Privacy Policy

1. Scope

This Privacy Policy describes how Conmitto Inc. (“Dock Optimizer”, “we”) collects, uses, shares, and retains information about users of the Dock Optimizer platform, including the dock scheduling product, the Integration Hub, and the Load Board.

2. Information We Collect

• Account information. Name, email, phone, company name, role, and authentication credentials.
• Operational data. Load postings, appointment bookings, facility hours, carrier and shipper details, freight documents (Bills of Lading, Rate Confirmations, Proofs of Delivery), inventory data, and related metadata.
• Compliance data. Carrier credentials (USDOT, MC, insurance certificates), driver identification used to grant dock access, and e-signature audit records (signer legal name, IP address, device fingerprint, consent timestamp, document hash).
• Integration data. Data exchanged with third-party WMS, ERP, TMS, accounting, or IoT systems you connect to Dock Optimizer.
• Device and usage data. IP address, browser, device fingerprint, pages visited, and session timestamps.

3. How We Use Information

• Provide, operate, and secure the Platform.
• Route messages, notifications, and load availability between Shippers and Carriers.
• Verify carrier credentials and monitor insurance currency.
• Maintain tamper-evident audit trails of e-signatures and other compliance events.
• Detect, investigate, and prevent fraud, abuse, and security incidents.
• Comply with our legal and regulatory obligations, including freight, tax, and payment-processing requirements.

4. Sharing

We share information with:

• Counterparties in your transactions. Shippers see the carriers booking their loads; carriers see the shippers they are working with. This sharing is inherent to the Platform’s purpose.
• Payment processors (such as Stripe) to process payment facilitation flows.
• Compliance and verification providers (such as FMCSA SAFER and insurance-monitoring services).
• Hosting and infrastructure sub-processors under written confidentiality and security obligations.
• Government authorities and law enforcement as required by law, subpoena, or court order.

We do not sell personal information for advertising.

5. Use of Company Names and Logos

Under the Platform Terms of Service, Dock Optimizer may identify your company by name and logo in customer lists, case studies, and other marketing materials. This limited brand-use permission is separate from the handling of your personally identifiable information, employee and driver identifiers, operational records, and confidential business data described elsewhere in this Policy — those categories are not shared for marketing purposes. See section 8 of the Platform Terms of Service for the scope of the permission and how to revoke it.

6. Retention

We retain freight-transaction records, e-signature audit trails, and related compliance records for a minimum of seven (7) years. This baseline is calibrated to the recordkeeping practices that may apply to our customers under their own regulatory regimes and to the limitations periods applicable to actions arising from freight transactions, including the statute-of-limitations period under the Carmack Amendment (49 U.S.C. §§ 14705, 14706) and analogous state truck-record-retention statutes.

Other account data is retained for the life of your account plus three (3) years, except where a longer retention is required by law, by an open dispute, by an active legal hold, or by reasonable security and fraud-prevention purposes.

7. Sensitive Information and Driver Identifiers

Some of the information we collect to grant dock access — including driver’s license numbers, other government-issued identifiers, and any photographs captured at check-in — is treated as “sensitive personal information” under the California Consumer Privacy Act (as amended by the CPRA) and analogous categories under the Virginia, Colorado, Connecticut, Texas, Oregon, and Utah comprehensive privacy laws.

We use these identifiers solely to verify driver identity at the facility, to support facility access-control and security, to maintain audit logs of facility entry and exit, and to comply with our customers’ on-site access policies. We do not use these identifiers for marketing, profiling, or any inference about a driver’s characteristics; we do not sell or share these identifiers as those terms are defined under applicable state privacy laws; and we do not use these identifiers for any purpose beyond what is reasonably necessary to provide the access-control functionality you request.

Drivers and the carriers and shippers responsible for them may exercise the rights described in Section 9 (Your Privacy Rights) with respect to this information.

8. Security

We protect information with encryption in transit, encryption at rest for sensitive fields, access controls, audit logging, and regular security reviews. No system is perfectly secure; you are responsible for protecting your own credentials.

9. Your Privacy Rights

9.1 Categories of personal information we collect

In the past twelve (12) months, we have collected the categories of personal information described in Section 2, which fall into the following CCPA/CPRA-defined categories: identifiers (name, email, phone, account credentials); commercial information (load postings, appointment records, transaction history); internet and electronic-network activity (device, browser, session, page-visit data); geolocation data (facility addresses, IP-derived approximate location); professional or employment-related information (carrier and broker authority numbers, employer affiliations); inferences drawn from the foregoing solely to operate the Platform and detect fraud; and the sensitive personal information described in Section 7.

9.2 Sources, business purposes, and recipients

We collect this information from you directly, from your authorized integrations and sub-processors, and from public regulatory sources (such as the FMCSA SAFER and Clearinghouse systems for carriers and brokers). We use the information for the business purposes described in Section 3 and disclose it only to the categories of recipients described in Section 4.

9.3 No sale or share for cross-context behavioral advertising

We do not “sell” personal information and do not “share” personal information for cross-context behavioral advertising as those terms are defined under the California Consumer Privacy Act (as amended) or under the Virginia, Colorado, Connecticut, Texas, Oregon, Montana, Utah, Iowa, Indiana, Tennessee, Delaware, New Hampshire, Maryland, Minnesota, Nebraska, or New Jersey comprehensive privacy laws. We have not done so in the past twelve (12) months and have no current plans to do so. We do not knowingly collect personal information from individuals under the age of sixteen (16) and have no actual knowledge that we have done so.

9.4 Your rights

Subject to verification and to applicable legal exceptions, you have the right to:

• (a) know what personal information we have collected about you, including the categories of information, the categories of sources, the business or commercial purpose for collecting it, and the categories of third parties with whom we share it;
• (b) access a copy of your personal information in a portable, machine-readable format;
• (c) correct inaccurate personal information;
• (d) delete personal information we have collected from you, subject to legal-retention obligations described in Section 6;
• (e) opt out of any sale or share of personal information (we do not engage in either, but we honor opt-out signals as a confirmation of our position);
• (f) limit the use of sensitive personal information to the access-control purposes described in Section 7;
• (g) appeal an adverse decision on a privacy-rights request, where required by your state’s law; and
• (h) be free from retaliation for exercising any of these rights.

9.5 How to submit a request

Submit a privacy-rights request by emailing support@conmitto.io with “Privacy Rights Request” in the subject line and a brief description of the request. We will acknowledge within ten (10) business days and respond substantively within forty-five (45) days, with a one-time forty-five-day extension where reasonably necessary, consistent with applicable law. We may need to verify your identity before acting on a request — typically by confirming control of the email address on file or by validating two non-public account details. You may use an authorized agent; we will require documentation of the agent’s authority.

9.6 California “Shine the Light”

California Civil Code § 1798.83 permits California residents to request, once per calendar year, information about the disclosure of personal information to third parties for those third parties’ direct-marketing purposes. We do not make such disclosures.

9.7 Effective date and changes

This Section reflects the rights available as of the most recent effective date of this Privacy Policy. We will update this Section as state privacy laws are enacted, amended, or take effect.

10. International Processing

Dock Optimizer operates primarily in the United States. If you access the Platform from outside the United States, you consent to the processing of your information in the United States subject to this Policy.

11. Updates

We may update this Privacy Policy from time to time. Material changes will be published on this page with a new effective date and version number.

12. Contact

Privacy and other questions may be sent to support@conmitto.io.