Legal

Privacy Policy

This Privacy Policy describes how Enrout Ops Inc. (“Enrout Ops,” “Enrout,” “we,” “us,” or “our”) collects, uses, discloses, and otherwise processes personal information in connection with our website at enroutops.com, our platform at enrout.ai, and related products and services (collectively, the “Services”).

Effective date: June 15, 2026 · Last updated: June 15, 2026

1. Introduction

We respect your privacy and are committed to handling personal information responsibly. This policy is designed to help you understand what information we collect, why we collect it, how we use and share it, and what choices and rights you may have.

By accessing or using our Services, you acknowledge that you have read and understand this Privacy Policy. If you do not agree with our practices, please do not use the Services.

This policy does not apply to third-party websites, applications, or services that may be linked from our Services or integrated at your direction. Those third parties are governed by their own privacy policies.

2. Definitions

  • Personal information means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or household.
  • Customer data means personal information and business data that our customers and their authorized users submit to, store in, or process through the Enrout Ops platform.
  • Controller means the entity that determines the purposes and means of processing personal information.
  • Processor means the entity that processes personal information on behalf of a controller.
  • You or your means a website visitor, prospective customer, account holder, authorized user, driver, dispatcher, or other individual whose personal information we process.

3. Who is responsible for your information

For personal information collected through our marketing website, sales process, and direct relationships with individual contacts, Enrout Ops Inc. acts as the data controller.

For Customer data processed within the Enrout Ops platform on behalf of a subscribing organization, that organization is generally the data controller and Enrout Ops acts as a data processor. In those cases, our processing is governed by our customer agreements and Data Processing Addendum (DPA), which supplement this policy.

Privacy inquiries: privacy@enroutops.com
Security incidents: security@enroutops.com
General contact: info@enroutops.com

4. Information we collect

The categories of personal information we collect depend on how you interact with us. The table below summarizes the main categories, examples, and typical sources.

CategoryExamplesSources
Identifiers & contactName, business email, phone number, company name, job title, mailing addressYou, your organization, public business directories
Account & authenticationUsername, password hash, role, permissions, login history, MFA tokensYou, your organization, automated systems
Commercial & operationalLoad details, lanes, rates, customer and carrier records, invoices, settlements, lead pipeline data, dispatch notesYou, your organization, authorized integrations
Driver & workforceDriver name, contact details, license or qualification references, assignment history, hours-of-service data where connectedYou, your organization, ELD/telematics integrations
Location & telematicsGPS coordinates, vehicle location history, ETA data, geofence events, engine or trip status from connected fleet systemsELD and fleet integrations (e.g., Samsara, Motive, Verizon Connect), mobile tracking features
CommunicationsEmails, SMS, in-app messages, call logs, and message content sent or received through the platformYou, your organization, integrated communication channels
Documents & filesBills of lading, rate confirmations, proof of delivery, insurance certificates, contracts, and uploaded attachmentsYou, your organization, document integrations
Payment & billingBilling contact details, subscription plan, invoices, payment method metadata (processed by payment providers)You, payment processors, accounting integrations
Device & usageIP address, browser type, device identifiers, operating system, pages viewed, clickstream, feature usage, error logs, timestampsAutomated technologies when you use our website or platform
Support & feedbackSupport tickets, survey responses, demo requests, product feedback, recordings or transcripts where disclosedYou, customer success interactions

We do not intentionally collect sensitive personal information such as government ID numbers, financial account numbers, or precise health information through our marketing website. Customers may upload documents containing sensitive information into the platform at their discretion; in those cases, processing is governed by the customer's instructions and applicable agreements.

5. How we collect information

Directly from you

When you fill out our contact form, request a demo, create an account, configure integrations, upload documents, send messages, or contact support, you provide information directly to us.

Automatically

We automatically collect certain technical and usage information through cookies, log files, and similar technologies when you browse our website or use authenticated areas of the platform.

From your organization

If your employer or customer provisions your account, they may provide your name, email, role, and permissions.

From third-party integrations

When you or your organization authorizes connections to third-party services, we receive data from those services. Examples include load boards (DAT, Truckstop), ELD and fleet providers (Samsara, Motive, Verizon Connect), accounting systems (QuickBooks, Microsoft Dynamics), factoring partners (OTR Solutions, RTS Financial, Triumph), and custom integrations via our REST API and webhooks.

