Skip to content
Legal

Privacy Policy

Effective June 2, 2026 · Last updated · June 4, 2026

CarShipOS ("CarShipOS", "we", "us", or "our") provides a transportation management platform for auto-transport brokers (the "Service"). This Privacy Policy explains what information we collect, how we use and share it, and the choices you have. It applies to our website and the Service. By using CarShipOS you agree to this Policy.

1. Who this Policy covers

Brokers and their staff who use the Service ("Customers"). Customers are the controllers of the data they load into the platform.

Visitors to our website.

Individuals whose information a Customer enters into the platform (for example, the broker's own end-customers and carriers). For that data we act as a processor on the Customer's behalf; the Customer's own privacy notice governs how they use it.

2. Information we collect

Account information: name, work email, phone, company/workspace name, role, and authentication data (including two-factor settings). Passwords are stored hashed.

Customer content: shipment, quote, dispatch, carrier, and customer records, documents, messages, notes, and other data you enter or upload into your workspace.

Payment information: when you subscribe, billing is processed by our payment processor (Stripe). We do not store full card numbers; we retain limited billing metadata (e.g., plan, status, last four digits).

Connected email accounts: if you connect Gmail or Zoho Mail via OAuth, we receive access tokens and the email data needed to send, read, and organize messages for the mailboxes you connect (see Section 4).

Usage and device data: log data, IP address, browser/device information, pages viewed, and actions taken, collected via cookies and similar technologies.

3. How we use information

To provide, operate, secure, and improve the Service.

To authenticate users, enforce access controls, and maintain audit logs.

To process subscriptions and payments and to send service, security, and billing communications.

To provide support and respond to requests.

To detect, prevent, and address fraud, abuse, and security incidents.

To comply with legal obligations.

4. Connected email accounts (Google & Zoho)

When you connect a Google or Zoho mailbox, we request only the scopes needed to operate the email features you use — sending email on your behalf, reading messages to sync your inbox/threads, and reading account aliases so you can choose a valid "from" address.

Limited Use: CarShipOS's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements. We use Google user data only to provide and improve the email features you enable, do not transfer it except as necessary to provide those features (or with your consent, for security, or to comply with law), do not use it for advertising, and do not allow humans to read it except with your consent, for security, to comply with law, or where the data is aggregated/anonymized.

You can disconnect a mailbox at any time in Settings → Email; doing so revokes our stored tokens. You may also revoke access from your Google or Zoho account security settings.

5. How we share information

Service providers (subprocessors) that help us run the Service, under contract and only as needed — for example: cloud hosting and infrastructure, our payment processor (Stripe), and email delivery providers (e.g., SendGrid). A current list is available on request.

Within your workspace: your content is accessible to authorized users of your own workspace according to the roles you assign.

Legal and safety: when required by law or to protect rights, safety, or the integrity of the Service.

Business transfers: in connection with a merger, acquisition, or sale of assets, subject to this Policy.

We do not sell personal information.

6. Data retention

We retain account and Customer content for as long as your account is active and as needed to provide the Service. After termination we delete or anonymize data within a commercially reasonable period, except where retention is required for legal, accounting, security, or audit purposes.

You can export or request deletion of your data as described in Section 8.

7. Security

We use technical and organizational measures to protect data, including encryption in transit, encryption of sensitive fields at rest, tenant isolation, role-based access controls, and audit logging. No method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

8. Your rights and choices

Depending on your location, you may have rights to access, correct, delete, or port your personal information, and to object to or restrict certain processing. Customers can manage much of this directly in-product or by contacting us.

If you are an individual whose data was entered by a broker (a Customer), please direct requests to that broker; we will support them in responding.

To exercise rights or ask questions, contact privacy@carshipos.work.

9. Cookies

We use strictly necessary cookies for authentication and session management, and limited analytics cookies to understand and improve usage. You can control cookies through your browser settings; disabling some cookies may affect functionality.

10. International transfers

We may process and store information in countries other than where you reside. Where required, we use appropriate safeguards for cross-border transfers.

11. Children

The Service is for business use and is not directed to children under 16. We do not knowingly collect personal information from children.

12. Changes to this Policy

We may update this Policy from time to time. We will post the updated version with a new "Last updated" date and, for material changes, provide additional notice.

13. Contact us

Questions about this Policy or your data: privacy@carshipos.work. General support: support@carshipos.work.