Privacy Policy

Effective Date: May 26, 2026

1. Introduction

Fleet Management (“Company”, “we”, “our”, or “us”) operates the Fleet Management platform available at hamadev.net (the “Service”). This Privacy Policy describes how we collect, use, store, share, and protect your personal and operational information when you access or use the Service.

By creating an account or otherwise using the Service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with any part of this policy, you must not use the Service.

2. Information We Collect

2.1 Account & Profile Information. When you register or are invited to the platform, we collect:

  • Full name
  • Email address
  • Password (stored exclusively in bcrypt-hashed form; we never store plaintext passwords)
  • Phone number (optional)
  • Profile image (if uploaded)
  • Role assignment within the organization (Super Admin, Admin Pro, Admin, Member, Driver)
  • Account status (active, pending approval, suspended)

2.2 Third-Party Authentication Data. If you sign in using Google Single Sign-On (SSO), we receive from Google:

  • Your Google account email address
  • Your display name
  • Your Google profile image URL
  • A unique Google account identifier

We do not receive or store your Google password. Google’s own privacy policy governs how Google handles your data.

2.3 Operational & Business Data. In the course of using the Service, you may create, upload, or input:

  • Vehicle information (license plates, unit numbers, VIN, dimensions, weight capacity, type, status)
  • Load and shipment records (pickup/delivery locations, dates, times, routes, distances, weights, commodity descriptions)
  • Financial data (payment amounts, carrier rates, dispatch fees, fuel expenses, maintenance costs)
  • Company and broker information (business names, contact persons, addresses, MC/DOT numbers, payment terms)
  • Maintenance records (service types, dates, costs, mileage, notes, next service dates, custom maintenance categories)
  • Expense records and fuel receipts (amounts, dates, categories, associated vehicles)
  • Notes, instructions, and internal comments attached to loads or vehicles
  • Document uploads (BOL, POD, rate confirmations, receipts)

2.4 AI-Processed Data. The Service offers an optional AI-powered auto-fill feature for load creation. When you use this feature:

  • Text you paste into the auto-fill field is sent to a large language model (LLM) API for structured extraction
  • The LLM processes the text to identify dates, addresses, company names, rates, weights, and other load-related fields
  • The extracted data is returned to your browser and pre-filled into the form; it is not stored separately from the resulting load record
  • We do not use your submitted text to train AI models

2.5 Automatically Collected Technical Information.

  • IP address and approximate geographic location derived from IP
  • Browser type, version, and operating system
  • Device type and screen resolution
  • Pages visited, features used, and timestamps of activity
  • Referring URLs and exit pages
  • Authentication session tokens and cookies

2.6 Geolocation Data. The ZIP code lookup feature may request access to your device’s precise location. This is entirely optional, requires explicit browser permission, and location coordinates are used only in real-time for the lookup—they are not stored on our servers.

3. How We Use Your Information

We process your information for the following purposes:

  • Service Delivery: To operate, maintain, and provide all features of the fleet management platform, including load tracking, dispatch, vehicle management, maintenance scheduling, financial reporting, and route visualization
  • Authentication & Access Control: To verify your identity, manage role-based permissions, enforce activity-based access restrictions, and maintain secure sessions
  • AI-Powered Features: To provide automated text parsing and form auto-fill capabilities for load creation
  • Communications: To send service-related notifications including account approvals, invitation links, password reset emails, and system alerts
  • Analytics & Reporting: To generate dashboards, statistics, financial summaries, mileage reports, and operational insights for your fleet
  • Data Export: To produce downloadable reports (CSV, Excel) of your operational data upon your request
  • Security & Fraud Prevention: To detect unauthorized access, monitor for suspicious activity, and protect against abuse
  • Legal Compliance: To comply with applicable laws, tax reporting requirements, and regulatory obligations
  • Service Improvement: To analyze usage patterns in aggregate to improve features, fix bugs, and optimize performance

4. Data Sharing and Disclosure

4.1 No Sale of Personal Data. We do not sell, rent, license, or trade your personal information to third parties for marketing, advertising, or any other commercial purpose.

4.2 Service Providers. We share data with trusted third-party service providers who assist in operating the Service, including:

  • Cloud Infrastructure: Secure hosting and database services for data storage and application delivery
  • AI/LLM Providers: Processing of text data for the auto-fill feature (data is processed per their data processing agreements and is not used for model training)
  • Email Services: Delivery of transactional emails (account verification, notifications, password resets)
  • Geocoding & Mapping: Address lookup, ZIP code resolution, and route visualization
  • Authentication Providers: Google (for SSO functionality only)

All service providers are bound by contractual obligations to protect your data and use it only for the specified purposes.

4.3 Within Your Organization. Data visibility within the platform follows strict role-based access control:

  • Drivers can view their assigned loads, associated company names, rates, and their own expense records
  • Members can access loads, vehicles, and basic operational data
  • Admins can manage loads, vehicles, companies, and view financial data
  • Admin Pro & Super Admin have full access including statistics, map analytics, data exports, user management, and system settings

Access to certain features (Map, Board, Statistics, Export) is additionally restricted based on activity—users must have recent operational data to access these pages.

4.4 Legal Disclosure. We may disclose your information when required to:

  • Comply with applicable law, regulation, or legal process
  • Respond to lawful requests from government authorities
  • Enforce our Terms of Service
  • Protect the rights, safety, or property of Fleet Management, our users, or the public

4.5 Business Transfers. In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your information may be transferred as part of the transaction. We will notify affected users before their information becomes subject to a different privacy policy.