6. Legal bases for processing

Where applicable law requires a legal basis (such as under the EU or UK GDPR), we rely on one or more of the following:

  • Contract performance: to provide the Services you or your organization have requested, including account setup, dispatch operations, tracking, invoicing, and support.
  • Legitimate interests: to operate, secure, and improve our Services; prevent fraud and abuse; understand product usage; and communicate with business contacts, balanced against your rights and expectations.
  • Consent: where required for optional cookies, certain marketing communications, or other processing for which we request your consent. You may withdraw consent at any time without affecting the lawfulness of processing before withdrawal.
  • Legal obligation: to comply with applicable laws, regulations, lawful requests, tax requirements, and transportation or safety recordkeeping obligations where applicable.
  • Vital interests or public interest: in rare cases where necessary to protect an individual's vital interests or comply with regulatory requirements.

When we process Customer data as a processor, the customer determines the applicable legal basis and provides instructions to us through the subscription agreement and DPA.

7. How we use personal information

We use personal information for the following purposes:

  • Providing, operating, maintaining, and securing the Services.
  • Enabling core TMS and dispatch functionality: load management, live tracking, driver assignment, customer communication, document management, lead management, invoicing, and reporting.
  • Powering AI-assisted features, including Bella, for negotiation support, load monitoring, automated follow-ups, operational summaries, and productivity tools based on data authorized by you or your organization.
  • Authenticating users and managing access controls.
  • Processing demo requests, sales inquiries, and support requests.
  • Sending transactional messages, service announcements, security alerts, billing notices, and product updates.
  • Analyzing usage trends, diagnosing technical issues, and improving performance, reliability, and user experience.
  • Detecting, investigating, and preventing security incidents, fraud, abuse, and violations of our terms.
  • Complying with legal obligations and enforcing our agreements.
  • With consent or as permitted by law, sending marketing communications about Enrout Ops products, events, and resources.

8. AI and automated processing

Enrout Ops uses machine learning and artificial intelligence to deliver features such as load recommendations, ETA forecasting, communication assistance, and operational insights. These features process data you or your organization provide or authorize, including load details, communications, location data, and historical operational patterns.

Our AI features are designed to assist human operators. They do not make legally binding decisions without human review unless your organization explicitly configures automated workflows. You should review AI-generated outputs before relying on them for safety-critical, financial, or regulatory decisions.

We do not sell Customer data. We do not use identifiable Customer data to train general-purpose models shared with unrelated customers without appropriate contractual restrictions, customer authorization, and de-identification or aggregation where applicable. We may use aggregated and de-identified data to improve service quality, reliability, and security.

9. How we disclose personal information

We may disclose personal information to the following categories of recipients:

  • Service providers and sub-processors that host infrastructure, provide cloud computing, deliver email and notifications, process website forms, provide analytics, offer customer support tools, or assist with security monitoring, under written confidentiality and data protection obligations.
  • Integration partners you or your organization connect to the platform, solely to provide the integration functionality you authorize.
  • Your organization and other authorized users within your account, based on role-based access controls.
  • Professional advisors such as lawyers, accountants, auditors, and insurers, subject to confidentiality duties.
  • Authorities and law enforcement when required by law, regulation, legal process, or to protect the rights, property, safety, and security of Enrout Ops, our customers, or others.
  • Business transferees in connection with a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, subject to this policy or equivalent protections.

Our website contact form submissions are transmitted through Web3Forms, a third-party form processing service, to deliver inquiries to our team.

10. Cookies and similar technologies

We use cookies, local storage, and similar technologies on our website and platform. These technologies help us:

  • Keep you signed in and maintain session security.
  • Remember preferences such as language and display settings.
  • Understand how visitors use our website and which features are used.
  • Measure marketing effectiveness and improve content.

Types of cookies we use

  • Strictly necessary: required for authentication, security, and core site functionality.
  • Functional: remember choices and enhance usability.
  • Analytics: help us understand traffic patterns and product usage in aggregate.
  • Marketing (if enabled): may be used to measure campaign performance. We do not use invasive cross-site tracking without appropriate notice and consent where required.

You can manage cookies through your browser settings. Blocking certain cookies may affect website functionality. Where required by law, we will present a cookie consent mechanism before placing non-essential cookies.

11. Data retention

We retain personal information only for as long as reasonably necessary to fulfill the purposes described in this policy, unless a longer retention period is required or permitted by law.

  • Website and sales inquiries: typically retained for the duration of our business relationship and a reasonable period thereafter for follow-up, unless you request deletion sooner and we have no legal obligation to retain the data.
  • Platform Customer data: retained for the term of the subscription and as specified in the customer agreement, DPA, and backup schedules. Customers may request export or deletion subject to contractual terms and legal requirements.
  • Security and audit logs: retained for a limited period to investigate incidents, meet compliance obligations, and maintain system integrity.

