FreightX Privacy Policy

Last updated:

Nov 20, 2025

Definitions

For the purposes of this Privacy Policy, the following terms shall have the meanings ascribed to them below:

  • Personal Data or Personal Information: Any information relating to an identified or identifiable natural person, including but not limited to identifiers such as names, email addresses, phone numbers, or IP addresses, as defined under applicable laws including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA).

  • Processing: Any operation or set of operations performed on Personal Data, whether automated or not, including collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure, dissemination, alignment, combination, restriction, erasure, or destruction.

  • Controller: The entity that determines the purposes and means of the Processing of Personal Data, which in this case is FreightX Logistics Corporation.

  • Processor: Any entity that Processes Personal Data on behalf of the Controller.

  • Services: The websites, applications, platforms, and related offerings provided by FreightX, including AI-powered logistics solutions.

  • Automated Decision-Making: Decisions made by technological means, including profiling, which produce legal effects concerning or similarly significantly affect the data subject.

At FreightX Logistics Corporation ("FreightX," "we," "us," or "our"), safeguarding your privacy is fundamental to our operations. As the Controller of your Personal Data, we are committed to Processing it in a transparent, lawful, and secure manner. This Privacy Policy describes our practices regarding the access, collection, storage, use, disclosure, and protection ("Processing") of Personal Data in connection with our Services. It applies when you:

  • Access or interact with our website at https://www.freightx.ai or any affiliated sites that reference this Policy;

  • Utilize FreightX: Our AI-enhanced platform transforms the logistics landscape by automating freight coordination, optimizing supply chain workflows through predictive analytics, and delivering real-time data insights to drive operational efficiency, reduce costs, and enable strategic decision-making—such as fostering partnerships, negotiating rates, and resolving disruptions dynamically; or

  • Engage with us through ancillary channels, including sales inquiries, marketing campaigns, industry events, or customer support interactions.

This Policy is provided in a concise, transparent, and intelligible form, using clear and plain language, in compliance with applicable data protection laws, including but not limited to the GDPR (for EU/EEA residents) and CCPA/CPRA (for California residents). It constitutes our privacy notice under GDPR Articles 13 and 14, and our privacy disclosure under CCPA Section 1798.130.

If you have any questions, concerns, or require this Policy in an alternative format (e.g., for accessibility reasons), please contact our Data Protection Officer (DPO) at privacy@freightx.ai. We act as the Controller and are responsible for Processing decisions. Should our practices conflict with your preferences, we advise against using our Services. Continued use following material changes constitutes acceptance thereof, subject to notification requirements below.

Quick Overview: Essential Highlights

This overview distills core elements for quick reference, with hyperlinks to deeper explanations in our Contents Outline. For full compliance details, review the entire document.

  • Data We Collect and Process: Personal Data is handled based on your interactions, selections, and feature usage, solely as necessary and proportionate. See Collected Data Overview.

  • Sensitive Data Handling: We do not Process special categories of Personal Data (e.g., racial/ethnic origins, sexual orientation, religious beliefs, health data) as defined under GDPR Article 9 or CCPA's sensitive personal information.

  • Third-Party Sources: No Personal Data is collected from external third parties without your explicit consent or a valid legal basis.

  • Processing Purposes and Legal Bases: Data is Processed to deliver, enhance, and administer Services; facilitate communication; ensure security and fraud prevention; and fulfill legal obligations. Additional Processing occurs only with consent or other lawful grounds (e.g., contract performance, legitimate interests). Detailed in Data Processing Purposes.

  • Sharing and Disclosures: Limited to specific scenarios, categories of recipients, and safeguards for international transfers. Refer to Sharing Practices.

  • Security and Protection: Robust technical, organizational, and administrative measures are implemented, though absolute security cannot be guaranteed. Explore Security Protocols.

  • Retention and Deletion: Held only as long as necessary, with criteria outlined; secure erasure follows. See Retention Periods.

  • Your Rights and Choices: Location-specific entitlements, including access, rectification, erasure, and objection, with exercise timelines. Learn more in Privacy Entitlements and U.S. State-Specific Rights.

  • Automated Processing and AI: Where applicable, details on profiling or decisions, including rights to human intervention. Covered in AI-Enabled Offerings.

  • Exercising Rights: Via Data Management Requests or direct contact—we respond within statutory timelines (e.g., one month under GDPR).

  • Policy Updates and Complaints: Changes notified in advance where required; lodge complaints with supervisory authorities (e.g., CNIL in France, ICO in UK, or California AG). See Policy Updates.

  • Full Compliance Review: This Policy ensures adherence to GDPR (EU/EEA/UK), CCPA/CPRA (CA), and analogous laws (e.g., PIPEDA in Canada, LGPD in Brazil).

Contents Outline

  • 1. Collected Data Overview

  • 2. Data Processing Purposes

  • 3. Sharing Practices

  • 4. Tracking Tools Like Cookies

  • 5. AI-Enabled Offerings

  • 6. Social Account Integrations

  • 7. Retention Periods

  • 8. Security Protocols

  • 9. Minor Data Policies

  • 10. Privacy Entitlements

  • 11. Do-Not-Track Options

  • 12. U.S. State-Specific Rights

  • 13. Policy Updates

  • 14. Contact Methods

  • 15. Data Management Requests

1. Collected Data Overview

Controller Identification

FreightX Logistics Corporation, with its principal place of business at [Insert Address, e.g., 123 Logistics Lane, Austin, TX 78701, United States], acts as the Controller. Our DPO can be reached at privacy@freightx.ai or via postal mail to the above address, Attn: Data Protection Officer. For EU/EEA matters, our EU representative is [Insert if applicable, e.g., FreightX EU Rep, Berlin, Germany].

Info You Share Voluntarily

Overview: We collect only Personal Data you provide directly, ensuring minimization and purpose limitation per GDPR Article 5.

Collection occurs during account registration, inquiries about our products/Services, participation in platform activities (e.g., shipment tracking simulations), or communications. Provision is voluntary but may be necessary for contract performance (e.g., to process a logistics query).

Categories and Examples: Dependent on context, choices, and features; includes:

  • Identifiers: Email addresses, full names, phone numbers;

  • Authentication Data: Usernames, passwords (hashed), contact details;

  • Professional Information: Company affiliation, role (for B2B logistics interactions).

We do not infer sensitive categories from provided data.

Special Categories: Prohibited under GDPR Article 9; no biometric, health, or genetic data is collected.

Social Integrations: Optional registration via third-party platforms (e.g., Facebook, X/Twitter) yields limited profile data (see Social Account Integrations).

All submitted data must be accurate and current; you are obligated to notify us of material changes. Failure to provide required data may prevent Service delivery, but no adverse consequences beyond that (no statutory requirement for most uses).

Collection Methods

Primarily direct (forms, emails); automated via device interactions (e.g., IP logs for security). No indirect collection without notice.

Google API Compliance

Any data from Google APIs adheres strictly to the Google API Services User Data Policy, including Limited Use restrictions, ensuring no resale or unrelated Processing.

2. Data Processing Purposes

Overview: Processing is limited to specified purposes, with a valid legal basis under GDPR Article 6, CCPA, and equivalents. We conduct Legitimate Interests Assessments (LIAs) where applicable, balancing our interests against your rights.

Purposes, aligned with interactions, include:

  • Account Management (Legal Basis: Contract Performance - GDPR Art. 6(1)(b)): Creating, authenticating, and maintaining user accounts to enable Service access.

  • Service Delivery (Legal Basis: Contract Performance/Legitimate Interests - GDPR Art. 6(1)(b)/(f)): Providing requested logistics tools, such as AI-optimized routing, with Processing necessary for fulfillment.

  • Support and Inquiries (Legal Basis: Legitimate Interests - GDPR Art. 6(1)(f)): Responding to queries and resolving issues, including troubleshooting AI outputs.

  • User Communications (Legal Basis: Consent/Legitimate Interests - GDPR Art. 6(1)(a)/(f)): Facilitating platform interactions or notifications; opt-out available.

  • Marketing (Legal Basis: Consent - GDPR Art. 6(1)(a); CCPA Opt-Out): Sending tailored promotions (e.g., logistics webinars) only with prior opt-in; easy withdrawal (see Privacy Entitlements).

  • Service Improvement (Legal Basis: Legitimate Interests - GDPR Art. 6(1)(f)): Analyzing anonymized trends, evaluating campaigns, and refining AI models/products for enhanced user experience, subject to LIA.

  • Compliance and Security (Legal Basis: Legal Obligation/Legitimate Interests - GDPR Art. 6(1)(c)/(f)): Fraud detection, audit trails, and regulatory adherence (e.g., export controls in logistics).

Profiling occurs minimally for personalization (e.g., route suggestions); see AI-Enabled Offerings. No Processing beyond these without updated notice.

3. Sharing Practices

Overview: Disclosures are restricted to necessary, lawful instances, with Processor agreements incorporating GDPR Article 28 safeguards (e.g., confidentiality, audits). No sales of Personal Data under CCPA.

Categories of Recipients:

  • Service Providers (Processors): Cloud hosts (e.g., AWS), analytics tools (e.g., Google Analytics), and AI vendors (e.g., OpenAI) for operational support; bound by data processing agreements.

  • Business Partners: Logistics affiliates for joint services, only with consent or contract necessity.

  • Legal Authorities: As required by law (e.g., subpoenas, national security under GDPR Art. 6(1)(c)).

Specific Scenarios:

  • Business Transitions: Mergers, acquisitions, or asset sales may involve transfer to successors, with notice where feasible.

  • Enforcement: To protect rights, property, or safety (e.g., fraud investigations).

International Transfers: Data may be transferred to the U.S. or other non-adequate jurisdictions (e.g., for global logistics partners). Safeguards include Standard Contractual Clauses (SCCs) per GDPR Chapter V, Binding Corporate Rules (BCRs), or adequacy decisions. For CCPA, transfers to non-CA entities include equivalent protections. You may request transfer details via Contact Methods.

No disclosures to unrelated third parties.

4. Tracking Tools Like Cookies

Overview: We use cookies, pixels, and beacons for essential functions, analytics, and personalization, in line with GDPR transparency and ePrivacy Directive.

Types and Purposes:

  • Essential: Session management, security (no consent needed).

  • Analytics/Performance: Usage patterns for improvements (legal basis: legitimate interests).

  • Advertising: Tailored content (consent-based; CCPA opt-out for "sales").

Third-party tools (e.g., Google) may access data; see their policies. Opt-out via browser settings or our Cookie Notice: https://www.freightx.ai/cookies. For CCPA "sharing," submit opt-out requests per U.S. State-Specific Rights.

5. AI-Enabled Offerings

Overview: Our Services incorporate AI, machine learning, and similar technologies ("AI Products") for logistics automation, governed by this Policy and fair Processing principles.

Implementation and Legal Basis: AI Products are developed and hosted via third-party Providers (e.g., AWS AI, OpenAI, Anthropic, Google Cloud AI; legal basis: contract performance/legitimate interests). Inputs (e.g., shipment details), outputs (e.g., predictions), and minimal Personal Data are shared solely to enable functionality, per Processor agreements. No data is used for unrelated training without consent.

Key Functions:

  • AI Applications: Predictive routing, demand forecasting.

  • Automation Workflows: Shipment optimization, anomaly detection.

Automated Decision-Making and Profiling (GDPR Art. 22): Limited to non-significant effects (e.g., suggested routes); no solely automated decisions with legal consequences. Where profiling occurs (e.g., efficiency scoring), you have rights to explanation, objection, and human review. Significance is assessed via impact analyses; consequences include personalized recommendations but no adverse actions.

Data Handling in AI: Processed securely, with pseudonymization/anonymization where feasible. No retention beyond necessities; audit logs maintained for accountability.

6. Social Account Integrations

Overview: Optional single sign-on (SSO) via third-party services (e.g., Facebook, X) provides convenience (legal basis: consent).

Received data (e.g., name, email, profile photo, public posts) varies by provider and is used only for authentication/Service access. We do not control provider Processing—review their notices. Withdrawal revokes access; data deleted promptly.

7. Retention Periods

Overview: Data is retained per storage limitation (GDPR Art. 5(1)(e)), based on purpose, legal holds, or user request.

  • Active Use: Duration of account/engagement (e.g., 12 months post-last interaction for marketing).

  • Post-Termination: Up to 12 months maximum for any purpose herein, then deletion.

  • Criteria: Contract needs, disputes (7 years), audits (5-10 years per statute).

Deletion is secure (e.g., overwriting); backups isolated. Anonymized data may persist indefinitely for analytics.

8. Security Protocols

Overview: We implement appropriate security per GDPR Art. 32 and CCPA, including:

  • Technical Measures: Encryption (AES-256 at rest/transit), access controls (RBAC), firewalls, regular vulnerability scans.

  • Organizational Measures: Employee training, incident response plans, annual audits, DPIAs for high-risk Processing (e.g., AI).

  • Breach Response: Notification within 72 hours to authorities (GDPR Art. 33) and affected individuals if high risk.

No method is infallible; risks include unauthorized access. We limit liability to direct damages, subject to law.

9. Minor Data Policies

Overview: Services are not directed at children under 16 (or higher per state law, e.g., 13 under COPPA). No knowing collection from minors; verification may apply for age-gated features.

