This Privacy Policy describes how Hauloop Technologies Inc. ("Hauloop," "we," "us," or "our") collects, processes, and protects personal information across our website at hauloop.com, our SaaS fleet management platform, mobile applications, and all related services.
We are committed to data minimisation, purpose limitation, and transparency. We process your data only when we have a lawful basis to do so — and we will always tell you what that basis is.
This policy applies to website visitors, trial users, paying customers, and anyone whose data we process in connection with fleet management services. If you are a driver whose data is processed by your employer's fleet account, your employer (the fleet operator) is the data controller; Hauloop acts as data processor on their behalf.
By using Hauloop's services, you acknowledge that you have read and understood this policy. If you do not agree, please discontinue use of our services and contact us to request deletion of your data.
We collect three categories of information: what you give us directly, what our systems collect automatically, and what we receive from third parties.
Information You Provide
- Account & Identity: Full name, work email, phone number, job title, company name, and fleet size during registration.
- Payment Details: Billing address and card information — processed by our PCI-DSS Level 1 certified payment processor (Stripe). We never store raw card numbers.
- Fleet & Vehicle Data: VINs, license plates, vehicle make/model/year, fuel card numbers, and odometer readings you import or enter.
- Driver Records: Names, CDL numbers, contact details, HOS logs, DVIR submissions, and driver safety scores provided by your organisation.
- Communications: Support tickets, chat messages, survey responses, and demo request forms.
Automatically Collected
- Telematics & GPS: Real-time vehicle location, speed, heading, acceleration, harsh braking, idle time, engine fault codes (J1939/OBD-II), and fuel consumption — from connected hardware devices.
- Platform Usage: Pages visited, features clicked, session duration, error events, and API calls within the dashboard.
- Device & Log Data: IP address, browser fingerprint, OS version, referring URL, and timestamp of each request to our servers.
- Cookies & Pixels: As detailed in Section 06.
GPS and driver behaviour data belongs to the fleet operator, not Hauloop. Hauloop processes this data solely as a service provider under the operator's instructions and Data Processing Agreement (DPA).
Every use of your data has a documented lawful basis. We do not use your data beyond the purposes listed below.
| Purpose | Lawful Basis | Data Used | Opt-out? |
|---|---|---|---|
| Deliver fleet management services | Contract | Account, telematics, vehicle data | No — core service |
| Process payments & invoicing | Contract | Billing, account info | No — core service |
| Regulatory compliance (ELD, FMCSA) | Legal obligation | Driver HOS, vehicle records | No — legal requirement |
| Security & fraud prevention | Legitimate interest | Log data, IP, session info | No — security critical |
| Product analytics & improvement | Legitimate interest | Anonymised usage data | Yes — in settings |
| Customer support | Legitimate interest | Account, communications | No — service dependent |
| Marketing emails & newsletters | Consent | Email, name, activity data | Yes — unsubscribe anytime |
| Personalised ads (optional) | Consent | Cookie, usage data | Yes — cookie preferences |
Hauloop does not sell, rent, broker, or trade personal information to any third party for commercial gain. This applies to all data categories including telematics, driver records, and fleet intelligence.
We share data only in the limited circumstances below. All third-party vendors are vetted and bound by contractual data protection obligations.
Sub-processors & Service Providers
We work with carefully selected vendors to operate our platform. These include AWS (cloud hosting), Stripe (payments), HubSpot (CRM), Intercom (support chat), and Datadog (monitoring). A full, current list of sub-processors is available at hauloop.com/subprocessors.
International Data Transfers
For EU/EEA customers, any transfer of personal data to countries outside the EEA is protected by Standard Contractual Clauses (SCCs) approved by the European Commission. We maintain a Transfer Impact Assessment for each cross-border transfer.
Business Transactions
In the event of a merger, acquisition, or asset sale, personal data may be transferred. We will provide 30 days' notice via email before your data becomes subject to a materially different privacy policy.
Legal Obligations
We may disclose data when required by valid legal process (court orders, subpoenas), or to protect the safety of users or the public. We challenge overbroad or unlawful requests and will notify you when legally permitted to do so.
We publish an annual Transparency Report disclosing the number of government data requests received, challenged, and fulfilled. Available at hauloop.com/transparency.