When personal information is no longer needed, we delete, anonymize, or securely isolate it in accordance with our retention and disposal procedures.

12. Security

We maintain administrative, technical, and organizational safeguards designed to protect personal information, including:

  • Encryption of data in transit using TLS and encryption at rest for stored data.
  • Role-based access controls, multi-factor authentication options, and least-privilege access policies.
  • Network segmentation, monitoring, vulnerability management, and incident response procedures.
  • Employee security training and confidentiality obligations.
  • Annual third-party audits supporting our SOC 2 Type II certification.
  • HIPAA-ready and GDPR-aligned controls for customers with applicable regulatory requirements.

No security program can guarantee absolute security. If you believe your account has been compromised or you discover a vulnerability, contact security@enroutops.com promptly.

13. International data transfers

Enrout Ops is headquartered in North America. We and our service providers may process personal information in the United States, Canada, and other countries where we or our subprocessors maintain facilities.

When we transfer personal information from the European Economic Area, United Kingdom, or Switzerland to countries that have not received an adequacy decision, we implement appropriate safeguards such as the European Commission's Standard Contractual Clauses, the UK International Data Transfer Addendum, or other lawful transfer mechanisms required by applicable law.

A copy of relevant transfer safeguards may be requested by contacting privacy@enroutops.com.

14. Your privacy rights

Depending on your location and applicable law, you may have some or all of the following rights regarding your personal information:

  • Right to know what personal information we collect, use, and disclose.
  • Right to access and receive a copy of your personal information.
  • Right to correct inaccurate or incomplete information.
  • Right to delete personal information, subject to legal exceptions.
  • Right to restrict or object to certain processing.
  • Right to data portability where technically feasible.
  • Right to withdraw consent where processing is based on consent.
  • Right to opt out of certain targeted advertising, sale, or sharing of personal information.
  • Right to non-discrimination for exercising privacy rights.

Platform users

If you use Enrout Ops through an employer or customer account, operational data is typically controlled by that organization. Please contact your organization's administrator first for access, correction, or deletion requests relating to platform data. We will assist our customers in responding to such requests as required by our agreements and applicable law.

How to submit a request

Email privacy@enroutops.com with the subject line “Privacy Rights Request.” We may need to verify your identity before fulfilling a request. Authorized agents may submit requests on your behalf where permitted by law. We will respond within the timeframe required by applicable law (for example, 30 days under GDPR or 45 days under CCPA, with permitted extensions where necessary).

EEA and UK residents

You have the right to lodge a complaint with your local supervisory authority if you believe our processing violates applicable data protection law. We encourage you to contact us first so we can address your concerns.

California residents (CCPA/CPRA)

In the preceding 12 months, we may have collected the categories of personal information listed in Section 4 for the business purposes described in this policy. We disclose personal information to service providers and integration partners as described in Section 9.

We do not sell personal information. We do not share personal information for cross-context behavioral advertising as those terms are defined under California law. We will not discriminate against you for exercising your CCPA/CPRA rights.

California residents may submit requests to know, delete, or correct personal information by emailing privacy@enroutops.com.

Canadian residents

If you are located in Canada, you may have rights under applicable provincial and federal privacy laws, including the right to access and challenge the accuracy of your personal information. Contact us at privacy@enroutops.com to exercise these rights.

15. Marketing communications

We may send marketing emails about Enrout Ops products, webinars, and industry resources to business contacts who have expressed interest or with whom we have an existing business relationship, where permitted by law. You may opt out at any time by clicking the unsubscribe link in our emails or by contacting privacy@enroutops.com. Opting out of marketing does not affect transactional or service-related communications necessary to administer your account or respond to inquiries.

16. Children's privacy

The Services are intended for business use and are not directed to individuals under 16 years of age. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us at privacy@enroutops.com and we will take steps to delete it.

17. Data breach notification

In the event of a personal data breach that poses a risk to individuals, we will notify affected customers and, where required by law, relevant supervisory authorities and affected individuals without undue delay and in accordance with applicable breach notification obligations.

18. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or Services. When we make material changes, we will post the updated policy on this page and revise the “Last updated” date. Where required by law, we will provide additional notice (such as by email or in-product notification). Your continued use of the Services after the effective date of an updated policy constitutes acceptance of the changes, except where further consent is required by law.

19. Contact us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, contact:

Enrout Ops Inc.
Privacy Team
Email: privacy@enroutops.com
General inquiries: info@enroutops.com
Website: enroutops.com
Platform: enrout.ai

This Privacy Policy is provided for informational purposes and does not constitute legal advice. Organizations using Enrout Ops should review this policy alongside their own privacy notices and our customer agreements.