5. Data Storage, Security & Infrastructure

5.1 Storage Location. Your data is stored on secure cloud servers. Database backups are maintained to ensure data durability and disaster recovery.

5.2 Security Measures. We implement multiple layers of security:

  • Password hashing using the bcrypt algorithm with salt rounds
  • JWT-based authentication tokens with configurable expiration
  • Server-side role-based access control enforcement on every API endpoint
  • Middleware-level route protection for all authenticated pages
  • HTTPS/TLS encryption for all data in transit
  • Session management with secure, httpOnly cookies
  • Activity-based access restrictions that limit feature availability based on operational data
  • Input validation and sanitization to prevent injection attacks
  • Rate limiting on authentication endpoints

5.3 Data Breach Response. In the event of a data breach affecting your personal information, we will:

  • Investigate and contain the breach promptly
  • Notify affected users within 72 hours of becoming aware of the breach
  • Notify relevant supervisory authorities as required by applicable law
  • Provide information about what data was affected and steps you can take to protect yourself

6. Data Retention

6.1 Active Accounts. We retain your personal and operational data for as long as your account remains active and the Service is being used.

6.2 Operational Records. Load records, financial data, expense reports, and maintenance logs are retained for the duration required by applicable tax, accounting, and business regulations (typically 3–7 years depending on jurisdiction).

6.3 Account Deletion. Upon account deletion:

  • Personal account data (name, email, profile) is permanently removed or anonymized
  • Operational records may be retained in anonymized form for aggregate reporting and legal compliance
  • Uploaded documents associated with active loads may be retained until the load lifecycle is complete

6.4 Inactive Accounts. Accounts inactive for an extended period may be subject to data archival or deletion with prior notice to the registered email address.

7. Your Rights

Depending on your jurisdiction (including but not limited to rights under GDPR, CCPA/CPRA, and other applicable privacy laws), you may exercise the following rights:

  • Right of Access: Request a copy of all personal data we hold about you
  • Right to Rectification: Request correction of inaccurate or incomplete personal data
  • Right to Erasure: Request deletion of your personal data, subject to legal retention obligations
  • Right to Data Portability: Receive your data in a structured, commonly used, machine-readable format (CSV/Excel export is available within the Service)
  • Right to Restrict Processing: Request limitation of processing in certain circumstances
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of prior processing
  • Right to Non-Discrimination: Exercise your privacy rights without receiving discriminatory treatment

To exercise any of these rights, contact us at [email protected]. We will respond to verifiable requests within 30 days.

8. Cookies, Sessions & Local Storage

8.1 Essential Cookies. The Service uses strictly necessary cookies for:

  • Authentication session management (next-auth session token)
  • CSRF protection tokens
  • User preference storage (theme selection: light/dark mode)

8.2 Local Storage. The Service uses browser local storage to persist:

  • UI preferences (sidebar state, view mode selections, column visibility)
  • Draft form data (unsaved load or expense entries to prevent data loss)
  • Theme preference

8.3 No Advertising Cookies. We do not use third-party advertising, tracking, or analytics cookies. We do not participate in cross-site tracking or behavioral advertising.

9. Third-Party Services

The Service integrates with the following categories of third-party services:

  • Cloud Hosting: Application and database hosting infrastructure
  • AI/Machine Learning: Large language model API for text parsing and auto-fill functionality
  • Authentication: Google OAuth 2.0 for single sign-on
  • Email Delivery: Transactional email service for notifications
  • Geocoding: Address and ZIP code lookup services
  • Mapping: Map tile and route visualization providers
  • File Storage: Cloud object storage for uploaded documents

Each third-party service operates under its own privacy policy and data processing terms. We select providers that maintain appropriate data protection standards and enter into data processing agreements where required.

10. International Data Transfers

Your data may be processed in jurisdictions outside your country of residence, including the United States. When transferring data internationally, we ensure appropriate safeguards are in place, including standard contractual clauses or other legally recognized transfer mechanisms.

11. Additional Disclosures for California Residents

If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) provide you with additional rights:

  • Categories of Information Collected: Identifiers, commercial information, internet activity, geolocation data, and professional information as described in Section 2
  • Business Purpose: All data is collected and used solely for the business purposes described in Section 3
  • No Sale or Sharing: We do not sell or share your personal information as defined under the CCPA/CPRA
  • Right to Know, Delete, and Correct: You may submit verifiable requests as described in Section 7
  • Authorized Agent: You may designate an authorized agent to submit requests on your behalf

12. Children’s Privacy

The Service is designed for business use and is not intended for individuals under the age of 18. We do not knowingly collect personal information from minors. If we become aware that personal data has been collected from a person under 18, we will take immediate steps to delete that information. If you believe a minor has provided us with personal data, please contact us at [email protected].

13. Changes to This Privacy Policy

We reserve the right to update this Privacy Policy at any time. When we make material changes, we will:

  • Update the “Effective Date” at the top of this page
  • Post a prominent notice within the Service
  • Send notification to registered email addresses for significant changes

Your continued use of the Service after the effective date of any changes constitutes your acceptance of the revised Privacy Policy.

14. Contact Information

For any questions, concerns, or requests regarding this Privacy Policy, your personal data, or our privacy practices, please contact:

Fleet Management

Email: [email protected]

Website: hamadev.net

We aim to respond to all privacy-related inquiries within 30 calendar days.