Privacy Policy

Last updated: June 25, 2026

1. Introduction

SecuraHaul ("we," "us," or "our") operates the SecuraHaul safety management platform (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

By accessing or using the Service, you agree to this Privacy Policy. If you do not agree, please do not use the Service.

2. Information We Collect

Information You Provide

  • Account information: name, email address, password
  • Company information: company name, DOT number, MC number, business address, logo
  • Driver records: names, contact details, CDL numbers and expiry, medical certificate expiry, hire dates, annual review dates, employment status
  • Driver portal credentials: drivers you create may receive a password to access the training portal; these are stored as bcrypt hashes
  • Fleet records: trucks and trailers including VIN, year, make, model, license plate and state, registration and annual inspection dates, insured value, assigned driver
  • Accident and incident reports: location data, parties involved, vehicle details, police report numbers, severity, injuries, DataQ challenges, and uploaded photos or police reports
  • Insurance claims: policy numbers, claim amounts, settlement amounts, adjuster information, status updates
  • Documents: content you create (lease agreements, contracts, onboarding packets), upload, or send for electronic signature, including signature images and audit trail metadata
  • Asset documents: files you upload and attach to drivers, trucks, or trailers (for example CDL copies, registrations, medical certificates, inspection reports)
  • Training data: course content you author, assignments, scores, completion timestamps, and auto-generated certificates
  • Billing information: subscription status and history. Payment card details are entered directly with our payment processor and are never stored on our servers.
  • Communications: support emails and other content you send us

Information Collected Automatically

  • Device and browser information
  • IP address and approximate location
  • Usage and activity logs: pages visited, actions taken, timestamps, and changes to records (we maintain an internal activity log to support audit trails)
  • Authentication session data and rate-limit counters
  • Cookies and similar technologies used for authentication and session management

3. How We Use Your Information

  • Provide, maintain, and improve the Service
  • Manage driver, fleet, and document records on your behalf
  • Process accident reports, DataQ challenges, claims, and compliance documents
  • Facilitate document signing, delivery, and audit trails
  • Operate the driver training portal, including authentication, assignment delivery, and certificate generation
  • Send transactional emails (signing requests, training assignments, account notifications, billing receipts)
  • Process subscription payments and manage billing
  • Generate reports, exports (PDF/CSV), and analytics for your account
  • Maintain activity logs and audit trails to support DOT/FMCSA recordkeeping
  • Ensure security, enforce rate limits, and prevent fraud or abuse
  • Comply with legal obligations, including FMCSA and DOT regulations

4. Data Sharing and Disclosure

We do not sell your personal information. We may share information with:

  • Hosting and infrastructure (Vercel): the Service runs on Vercel's infrastructure
  • Database, authentication, and file storage (Supabase): all account data and uploaded files are stored in Supabase, with row-level security limiting access to your account
  • Email delivery (Resend): transactional emails for signing, training, and account notifications are sent through Resend
  • Payment processing (Lemon Squeezy): Lemon Squeezy is the merchant of record for subscription payments. Card details are submitted to and stored by Lemon Squeezy in accordance with PCI-DSS; we receive only subscription metadata and receipts.
  • AI processing (OpenAI): when you use optional AI features — including the AI Agent and AI-assisted document or training generation — the content needed to fulfill your request is sent to OpenAI's API to generate a response. Under OpenAI's API terms, this content is not used to train its models. The AI Agent is off by default, requires your opt-in, and can be disabled at any time in Settings. See Section 4a for details.
  • Document and training recipients: when you send a document for signing or assign a training to a driver, the recipient receives the relevant content, your signature (where applicable), and a unique access link
  • Legal requirements: when required by law, subpoena, court order, or government regulation
  • Business transfers: in connection with a merger, acquisition, financing, or sale of assets, subject to comparable confidentiality obligations

4a. AI Features and the AI Agent

The Service offers optional AI-powered features, including the in-app AI Agent and AI-assisted generation of documents and training content. These features are provided with the help of a third-party AI provider (OpenAI).

The AI Agent is disabled by default and requires your explicit opt-in before it can access your account data. When enabled, it can read records in your account — such as drivers, vehicles, compliance dates, accidents, claims, training, and documents — in order to answer your questions and prepare actions that you confirm. You can disable the AI Agent at any time from Settings; once disabled, all further AI Agent access to your data is blocked immediately.

When you use an AI feature, only the content needed to fulfill your specific request is transmitted to the AI provider to generate a response. Your data remains scoped to your account, is not shared with other customers, and, under the AI provider's API terms, is not used to train its models.

AI-generated output may be inaccurate, incomplete, or outdated. You are responsible for reviewing any AI output before relying on it. See Section 10 (No Guarantee of Outcomes) for additional disclaimers.

5. Data Security

We implement industry-standard security measures including:

  • Encryption in transit (TLS) and at rest
  • Row-level security policies on every database table, scoping records to the owning account
  • Authentication via Supabase Auth for company accounts and bcrypt-hashed passwords for driver-portal accounts
  • Per-account isolation of uploaded files in object storage
  • Strict Content Security Policy, HSTS, and other HTTP security headers
  • Server-side rate limiting on sensitive endpoints (login, document send, signature)

No method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

6. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. Accident reports, driver qualification records, training records, signed documents, and other compliance materials may be retained for the periods required by FMCSA, DOT, and other applicable regulations, even after account closure. Activity logs are retained to support audit trails. You may request deletion of your account and data at any time by contacting us, subject to record-retention obligations.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Object to or restrict processing
  • Data portability

To exercise these rights, contact us at the email address below.

8. Cookies

We use essential cookies for authentication and session management. These are necessary for the Service to function and cannot be disabled. We do not use third-party advertising cookies.

9. Children's Privacy

The Service is not intended for individuals under 18 years of age. We do not knowingly collect information from children under 18.

10. No Guarantee of Outcomes

The Service is a recordkeeping and workflow tool. It is not a guarantee of any outcome. SecuraHaul does not guarantee that use of the Service — including its risk scoring, audit packages, Driver Qualification Files (DQF), Lawsuit Defense Packets, AI-generated training or documents, or any other feature — will result in passing any DOT, FMCSA, state, or insurance audit, or in any favorable outcome in any legal proceeding, claim, lawsuit, settlement, or dispute.

Outputs of the Service depend on the accuracy and completeness of data you provide and may include automated or AI-generated content that can be inaccurate, incomplete, or outdated. You are solely responsible for reviewing and verifying any output before relying on it. Nothing produced by the Service constitutes legal, regulatory, insurance, medical, or financial advice. Consult qualified professionals for advice specific to your situation.

For a complete description of warranties, disclaimers, and limitations of liability, see our Terms of Service.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date.

12. Contact Us

If you have questions about this Privacy Policy, contact us at:

SecuraHaul
support@securahaul.com

© 2026 SecuraHaul. All rights reserved.