Privacy Policy

1. Introduction

Truck Command LLC("Truck Command," "Company," "we," "us," or "our"), a California limited liability company headquartered in San Bernardino County, California, is committed to protecting the privacy and security of your personal information.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our trucking fleet management platform, website (truckcommand.app), mobile applications, and related services (collectively, the "Services"). This policy also describes your rights under applicable privacy laws, including the California Consumer Privacy Act of 2018 as amended by the California Privacy Rights Act of 2020 ("CCPA/CPRA").

By accessing or using our Services, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy. If you do not agree, please do not use our Services.

2. Information We Collect

2.1 Information You Provide Directly

We collect information you voluntarily provide when you register, use our Services, or communicate with us:

2.2 Information Collected Automatically

When you access or use our Services, we automatically collect certain information:

• Device Information: Device type, operating system, browser type and version, unique device identifiers, mobile network information
• Log Information: IP address, access times, pages viewed, referring URL, click patterns, features used
• Usage Information: Features used, actions taken, time spent on pages, session duration, frequency of use
• Location Information: General location derived from IP address; precise location only with your explicit consent for location-based features
• Cookie Data: Information collected through cookies, web beacons, and similar technologies (see our Cookie Policy)

2.3 Information from Third Parties

We may receive information about you from third parties, including:

• Payment Processors: Transaction confirmations and payment status from Stripe
• Authentication Services: Account verification from Supabase
• Analytics Providers: Aggregated usage analytics
• Public Sources: Business information from public records (DOT, FMCSA databases)

3. How We Use Your Information

We use the information we collect for the following business and commercial purposes:

3.1 Providing and Maintaining the Services

• Creating and managing your account
• Processing and tracking loads, invoices, and payments
• Calculating IFTA taxes and generating reports
• Managing fleet, driver, and vehicle information
• Tracking expenses and fuel purchases
• Managing compliance documents and sending expiration alerts
• Providing customer relationship management features
• Generating financial and operational reports

3.2 Processing Transactions

• Processing subscription payments
• Managing billing and invoicing
• Sending payment confirmations and receipts
• Handling refunds and disputes

3.3 Communications

• Sending service-related notifications (compliance alerts, renewal reminders, system updates)
• Responding to your inquiries and support requests
• Sending promotional communications (with your consent)
• Providing subscription renewal notices as required by California law

3.4 Improving and Developing Services

• Analyzing usage patterns to improve features
• Identifying and fixing bugs and technical issues
• Developing new features and services
• Conducting research and analytics

3.5 Security and Fraud Prevention

• Protecting against unauthorized access and misuse
• Detecting and preventing fraudulent activity
• Enforcing our Terms of Service
• Maintaining the security of our systems

3.6 Legal Compliance

• Complying with applicable laws and regulations
• Responding to legal process and government requests
• Establishing, exercising, or defending legal claims

4. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

4.1 Service Providers

We share information with third-party service providers who perform services on our behalf:

• Stripe, Inc.: Payment processing
• Supabase: Database hosting and authentication
• Vercel: Website hosting
• Analytics Providers: Usage analytics and performance monitoring
• Email Service Providers: Transactional and marketing emails
• Cloud Storage: Document and file storage

These service providers are contractually obligated to use your information only for the purposes of providing services to us and to maintain appropriate security measures.

4.2 Legal Requirements

We may disclose your information when required by law or in good faith belief that such disclosure is necessary to:

• Comply with a legal obligation, subpoena, court order, or other legal process
• Protect and defend our rights or property
• Prevent or investigate possible wrongdoing
• Protect the personal safety of users or the public
• Respond to government or regulatory requests

4.3 Business Transfers

If Truck Command is involved in a merger, acquisition, asset sale, bankruptcy, or other business transaction, your information may be transferred as part of that transaction. We will provide notice before your information becomes subject to a different privacy policy.

4.4 With Your Consent

We may share your information with third parties when you have given us explicit consent to do so.

4.5 Aggregated or De-identified Information

We may share aggregated or de-identified information that cannot reasonably be used to identify you for industry analysis, benchmarking, and other business purposes.