Use represents affirmation of majority or parental/guardian consent. Detected underage data triggers immediate account deactivation and erasure. Report incidents to privacy@freightx.ai; we comply with parental rights under applicable laws.

10. Privacy Entitlements

Overview: Rights vary by jurisdiction (e.g., GDPR Chapters III, CCPA Title 1.81.5); exercised free of charge, subject to identity verification and exemptions (e.g., legal obligations).

General Rights:

  • Access/Rectification (GDPR Art. 15/16; CCPA §1798.100): Confirm Processing, obtain copies, correct inaccuracies (response: 1 month).

  • Erasure/Restriction (GDPR Art. 17/18; CCPA §1798.105): "Right to be forgotten" or limit where accuracy contested.

  • Objection/Portability (GDPR Art. 21/20): Oppose legitimate interests/marketing; receive structured data.

  • Withdraw Consent (GDPR Art. 7): Anytime, without affecting prior lawfulness.

Marketing Opt-Out: Unsubscribe via links/contact; suppresses future comms (essential notices excepted).

Account Actions: Self-service via settings; termination deactivates data (retainals for legal/fraud per above).

Cookies: Manage via notice; impacts noted.

Queries to privacy@freightx.ai; appeals process available (see U.S. State-Specific Rights for details).

11. Do-Not-Track Options

We do not currently honor DNT signals due to lack of uniform standards (per CCPA §1798.135). Future adoption will be reflected here. California users: No automated response to browser DNT.

12. U.S. State-Specific Rights

Overview: Enhanced rights for residents of California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Kentucky, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Tennessee, Texas, Utah, Virginia, and others adopting similar laws (e.g., VCDPA, CPA). Includes CCPA/CPRA categories; no discrimination for exercise (§1798.125).

Collected Categories (Past 12 Months)

Category

Examples

Collected?

A. Identifiers (CCPA §1798.140(o))

Names, addresses, phones, IDs, IPs, emails, accounts

YES

B. CA Records Personal Info (§1798.140(v))

Names, contacts, education/jobs/finances

YES

C. Protected Traits (§1798.140(s))

Gender/age/race/origin/marital/demographics

NO

D. Commercial (§1798.140(d))

Transactions/purchases/payments

NO

E. Biometrics (§1798.140(b))

Prints/voices

NO

F. Network Activity (§1798.140(f))

History/behaviors/interactions

NO

G. Location (§1798.140(e))

Device geo

NO

H. Sensory Media (§1798.140(h))

Images/audio/videos

NO

I. Employment (§1798.140(a))

Job details/qualifications

NO

J. Education (§1798.140(g))

Records/directories

NO

K. Inferences (§1798.140(j))

Profiles/preferences

NO

L. Sensitive (§1798.140(ae))


NO

Additional via support/surveys/delivery; sources: direct only. Uses: As in Data Processing Purposes. Sharing: Processors only; no sales/sharing (past/future).

Rights (Timelines: 45 days, extendable 45):

  • Know/Access/Correct/Delete/Copy (§1798.100-106; state variants).

  • Opt-Out Targeted Ads/Sales/Profiling/Sharing (§1798.120); sensitive limits (§1798.121).

  • Non-Discrimination; Agent Designation (§1798.135).

State Adds: E.g., MN profiling review; FL recognition opt-out.

Exercise: Data Management Requests/email; verify ID. Agents: Proof required.

Appeals: Email for written response/explanation; escalate to AG.

CA Shine the Light (§1798.83): Annual free request for marketing disclosures—submit written.

13. Policy Updates

Overview: Reviewed annually or upon legal/tech changes; "Effective Date" updated. Material amendments (e.g., new Processing) notified 30 days in advance via email/posting (GDPR Art. 13). Minor: Posted only. Your continued use post-notice affirms acceptance.

14. Contact Methods

For rights, inquiries, or complaints: privacy@freightx.ai or FreightX Logistics Corporation, Attn: DPO, [Address]. EU Supervisory: Varies by member state (e.g., https://edpb.europa.eu/about-edpb/board/members_en).

15. Data Management Requests

Submit viahttps://www.freightx.ai/privacy-request or email, including verification (e.g., ID excerpt). We acknowledge within 10 days, respond per law (1 month GDPR; 45 days CCPA). No fee unless manifestly unfounded/repetitive. For portability, data in structured format (e.g., JSON/CSV).

FreightX

FreightX

2151 River Plaze Drive, Sacramento, CA 95833.

hi@freightx.ai.

Company

Features

How it works

Key Features

Testimonials

Support

Contact

Help Center

Terms of Use

Privacy Policy

Security