GotFreight
Sign up
Product
Meet your team
Pricing
Live demo
Free tools
Log in
Get started

Privacy Policy

Effective date: June 8, 2026

This Privacy Policy explains how GotFreight ("GotFreight," "we," "us," or "our") collects, uses, shares, and protects information when you use gotfreight.io and the GotFreight platform (the "Service"). GotFreight is an AI freight sales rep and CRM for freight brokers and asset carriers: it helps you prospect shippers, write and send personalized outreach from your own connected email inbox, sort replies, draft quotes, and manage a sales pipeline. We are operated out of the United States (California). If you have questions, contact us at admin@gotfreight.io.

This policy covers the personal information of two distinct groups: (1) our customers and their authorized users (the brokers and carriers who sign up and operate accounts), and (2) the business contacts in your sales workflow (shippers, prospects, and their employees) whose data you upload or that we surface for you. The way we treat data differs between these groups, and we call out the difference throughout. Importantly, when it comes to the lead and prospect data inside your account, you are the controller of that data and we act as your processor — you decide who to contact and you are responsible for having a lawful basis to do so. See our Terms of Service for the full allocation of responsibility.

By using the Service you agree to this Privacy Policy. If you do not agree, please do not use the Service.

1. 1. Scope and roles

This policy applies to information we process through the Service, our website, and related communications. It does not cover third-party websites, the mail servers of Google or Microsoft, or your own recipients' systems.

For account and billing information about you (our customer), GotFreight acts as a data controller. For the lead, prospect, shipper, and contact data inside your workspace — including data you upload, data we discover for you via our B2B data providers, and the email/reply content flowing through your connected mailbox — GotFreight acts as a processor/service provider acting on your instructions. You are the controller of that data and remain responsible for the lawfulness of your outreach.

2. 2. Information we collect

We collect the following categories of information:

  • Account information: your name, business name, work email, phone number, role, company identifiers (such as MC/USDOT/DOT numbers), authentication credentials, and account settings (including your email signature, sender identity, and outreach preferences).
  • Lead, shipper, and company data: business contact records you upload, import, or create — and records we discover for you through our B2B data providers — such as company names, contact names, business email addresses, phone numbers, job titles, lane/freight details, and notes. This is primarily business-contact information used for B2B outreach.
  • Bill of Lading and document uploads: if you use BOL ingestion, we extract shipper, receiver, and lane details from documents you upload to auto-enroll lane-matched leads. We extract the relevant business fields and discard the source document content beyond what is needed to create those records.
  • Email content and reply data: the outbound messages GotFreight drafts and sends from your inbox, the replies you receive, message metadata (subjects, timestamps, thread identifiers, delivery/bounce/open events), and the AI-generated quotes, research, and classifications associated with them.
  • OAuth tokens and mailbox access: when you connect Gmail (Google) or Microsoft 365/Outlook, we receive OAuth access and refresh tokens that let us send and read messages in your own mailbox to provide the features you enabled. If you connect via SMTP/IMAP instead, we store the connection settings and credentials you provide. These tokens and credentials are used only to operate the Service on your own mailbox — see Section 4.
  • Usage and analytics data: log data, device/browser information, IP address, pages and features used, timestamps, and diagnostic/error data, used to operate, secure, and improve the Service.
  • Payment information: when you subscribe or buy credit packs, payments are processed by Stripe. Stripe collects and stores your card details directly; we do not store full card numbers. We retain limited billing metadata such as plan, subscription status, invoices, amounts, last four digits, and Stripe customer/transaction identifiers.
  • Support and communications: messages you send to admin@gotfreight.io and related correspondence.

3. 3. How we use information

We use information to provide, operate, and improve the Service, including to:

  • Create and manage your account, authenticate you, and provide customer support.
  • Discover, enrich, and research prospects (via our B2B data providers and web research) and verify deliverability of contact emails (via our email verification provider).
  • Draft, personalize, and send outreach from your connected mailbox; sort and classify replies; draft quotes; and maintain your CRM pipeline and insights.
  • Generate AI outputs (emails, quotes, research summaries, classifications) using enterprise AI providers. AI output can be imperfect or inaccurate — you are responsible for reviewing it before sending or relying on it.
  • Apply warmup ramps, sending guardrails, business-hours pacing, credit metering, and billing.
  • Secure the Service, prevent abuse and fraud, debug, and maintain reliability.
  • Communicate with you about the Service, including transactional and account emails (via our transactional email provider).
  • Comply with legal obligations and enforce our Terms.
  • We process your own contact/lead and mailbox data only to provide the Service to you and on your instructions. We do not sell personal information, and we do not use the contents of your connected mailbox or your lead data to build or train generalized AI models.

4. 4. Google API Services Limited Use and Microsoft Graph

This section governs our access to data through Google APIs (Gmail) and the Microsoft Graph API (Microsoft 365/Outlook). It exists so you understand exactly how mailbox access is used.

Permissions and purpose: when you connect a Google or Microsoft mailbox, you grant scopes that allow GotFreight to send messages from your mailbox and read messages (such as replies in the threads we started) so we can deliver outreach, detect and sort replies, and maintain your pipeline. We request only the scopes needed to provide the features you enable, and we access your mailbox only to provide those features to you, on your own mailbox.

