Privacy Policy
Your privacy matters. Here is how we handle your information.
Last Updated: May 20, 2026
1. Information We Collect
We collect information necessary to provide and improve our Services. The types of information we collect include:
Account Information
When you register for an account, we collect your name, email address, company name, and (optionally) phone number. If you invite additional users to your organization, we collect their names and email addresses as provided by you or by them at the time they accept your invite.
Billing Information
Payment processing is handled by Authorize.Net through a hosted iframe. Your card number, CVV, and full bank account number never touch our servers — they are submitted directly to Authorize.Net from your browser. We retain only a tokenized reference and the last four digits of your payment method for display in your billing history. We never see, store, or transmit your raw payment credentials.
Usage Data
We log information about how you interact with the Services, including searches you run, exports you download, pages you visit, and the IP address and browser type your requests originate from. This data is used to operate the platform, enforce per-tier export limits, detect abuse, and diagnose technical issues.
Export Audit Log
Every lead export you download is recorded against your account with a timestamp, the search criteria used, and the row count. This audit log lets you review your own export history and lets us enforce tier-based quotas.
API and MCP Access Logs
If you generate REST API keys or MCP keys, we log authentication attempts and request volume per key. These logs let you review key usage from your account page and help us detect compromised keys (such as a key being used from unexpected geographic origins).
2. How We Use Your Information
We use the information we collect to:
- Provide and maintain the Services — authenticate users, run searches, generate exports, and deliver the platform features described on our pricing page.
- Process payments — pass billing requests to Authorize.Net for subscription billing, prorated upgrades, and refunds.
- Send transactional communications — account confirmations, billing receipts, payment-failure notices, security alerts, saved-search alerts you have opted into, and service notifications.
- Provide customer support — respond to your inquiries and troubleshoot issues.
- Improve the platform — analyze aggregate usage to identify feature improvements, performance optimization opportunities, and bugs. We do not associate aggregate analysis back to individual user identities for marketing.
- Detect and prevent abuse — including rate limiting, scraping detection, and honeypot tripwires used to identify automated bulk extraction.
- Plan operational maintenance — we track aggregate concurrent-user counts (anonymous vs. authenticated) and aggregate API/MCP key activity so we can schedule restarts and infrastructure changes during low-traffic windows. This is operational telemetry visible only to administrators, not behavioral analytics — we don't track which pages individual users visit, what they search for, or build user profiles.
- Comply with legal obligations — respond to lawful requests from government authorities.
We do not use your account data, search history, saved searches, or exports for any purpose other than providing the Services to you.
3. Data Storage & Security
Infrastructure
The Services run on infrastructure we operate and maintain directly. We do not rely on a public cloud provider for our application or database tier.
Encryption
- In Transit: All traffic between your browser and our servers is encrypted using TLS 1.2 or higher.
- At Rest: Account databases and backups are encrypted at rest.
Access Controls
Access to the production environment is strictly limited to authorized personnel who require access for support, maintenance, or security purposes. Administrative access is logged and audited.
Session Security
Authentication cookies are encrypted, scoped to our domain, marked
HttpOnly and Secure, and rotated on key
security events (password change, role change, account-takeover signals).
4. Third-Party Services
We use a small, deliberately short list of third-party services to operate the platform. Each is governed by its own privacy policy:
- Authorize.Net — payment processing. Card data is submitted directly to Authorize.Net from your browser via their hosted payment iframe; we never receive it. Authorize.Net is PCI DSS compliant.
- Transactional email provider — outbound transactional email (registration confirmations, password resets, billing receipts, saved-search alerts). Email metadata necessary to deliver the message (your email address, the subject line, the timestamp) is transmitted to our email provider.
We do not use third-party advertising networks, social media tracking pixels, behavioral analytics SDKs, or session-replay tools.
5. Data Sharing
We do not share, rent, or sell your personal information to anyone. Period.
Your account information, your searches, your saved searches, your watchlists, your exports, and your API/MCP usage are yours. We do not package them, anonymize them in bulk for resale, license them to data brokers, or expose them to advertising networks.
We share information only in the following limited, operationally necessary circumstances:
- Payment Processor: Tokenized billing information is sent to Authorize.Net solely for the purpose of processing your subscription payments. Authorize.Net acts as a payment service provider.
- Email Delivery: The email address on your account and the contents of transactional messages are transmitted to our email provider for delivery.
- Legal Requirements: We may disclose information if required by law, court order, or governmental regulation, or if we reasonably believe disclosure is necessary to protect our rights, your safety, or the safety of others.
- Business Transfer: If FreightBrokerLeads.ai is acquired or merged, your information may transfer as part of that transaction. We will notify you of any such change in ownership.
6. Your Data and Your Rights
You have the following rights regarding your personal information:
- Access & Portability: You can download a copy of all personal data we hold on your account at any time from your account page (/Account/Manage/PersonalData). The export is provided in a structured, machine-readable JSON format.
- Deletion: You can permanently delete your account and all associated personal data from the same page (/Account/Manage/PersonalData → "Delete personal data"). Deletion is self-service — no email back-and-forth required. Once you confirm, your data is removed from our production systems. Backup copies are purged within ninety (90) days.
- Correction: You can edit your profile information directly from your account page. For corrections you cannot make through the UI, contact us at support@freightbrokerleads.ai.
- Objection: You may object to certain processing of your information in circumstances permitted by applicable law.
For requests not covered by self-service, contact us at support@freightbrokerleads.ai. We will respond within thirty (30) days.
7. Data Retention
- Active Accounts: Your data is retained for as long as your account remains active.
- Cancelled Accounts: If you cancel your subscription, your account converts to a free trial state and your data is retained so you can reactivate without losing your saved searches, watchlists, or history. If you explicitly delete your account from /Account/Manage/PersonalData, your data is removed from production systems immediately.
- Backups: Backup copies containing your data are purged within ninety (90) days of account deletion.
- Legal Obligations: We may retain certain billing or authentication records for longer periods if required by applicable law (for example, tax law requires retention of billing receipts).
9. Children's Privacy
The Services are designed for use by freight industry professionals and are not directed at individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected personal information from a minor, we will delete it promptly.
10. Data Breach Notification
In the event of a data breach that affects your personal information, we will:
- Notify affected customers within 72 hours of discovering the breach.
- Describe the nature of the breach, the data affected, and the steps we are taking to remediate.
- Cooperate with applicable regulatory authorities as required by law.
- Provide guidance on steps you can take to protect your account.
11. Changes to This Policy
We may update this Privacy Policy from time to time. For material changes, we will provide at least thirty (30) days' prior notice via email to the address associated with your account or through a prominent notice within the Services.
Your continued use of the Services after the effective date of any changes constitutes your acceptance of the revised policy.
12. Contact
If you have any questions about this Privacy Policy or our data practices, please contact us: