Privacy Policy

HubCraft Inc. Effective: June 26, 2026 Last updated: June 26, 2026

This Privacy Policy explains how HubCraft Inc. (“HubCraft,” “we,” “us,” or “our”) collects, uses, shares, and protects personal information when you visit our websites, sign up for an account, and use the HubCraft customer portal and the transportation management system (“TMS”) we provide.


1. Scope & Our Role

This Policy covers the personal information for which HubCraft is the business / controller: information about account holders, billing contacts, and website visitors.

It does not cover the operational data that you, as a customer, load into or generate within your TMS instance — for example, your loads, drivers, and your own customers. For that data, HubCraft acts as your service provider (processor), handling it on your behalf and under your instructions. That data is governed by the “Your Customer Data” section of our Terms of Service, and you are its controller.

2. Information We Collect

Account information

Company & provisioning information

Billing information

Usage & technical information

3. How We Use Information

4. How We Share Information

We do not sell your personal information, and we do not “share” it for cross-context behavioral advertising (as those terms are defined under California law). We share information only as described here.

Service providers (subprocessors). We use trusted vendors to run the Service. They may process personal information on our behalf, under contract, only to provide their services to us:

ProviderPurpose
StripePayment processing and subscription billing
Amazon Web Services (SES)Delivery of transactional email
GoogleOptional Google sign-in (authentication)
CloudflareDNS, content delivery, security/WAF, and website hosting
DigitalOceanCloud hosting of our application and databases, and backup storage
SentryApplication error monitoring (with personal data scrubbing)

Legal and safety. We may disclose information if required by law, subpoena, or legal process, or to protect the rights, property, or safety of HubCraft, our customers, or others.

Business transfers. If we are involved in a merger, acquisition, financing, or sale of assets, information may be transferred as part of that transaction, subject to this Policy.

Customer Data subprocessors. The table above covers data for which HubCraft is the controller. Third parties that process the operational data inside your TMS instance are listed in the “Your Customer Data” section of our Terms of Service.

5. Cookies & Tracking

We use only strictly necessary cookies — primarily a session cookie that keeps you signed in. It is set with the Secure, HttpOnly, and SameSite=Lax attributes. Because this cookie is essential, disabling it will prevent you from signing in.

We do not use advertising or cross-site tracking cookies. Our marketing website does not run third-party analytics or advertising trackers. Within the application, we use an error-monitoring tool (Sentry) to detect and fix problems; it is configured to scrub personal data.

6. Data Retention

We keep account and billing information for as long as your account is active and as needed to provide the Service. After your subscription ends, we retain your data for a limited wind-down period before deletion: currently up to 90 days after suspension for non-payment, or 30 days after a voluntary cancellation. We may retain certain records longer where required for security, audit, tax, or legal purposes. Backups are stored with our hosting provider and rotated on a regular cycle.

7. Data Security

We use technical and organizational measures designed to protect personal information, including: hashing of passwords; encryption of sensitive secrets at rest and encryption in transit (TLS); a Cloudflare web application firewall and DDoS protection; signed, authenticated communication between our internal services; and access controls. No method of transmission or storage is completely secure, so we cannot guarantee absolute security.

8. Where Your Data Is Hosted

Our application and data are hosted in the United States with our cloud provider, and traffic is routed through Cloudflare's global network. The Service is intended for customers in the United States. If you access it from outside the United States, you understand that your information will be transferred to and processed in the United States.

9. Your California Privacy Rights

If you are a California resident, the California Consumer Privacy Act, as amended (CCPA/CPRA), gives you rights regarding your personal information. In the past 12 months we have collected the categories of information described in Section 2 (identifiers, account and commercial/billing information, internet activity such as IP and audit logs, and the contents of your communications with us) for the business purposes described in Section 3.

Subject to verification and legal limits, you have the right to:

To exercise these rights, email us at [email protected]. You may use an authorized agent to make a request on your behalf. We will verify your request before acting on it. Note that much of the data in your TMS instance is your business's data, for which your business — not HubCraft — is responsible; we will direct such requests accordingly.

10. Children's Privacy

The Service is for businesses and is not directed to children. We do not knowingly collect personal information from anyone under 18. If you believe a child has provided us personal information, contact us and we will delete it.

11. Changes to This Policy

We may update this Policy from time to time. If we make material changes, we will notify you by email or through the Service. Changes take effect when posted with a new effective date.

12. Contact

Questions or privacy requests? Contact us at [email protected].