Privacy Policy
Website: www.MegaTMS.com
Contact: support@MegaTMS.com
Introduction
MegaTMS (“we,” “our,” or “us”) operates the MegaTMS freight management platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website (www.MegaTMS.com), our web application, and the MegaTMS Driver mobile application (available on the Google Play Store and Apple App Store).
This policy applies to:
- Carrier owners, dispatchers, safety managers, and team members who use MegaTMS to manage freight documents and operations
- Drivers who use the MegaTMS Driver mobile app to view loads, scan documents, and submit requests
- Contractors whose information is entered by carrier staff
- Visitors to our website
We are committed to protecting your privacy and complying with applicable data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
Information We Collect
1. Information You Provide Directly
Account Information:
- Full name
- Email address
- Password (stored securely hashed, never in plain text)
- Google account information (if you sign in with Google)
Business Information (for carrier owners):
- Company / carrier name
- USDOT number, MC number, and other operating credentials
- Business address and contact information
- Team member details (names, emails, roles)
Document Data (uploaded or entered by your team):
- Freight documents including bills of lading, rate confirmations, proof of delivery, insurance certificates, IFTA filings, and 30+ other document types
- Extracted fields such as driver names, vehicle information, load details, financial data, and dates
- Driver records including applications, MVRs, and medical cards
- Vehicle records including VINs, inspection reports, and maintenance logs
- Load data extracted from rate confirmations (customer details, stops, commodities, rates, reference numbers)
- Compliance data including audit readiness scores, expiration dates, and compliance status across driver and vehicle categories
Usage and Interaction Data:
- AI search queries you submit and the responses generated
- Document share links you create and their access logs
- API keys and API usage logs (endpoints accessed, timestamps)
MegaTMS Driver Mobile App Data:
- Driver login credentials (company code, username; passwords are transmitted securely and never stored in plain text)
- Photos and scanned documents captured using the device camera
- Stop check-in and check-out timestamps
- Detention and reimbursement request data including amounts, notes, and attached receipt images
- Saved login preferences (if “Remember Me” is enabled, credentials are stored in the device’s encrypted keychain)
2. Information Collected Automatically
Technical Information:
- IP address (for security and fraud prevention)
- Browser type and version
- Device type and operating system
- Pages visited and features used
- Date and time of access
Session Information:
- Login timestamps
- Session duration
Mobile Device Information (MegaTMS Driver app):
- Device type, model, and operating system version
- App version
- Authentication tokens stored in secure device storage (Android Keystore / iOS Keychain)
3. Information from Third Parties
We may receive information from integrated services you connect:
- Google (authentication)
- Stripe (payment processing status)
- OpenAI (document field extraction results)
How We Use Your Information
We use collected information for the following purposes:
Service Delivery:
- Provide and maintain our document management platform
- Process and store uploaded freight documents
- Extract data fields from documents using AI
- Process AI search queries by sending relevant document content to AI providers and returning generated responses
- Extract structured load data from rate confirmations via the AI Load Creator
- Generate and manage document share links for temporary third-party access
- Authenticate and log API requests for TMS integration
- Calculate compliance scores and generate expiration alerts based on uploaded documents
- Manage user accounts and authentication
- Process subscription payments
- Provide customer support
Communication:
- Send service updates and notifications
- Respond to inquiries and support requests
- Send transactional emails (account confirmations, billing)
Security and Fraud Prevention:
- Detect and prevent fraudulent activity
- Monitor for security threats
- Enforce our terms of service
Improvement:
- Analyze usage patterns to improve our service
- Develop new features and functionality
- Improve document extraction accuracy
Legal Compliance:
- Comply with legal obligations
- Respond to lawful requests from authorities
- Protect our legal rights
Legal Basis for Processing (GDPR)
If you are in the European Economic Area (EEA), we process your data based on:
1. Contract Performance
Processing necessary to provide our services to you.
2. Legitimate Interests
Security, fraud prevention, and service improvement, where our interests don’t override your rights.
3. Consent
Marketing communications (you can opt out anytime) and optional features.
4. Legal Obligation
Tax and financial record-keeping, and response to legal process.
