Privacy Policy

We collect the following categories of information to provide and improve CarrierAgent:

• Account information — name, email address, phone number, company name, DOT number, and MC number provided during registration.
• Fleet and operational data — rate confirmations, proof of delivery documents, fuel receipts, maintenance records, trip logs, equipment details, and expense records you enter or upload.
• Document images — files you upload for OCR scanning and data extraction.
• Usage data — pages visited, features used, browser type, device information, and IP address for analytics and security purposes.
• AI chat interactions — messages sent to the CarrierAgent AI fleet assistant to provide responses and improve the service.

• Provide, maintain, and improve the CarrierAgent platform.
• Perform OCR scanning on uploaded documents to extract trip and financial data.
• Calculate distances and routes using mapping services.
• Generate IFTA fuel tax reports and financial summaries.
• Power the AI fleet intelligence assistant.
• Send notifications about your fleet, trips, and account activity.
• Provide customer support and respond to inquiries.
• Detect and prevent fraud, abuse, and security incidents.

CarrierAgent is a multi-tenant platform. Each organization's data is strictly isolated using row-level security enforced at the database level. No carrier can access another carrier's data. Employees within your organization see only the data permitted by their assigned role (Owner, Driver, etc.).

We share data with the following third-party providers as necessary to operate the platform:

• Supabase — database hosting and file storage (PostgreSQL + object storage).
• Anthropic Claude — powers OCR data extraction and the AI fleet assistant.
• Google Maps — distance and route calculations for trip records.
• Stripe — payment processing for subscription billing.
• Sentry — error tracking and reliability monitoring. Error reports use internal user and organization UUIDs only; we do not send your email address, name, IP address, uploaded documents, or form contents to Sentry.
• PostHog Cloud — privacy-safe product analytics for manual event tracking across web, server, and iOS surfaces.

We do not sell your data to third parties. Data shared with providers is limited to what is necessary for the service.

CarrierAgent uses PostHog Cloud as an analytics processor to understand which product workflows are used and where the app needs improvement. Client-side, server-side, and iOS events can flow to PostHog Cloud after analytics keys are configured.

PostHog events are manually allowlisted. We capture event names, page views, source attribution for early-access forms, and your organization UUID when you are signed in. We do not send personal email, personal name, DOT/MC numbers, carrier identity, broker names, load numbers, document content, OCR text, financial amounts, raw IP addresses, form field contents, or session replay recordings to PostHog.

Early-access capture forms store email, source, user agent, and a SHA-256 hash of the requester IP for spam protection. These records are retained until launch, then either migrated into a real account when you sign up or purged if they are no longer needed. You can opt out of analytics tied to your organization by deleting your account.

Your data is retained for as long as your account remains active. If you delete your account, all associated data — including documents, trips, fleet records, and financial data — is permanently deleted within 30 days of account deletion.

We protect your data with multiple layers of security:

• SSL/TLS encryption for all data in transit.
• Row-level security policies enforced at the database layer.
• API rate limiting to prevent abuse.
• File upload validation and type restrictions.
• Server-side firewall and intrusion prevention.
• Automated daily backups with point-in-time recovery.

You have the following rights regarding your data:

• Access & download — request an export of your data at any time.
• Correct — update inaccurate information directly in the platform settings.
• Delete — delete your account and all associated data from the settings page.
• Opt out — unsubscribe from non-essential email communications at any time.

To exercise any of these rights, contact us at the address below.

CarrierAgent uses only essential cookies required for authentication and session management. We do not use advertising cookies, third-party tracking cookies, or behavioral profiling. Disabling cookies will prevent you from logging in to the platform.

CarrierAgent is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from minors. If you believe a minor has created an account, please contact us and we will promptly delete the account and associated data.

We may update this Privacy Policy from time to time. When we make significant changes, we will notify you by email or via an in-app notification. Continued use of CarrierAgent after changes take effect constitutes acceptance of the updated policy.