We retain data only as long as necessary for the stated purpose, legal obligation, or until you request deletion. All retained data is subject to the same security controls as live data.
| Data Category | Retention Period | Basis |
|---|---|---|
| Account & Profile | Life of account + 3 years | Contract / Legal |
| GPS & Telematics | Up to 24 months (operator-configurable) | Service delivery |
| Driver HOS / ELD Records | 6 months minimum (FMCSA §395.8) | Legal obligation |
| DVIR Records | 3 months (FMCSA §396.11) | Legal obligation |
| Billing & Financial | 7 years | Tax / legal |
| Support Communications | 3 years after ticket closure | Legitimate interest |
| Marketing & Analytics | 2 years from last interaction or opt-out | Consent |
| Security & Server Logs | 90 days | Security |
| Anonymised Analytics | Indefinite (no personal identifiers) | Legitimate interest |
Upon account termination, personal data is securely deleted or anonymised within 90 days, subject to legal retention obligations. You may request immediate deletion of marketing data at any time.
We use cookies and similar technologies on our website and platform. You can manage your preferences at any time via our Cookie Preference Centre.
Third-party Technologies
We use Google Analytics 4 with IP anonymisation enabled. We use HubSpot for marketing automation and Intercom for in-app messaging. Each tool operates under its own privacy policy, which we link from our Cookie Preference Centre.
Our website does not currently respond to browser DNT signals. You can achieve equivalent results by declining optional cookies in our Cookie Preference Centre.
Regardless of where you are located, Hauloop honours the following rights. Submit a request to privacy@hauloop.com — we respond within 30 days (GDPR) or 45 days (CCPA) after identity verification.
Access
Request a copy of all personal data we hold about you.
Rectification
Correct inaccurate or incomplete data we hold.
Erasure
Request deletion — the "right to be forgotten."
Portability
Receive your data as structured, machine-readable JSON or CSV.
Object
Object to processing based on legitimate interest or direct marketing.
Withdraw Consent
Revoke consent at any time without affecting prior lawful processing.
Restrict Processing
Ask us to pause processing while a dispute or objection is resolved.
Lodge a Complaint
File a complaint with your local data protection authority.
You have the right to know, delete, correct, and limit use of sensitive personal information. You may also designate an authorised agent. Hauloop does not discriminate against users who exercise privacy rights. Submit requests via our Privacy Request Portal or email privacy@hauloop.com.
We implement defence-in-depth across all layers of our infrastructure — from physical data centres to application-level controls.
TLS 1.3 in Transit
All data between your device and our servers is encrypted with TLS 1.3+.
AES-256 at Rest
All stored data is encrypted at rest using AES-256 block cipher encryption.
Role-based Access (RBAC)
Strict RBAC with MFA enforced for all internal admin access.
24/7 Monitoring
Continuous threat monitoring via Datadog SIEM and anomaly detection.
Annual Pen Testing
Independent third-party penetration tests annually with reports available on request.
SOC 2 Type II Certified
AWS-hosted on SOC 2 Type II certified infrastructure with 99.9% uptime SLA.
In the event of a data breach that poses a risk to your rights and freedoms, we will notify affected users within 72 hours of discovery (GDPR Article 33). To report a suspected vulnerability, email security@hauloop.com.
Hauloop's services are designed exclusively for fleet management professionals and are not intended for individuals under 18 years of age. We do not knowingly solicit or collect personal information from minors.
If you believe a minor has created an account or provided us with personal data, please contact privacy@hauloop.com. We will promptly verify and permanently delete all associated data within 5 business days.
Hauloop complies fully with the Children's Online Privacy Protection Act (COPPA). Any inadvertent collection of data from a user under 13 will be immediately deleted upon discovery, with the associated account terminated.
We review and update this policy at least annually, and whenever our practices materially change. Minor updates (spelling corrections, clarifications) will not be separately notified but will be reflected in the version number and date.
How we notify you of significant changes
- A prominent banner displayed on our website and platform dashboard for 30 days.
- An email notification sent to all registered account holders at least 14 days before changes take effect.
- An in-app notification for active users on their next login.
- For material changes requiring fresh consent, a consent prompt before continued use.
Previous versions of this policy are archived and available upon request. Your continued use after the effective date of any changes constitutes acceptance of the revised policy.
Our Data Protection Officer is your primary point of contact for all privacy matters. We take every inquiry seriously and commit to a substantive response within the legally required timeframes.
All privacy requests & inquiries
Vulnerability disclosure & breach reports
Hauloop Technologies Inc.
123 Fleet Drive, Suite 400
San Francisco, CA 94105, USA
GDPR: 30 days
CCPA: 45 days
General: 5 business days
EU/EEA residents have the right to lodge a complaint with their local supervisory authority. A full directory of EU data protection authorities is available at edpb.europa.eu. UK residents may contact the ICO at ico.org.uk.