Privacy Policy — FreightFang

1. Introduction

FreightFang ("we", "us", "our") operates the FreightFang Chrome extension and supporting web services at app.freightfang.com and api.freightfang.com. This Privacy Policy explains what personal data we collect, how we use it, and the rights you have over that data.

By creating an account or using the FreightFang extension, you agree to the practices described here. If you do not agree, please do not use the service.

2. What We Collect

2.1 Account Information

When you register, we collect:

Email address — used as your login identifier and for account-related notices.
Password — stored as a salted bcrypt hash. We never store passwords in plain text.
Account creation timestamp and subscription tier (Free, Pro, or Team).

2.2 Connected Email Accounts

To enable direct email sending from the extension, you may connect a Gmail or Outlook account via OAuth 2.0. When you connect an account, we receive and store:

The email address of the connected account.
An OAuth refresh token issued by Google or Microsoft, encrypted at rest using AES-256-CBC.
The provider name (gmail or outlook).

We never see, store, or access your email account password. OAuth tokens grant us only the specific permissions you approved (typically: send mail, read your email address). You can revoke access at any time from your Google or Microsoft account settings, or from the FreightFang dashboard.

2.3 Email Templates & Sent Email Logs

We store email templates you create (subject + body) so they sync across devices. We also log a record of each email sent via the platform — recipient address, subject line, timestamp, and load reference if applicable. We do not store the message body of sent emails.

2.4 Carrier / Broker Lookup Cache

The FMCSA carrier and broker lookup feature caches public DOT/MC records returned from government APIs. This information (legal name, address, safety rating, insurance status, etc.) is public data and not associated with your personal account.

2.5 Technical Data

The extension and our servers automatically collect:

Browser type and version (for compatibility).
Extension version (for support and update tracking).
Server access logs (IP address, request path, timestamp) — retained 30 days for security and debugging.

3. How We Use Your Data

We use your data only for the following purposes:

Sending emails on your behalf via the Gmail API or Microsoft Graph API, when you click "Send" in the extension.
Authenticating your sessions using JSON Web Tokens (JWT).
Providing FMCSA carrier data in the extension UI.
Account management — password resets, login notifications, billing communications (if applicable).
Service improvement — aggregated, anonymized usage metrics. We do not sell, rent, or advertise based on your data.

We do not read or scan the content of your emails. We do not use your data for advertising. We do not train AI models on your messages.

We share data only with the following service providers, strictly to operate the platform:

Google (Gmail API) — when you send email from a connected Gmail account.
Microsoft (Microsoft Graph API) — when you send email from a connected Outlook account.
Mapbox — for rendering route maps. Origin and destination text is sent to Mapbox; no personal account data is shared.
FMCSA QCMobile API — for fetching public carrier safety data (no personal data sent).

We do not sell your personal data. We do not share it with advertisers or data brokers. We may disclose data if required by law (subpoena, court order) or to protect our legal rights, in which case we will attempt to notify you unless prohibited.

5. Storage & Security

Location: Our servers are hosted in the United States.
Encryption in transit: All API traffic uses HTTPS (TLS 1.2+).
Encryption at rest: OAuth refresh tokens are encrypted with AES-256-CBC. Database files have OS-level access controls.
Passwords: hashed with bcrypt (cost factor 12).
Session tokens: signed JWTs, expire in 30 days.
Access controls: only authorized FreightFang personnel can access production systems, and only for legitimate operational reasons.

No security system is perfect. While we use industry-standard practices, we cannot guarantee absolute security. If you become aware of any security incident, please contact us immediately at 060072001o@gmail.com.

6. Your Rights (GDPR & CCPA)

Regardless of where you live, you have the following rights over your data. EU/EEA residents have these rights under the GDPR; California residents have these rights under the CCPA/CPRA.

Right to access — request a copy of all personal data we hold about you.
Right to rectification — correct inaccurate or incomplete information.
Right to erasure ("right to be forgotten") — delete your account and all associated data.
Right to data portability — receive your data in a machine-readable format (JSON).
Right to restrict processing — pause use of your data while we resolve a dispute.
Right to object — opt out of any processing not strictly necessary for the service.
Right to withdraw consent — revoke OAuth permissions at any time from your dashboard.
Right against automated decision-making — we do not make legal or significant decisions about you using automation alone.
Right to non-discrimination (CCPA) — exercising your rights will not affect service quality or pricing.

To exercise any of these rights, email 060072001o@gmail.com. We will respond within 30 days. We may need to verify your identity before fulfilling certain requests.

7. Cookies & Local Storage

The web dashboard at app.freightfang.com uses localStorage (not cookies) to store your authentication token. The extension uses chrome.storage.local to cache settings, your session token, and FMCSA lookup results for 24 hours.

We do not use third-party tracking cookies, analytics scripts that profile you across sites, or advertising pixels.

8. Data Retention

Account data — kept while your account is active. Deleted within 30 days of account deletion.
OAuth tokens — deleted immediately when you disconnect an email account.
Sent email logs — kept for 12 months for support purposes, then deleted.
Server access logs — kept for 30 days.
FMCSA cache — kept for 30 days, then re-fetched.

9. Children's Privacy

FreightFang is intended for use by professionals in the freight and logistics industry. We do not knowingly collect data from anyone under the age of 16. If we learn that we have collected data from a minor, we will delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top. For material changes (e.g., new categories of data collection or sharing), we will notify you by email at least 30 days before the change takes effect.

11. Contact Us

For privacy questions, data requests, or to report a security concern:

Email: 060072001o@gmail.com
Subject line: "Privacy Request" (for data access, deletion, or portability)