Privacy Policy

This describes what we collect, why, where it lives, and your rights over it.

What we collect

Account data

• Email, first name, last name (from signup form)
• Carrier name, MC number, fleet size (optional, from signup form)
• Password (hashed with PBKDF2-SHA256, 100k iterations, 16-byte salt — we never see the plaintext)
• IP address + user-agent at signup + each login (for security)

Operational data (your business)

• Decisions your AI agents make on your behalf (load quotes, reroute proposals, sanctions screens, etc.)
• Inputs you provide (load details, lane preferences, carrier contacts)
• Outputs from third-party feeds you've connected (ELD telematics, fuel cards, etc.)

Public-world data (everyone shares)

• Diesel prices from EIA, weather alerts from NWS, macro prints from FRED/BLS, regulatory filings from Federal Register, etc.
• This data is ingested under tenant_id='_global' and shared across all customers.

Where it lives

All data lives on Cloudflare's edge — D1 (SQLite-at-edge) and R2 (object storage). Both run in the EU/US/Asia colocation Cloudflare chooses for performance. We don't have a third-party data warehouse, no Segment, no Mixpanel, no Heap. We don't sell your data, ever.

What we share with third parties

• Anthropic — when AI agents reason about your data, the prompt context (which can include your operational data) goes to Anthropic's Claude API. Anthropic's privacy policy applies.
• Stripe — for paid plans, billing data goes to Stripe. We don't see your card number.
• Resend — for verification + notification emails.
• Cloudflare — our hosting provider.
• That's it. No advertising networks, no analytics services, no data brokers.

Your rights

You can:

• Download all your data (Settings → Export)
• Delete your account permanently (Settings → Delete account, 30-day grace period)
• Request what data we have on you (email lamborghinidaniil@gmail.com)
• Object to specific processing (e.g., "don't send my data to Anthropic" — would disable AI agents but the rest of the OS keeps working)

Cookies

We use exactly one cookie: hauliq_session, set after you log in. HttpOnly, Secure, SameSite=Lax, 30-day TTL. No tracking pixels, no third-party cookies.

Children

Haul IQ is for businesses operating commercial trucks. We don't intentionally collect data from minors.

Security posture

Authentication

• Passwords hashed with PBKDF2-SHA256, 100k iterations, 16-byte salt — Anthropic-style hashing
• Session cookies: HttpOnly + Secure + SameSite=Lax + 30-day expiry
• API key auth: 64-char hex random tokens, scoped per-tenant, revocable via Settings
• Email verification optional but recommended for password recovery

Authorization

• Multi-tenant isolation enforced at the database level via tenant_id triggers (every table has a tenant_not_blank check)
• Three-gate safety stack on every agent action: kill switch → autonomy tier → refusal taxonomy
• Full audit trail in safety_guard_decision — every allow/deny recorded with reason

Data at rest + in transit

• D1 (SQLite at edge) encrypted at rest by Cloudflare
• R2 (object storage) encrypted at rest by Cloudflare
• All client connections to hauliqcom.com use HTTPS (HSTS enabled)
• Worker-to-Anthropic + Worker-to-Resend over HTTPS only

Operational discipline

• Every agent action passes through cost governor — LLM spend capped at 20% of MRR per tenant per day (hard refuse on overage)
• Drift detector runs nightly at 07:00 UTC — flags any persona whose outcome distribution shifts >2σ
• Replay tools: any past correlation_id can be deterministically reconstructed from substrate
• Dead-code CI gate prevents shipping services with no test coverage

Incident response

For any security concern, email lamborghinidaniil@gmail.com. We commit to:

• Acknowledging within 24 hours
• Investigating within 72 hours
• Notifying affected customers within 7 days if confirmed
• Posting a post-mortem within 30 days for confirmed incidents

Data Processing Addendum

Roles

You (the customer) are the data controller. NovaTrans LLC ("we") is the data processor acting on your instructions. The instructions are: run the Haul IQ service per your selected plan.

Subprocessors

• Cloudflare (compute + storage)
• Anthropic (AI inference)
• Stripe (billing, paid plans only)
• Resend (transactional email)

We will notify you 30 days before adding any new subprocessor that processes your operational data.

SLA

Uptime target: 99.5% measured monthly (≈3.6 hours of allowed downtime per month). If we miss it, you get a service credit equal to the percentage point miss × your monthly invoice.

Breach notification

Confirmed breach involving your data → notification within 72 hours of confirmation, per GDPR Art. 33.

