Privacy Policy

This Privacy Policy describes how FreightSurf (“FreightSurf,” “we,” “us,” or “our”) collects, processes, and protects information in connection with the FreightSurf operational intelligence platform (the “Service”). FreightSurf is an AI-powered inbox intelligence platform designed for freight brokers. It connects to Gmail via OAuth, processes carrier-related email communications, verifies carriers against FMCSA data, and provides load-matching and AI-assisted workflow tools.

This Policy applies to all users of the FreightSurf platform, including individual brokers, brokerage teams, and enterprise customers. By accessing or using the Service, you acknowledge that you have read and understood this Privacy Policy.

FreightSurf collects several categories of information to provide and improve the Service:

Account Information

When you create an account, we collect your name, email address, company name, and billing information (processed securely through our payment provider). We do not store full payment card numbers.

Gmail & Inbox Data

FreightSurf accesses your Gmail inbox via OAuth to identify, classify, and process carrier-related communications. See Section 3 for a complete description of Gmail data handling, including which scopes are requested and what actions are taken.

Freight Intelligence Data

Structured data extracted from carrier email communications, including: carrier names, MC and DOT numbers, lane information (origin/destination), equipment types, offered rates, availability windows, contact information, and thread metadata. This data forms your operational carrier intelligence database within the platform.

FMCSA Verification Records

Results of carrier verification queries made against the FMCSA national database, including authority status, safety ratings, insurance information, and operating history. This is government-sourced public data.

Usage & Platform Data

Information about how you interact with the platform, including features accessed, session duration, actions performed, error events, and performance data. This data is used to maintain service reliability, troubleshoot issues, and improve the platform.

Support & Communication Data

If you contact our support team, we collect the content of your communications, including support tickets, feedback submissions, and email correspondence.

OAuth Scopes Requested

FreightSurf requests the following Google OAuth permissions:

• gmail.readonly — to monitor your Gmail inbox and read carrier email content for classification and intelligence extraction.
• gmail.send — requested only when you enable AI-assisted reply and outbound email features. This scope is used solely to send outbound emails that you explicitly compose and authorize within the FreightSurf platform.

How FreightSurf Processes Gmail Data

• FreightSurf temporarily analyzes all inbound emails in your connected Gmail account to identify carrier-related communications.
• Emails not identified as carrier communications are immediately discarded. They are not retained, indexed, stored, or used in any further processing.
• Emails identified as carrier communications are processed to extract structured freight intelligence: MC numbers, lanes, rates, equipment, availability, and contact data.
• Extracted carrier intelligence and associated email metadata are retained in your FreightSurf account as part of your operational database.
• When you use AI-assisted reply features, FreightSurf may compose outbound email replies on your behalf. Outbound emails are only sent upon your explicit authorization — never automatically.

What FreightSurf Does NOT Do With Gmail Data

• Does not sell, share, or transfer your Gmail data to any third party for their independent use.
• Does not use Gmail data for advertising, marketing profiling, or audience targeting.
• Does not use Gmail content to train or fine-tune any general-purpose AI or machine learning model.
• Does not store non-carrier email content, message bodies, attachments, or metadata from emails not related to freight operations.
• Does not access Gmail data except when actively providing the Service to your account.
• Does not allow employees to read your email content except where required for security investigation, legal compliance, or at your explicit request for technical support.

Revoking Gmail Access

You can revoke FreightSurf's Gmail access at any time from your Google Account settings at myaccount.google.com/permissions. Revoking access will suspend inbox monitoring. Carrier intelligence already extracted and stored in your FreightSurf account will remain available until you request deletion.

FreightSurf's use of Google APIs is subject to the Google API Services User Data Policy, including the Limited Use requirements.

FreightSurf uses artificial intelligence and machine learning to provide its core operational intelligence features. This section discloses how AI is used and the limits of that use.

AI Features

• Email classification — identifying which inbox messages are carrier communications.
• Data extraction — parsing unstructured carrier email content into structured fields.
• Risk scoring — analyzing carrier signals to produce a composite risk indicator.
• Load matching — ranking carrier availability against active load requirements.
• Reply suggestions — generating draft email responses and counter-offer recommendations based on carrier communication context.

Third-Party AI Processing

FreightSurf uses the OpenAI API to power natural language processing features. When email content is submitted to OpenAI for classification or extraction, it is transmitted via encrypted API calls under an enterprise API agreement that prohibits OpenAI from using your data to train or improve OpenAI's models. Your carrier communications and business data are not used to benefit third parties.

AI Output Limitations

AI-generated outputs — including risk scores, carrier rankings, reply suggestions, and counter-offer recommendations — are operational intelligence tools designed to inform your decisions. They are not determinative, and FreightSurf does not guarantee their accuracy, completeness, or suitability for any specific freight transaction. All final decisions regarding carrier selection, rate negotiation, and load booking remain your responsibility.

