Privacy Policy

1. Information we collect

We collect the following categories of information:

1.1 Account and contact information

• Name, business email address, business phone number, and role on your team (e.g., dispatcher, sales agent, carrier representative, shipper contact).
• We use email-based magic-link sign-in for authentication. We do not collect or store account passwords ourselves; authentication is handled by Supabase Auth (see Section 6).

1.2 Customer, carrier, and prospect records

• Business contact records for customers, carriers, and prospects you work with — including company name, contact name, business email, business phone, and office location (city/state).
• Pickup and delivery contact information associated with a specific load (contact name and business phone at origin and destination). This information is only released to a carrier after a rate confirmation has been signed for that load.

1.3 Load and shipment data

• Pickup and delivery cities, states, and postal codes; commodity descriptions; weight and dimensions; equipment type; load status; quoted and contracted rates; rate confirmations and signed agreements.

1.4 Carrier-verification documents

• For each carrier we work with we store a "carrier packet": Motor Carrier (MC) number, USDOT number, Certificate of Insurance (COI), and W-9.
• For each load picked up by a carrier we also collect a photograph of the driver's identification card (the photo and name visible side) and a photograph of the truck and license plate that is picking up the load. These photographs are collected solely for cargo-release verification and double-broker-fraud prevention at pickup, and are not used for any other purpose. We do not perform automated facial recognition or biometric matching against these photographs. Drivers customarily cover sensitive fields on their identification card (such as date of birth, license number, and address) before sending the photograph; we do not require or extract those fields.

1.5 Communications content

• Emails sent to lia@landairseaint.com for quote requests, load updates, or business correspondence — including sender name, sender email, subject, and body text. Drafts we generate on your behalf for outbound email or quote responses, until you review and send them.

1.6 Service usage and audit data

• Records of actions taken in the Service (e.g., load status changes, carrier vetting decisions, document uploads) so the team can audit what happened and when. We also collect standard request logs for operational and security purposes (IP address, browser type, timestamps).

2. How we collect information

We collect information from these sources:

• Directly from you when you create an account, fill in a form in the Service, upload a document, or send us an email.
• From your AscendTMS account through a daily Google Drive export that we sync into the Service.
• From inbound email received at our intake address (lia@landairseaint.com) via a Gmail integration that hands the message to an automation workflow (n8n) before storing it in the Service.

3. How we use information

We use the information described above to:

• Operate the Service — quoting, dispatching, document management, communications.
• Verify the identity of carriers and drivers at pickup to prevent double-broker fraud and protect cargo.
• Draft business correspondence with AI assistance (see Section 4). All AI-generated content is reviewed by a human dispatcher before it is sent.
• Maintain transaction records required of property brokers under 49 CFR Part 371 and related Federal Motor Carrier Safety Administration regulations.
• Secure the Service, detect abuse, debug, and improve.
• Communicate with you about service updates, scheduled maintenance, and material changes to this Policy.

4. AI features and AI providers

The Service uses artificial intelligence to triage inbound emails, draft replies, draft outreach to prospects, and generate quote scenarios for your review. We use the following AI providers, each acting as a processor under contract:

• Anthropic (Claude API) and OpenAI as cloud-hosted providers. When we send content to these providers, it may include the body of an inbound email, the contact information of a prospect or customer, or load metadata. Each of these providers (a) does not use API inputs or outputs to train their public models, and (b) retains API inputs and outputs for up to 30 days for trust-and-safety abuse monitoring before deletion. We are not enrolled in zero-data-retention agreements with these providers at this time.
• A local language model (Ollama) running on hardware we operate. When we use the local model, no input or output leaves our environment.

AI outputs are draft suggestions only. A human dispatcher reviews and approves any external communication before it is sent.

If you would prefer that we not process your communications through cloud-hosted AI providers, write to us at the address in Section 12 and we will route your account's activity through the local model only where technically feasible.

5. Driver and truck photographs (cargo-release verification)

We collect driver identification photographs and truck/license plate photographs for the sole purpose of verifying at pickup that the driver and vehicle scheduled for a load are the ones that actually arrive. This protects the shipper's cargo from double-broker scams. Drivers participate in this verification voluntarily at the time of pickup. We do not perform automated facial recognition, biometric matching, or any other automated analysis on these photographs. Access to these photographs is restricted to the dispatcher coordinating the specific load, the carrier's own representatives, and administrators. Photographs are deleted upon your account deletion or as otherwise described in Section 8.

