Privacy Policy

Introduction

Cargobloom respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, and share information when you use our website and browser extension (collectively, the "Service").

This policy is designed to comply with the European Union General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable data protection laws.

Data controller

Cargobloom is the data controller responsible for your personal data. If you have any questions about this Privacy Policy or our data practices, you can contact us at [email protected].

Information we collect

When you use the Cargobloom Extension on supported freight exchange platforms, we collect market data visible on your screen including route details, freight details, price information, and timestamps of offers.

We do NOT collect personal data of transaction parties. Data is anonymized and aggregated to calculate market averages.

If you create an account, we collect your email address and authentication credentials. We also collect usage data such as browser type, device type, and pages visited. For security purposes, IP addresses are hashed and retained for a maximum of 2 hours.

Legal basis for processing

Under the GDPR, we process your data based on consent when you install the extension or create an account, contract performance to provide the Service you requested, legitimate interests in aggregating market data and ensuring security, and legal obligations to comply with applicable requirements.

How we use your information

We use collected information to provide the Service by aggregating market data to display price indices, trends, and analytics. We also use it to improve the Service by analyzing usage patterns, to communicate updates and security alerts, and to ensure security through rate limiting and abuse prevention.

Data retention

Raw market offers are retained for 30 days, enriched and aggregated market data for 90 days, and historical snapshots for 90 days. Rate limiting data using hashed IPs is retained for 2 hours. Account information is kept until you delete your account or request deletion.

After these retention periods, data is automatically and permanently deleted from our systems.

Data sharing

We do not sell your personal data. We share aggregated, non-personally identifiable market data publicly on our platform. We use service providers including Supabase and Railway to provide our Service under data processing agreements. We may disclose data if required by law.

International data transfers

Your data may be transferred to countries outside the European Economic Area. When we transfer data outside the EEA, we ensure appropriate safeguards including Standard Contractual Clauses approved by the European Commission.

Data security

We implement appropriate technical and organizational measures to protect your data, including encryption of data in transit, hashing of IP addresses, rate limiting to prevent abuse, and regular security reviews.

No method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

Your data rights

Under GDPR and other applicable laws, you have the right to access your personal data, request correction of inaccurate data, request deletion of your data, restrict processing in certain circumstances, receive your data in a portable format, object to processing based on legitimate interests, and withdraw consent at any time.

To exercise these rights, contact us at [email protected]. We will respond within 30 days.

Cookies and tracking

Our website uses essential cookies required for the Service to function properly. We do not use third-party advertising or tracking cookies. Any analytics we perform use aggregated, anonymized data.

Children's privacy

Our Service is not intended for individuals under 16 years old. We do not knowingly collect personal data from children under 16. If you believe a child has provided us with personal data, please contact us and we will delete such information.

Right to lodge a complaint

If you believe that our processing of your personal data infringes data protection laws, you have the right to lodge a complaint with a supervisory authority. In the EU, you can contact the data protection authority in your country of residence.

Changes to this policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the date. We encourage you to review this policy periodically.

Contact us

If you have any questions about this Privacy Policy or wish to exercise your data rights, contact us at [email protected].

Be intelligent, use Cargobloom.