Privacy Policy

Introduction

RigKeeper ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our DOT compliance management platform ("the Service"). By using the Service, you consent to the practices described in this policy.

Information We Collect

We collect information that you provide directly to us, including:

• Account information (name, email address, company name)
• Phone numbers (account holder and, if provided, driver phone numbers for SMS reminders)
• Driver information (names, CDL numbers, CDL states, medical card expiration dates, contact information)
• Vehicle information (VINs, unit numbers, registration details, inspection dates)
• Compliance records (CDL details, medical card dates, inspection dates)
• USDOT number and related FMCSA data
• Payment information (processed by Stripe; we do not store credit card numbers)

Information Collected Automatically

When you use the Service, we may automatically collect:

• Device and browser information (type, operating system, browser version)
• IP address and general location data
• Usage data (features used, pages visited, timestamps)
• Log data related to Service performance and errors

FMCSA and Public Regulatory Data

When you enter a USDOT number, we retrieve publicly available carrier information from the FMCSA (Federal Motor Carrier Safety Administration). This data — including legal name, address, and operating authority details — is public record. We store this data solely to provide compliance tracking services for your organization. We do not use FMCSA data for any purpose other than delivering the Service to you.

How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve our compliance tracking services
• Send compliance deadline reminders via email and SMS
• Calculate audit readiness scores
• Process payments and manage your subscription
• Send account-related notifications (password resets, billing updates)
• Respond to your requests and provide customer support
• Monitor and improve the security of the Service

SMS Communications

If you opt in to SMS notifications, we collect and store your mobile phone number to send automated compliance reminder messages. If you enter phone numbers for drivers in your organization, those numbers are used solely for sending compliance reminders on your behalf.

Phone numbers are not shared with third parties for marketing purposes. SMS messages are delivered through Twilio, our third-party messaging provider (see "Service Providers" below).

You may opt out of SMS at any time by replying STOP to any message. Reply HELP for assistance. You may also update your preferences at rigkeeper.com/dashboard/settings. Message and data rates may apply.

Data Security

We implement industry-standard security measures to protect your data, including TLS 1.2+ encryption for data in transit and AES-256 encryption for data at rest. Your compliance data is stored securely using Supabase with row-level security policies that ensure users can only access data belonging to their own organization. Access to production systems is restricted to authorized personnel. While we take reasonable measures to protect your information, no method of electronic storage or transmission is 100% secure, and we cannot guarantee absolute security.

Data Breach Notification

In the event of a data breach involving your personal information or the personal information of drivers stored in your account, we will notify you without unreasonable delay and in accordance with applicable state and federal laws. Notification will be sent to the email address associated with your account and, where required by law, to affected individuals directly.

A "data breach" means unauthorized access to, or disclosure of, personal data that compromises the security, confidentiality, or integrity of that data. We will cooperate with any investigation by regulatory authorities and will provide you with information about what data was affected and the steps we are taking in response.

Service Providers (Sub-Processors)

We use the following third-party service providers to operate the Service. These providers process your data only as necessary to perform services on our behalf and are contractually obligated to protect your information:

• Supabase — Authentication and database hosting
• Stripe — Payment processing and subscription management
• Resend — Transactional and reminder email delivery
• Twilio — SMS message delivery
• Vercel — Application hosting and deployment

We do not sell your personal information to any third party. We may disclose your information if required to do so by law, regulation, legal process, or governmental request, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email or prominent notice within the Service before your information becomes subject to a different privacy policy.

Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. Upon account termination, you may request a data export within 30 days. After the export window, your data — including driver records, vehicle records, and compliance items — will be permanently deleted from our systems within 60 days, except where we are legally required to retain it.

Database backups are purged on a rolling 90-day schedule. We may retain anonymized and aggregated data (which cannot be used to identify any individual) for analytics and product improvement purposes.

Your Rights

You may access, update, or delete your account information at any time through your dashboard settings. To request complete data deletion, contact us at support@rigkeeper.com. We will respond to deletion requests within 30 days.

State-Specific Privacy Rights

If you are a resident of California, Virginia, Colorado, Connecticut, or another state with comprehensive privacy legislation, you may have additional rights under applicable law, including:

• Right to know — You may request information about what personal data we collect, the sources, the purposes, and the third parties with whom we share it.
• Right to delete — You may request that we delete your personal information, subject to certain legal exceptions.
• Right to correct — You may request that we correct inaccurate personal information.
• Right to opt out of sale or sharing — We do not sell or share your personal information for cross-context behavioral advertising. No action is required on your part.
• Right to non-discrimination — We will not discriminate against you for exercising any of your privacy rights.

To exercise any of these rights, contact us at support@rigkeeper.com. We will verify your identity before processing your request and respond within the timeframes required by applicable law.

Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we learn that we have collected personal information from a child under 18, we will delete that information promptly.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes at least fifteen (15) days before they take effect, via email or through a prominent notice within the Service. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.

Contact Us

If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact us at support@rigkeeper.com.