Data retention + deletion

• Account active: data retained while you use the service.
• Account deletion requested: 30-day grace period, then permanent deletion across D1 + R2 + Anthropic conversation history.
• You can export your data anytime from Settings → Export.

Audit rights

You can request an annual security audit; we'll provide our current SOC 2 status (Type I targeted Q4 2026, Type II targeted Q2 2027), recent dead-code-scan baselines, and the migration history of your D1 database.

Haul IQ API Terms

The Haul IQ Public API is a first-party REST + Webhook interface owned and operated by NovaTrans LLC. It exposes a stable, versioned subset of the platform — loads, drivers, carriers, invoices, quotes, agent prompts, events — so customers and authorized integrators can build on top of the OS.

1. Base URL + versioning

• Base: https://api.hauliqcom.com/api/v1
• Auth: Authorization: Bearer hiq_live_… (API keys minted from Settings → API Keys)
• We maintain backwards-compatibility for the lifetime of a major version. Breaking changes ship behind a new major (/api/v2) with a minimum 12-month overlap.
• Deprecations are announced in X-Haul-Iq-Deprecation response headers and on the Status page no less than 6 months before removal.

2. Authentication + scopes

Each API key is tenant-scoped, revocable, and can be issued with one or more named scopes. Default scopes:

• read — read-only access (loads, drivers, invoices, quotes, status)
• write — create + update operational records
• finance — invoices, settlements, factoring submissions (in addition to write)
• voice — initiate Twilio voice + SMS from your tenant's pool
• admin — manage other API keys, webhooks, billing

Keys are hashed at rest (SHA-256). The plaintext is shown exactly once at creation; if you lose it, rotate.

3. Rate limits

• Default: 120 requests / minute / tenant for read endpoints, 30 / minute / tenant for write endpoints. Higher quotas available on enterprise plans.
• Limit headers on every response: X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset.
• Beyond the limit we return HTTP 429 with Retry-After; we do not bill for rate-limited requests.

4. Webhooks

The API can deliver events to your endpoint at POST {your_url} with header X-Hauliq-Signature: t=<ts>,v1=<hmac-sha256>. Customers configure receivers in Settings → Webhooks; we sign every payload with the key's signing_secret. Retries: exponential backoff for 24 hours; after that the delivery is dead-lettered.

5. Permissible use

• You may build internal tooling, customer-facing apps, partner integrations, and AI agents on top of the API.
• You may NOT use the API to (a) re-sell raw access to other parties without a written reseller agreement with NovaTrans LLC, (b) scrape, mirror, or rebuild a competing AI-logistics platform, (c) bypass safety guards (kill switches, tier gates, autonomy ladder), (d) impersonate another tenant, (e) violate any applicable law (FMCSA, DOT, IRS, OFAC, etc.).
• API responses contain operational PII — your handling must comply with the Haul IQ DPA + applicable privacy law (GDPR, CCPA, CPRA).

6. Data ownership

You own your operational data. NovaTrans LLC owns the API surface, schemas, OpenAPI specifications, and the underlying inference layer. Anything you fetch via the API for your own tenant, you may use however you like; anything you fetch from a shared _global table (commodity prices, weather, regulatory filings) remains public-world data and may be re-shared per the original publisher's terms.

7. SLA + support

• Uptime: 99.5% monthly across api.hauliqcom.com. Excludes scheduled maintenance announced ≥48h in advance.
• Response time targets: P0 (API down) — 1 hour; P1 (regression) — 4 hours; P2 (bug) — 1 business day; feature requests — best effort.
• Status page: https://status.hauliqcom.com.
• Support: email lamborghinidaniil@gmail.com with header X-Haul-Iq-Request-Id (returned on every response) for fastest triage.

8. Pricing

API access is included with all paid Haul IQ subscriptions. Workloads exceeding the default rate-limit tier are billed per the published overage rate (see Settings → Billing) — currently $0.20 per 1,000 read calls beyond quota, $0.50 per 1,000 write calls. AI-tool calls that hit Anthropic count toward your per-tenant cost cap and are billed at pass-through cost + 30%.

9. Suspension + termination

NovaTrans LLC may suspend an API key without notice if we detect abuse, fraud, security risk, or behaviour that endangers the platform. We will notify you within 24 hours of any suspension with the reason. You may revoke any key from Settings → API Keys at any time.

10. Operator

This API is operated by NovaTrans LLC. The full Terms of Service, Privacy Policy, and DPA on the other tabs of this page apply in full to API use; this document supplements but does not replace them. In any conflict between this API Terms doc and the Terms of Service, the Terms of Service governs.