We use the information we collect for the following purposes:

• To provide, operate, and maintain the FreightSurf platform and its features.
• To process and classify carrier email communications on your behalf.
• To verify carriers against the FMCSA national database.
• To generate risk scores, load matches, and AI-assisted workflow recommendations.
• To maintain and update your carrier intelligence database.
• To send transactional communications related to your account, billing, and service status.
• To provide customer support and respond to technical inquiries.
• To monitor, diagnose, and improve platform performance and reliability.
• To comply with applicable legal obligations.

FreightSurf stores and processes data on enterprise-grade cloud infrastructure operated under strict security controls.

• All data transmitted between your browser and FreightSurf is encrypted using TLS 1.3.
• All data stored at rest — including carrier intelligence, account information, and extracted freight data — is encrypted using AES-256.
• Access to production systems is restricted to authorized personnel using least-privilege access controls.
• Infrastructure is monitored continuously for security events and anomalies.
• Database access is logged and audited.

For a detailed description of our security practices, see our Security page.

FreightSurf engages the following third-party service providers (“subprocessors”) to deliver the Service. All subprocessors are contractually bound to protect your data in accordance with applicable privacy law.

FreightSurf does not share your data with subprocessors beyond what is necessary to provide the Service. We review subprocessor security practices before engagement.

While Your Account Is Active

Account information, carrier intelligence, extracted freight data, and FMCSA verification records are retained for the duration of your active subscription. Historical carrier data is retained according to your plan tier (30 days on Starter, 180 days on Pro, 2 years on Team, unlimited on Enterprise).

Non-Carrier Email Content

Email content from messages not identified as carrier communications is not retained. It is processed temporarily during inbox scanning and immediately discarded.

After Account Termination

Upon account cancellation or termination, your data is retained for 30 days to allow for data export or reactivation. After 30 days, all personal account data and carrier intelligence is permanently deleted from active systems. Anonymized, aggregated operational metrics not attributable to any individual may be retained for service improvement purposes.

Legal Hold

Notwithstanding the above, FreightSurf may retain data for longer periods where required by applicable law, legal process, or to establish, exercise, or defend legal claims.

Depending on your location, you may have the following rights with respect to your personal data. To exercise any of these rights, contact privacy@freightsurf.com.

Access

You may request a copy of all personal data FreightSurf holds about you, including your account information and extracted carrier intelligence.

Correction

You may request correction of inaccurate or incomplete personal data associated with your account.

Deletion (Right to Be Forgotten)

You may request deletion of your account and all associated personal data. See Section 12 for account deletion procedures.

Data Portability

You may request an export of your carrier intelligence data in a standard machine-readable format (JSON or CSV).

Restriction of Processing

You may request that FreightSurf restrict processing of your personal data in certain circumstances, such as while a correction request is being assessed.

Objection

Where processing is based on legitimate interests, you may object to that processing. FreightSurf will assess whether its legitimate interests override your objection.

California Residents (CCPA/CPRA)

California residents have additional rights under the California Consumer Privacy Act, including the right to know what personal information is collected, the right to opt out of the sale of personal information (FreightSurf does not sell personal information), and the right to non-discrimination for exercising CCPA rights. To submit a CCPA request, contact privacy@freightsurf.com.

EEA, UK & Swiss Residents (GDPR)

If you are located in the European Economic Area, United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation (GDPR) including those listed above, plus the right to lodge a complaint with your local supervisory authority if you believe your rights have been violated.

FreightSurf's infrastructure is primarily operated in the United States. If you access the Service from outside the United States, your data may be transferred to, stored in, and processed in the United States, which may have different data protection laws than your country of residence.

For users in the European Economic Area, United Kingdom, or Switzerland, FreightSurf relies on Standard Contractual Clauses (SCCs) approved by the European Commission as the legal mechanism for transferring personal data outside the EEA. Copies of applicable SCCs are available upon request at privacy@freightsurf.com.

FreightSurf uses cookies and similar technologies to operate the platform and maintain session state. We do not use advertising cookies or cross-site tracking technologies.

• Strictly necessary cookies — required for authentication, session management, and core platform functionality. These cannot be disabled without impairing the Service.
• Analytics cookies — used to understand how the platform is used in aggregate, to improve reliability and feature design. These collect no personally identifiable information beyond what is necessary for session analysis.

FreightSurf does not use cookies to build advertising profiles, retarget users across other websites, or share behavioral data with third-party ad networks.

To delete your FreightSurf account and associated data:

• Submit a deletion request to support@freightsurf.com from your registered account email address, or
• Use the account deletion option within your FreightSurf account settings, if available.

We will process your deletion request within 10 business days. You will receive a confirmation when deletion is complete. Following deletion, your data will be permanently removed from active systems within 30 days, subject to any legal hold obligations described in Section 8.

Before requesting deletion, you may wish to export your carrier data (see Section 9). Data export requests are processed within 5 business days.

FreightSurf may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other operational factors. When we make material changes, we will notify you via email to your registered address and post a notice on the platform at least 30 days before the changes take effect.

Your continued use of the Service after the effective date of an updated Privacy Policy constitutes acceptance of the updated terms. If you do not agree with the changes, you may cancel your subscription and request account deletion before the effective date.

For privacy-related questions, data requests, or concerns about this Privacy Policy, please contact us:

We aim to respond to all privacy inquiries within 5 business days.