5. Your California Privacy Rights (CCPA/CPRA)

5.1 Your Rights

As a California resident, you have the right to:

• Right to Know: Request information about the categories and specific pieces of personal information we have collected, the sources of collection, the purposes for collection, and the categories of third parties with whom we share personal information.
• Right to Delete: Request deletion of your personal information, subject to certain exceptions (such as completing transactions, detecting fraud, or complying with legal obligations).
• Right to Correct: Request correction of inaccurate personal information we maintain about you.
• Right to Opt-Out of Sale/Sharing: We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising purposes.
• Right to Limit Use of Sensitive Personal Information: You may request that we limit our use of sensitive personal information to purposes necessary to perform the Services.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your privacy rights.

5.2 Categories of Personal Information Collected

In the preceding 12 months, we have collected the following categories of personal information:

5.3 How to Exercise Your Rights

To exercise your California privacy rights, you may:

• Email: support@truckcommand.com
• Online: Through your account settings dashboard

We will verify your identity before processing your request. For requests made on behalf of another person, we require written authorization from the data subject.

5.4 Response Timing

We will respond to verifiable consumer requests within 45 days. If we need additional time (up to 45 more days), we will notify you of the reason and extension period.

5.5 Authorized Agents

You may designate an authorized agent to submit requests on your behalf. We require the agent to provide proof of written authorization from you and may verify your identity directly.

5.6 "Do Not Sell or Share My Personal Information"

5.7 Financial Incentive Programs

We do not offer financial incentives for the collection, sale, retention, or deletion of personal information.

6. Data Security

We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction, including:

• Encryption: Data encrypted in transit (TLS/SSL) and at rest
• Access Controls: Role-based access controls and authentication requirements
• Infrastructure Security: Secure hosting with industry-leading cloud providers
• Regular Security Reviews: Periodic security assessments and vulnerability testing
• Employee Training: Security awareness training for team members
• Incident Response: Procedures for responding to security incidents

While we strive to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

Your Responsibilities: You are responsible for maintaining the confidentiality of your account credentials and notifying us immediately of any unauthorized access.

7. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes for which it was collected, including:

• Active Account Data: Retained while your account is active and for 30 days after termination
• Transaction Records: Retained for 7 years for tax and accounting purposes
• IFTA/Compliance Records: Retained for the period required by applicable regulations (typically 4-6 years)
• Communication Records: Retained for 3 years
• Analytics Data: Aggregated data retained indefinitely; individual-level data retained for 2 years

After the retention period, we will securely delete or anonymize your information. We may retain certain information longer if required by law or to resolve disputes.

8. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect and store information. For detailed information about our use of cookies, please see our Cookie Policy.

Types of Cookies We Use

• Essential Cookies: Required for the Services to function properly
• Performance Cookies: Help us understand how you use the Services
• Functionality Cookies: Remember your preferences and settings

Your Cookie Choices

You can manage cookies through your browser settings. Note that disabling certain cookies may affect the functionality of our Services.

Do Not Track

Our Services do not currently respond to "Do Not Track" signals. However, you can manage your privacy preferences through our cookie settings and the browser controls described in our Cookie Policy.

9. Third-Party Services

Our Services integrate with or link to third-party services. These third parties have their own privacy policies, and we encourage you to read them:

• Stripe: stripe.com/privacy
• Supabase: supabase.com/privacy
• Vercel: vercel.com/legal/privacy-policy

We are not responsible for the privacy practices or content of third-party services.

10. Children's Privacy

Our Services are designed for business use and are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children under 18.

If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information promptly. If you believe we have collected information from a child under 18, please contact us at support@truckcommand.com.

11. International Data Transfers

Truck Command is based in the United States, and your information is processed and stored in the United States. If you access our Services from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your country.

By using our Services, you consent to the transfer of your information to the United States and the processing of your information as described in this Privacy Policy.

12. Mobile Application Privacy Notice (Truck Command Driver App)

12.1 Who Uses This App

The driver app is designed for commercial truck drivers who work for fleets that subscribe to Truck Command. Driver accounts are created and managed by their fleet manager. Drivers do not create their own accounts directly; the fleet provides them with sign-in credentials.

The driver app is intended for users 18 years of age or older. We do not knowingly collect information from anyone under 18 through the driver app.

