Privacy Policy

1. Information We Collect

We collect information you provide directly to us, such as when you create an account, add vehicles, or contact support. This includes your name, email address, company name, phone number, and fleet data (vehicle positions, routes, shipment details). We also collect usage data automatically, including IP address, browser type, and pages visited.

2. How We Use Your Information

We use the information we collect to provide, maintain, and improve our services; process transactions; send transactional communications; respond to support requests; and monitor for security threats. Fleet GPS data is used solely to provide the tracking and routing services you have requested.

3. Data Sharing

We do not sell your personal data. We share information only with service providers who help us operate the platform (hosting, analytics, payment processing), when required by law, or with your explicit consent. Fleet tracking data is never shared with third parties.

4. Data Retention

We retain your account data for as long as your account is active. Fleet tracking history is retained for 12 months by default. You may request deletion of your data at any time by contacting privacy@your-brand.example.

5. Security

We implement industry-standard security measures including TLS encryption in transit, AES-256 encryption at rest, role-based access controls, and regular security audits. Our infrastructure is hosted on SOC 2 Type II certified providers.

7. Cookies

We use essential cookies for authentication and session management. Analytics cookies are only set with your consent. You can manage cookie preferences at any time through the cookie banner.

9. Contact

For privacy-related enquiries, contact our Data Protection Officer at privacy@your-brand.example or write to: Dispatch Ltd, [Your registered office address].

6. Your Rights (UK & EU GDPR)

If you are located in the UK or European Economic Area, you have the following rights under UK GDPR / EU GDPR. To exercise any of these rights, contact privacy@your-brand.example. We will respond within one calendar month.

• Right of access — You may obtain a copy of the personal data we hold about you and information about how we process it.
• Right to rectification — You may have inaccurate or incomplete personal data corrected.
• Right to erasure (“right to be forgotten”) — You may request deletion of your personal data where we no longer have a lawful basis to retain it, or where you withdraw consent that was the sole legal basis.
• Right to restrict processing — You may ask us to pause processing your data while a dispute or objection is being resolved.
• Right to data portability — You may receive the personal data you provided to us in a structured, machine-readable format, and ask us to transmit it directly to another controller where technically feasible.
• Right to object — You may object to processing based on legitimate interests or direct marketing. We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms.
• Rights related to automated decision-making — You have the right not to be subject to a decision based solely on automated processing (including profiling) that produces legal or similarly significant effects, unless you have given explicit consent or it is necessary for a contract.
• Right to lodge a complaint — You may complain to a supervisory authority. In the UK, contact the Information Commissioner's Office at ico.org.uk. In the EU, contact your local Data Protection Authority.

7a. Your Rights — California & US State Privacy Laws

California residents have rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA). Residents of Colorado, Connecticut, Texas, Virginia, and other states with comprehensive privacy laws have similar rights under their respective statutes.

• Right to know — You may request disclosure of the categories and specific pieces of personal information we have collected about you, the categories of sources, the purposes for collection, and categories of third parties with whom we share it.
• Right to delete — You may request deletion of personal information we have collected, subject to limited exceptions (e.g. completing a transaction, legal compliance, security).
• Right to correct — You may request correction of inaccurate personal information we maintain about you.
• Right to opt out of sale or sharing — We do not sell personal information. If this changes, you will be able to opt out via the “Do Not Sell or Share My Personal Information” link in the footer. We honour the Global Privacy Control browser signal as a universal opt-out from sale or cross-context behavioural advertising.
• Right to limit use of sensitive personal information — You may direct us to use sensitive personal information only to the extent necessary to provide requested services.
• Non-discrimination — We will not discriminate against you for exercising any of these rights by denying services, charging different prices, or providing a lower quality of service.

To submit a verifiable consumer request, contact privacy@your-brand.example. CPRA allows us up to 45 days to respond (extendable to 90 days with notice).

8. Do Not Track & Global Privacy Control

Some browsers transmit “Do Not Track” (DNT) signals. There is no current industry-wide standard for how websites must respond to DNT. When we detect a DNT signal we treat it as a request to disable analytics and behavioural-advertising cookies; essential and functional cookies continue to operate.

We do honour the Global Privacy Control (GPC) browser signal as a valid opt-out from sale or sharing of personal information, as required by California (CPRA), Colorado, Connecticut, and other US states with GPC mandates. When a GPC signal is detected on first visit, analytics and advertising cookies are not set without separate consent.