Limited Use: GotFreight's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Equivalent restrictions apply to data accessed via Microsoft Graph. Specifically, data obtained from your connected mailbox is used only to provide and improve the user-facing features you enabled; is not sold; is not transferred to or used by others except as necessary to provide the Service, for security, or to comply with applicable law; is not used for advertising; and is not used to develop, improve, or train generalized or non-personalized AI or machine-learning models. Human access to this data is limited to the narrow cases permitted by the policy (for example, with your explicit consent for support, for security purposes, to comply with law, or where the data has been aggregated/de-identified).

OAuth tokens are stored securely, used solely to operate the Service on your behalf, and are never shared with third parties for their own purposes. You can revoke access at any time by disconnecting the mailbox in GotFreight or via your Google or Microsoft account security settings; revocation stops further sending and reading through that connection.

5. 5. Subprocessors and third parties we share with

We share information with the following service providers (subprocessors) strictly to operate the Service. They are authorized to use the data only to provide their services to us, not for their own purposes.

  • Cloud infrastructure providers — database, authentication, application hosting, and content delivery in secure, access-controlled environments.
  • Stripe — payment processing and subscription/credit billing (Stripe collects card data directly; we don't store card numbers).
  • B2B data providers — business contact and company data discovery and enrichment.
  • Enterprise AI providers — AI generation of emails, quotes, research summaries, and classifications; your data is not used to train their models.
  • Google (Gmail / Google APIs) and Microsoft (Microsoft Graph / 365) — OAuth-based sending and reading of your own connected mailbox, at your direction.
  • Transactional email provider — delivery of our own system/account emails to you.
  • Email verification provider — deliverability verification of contact email addresses.
  • A current list of our subprocessors is available on request at admin@gotfreight.io.
  • We may also disclose information to comply with law, respond to lawful requests or legal process, enforce our agreements, protect the rights, safety, and security of GotFreight, our users, or others, or in connection with a merger, acquisition, financing, or sale of assets (subject to this policy). We do not sell personal information and we do not share it for cross-context behavioral advertising.

6. 6. Data retention

We retain account, CRM, lead, email, and quote data for as long as your account is active and as needed to provide the Service. You can delete individual records within the app at any time.

When you close your account, we delete or de-identify your workspace data within a reasonable period (typically within 90 days), except where we must retain certain information to comply with legal, tax, accounting, or security obligations, resolve disputes, or enforce our agreements. OAuth tokens and mailbox credentials are deleted promptly when you disconnect a mailbox or close your account. Backups are purged on our regular backup-rotation cycle. Aggregated or de-identified data that can no longer be linked to you may be retained.

7. 7. Security

We use technical and organizational measures to protect information, including encryption in transit (TLS), encrypted storage of sensitive credentials and OAuth tokens, tenant isolation and row-level security so each customer can only access their own workspace, scoped service-role access, access controls, and security headers. Mailbox and secret material are isolated and access-restricted.

No method of transmission or storage is 100% secure, and we cannot guarantee absolute security. You are responsible for safeguarding your login credentials and for the security of the mailbox and SMTP/IMAP accounts you connect.

8. 8. Your rights and choices

You have rights over your personal information, and the data subjects in your workspace have rights you must help honor as the controller of that data.

Access, export, and deletion: you can access and export your account and CRM data from within the Service, and you can delete records or close your account. To request access, correction, deletion, or a copy of personal information we hold about you as a controller, contact admin@gotfreight.io.

GDPR (EEA/UK): if you are in the EEA or UK, you have rights to access, rectify, erase, restrict, and port your personal data, and to object to certain processing, plus the right to lodge a complaint with a supervisory authority. Where GotFreight acts as a processor for your lead/contact data, we assist you in responding to data subject requests; the controller (you) is the appropriate point of contact for those individuals.

CCPA/CPRA (California): California residents have rights to know, access, correct, and delete personal information, and to opt out of sale or sharing. We do not sell personal information and do not share it for cross-context behavioral advertising. We will not discriminate against you for exercising your rights.

To exercise rights or ask questions, email admin@gotfreight.io. We may need to verify your identity before acting on a request.

9. 9. Cookies and similar technologies

We use cookies and similar technologies that are necessary to run the Service — for example, to keep you signed in, maintain your session, and secure the application. We may use limited analytics to understand product usage and improve reliability.

We do not use third-party advertising cookies or sell data for advertising. You can control cookies through your browser settings, though disabling essential cookies may prevent the Service from working.

10. 10. International data transfers

GotFreight is operated from the United States, and our subprocessors may process data in the United States and other countries. If you access the Service from outside the United States, your information will be transferred to and processed in the U.S. and other jurisdictions that may have different data-protection laws than your own.

Where required, we rely on appropriate safeguards for international transfers, such as the European Commission's Standard Contractual Clauses and the UK Addendum, and we take steps to ensure your information receives an adequate level of protection.

11. 11. Children's privacy

The Service is a business tool intended only for use by businesses and individuals who are at least 18 years old. It is not directed to children, and we do not knowingly collect personal information from anyone under 18. If you believe a minor has provided us personal information, contact admin@gotfreight.io and we will delete it.

12. 12. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the effective date above and, where appropriate, notify you through the Service or by email. Your continued use of the Service after an update means you accept the revised policy.

13. 13. Contact us

If you have questions, requests, or complaints about this Privacy Policy or our handling of personal information, contact us at admin@gotfreight.io. GotFreight is operated out of California, United States.

Questions? Reach us at admin@gotfreight.io or the contact page.