6. Sub-processors and third parties

We use the following sub-processors to operate the Service. Each is contractually bound to use Customer Data only on our instructions and to maintain appropriate security:

• Supabase (Supabase, Inc.) — primary database and authentication. US region. See supabase.com/legal/dpa.
• Vercel (Vercel Inc.) — web application hosting. US region. Seevercel.com/legal/dpa.
• Anthropic, PBC — Claude AI processing. Seeprivacy.claude.com.
• OpenAI, OpCo, LLC — AI processing. Seeopenai.com/enterprise-privacy.
• Google LLC (Google Workspace) — Gmail and Google Drive for our intake mailbox and master file sync. Seecloud.google.com/terms/data-processing-addendum.
• n8n GmbH — workflow automation that bridges inbound email and outbound notifications.
• AscendTMS (InMotion Global, Inc.) — transportation management system that originates the daily load and customer feed.

We do not sell or share your information for cross-context behavioral advertising, and we do not use third-party advertising trackers in the Service.

7. International data transfers

Information is stored and primarily processed in the United States. When we coordinate shipments that move through international ports — including to or from Canada, Puerto Rico, the Dominican Republic, Colombia, Ghana, and Nigeria — we may share load metadata (commodity, weight, dimensions, port of entry, consignee business contact) with port agents, freight forwarders, and customs brokers in the relevant country so that they can carry out the shipment on your instructions. These recipients act as your service providers for the shipment in question, not as our sub-processors.

8. How long we keep information

We keep information only as long as we need it for the purposes above:

• Inbound email content (subject, body, AI extraction) — the body text and extracted fields are redacted from our systems after approximately thirteen (13) months. We retain the header metadata (sender, received date) for operational statistics and audit history.
• Outbound draft messages — deleted after twelve (12) months from last edit unless tied to an active record.
• Audit records — retained for seven (7) years, consistent with broker recordkeeping norms under 49 CFR Part 371 and related anticipated rulemaking.
• Carrier-verification documents (DL photo, truck/plate photo, COI, MC/DOT records) — retained for the duration of the carrier relationship and for a reasonable period after final delivery to support dispute resolution and claims; on account deletion we remove them, except where law requires us to retain a record.
• Customer, carrier, prospect, and load records — retained for the life of the account; on account deletion we remove them, except where law requires us to retain a transaction record.

9. Your choices and your rights

9.1 Account deletion

You can request deletion of your account and the personal information associated with it at any time using the public form at /account-deletion, or by emailing the address in Section 12. We will acknowledge your request within ten business days and complete the deletion within thirty days of acknowledgment, except for records we are required by law to retain (for example, broker transaction records under 49 CFR Part 371). Self-serve in-app deletion is on our roadmap; until it ships, the form and email routes are the deletion paths.

9.2 California residents (CCPA / CPRA)

If you are a California resident, you have the following rights regarding your personal information, subject to legal limits:

• Right to know what categories and specific pieces of personal information we have collected about you and how we have used and shared it.
• Right to delete your personal information.
• Right to correct inaccurate personal information.
• Right to opt out of "sale" and "sharing" of your personal information. We do not sell or share personal information for cross-context behavioral advertising. We honor browser-level Global Privacy Control signals as a valid opt-out.
• Right against retaliation for exercising any of the above rights.

To exercise these rights, email us at the address in Section 12 from the email address associated with your account, or use the form at /account-deletion. We respond within 45 days. We may need to verify your identity before fulfilling a request.

9.3 Canadian residents (PIPEDA / Quebec Law 25)

If you are a resident of Canada, you have the right to access personal information we hold about you, to ask us to correct it if it is inaccurate, and to withdraw consent for processing on a going-forward basis. To exercise these rights, email the address in Section 12. If you are not satisfied with our response, you may contact the Office of the Privacy Commissioner of Canada at priv.gc.ca, or, if you reside in Quebec, the Commission d'accès à l'information du Québec at cai.gouv.qc.ca.

10. Security

We use technical and administrative measures to protect information against unauthorized access, alteration, disclosure, or destruction. These include row-level security in our database, role-based access controls, encrypted connections (HTTPS), encryption at rest provided by our hosting and database providers, signed-webhook authentication, and an append-only audit log of privileged actions. No system is perfectly secure, and we cannot guarantee that information will never be improperly accessed.

11. Changes to this Policy

We may update this Policy from time to time to reflect changes in our practices, our technology, or applicable law. When we make material changes we will post the updated Policy here with a new effective date and, where appropriate, notify you through the Service or by email. Your continued use of the Service after the effective date constitutes your acceptance of the updated Policy.

12. Contact us

For privacy questions, complaints, or requests to exercise the rights described above, contact us at:

Land Air & Sea Logistics Int LLC
Attn: Privacy
2807 N Parham Rd
Henrico, VA 23294, United States
Email: privacy@landairseaint.com