Privacy Policy
This Privacy Policy explains how HubCraft Inc. (“HubCraft,” “we,” “us,” or “our”) collects, uses, shares, and protects personal information when you visit our websites, sign up for an account, and use the HubCraft customer portal and the transportation management system (“TMS”) we provide.
1. Scope & Our Role
This Policy covers the personal information for which HubCraft is the business / controller: information about account holders, billing contacts, and website visitors.
It does not cover the operational data that you, as a customer, load into or generate within your TMS instance — for example, your loads, drivers, and your own customers. For that data, HubCraft acts as your service provider (processor), handling it on your behalf and under your instructions. That data is governed by the “Your Customer Data” section of our Terms of Service, and you are its controller.
2. Information We Collect
Account information
- Your name and email address.
- A password, which we store only as a secure hash (we never store it in plain text).
- If you use Google sign-in, the Google account identifier and email associated with that sign-in.
- Whether and when you accepted our Terms of Service and Privacy Policy.
Company & provisioning information
- Your company name and the subdomain you choose.
- Your time zone (as reported by your browser) and your trial and subscription dates.
Billing information
- A customer identifier and subscription and invoice details from our payment processor (Stripe). Your full card details are entered with and held by Stripe — we do not store your card number.
Usage & technical information
- Your most recent sign-in IP address and timestamp.
- Audit logs of security-relevant actions on your account — such as sign-in, password and email changes, and provisioning, suspension, or restoration of your TMS instance.
- Aggregate usage counts used for billing, such as the number of active trucks in your operation.
- The content of messages you send us when you contact support.
3. How We Use Information
- To provide, operate, and maintain the Service and provision your TMS instance.
- To authenticate you and keep your account and our systems secure, including fraud prevention and audit logging.
- To process payments, manage subscriptions and credits, and send billing and transactional emails (for example, verification, password reset, and account notices).
- To provide customer support and respond to your requests.
- To comply with legal obligations and enforce our Terms.
- To monitor, troubleshoot, and improve the Service.
4. How We Share Information
We do not sell your personal information, and we do not “share” it for cross-context behavioral advertising (as those terms are defined under California law). We share information only as described here.
Service providers (subprocessors). We use trusted vendors to run the Service. They may process personal information on our behalf, under contract, only to provide their services to us:
| Provider | Purpose |
|---|---|
| Stripe | Payment processing and subscription billing |
| Amazon Web Services (SES) | Delivery of transactional email |
| Optional Google sign-in (authentication) | |
| Cloudflare | DNS, content delivery, security/WAF, and website hosting |
| DigitalOcean | Cloud hosting of our application and databases, and backup storage |
| Sentry | Application error monitoring (with personal data scrubbing) |
Legal and safety. We may disclose information if required by law, subpoena, or legal process, or to protect the rights, property, or safety of HubCraft, our customers, or others.
Business transfers. If we are involved in a merger, acquisition, financing, or sale of assets, information may be transferred as part of that transaction, subject to this Policy.
Customer Data subprocessors. The table above covers data for which HubCraft is the controller. Third parties that process the operational data inside your TMS instance are listed in the “Your Customer Data” section of our Terms of Service.
5. Cookies & Tracking
We use only strictly necessary cookies — primarily a session cookie that keeps you signed in. It is
set with the Secure, HttpOnly, and SameSite=Lax attributes. Because
this cookie is essential, disabling it will prevent you from signing in.
We do not use advertising or cross-site tracking cookies. Our marketing website does not run third-party analytics or advertising trackers. Within the application, we use an error-monitoring tool (Sentry) to detect and fix problems; it is configured to scrub personal data.
6. Data Retention
We keep account and billing information for as long as your account is active and as needed to provide the Service. After your subscription ends, we retain your data for a limited wind-down period before deletion: currently up to 90 days after suspension for non-payment, or 30 days after a voluntary cancellation. We may retain certain records longer where required for security, audit, tax, or legal purposes. Backups are stored with our hosting provider and rotated on a regular cycle.
7. Data Security
We use technical and organizational measures designed to protect personal information, including: hashing of passwords; encryption of sensitive secrets at rest and encryption in transit (TLS); a Cloudflare web application firewall and DDoS protection; signed, authenticated communication between our internal services; and access controls. No method of transmission or storage is completely secure, so we cannot guarantee absolute security.
8. Where Your Data Is Hosted
Our application and data are hosted in the United States with our cloud provider, and traffic is routed through Cloudflare's global network. The Service is intended for customers in the United States. If you access it from outside the United States, you understand that your information will be transferred to and processed in the United States.
9. Your California Privacy Rights
If you are a California resident, the California Consumer Privacy Act, as amended (CCPA/CPRA), gives you rights regarding your personal information. In the past 12 months we have collected the categories of information described in Section 2 (identifiers, account and commercial/billing information, internet activity such as IP and audit logs, and the contents of your communications with us) for the business purposes described in Section 3.
Subject to verification and legal limits, you have the right to:
- Know and access the personal information we have collected about you.
- Delete personal information we hold about you.
- Correct inaccurate personal information.
- Opt out of the sale or sharing of personal information — though we do not sell or share it.
- Not be discriminated against for exercising your rights.
To exercise these rights, email us at [email protected]. You may use an authorized agent to make a request on your behalf. We will verify your request before acting on it. Note that much of the data in your TMS instance is your business's data, for which your business — not HubCraft — is responsible; we will direct such requests accordingly.
10. Children's Privacy
The Service is for businesses and is not directed to children. We do not knowingly collect personal information from anyone under 18. If you believe a child has provided us personal information, contact us and we will delete it.
11. Changes to This Policy
We may update this Policy from time to time. If we make material changes, we will notify you by email or through the Service. Changes take effect when posted with a new effective date.
12. Contact
Questions or privacy requests? Contact us at [email protected].