Privacy Policy

1. Information we collect

Account information. When your organization creates an account or accepts an invitation to join one, we collect the names, business email addresses, phone numbers, job titles, and organizational role of each user. We also collect the legal name and billing details of the contracting entity.

Customer data you upload or generate. The Service is a transportation management system, so customers routinely upload or generate shipment information, quotes, rate cards, customer and carrier records, commercial invoices, bills of lading, packing lists, customs documents, and similar operational data. This data may include personal information about your own customers, shippers, consignees, and counterparties. As to this data, your organization is the controller and we act as a processor on your behalf.

Usage data. We log how the Service is used: pages visited, features invoked, API calls made, search queries inside the product, error events, IP address, browser and device metadata, and timestamps. We use this to operate, secure, and improve the Service.

Cookies and similar technologies. The Service uses strictly necessary cookies for authentication and session management, plus a small set of first-party analytics cookies to understand aggregate product usage. See section 8.

Support and communications. When you contact us by email or through in-product support, we keep the messages and attachments so we can respond and improve the Service.

2. How we use information

We use the information described above to provide and operate the Service, authenticate users, deliver requested features, generate quotes and documents, send transactional notifications, bill subscribers, prevent abuse, comply with law, and respond to support requests.

AI features. The Service includes AI-assisted features (for example, quote suggestions, document classification, and a retrieval-augmented chat assistant). AI processing runs on each customer’s own data only. We do not use one customer’s data to train or fine-tune models that serve another customer. Embeddings, indexes, and retrieval contexts are scoped to the originating organization and isolated at the database layer using PostgreSQL row-level security. Where third-party model providers are used, we use API endpoints that the provider has represented are not used to train their general models on customer inputs or outputs.

Aggregated, de-identified data. We may use aggregated, anonymized data that cannot reasonably identify any individual or organization to monitor product performance, improve the Service, and publish industry-level benchmarks.

3. Sharing and subprocessors

We do not sell personal information. We share information only as described below.

Subprocessors. We engage vetted vendors to help run the Service. These fall into the following categories:

• Cloud infrastructure — hosting, compute, object storage, and database services in the United States.
• Transactional email and notification delivery — sending account, billing, and product notifications.
• Analytics and error monitoring — product usage analytics and crash/error reporting, scoped to first-party data.
• Payment processing — subscription billing and invoicing.
• AI model providers — large-language-model and embedding endpoints used by AI features, configured not to train on customer content.

Every subprocessor is bound by a written agreement requiring confidentiality, security controls, and use of personal data only on our documented instructions. A current list of named subprocessors is available on request from [email protected].

Legal compliance. We may disclose information when we believe in good faith that disclosure is required to comply with applicable law, valid legal process, or a lawful government request, or to protect the rights, property, or safety of LogisticsPrizm, our customers, or the public.

Business transfers. If LogisticsPrizm or VUGA Enterprises LLC is involved in a merger, acquisition, financing, reorganization, or sale of assets, information may be transferred to the successor or acquirer, subject to this Policy or a substantively similar successor policy.

4. Data retention

We retain customer account data and uploaded business records for as long as the account is active. Following termination, we retain customer data for a 30-day export window during which the customer may retrieve a copy. After the export window expires, we delete or anonymize customer data from primary systems within 30 additional days, and from routine backups within 90 additional days, except where a legal hold, regulatory obligation, or pending dispute requires longer retention. Operational and audit logs are retained up to 12 months for security and forensic purposes. Billing records are retained as required by applicable tax law.

5. Security

We implement administrative, technical, and physical safeguards designed to protect data against unauthorized access, alteration, disclosure, or destruction. These include TLS 1.2+ encryption in transit, AES-256 encryption at rest for our primary database and object storage, role-based access controls across six application roles, multi-tenant isolation enforced by PostgreSQL row-level security, signed-URL access for uploaded documents, audit logging of sensitive actions, dependency vulnerability scanning, and least-privilege administrative access. No security control is absolute, and customers are responsible for protecting their own credentials. For more detail, see our Security page.

6. Your rights

Depending on where you live, you may have rights to access, correct, delete, restrict, object to, or receive a portable copy of personal information we hold about you. EU, EEA, UK, and Swiss residents have these rights under the GDPR and equivalent national laws.

California residents have rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act, including the right to know, delete, correct, and limit the use of sensitive personal information, and the right to opt out of sale or sharing for cross-context behavioral advertising. We do not sell personal information and we do not share it for cross-context behavioral advertising. We will not discriminate against you for exercising any privacy right.

To exercise any of these rights, email [email protected]. We will verify your identity using information we already hold and respond within the timeframes required by applicable law (typically 30 to 45 days, extendable once where permitted). For data uploaded by a customer organization, requests will normally be routed to that organization as the controller.

7. International transfers

We are based in the United States and primarily process data in the United States. If you access the Service from outside the United States, your information will be transferred to and processed in the United States. Where required for transfers from the EEA, the UK, or Switzerland, we rely on Standard Contractual Clauses or other lawful transfer mechanisms.

8. Cookies

The Service uses strictly necessary cookies for authentication, session continuity, and security (for example, CSRF protection). We also use first-party analytics cookies to understand aggregate product usage and improve the Service. We do not use third-party advertising cookies and we do not participate in cross-context behavioral advertising. You can control cookies through your browser settings; disabling strictly necessary cookies will prevent the Service from functioning.

9. Children

The Service is a business product intended for users 18 years or older acting in a professional capacity. We do not knowingly collect personal information from anyone under 18. If you believe a child has provided personal information to us, please contact [email protected] and we will delete it.

10. Changes to this Policy

We may update this Policy from time to time. If we make material changes, we will give notice by email to account administrators, by in-product notification, or by updating the “Last updated” date above. Material changes take effect no earlier than 30 days after notice, unless an earlier effective date is required by law.

11. Contact

Questions about this Policy or about how we handle data? Email [email protected]. Security-related reports should go to [email protected]; general support is at [email protected].

VUGA Enterprises LLC, doing business as LogisticsPrizm. State of Florida, United States.