 seconds or 100 meters) to draw your live breadcrumb, build your drive history, and measure how closely a trip followed its permitted route. This is device-origin GPS — it comes from your phone, not from a third-party map provider.
• Device and usage information. Coarse, non-identifying signals about how you reach SafeHaul — device type (phone vs. desktop), whether you installed the app, approximate connection quality, and which features you use. We deliberately keep this low-resolution (no exact screen size, no device fingerprint, no cross-app tracking) — just enough to understand the product’s device and connectivity mix and where coverage gaps exist.

• To run the service — parse permits, compute and display permitted routes, show your live position and drive history, and verify routes for safety.
• To build anonymized, aggregated insights — with your consent, the trips you drive contribute to aggregate freight-corridor analytics (typical distances, stop patterns, and route-adherence across a region or carrier). These aggregates are the only form in which trip data may ever be shared or sold, and they are protected by the safeguards in the next section.
• To secure and improve the product — detect abuse, fix bugs, and understand which features help drivers most.

Before any trip data leaves the per-user store as an aggregate, we apply hard, structural safeguards — not just a promise:

• k-anonymity (5+ drivers). An aggregate bucket is only ever published if it contains at least five distinct drivers. Anything below that threshold is suppressed entirely, so no figure can describe a single person.
• Coarse geography. Corridors are bucketed into large cells (roughly 55 km), so a bucket describes a freight corridor — never a street address, a yard, or a home.
• Derived metrics, not raw tracks. Aggregates carry summary numbers (distance, duration, stop counts, average route deviation) rather than your point-by-point path.
• Device GPS only. Only location that originates on your device is eligible — we do not repackage or sell map-provider content such as geocoded place names.

• We never sell your raw or precise location.
• We never use browser fingerprinting or track you across other apps and websites.
• We never persist or resell mapping-provider content in violation of the Google Maps Platform Terms of Service.
• We never include a driver in an aggregate without that driver’s affirmative consent.

You are always in control of your location data. From Settings → Privacy & data you can:

• Opt out of data sharing at any time. This is the “Do Not Sell or Share My Personal Information” right under the CCPA/CPRA and similar state laws. It takes effect immediately and removes your trips from every aggregate. Navigation and your own drive history keep working.
• Access your data — review your recorded trips under Drive history.
• Delete your driving data — permanently erase every GPS point and trip summary tied to your account, with one click. This does not affect your permits or account.

Because GPS position is treated as sensitive personal information under several state privacy laws, we limit its use to providing the service and to the consented, anonymized aggregates described above. Depending on where you live, you may also have rights to correct your information or to appeal a decision; contact us to exercise them.

We share personal information only in limited ways: with service providers who run our infrastructure under contract (for example, Google Cloud, which hosts the application and database); with your own organization for the permits and trips conducted under it; and when required by law or to protect safety. Any commercial data product is limited to the k-anonymized aggregates described in Section 3 — never individual trips or raw location.

We keep your account and permit data for as long as your account is active. Location track points and trip summaries are retained to power your drive history and (with consent) the aggregates; you can delete them at any time from Settings, and they are removed when you delete your account. Published aggregates contain no individual-level data and are not reversible to a person.

SafeHaul is a tool for commercial drivers and is not directed to children. We do not knowingly collect personal information from anyone under 16.

If we make a material change to how we collect or use your data, we will update this policy, revise the date above, and present the notice again in the app so you can review your choices. Continued use after a change does not waive any opt-out you have set.

Questions about this policy or your data? Email privacy@safehaul.app.