Privacy Policy

FreightFlow360 ("we", "us", "our") provides AI-powered track and trace automation for freight brokers. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our platform at freightflow360.com and related services.

Account Information

When you create an account, we collect your name, email address, company name, and phone number. If you sign in with Google, we receive your Google profile name, email, and Google user ID.

Email Inbox Data

When you connect a Gmail inbox, we access your emails via the Gmail API in read-only mode. Our system scans your inbox (excluding promotions, social, and forums categories) and uses automated filters and AI classification to identify freight-related emails (rate confirmations, dispatch sheets, load tenders, BOLs). Emails that do not contain freight-related content are identified by these automated filters and discarded without being stored or sent to AI services. For matching emails, we extract structured load data (origin, destination, carrier, rates, dates) and discard the raw email content after processing.

Shipment & Carrier Data

We collect and store shipment details including origins, destinations, pickup/delivery dates, carrier information, GPS tracking data, check-call responses, and exception events. Carrier performance data (on-time rates, communication responsiveness, exception frequency) is aggregated across all brokers on the platform to build carrier reliability scores.

Usage Data

We automatically collect information about how you interact with our platform, including pages visited, features used, and timestamps.

• Parse incoming emails to auto-create shipments and initiate tracking
• Send automated check-calls (SMS/voice) to carriers and drivers
• Detect exceptions (late pickups, stalls, off-route, ETA slips) and alert you
• Send branded milestone notifications and tracking links to your shippers
• Build cross-broker carrier reliability scores to benefit all platform users
• Generate reports on shipment performance, carrier rankings, and exception trends
• Process payments and manage your subscription
• Improve our AI models for email parsing, exception detection, and voice transcription

We do not sell your personal information. We share data only in these circumstances:

• Carrier Reputation Scores: Carrier performance data is aggregated across all brokers on the platform to produce reliability scores. Individual broker data is never attributed — carriers see aggregate scores, not which broker reported what.
• Shipper Notifications: When we send tracking updates to your shippers on your behalf, we share shipment status, ETA, and exception details as configured by you.
• Service Providers: We use third-party services for SMS/voice communication, AI-powered document parsing and data extraction (see Section 7 for details on Google data handling), GPS tracking, transactional email delivery, and payment processing. These providers process data only as needed to deliver their services.
• Legal Requirements: We may disclose information when required by law, subpoena, or government request.

We implement industry-standard security measures to protect your data, including encryption in transit (TLS), encrypted storage for sensitive credentials (API keys, OAuth tokens), and role-based access controls. We do not store credit card numbers — payment processing is handled entirely by a PCI-compliant third-party provider.

Shipment data, carrier performance records, and exception audit trails are retained for the lifetime of your account to provide historical analytics and reporting. Email content is processed in real-time and discarded — only extracted structured data is stored. If you delete your account, we will remove your personal information and brokerage-specific data within 30 days. Anonymized, aggregated carrier performance data may be retained.

Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Scopes & Data Accessed

We request only the minimum OAuth scopes necessary to provide our services:

• Gmail API (read-only): We access email message headers (subject, sender, date), body text, and PDF attachments via the gmail.readonly scope. We cannot send, delete, or modify any emails in your inbox.
• Google Sign-In: We receive your name, email address, and Google user ID via the openid, email, and profile scopes, used solely for account authentication.

How Google User Data Is Used

• Email messages are scanned for freight-related patterns (rate confirmations, dispatch sheets, bills of lading, load tenders).
• Matching emails are processed by third-party AI services to extract structured shipment data such as origin, destination, carrier details, rates, and dates.
• Raw email content is discarded after processing — only the extracted structured data and minimal metadata (message ID, subject line, sender address, timestamp) are retained.
• PDF attachments are processed for text extraction to identify load details, then discarded. Attachment content is not stored.
• Google Sign-In data (name, email, Google ID) is used solely for account authentication and is not shared with third parties.

Third-Party Data Transfers

To provide our email parsing feature, the text content of freight-related emails is sent to third-party AI service providers for structured data extraction. These providers process data in accordance with their own privacy policies and data processing agreements, and do not retain email content for model training. Beyond these AI providers:

• No Google user data is sold to any third party.
• No Google user data is used for serving advertisements or ad targeting.
• No Google user data is transferred to any other third party unless necessary to comply with applicable law or a valid legal process.

Limited Use Disclosure

FreightFlow360's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

• We only use Google user data to provide and improve user-facing features of FreightFlow360 (automated load extraction and shipment tracking).
• We do not use Google user data for serving advertisements or building advertising profiles.
• We do not allow humans to read Google user data unless: (a) we have the user's affirmative agreement, (b) it is necessary for security purposes such as investigating abuse, (c) it is necessary to comply with applicable law, or (d) our use is limited to internal operations and the data has been aggregated and anonymized.
• We do not transfer Google user data to third parties except as necessary to provide the email parsing feature (AI processing as described above), for security purposes, or as required by applicable law.

Data Retention & Deletion

• OAuth refresh tokens are stored securely and retained only while your Gmail connection is active.
• When you disconnect your Gmail inbox via Settings, the stored refresh token is immediately deleted and no further API calls are made to your inbox.
• Email message content is processed in real-time and discarded — only extracted structured shipment data and minimal metadata persist.
• You may request full deletion of all Google-derived data by emailing privacy@freightflow360.com or by deleting your account.

Revoking Access

You can revoke FreightFlow360's access to your Google data at any time:

• Disconnect your Gmail inbox from the Settings page within FreightFlow360.
• Revoke access directly via your Google Account permissions.
• Upon revocation, all stored tokens for that connection are deleted and inbox scanning ceases immediately.

You have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your account and data
• Disconnect your email inbox at any time via Settings
• Revoke Google access at any time via your Google Account permissions
• Export your shipment data

To exercise these rights, email us at privacy@freightflow360.com.

We use a JSON Web Token (JWT) stored in your browser's localStorage for authentication. We do not use third-party tracking cookies or advertising cookies.

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date.

If you have questions about this Privacy Policy, contact us at:

FreightFlow360
Email: privacy@freightflow360.com
Web: freightflow360.com