12.2 Data Collected by the Mobile App

The driver app collects the following categories of data. Each item is listed with its purpose and whether it leaves your device:

12.3 Device Permissions

The driver app requests the following OS-level permissions. Each permission is requested only when the corresponding feature is used, and you may decline or revoke any permission from your device settings at any time:

• Camera— Used only when you tap "Take photo" on the Proof of Delivery screen. Captures images you choose to attach to a load.
• Photo Library— Used only when you tap "Choose from library" on the Proof of Delivery screen, so you can attach an existing photo as POD.
• Location (when in use) — Optional. If granted, your approximate location is attached to load status updates you submit (Assigned → Loading → In Transit → Unloading → Delivered) so dispatch can see where the truck was at each transition. We do not track your location in the background.
• Notifications — Optional. Used to deliver load assignments and dispatch messages. The push notification token is sent to our servers so we can route notifications to your device.
• Face ID / Touch ID / Fingerprint (Biometric Authentication) — Optional. Used only to unlock the app on subsequent launches if you enable biometric unlock in the Profile tab. Biometric data never leaves your device; we receive only a success or failure signal from the OS.

12.4 Data We Do Not Collect from the Mobile App

• We do not collect precise/GPS location for background tracking. Only approximate location at moments you tap a status-update button.
• We do not access your contacts, calendar, microphone, or other photos in your library beyond what you explicitly attach.
• We do not use advertising identifiers (IDFA / Android Advertising ID). The app contains no advertising.
• We do not sell personal information to third parties. We do not share it for cross-context behavioral advertising.
• We do not collect data from minors. The app is for users 18 and older.

12.5 How Mobile Data is Shared

Data you submit through the driver app is shared with the following parties for the purposes described in Section 4 of this Privacy Policy:

• Your fleet manager — sees load status, POD photos, and the approximate-location stamps on your status updates through the Truck Command web dashboard.
• Supabase, Inc. — our database and authentication provider; stores your account credentials, status updates, and POD attachments on our behalf.
• Apple Push Notification service / Firebase Cloud Messaging — solely to deliver push notifications to your device.
• Crash reporting provider — receives anonymized crash logs and performance traces to help us debug issues.

We do not share driver app data with advertisers, data brokers, analytics companies for behavioral profiling, or any third party not listed above.

12.6 Data Encryption and Security

• In transit: All data sent between the driver app and our servers is encrypted using TLS 1.2 or higher.
• At rest: Stored data, including POD photos, is encrypted at rest by our cloud storage provider.
• Credentials: Passwords are hashed using industry-standard algorithms; we never store plaintext passwords.

12.7 Offline Behavior

The driver app works offline. When you are out of cellular coverage, status updates and POD uploads are queued locally on your device and automatically synced when you reconnect. Queued data remains on your device until it successfully syncs to our servers; you can delete it at any time by signing out of the app and clearing app data through your device settings.

12.8 Account & Data Deletion

You may request deletion of your driver app account and all associated data at any time. Two paths are available:

• Self-service (recommended): Visit truckcommand.com/delete-account and submit a deletion request. You will receive an email confirmation within 1 business day.
• Email: Email support@truckcommand.comwith the subject line "Account Deletion Request" from the email address associated with your driver account.

We complete deletion requests within 30 days. Once your account is deleted, all of your driver-app data — name, email, status updates you submitted, POD photos you uploaded, push notification token, and crash logs — is permanently removed from our active systems. Backups containing your data are purged within an additional 30 days as part of our normal backup rotation.

Certain records may be retained longer where required by law (for example, financial records subject to IRS retention rules, or transaction records tied to your fleet's subscription). Retained records are minimized to only what the relevant regulation requires.

12.9 Children

The driver app is not directed to children. We do not knowingly collect information from anyone under 18. If we learn that we have collected information from a child under 18, we will delete it promptly. Contact support@truckcommand.comif you believe a minor's data has been collected.

12.10 Geographic Availability

The driver app is intended for use in the United States. Data is processed and stored in the United States. If you access the app from outside the United States, you consent to your information being transferred to and processed in the United States.

12.11 Contact for Mobile-Specific Inquiries

For questions specifically about the driver app — including data deletion, permission concerns, or App Store / Play Store policy questions — email support@truckcommand.comwith the subject line "Driver App Privacy".

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons.

When we make material changes:

• We will update the "Effective Date" at the top of this policy
• We will notify you via email and/or prominent notice within the Services
• For significant changes, we may provide additional notice or obtain your consent where required by law

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

California Residents

For CCPA/CPRA requests specifically, please email support@truckcommand.comwith the subject line "CCPA Request".