LogisticsAI
Start Free in Lite
<- Back to Home

Privacy Policy

Last updated: March 2026

1. Scope of this notice

This notice explains how LogisticsAI handles personal data when a carrier, dispatcher, fleet operator, or other business user creates an account, uploads transport data, stores evidence documents, generates reports, or purchases a subscription.

For uploaded shipment, vehicle, route, or evidence data, the customer organization decides why the data is submitted and remains responsible for the underlying business records. LogisticsAI processes that information to operate the hosted service.

2. Data categories we process

Depending on how the service is used, we may process the following categories of data:

  • account and workspace details such as email address, organization name, role, locale, and authentication records
  • uploaded shipment logs, fuel or evidence documents, report settings, generated PDFs, and related metadata
  • product usage, device, and security logs such as IP address, browser data, timestamps, and error telemetry
  • subscription, invoice, and payment-reference data supplied by Lemon Squeezy or the applicable seller of record; LogisticsAI does not store full payment-card numbers

3. Why we use data

We use personal data to deliver and maintain the service, including to:

  • create and secure user accounts and organization workspaces
  • ingest uploaded files, run emissions calculations, and generate tender-ready reporting outputs
  • store supporting evidence, manage subscription access, and handle billing-related status changes
  • monitor reliability, investigate abuse or fraud, troubleshoot support issues, and improve product quality
  • meet tax, accounting, security, and other legal obligations that apply to the service

4. Legal bases

We rely on contract performance to provide the hosted product and subscription features you request. We rely on legitimate interests to secure the platform, prevent misuse, and improve reliability. We may also process data where required by law or where you have given consent for an optional interaction.

5. Hosting and subprocessors

Application data is stored in EU-hosted Supabase infrastructure configured for Frankfurt, Germany (AWS eu-central-1). The web application is delivered through Vercel. The following third-party service providers may process personal or operational data to deliver specific platform functions:

  • Supabase — database, authentication, and file storage (EU-hosted, Frankfurt)
  • Vercel — application hosting and edge functions (EU region selected where available)
  • Lemon Squeezy — subscription billing and payment processing (seller of record; does not share full card data with LogisticsAI)
  • OpenAI — AI-powered column mapping (processes column names and sample data only; no personal data in prompts; US-based, Standard Contractual Clauses apply)
  • Sentry — application error monitoring and crash reporting (US-based, SCCs apply; processes technical identifiers and error context)
  • PostHog — product usage analytics (EU-hosted option selected; processes anonymised usage events)
  • Crisp — customer support chat (may process chat content and session metadata; EU-based infrastructure)
  • Resend — transactional email delivery (processes email address and message content for delivery)

6. Retention

Account and organization records are retained while the workspace remains active and for a limited follow-up period needed for security, support, tax, or accounting obligations.

Generated report artifacts and audit history may remain available for up to five years to support tender history and customer recordkeeping. Uploaded source files and evidence documents remain in the workspace until removed by the customer or deleted as part of workspace closure workflows.

7. Sharing and transfers

We do not sell customer data. Data is shared only with service providers, infrastructure vendors, or professional advisers who need it to operate, secure, bill, or support the service, or where disclosure is required by law.

8. Your rights

Subject to applicable law, you may request access, correction, export, deletion, restriction, or objection in relation to personal data associated with your account. Requests relating to operational shipment data uploaded by a customer organization may need to be handled by that organization as the source business controller.

Privacy requests and data subject rights requests should be submitted to: privacy@logisticsai.io. We will respond within 30 days as required by GDPR.

You also have the right to lodge a complaint with a supervisory authority. If you are located in the EU/EEA, you may contact the data protection authority in your country of residence. A list of EU supervisory authorities is available at: https://edpb.europa.eu/about-edpb/about-edpb/members_en

9. Security

LogisticsAI uses authenticated access controls, organization-based permissions, private file storage, and encrypted transport channels. No internet-facing service is risk free, so customers should avoid uploading data that is unrelated to emissions reporting or not needed for the workflow.