Privacy Policy
Effective: 2026-05-01 · Last updated: 2026-05-01
CloudTMS LLC (“CloudTMS”, “we”, “us”, “our”) is a Wisconsin limited liability company offering a multi-tenant transportation management platform: a web application at cloudtms.io and the “CloudTMS Driver” companion mobile app used by professional truck drivers operating for our customers (motor carriers).
This policy describes the personal data we collect from end users (dispatchers, drivers, accounting staff, executives), how we use it, who we share it with, and the rights you have over it. CloudTMS is the data processor on behalf of the carrier you work for; the carrier is the data controller.
1. Data we collect
Account & identity
Name, work email address, phone number, role within your company, and a hashed password. Created when an administrator at your carrier invites you to CloudTMS.
Driver & vehicle records
CDL number, license expiry, medical-card expiry, hire date, vehicle and trailer assignments, hours-of-service status (when an ELD provider is connected). Required for DOT compliance reporting.
Location data (mobile app)
When a driver presses Arrived, Loaded, or Delivered in the CloudTMS Driver mobile app we capture a single GPS point at that moment. We do not run continuous background location tracking. We retain location points for the lifetime of the load record.
Camera & documents
The mobile app uses the camera to capture bills of lading (BOL), proofs of delivery (POD), lumper receipts, and other freight documents. Captured images are uploaded to our document storage on AWS S3 in us-east-1 and attached to the corresponding load record.
Push-notification tokens
With your permission, the mobile app registers an Expo push token used to deliver dispatch messages and load updates. Tokens are stored against your user record and removed on logout.
Operational data
Loads, customers, invoices, payments, settlements, fuel and toll receipts, IFTA mileage, and the messages exchanged between dispatchers and drivers within the app.
Logs & diagnostics
HTTP request logs, error reports (stack traces, breadcrumbs) sent to Sentry, and anti-abuse signals (IP address and user-agent for login and sign-up requests). We use these to detect outages and prevent brute-force attacks.
2. How we use your data
- To run the dispatch, billing, settlement, and compliance workflows you sign in for.
- To deliver real-time notifications about loads, messages, and dispatch events.
- To process subscription payments via Stripe and to send invoices via email.
- To meet your carrier's legal obligations (DOT, FMCSA, IFTA, IRS Form 2290).
- To detect and prevent fraud, abuse, and unauthorized access.
- To debug crashes and improve product reliability.
We do not sell personal data. We do not use your data to train third-party AI models.
3. Service providers we share data with
CloudTMS relies on the following sub-processors. Each handles a specific slice of data under a written data-processing agreement.
| Provider | Purpose | Privacy policy |
|---|---|---|
| Amazon Web Services | Application hosting, RDS Postgres, S3 document storage (us-east-1). | link |
| Stripe | Subscription billing and payment-method processing. | link |
| Resend | Transactional email (invoices, settlement statements, password resets). | link |
| Pusher | Real-time websocket fan-out for dispatch and messaging events. | link |
| Upstash | Redis-based rate-limiting and queue storage. | link |
| Sentry | Crash and error reporting (web + mobile). | link |
| Vercel | Edge hosting and CDN for the web app. | link |
| Google Maps | Map rendering and route geocoding for the dispatch board. | link |
| Expo | Mobile app build pipeline and push-notification delivery (APNS/FCM). | link |
| Apple Push Notification Service | Push notification delivery to iOS devices. | link |
| Firebase Cloud Messaging | Push notification delivery to Android devices. | link |
| QuickBooks Online (Intuit) | Optional accounting export, when your carrier connects it. | link |
| Samsara / Motive | Optional ELD integration, when your carrier connects it. | link |
4. Data retention
We retain operational records (loads, invoices, settlements, driver and vehicle files) for as long as your carrier remains a CloudTMS customer plus seven years afterwards, to satisfy DOT, IRS, and IFTA record-retention rules. Document files in S3 are versioned and retained for one year per the bucket lifecycle policy. Deleted accounts have their personal identifiers removed within 30 days of deletion request, except where a record is legally required to be preserved.
5. Security
- All traffic is served over HTTPS with HSTS.
- Passwords are stored using bcrypt; vendor tokens are encrypted with AES-GCM.
- Document storage is private S3 with server-side encryption and access denied to the public.
- Multi-tenant isolation is enforced at the query layer via a non-negotiable company_id scope.
- Login and sign-up endpoints are rate-limited to deter brute-force attacks.
6. Your rights
Depending on your jurisdiction (GDPR, CCPA, etc.) you may have rights to access, correct, or delete your personal data, port it, or restrict its processing. Because your carrier is the data controller, the fastest route is to contact your carrier's CloudTMS administrator. You may also email us directly at privacy@cloudtms.io and we will respond within 30 days.
7. Permissions used by the mobile app
- Location (when in use): required to record the GPS point at pickup, loaded, and delivery events. Not used for continuous tracking.
- Camera: required to capture BOL, POD, lumper receipt, and permit documents. Captured photos are uploaded to your carrier's document store.
- Photo library (optional): if granted, captured documents may be saved locally to your device for offline access.
- Notifications: required to deliver dispatch messages and load updates.
8. International transfers
CloudTMS is operated from Wisconsin, USA. Data is processed in AWS us-east-1. If you access the service from outside the United States, your data will be transferred to and processed in the United States.
9. Children's privacy
CloudTMS is a workplace tool for licensed commercial drivers and back-office staff. It is not intended for and we do not knowingly collect personal information from anyone under the age of 13. If a parent or guardian believes their child has provided information to CloudTMS, contact privacy@cloudtms.io and we will delete the data immediately.
10. Changes to this policy
We may update this policy from time to time. Material changes will be communicated via in-app notice and email at least 14 days before they take effect. The “Last updated” date at the top of this page reflects the current revision.
11. Contact
CloudTMS LLC — Privacy Team
Wisconsin, United States
privacy@cloudtms.io