What we collect
- Account information — name, email, and company name when you register or submit a form.
- Uploaded documents — freight invoices and carrier contracts you upload for auditing. Processed entirely in-memory and transmitted directly to our audit pipeline. Documents are never written to persistent storage and are never stored beyond the duration of the API call. We do not retain, sell, or share your freight documents.
- Audit session data — audit timestamp, findings total, email address, and plan selection, stored in our secure database to generate invoices and provide audit records.
- Usage data — pages visited and general interaction data via Plausible Analytics, a privacy-first tool with no cookies and no personal data collection.
How we use it
We use your data to provide the audit service, send results and receipts, and improve the product. We do not sell your data. We do not share it with carriers or third parties except as required to deliver the service (AI providers for document processing; Razorpay and Paddle for payment processing).
Document processing — in-memory only
Uploaded documents are processed entirely in-memory in our Cloudflare Workers pipeline. No document content is written to any database, file storage, or log. Documents exist in memory only for the duration of the API call (typically 20–60 seconds). After your audit completes, no copy of your document exists anywhere on our infrastructure.
Document retention
Because documents are processed in-memory and never stored, there is nothing to delete. Audit metadata (email, findings total, timestamp) is retained for invoice and legal compliance purposes for 7 years, after which it is permanently deleted.
Cookies
No advertising or tracking cookies. Plausible Analytics is cookie-free. We use a single essential session cookie (af_session) for authentication only — httpOnly, Secure, SameSite=Lax, 30-day TTL.
GDPR (European users)
If you are located in the European Economic Area, you have rights under GDPR including access, rectification, erasure, and portability. Our lawful basis for processing is contractual necessity. Contact privacy@audit-freight.com to exercise GDPR rights.
California Residents (CCPA)
AuditFreight does not sell personal information. California residents have the right to know what personal information we collect, request deletion, and opt out of sale (we do not sell personal information). To exercise these rights, email privacy@audit-freight.com with subject line "CCPA Request".
India — DPDP Act 2023
AuditFreight operates from India and complies with the Digital Personal Data Protection Act, 2023. Data Principals have the right to access, correct, erase, and nominate a representative for their personal data. Exercise these rights at privacy@audit-freight.com. Note: freight invoice and contract documents are business records, not personal data, under DPDP.
Your rights (all users)
You may request access, correction, or deletion of your account data at any time: privacy@audit-freight.com. We aim to respond within 72 hours.