Privacy Policy

1. Introduction

Carrier Benchmark, LLC ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our cloud-based software platform for trucking companies.

Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the site or use our services.

2. Information We Collect

We collect information about you in a variety of ways. The information we may collect via the Service includes:

Personal Data

Personally identifiable information that you voluntarily provide to us when you register for the Service, including:

• Name, email address, phone number
• Company name and business information
• Driver information (DOB, SSN, CDL number and expiration)
• Emergency contact information
• Payment information (processed securely through Stripe)
• Uploaded documents and files
• Digital signatures

Derivative Data

Information our servers automatically collect when you access the Service, such as:

• IP address
• Browser type and version
• Operating system
• Access times and dates
• Pages viewed and actions taken
• Referring website addresses

Financial Data

Financial information, such as data related to your payment method (credit card number, billing address) that we collect when you purchase services. We store only very limited, if any, financial information that we collect. All payment processing is handled securely by our third-party payment processor, Stripe.

3. How We Use Your Information

Having accurate information about you permits us to provide you with a smooth, efficient, and customized experience. Specifically, we may use information collected about you via the Service to:

• Create and manage your account
• Process your transactions and send related information
• Provide driver compliance tracking and document management services
• Send administrative information, such as updates and security alerts
• Send reminders about expiring credentials and required documents
• Monitor and analyze usage and trends to improve user experience
• Prevent fraudulent transactions and monitor against theft
• Respond to customer service requests and support needs
• Send marketing and promotional communications (with your consent)
• Comply with legal obligations and enforce our terms

4. Data Security

We use administrative, technical, and physical security measures to help protect your personal information. While we have taken reasonable steps to secure the personal information you provide to us, please be aware that despite our efforts, no security measures are perfect or impenetrable.

Security Measures

• Encryption in Transit: All data transmitted between your browser and our servers is encrypted using industry-standard SSL/TLS protocols
• Encryption at Rest: Sensitive information such as Social Security Numbers is encrypted at rest using AES-256 encryption
• Access Controls: Multi-tenant data isolation ensures that each company's data is strictly separated and accessible only to authorized users
• Password Security: Passwords are hashed using bcrypt with a cost factor of 12
• Session Security: Secure session cookies with HttpOnly, SameSite, and Secure flags
• Rate Limiting: Protection against brute-force attacks on login and password reset endpoints
• Security Headers: Implementation of security headers including X-Frame-Options, X-Content-Type-Options, and Content Security Policy

5. Data Retention

We will retain your personal information only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your information to the extent necessary to comply with our legal obligations, resolve disputes, and enforce our policies.

When you cancel your subscription, your data will be retained for 90 days to allow for potential reactivation. After 90 days, your data will be permanently deleted from our systems, except where we are required by law to retain certain information.

6. Disclosure of Your Information

We may share information we have collected about you in certain situations. Your information may be disclosed as follows:

By Law or to Protect Rights

If we believe the release of information about you is necessary to respond to legal process, to investigate or remedy potential violations of our policies, or to protect the rights, property, and safety of others, we may share your information as permitted or required by any applicable law, rule, or regulation.

Third-Party Service Providers

We may share your information with third parties that perform services for us or on our behalf, including:

• Stripe: Payment processing (subject to Stripe's privacy policy)
• Email Service Providers: For sending transactional and notification emails
• Cloud Hosting: Fly.io for application hosting and database services
• Analytics: To help us understand how users interact with our Service

Business Transfers

We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.

With Your Consent

We may disclose your personal information for any other purpose with your consent.

7. Multi-Tenant Data Isolation

Our Service operates on a multi-tenant architecture. This means that while multiple companies use our platform, each company's data is strictly isolated from others. We employ robust technical and organizational measures to ensure:

• Your company's data is accessible only to authorized users within your organization
• Tenant isolation is enforced at the database level using tenant_id foreign keys
• All database queries are automatically scoped to your tenant context
• Administrative access is role-based and logged for audit purposes

8. Cookies and Tracking Technologies

We may use cookies, web beacons, tracking pixels, and other tracking technologies on the Service to help customize the Service and improve your experience. When you access the Service, your personal information is not collected through the use of tracking technology. Most browsers are set to accept cookies by default. You can remove or reject cookies, but be aware that such action could affect the availability and functionality of the Service.

Essential Cookies

We use essential cookies to maintain your session and authenticate you. These cookies are necessary for the Service to function properly.

Analytics Cookies

We may use analytics cookies to understand how users interact with our Service, helping us improve functionality and user experience.

9. Your Privacy Rights

Depending on your location, you may have certain rights regarding your personal information:

Access and Portability

You have the right to request a copy of the personal information we hold about you and to receive it in a structured, commonly used, and machine-readable format.

Correction

You have the right to request that we correct any inaccurate personal information about you. You can update most information directly through your account settings.

Deletion

You have the right to request deletion of your personal information, subject to certain exceptions (such as compliance with legal obligations).

Objection and Restriction

You have the right to object to our processing of your personal information or request that we restrict processing in certain circumstances.

Withdraw Consent

If we are relying on your consent to process your personal information, you have the right to withdraw that consent at any time.

Exercising Your Rights

To exercise these rights, please contact us at contact@carrierbenchmark.com. We will respond to your request within 30 days.

10. California Privacy Rights (CCPA)

If you are a California resident, you have specific rights regarding your personal information:

• Right to Know: You can request information about the categories and specific pieces of personal information we have collected about you
• Right to Delete: You can request deletion of your personal information
• Right to Opt-Out: You have the right to opt-out of the sale of your personal information. We do not sell personal information.
• Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights

11. GDPR Compliance (European Users)

If you are located in the European Economic Area (EEA), you have certain data protection rights under the General Data Protection Regulation (GDPR):

Legal Basis for Processing

We process your personal information based on:

• Contract Performance: Processing necessary to provide our services to you
• Legitimate Interests: Processing necessary for our legitimate business interests
• Consent: Where you have given explicit consent
• Legal Obligation: Where required by law

Data Transfers

Your information may be transferred to and processed in the United States. We ensure appropriate safeguards are in place for such transfers.

12. Children's Privacy

Our Service is not intended for children under 18 years of age. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe we have collected information about a child, please contact us immediately, and we will take steps to delete such information.

13. Third-Party Websites

The Service may contain links to third-party websites and applications. We are not responsible for the privacy practices of these third parties. We encourage you to read the privacy policies of any third-party sites you visit.

14. Email Communications

We may send you emails about your account, transactions, security alerts, and important service updates. These transactional emails are necessary for the operation of the Service and cannot be opted out of while you maintain an active account.

We may also send you marketing emails about new features, promotions, or events. You can opt out of marketing emails at any time by clicking the "unsubscribe" link in the email or by contacting us.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. We encourage you to review this Privacy Policy periodically for any changes.

Your continued use of the Service after any modifications to this Privacy Policy will constitute your acknowledgment of the modifications and your consent to abide by the modified Privacy Policy.

16. Data Breach Notification

In the event of a data breach that affects your personal information, we will notify you and any applicable regulatory authorities within 72 hours of becoming aware of the breach, as required by law. We will provide you with information about the nature of the breach, the data affected, and steps we are taking to address it.

17. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

• By email: contact@carrierbenchmark.com
• By phone: (912) 712-2036
• By mail: Carrier Benchmark, LLC, Pooler, Georgia, US