Data Sharing and Disclosure
We do NOT sell your personal information. We may share data with:
1. Service Providers
We use trusted third-party services to operate our platform:
| Provider | Purpose | Data Shared |
|---|---|---|
| Supabase | Database & Authentication | All account and business data |
| Stripe | Payment Processing | Billing details, amounts |
| Vercel | Hosting & CDN | Technical access logs |
| OpenAI | Document AI Extraction | Uploaded document content |
| AWS | File Storage | Uploaded document files |
| Google Play Store | Mobile App Distribution (Android) | App installation data (managed by Google) |
| Apple App Store | Mobile App Distribution (iOS) | App installation data (managed by Apple) |
| Expo / EAS | Mobile App Build Infrastructure | App build artifacts (no user data) |
All providers are bound by data processing agreements.
2. Legal Requirements
We may disclose information:
- To comply with legal process or government requests
- To protect our rights, property, or safety
- To prevent fraud or security threats
3. Business Transfers
If we merge with or are acquired by another company, your information may be transferred as part of that transaction. We will notify you of any change.
Data Retention
We retain your information as follows:
| Data Type | Retention Period |
|---|---|
| Active account data | Duration of your account + 30 days |
| Uploaded documents | As long as your account is active |
| AI search queries & responses | Duration of your account |
| Load data (AI Load Creator) | As long as your account is active |
| Compliance scores & alerts | Recalculated in real time; no historical retention |
| Document share link access logs | 90 days after link expiration or revocation |
| API usage logs | 90 days (then anonymized) |
| Billing and payment history | 7 years (legal/tax requirements) |
| Session logs | 30 days after expiration |
| Support conversations | 2 years after resolution |
| IP addresses | 90 days (then anonymized) |
| Mobile app scanned documents | Deleted from device after upload; stored on server as long as account is active |
| Mobile app saved credentials | Stored in device encrypted keychain until user disables “Remember Me” or logs out |
| Detention & reimbursement requests | As long as your account is active |
You may request earlier deletion subject to legal retention requirements.
Your Privacy Rights
Rights for All Users
- Access: Request a copy of your personal data
- Correction: Update inaccurate information
- Deletion: Request deletion of your data
- Portability: Receive your data in a portable format
- Objection: Object to certain processing activities
- Restriction: Request limited processing of your data
Additional Rights for California Residents (CCPA)
- Right to know what personal information is collected
- Right to know if personal information is sold or disclosed
- Right to opt-out of the sale of personal information
- Right to non-discrimination for exercising privacy rights
WE DO NOT SELL YOUR PERSONAL INFORMATION.
Additional Rights for EEA Residents (GDPR)
- Right to lodge a complaint with your local data protection authority
- Right to withdraw consent at any time
To exercise these rights, contact us at: support@MegaTMS.com
We will respond within:
- 30 days for GDPR requests
- 45 days for CCPA requests
Cookies and Tracking
We use the following cookies:
Essential Cookies (Required)
- Authentication session cookies
- CSRF protection tokens
- Security preferences
These cannot be disabled as they are necessary for the application to function.
We do NOT use:
- Advertising or tracking cookies
- Third-party marketing pixels
- Cross-site tracking
Data Security
We implement industry-standard security measures:
Technical Safeguards:
- Encryption for sensitive data and document storage
- HTTPS/TLS encryption for all data in transit
- Secure password hashing (bcrypt via Supabase)
- CSRF protection on all forms
- Rate limiting to prevent abuse
Organizational Safeguards:
- Multi-tenant data isolation (each company’s data is completely separate)
- Role-based access controls
- Regular security reviews
Infrastructure:
- Hosted on Vercel (SOC 2 Type 2 certified)
- Database on Supabase (SOC 2 Type 2 certified)
- Document storage on AWS (SOC 2 Type 2 certified)
- Automatic backups with encryption
International Data Transfers
Our services are hosted in the United States. If you access our services from outside the US, your information will be transferred to and processed in the US.
For EEA users, we rely on:
- Standard Contractual Clauses (SCCs) with our service providers
- Adequacy decisions where applicable
Children’s Privacy
Our services are not intended for individuals under 16 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.
Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by:
- Posting the new policy on our website
- Sending an email to your registered address
- Displaying a notice in the application
Your continued use after changes constitutes acceptance of the updated policy.
Contact Us
For privacy-related inquiries:
Email: support@MegaTMS.com
For CCPA requests:
- Email: support@MegaTMS.com
- Subject line: “CCPA Request”
Response times:
- General inquiries: 5 business days
- Data access/deletion requests: 30 days (GDPR) / 45 days (CCPA)
Do Not Sell My Personal Information (CCPA)
California residents have the right to opt-out of the sale of their personal information. MegaTMS does not sell personal information to third parties.
If you have questions about this, contact: support@MegaTMS.com