Privacy Policy

1. Overview

This Privacy Policy explains how Carrier Shark LLC (“Carrier Shark,” “we,” “us,” or “our”) collects, uses, discloses, and retains information when you access or use our website, applications, and services (collectively, the “Platform”).

This Privacy Policy is designed to be read alongside our Terms of Service. If you have questions, contact us at [email protected].

2. Information We Collect

2.1 Information you provide

• Account and profile information: name, work email, phone number, business name, role/title, and similar business contact details you provide.
• Transactional and workflow information: information you enter to generate, send, and manage contracts and workflows (e.g., recipient emails, routing preferences, and related metadata).
• Documents and uploads: documents you upload or submit through the Platform (including insurance certificates and related supporting documents). Users are responsible for ensuring they have the right to upload and share any documents submitted through the Platform.
• Support communications: content of messages you send to support, including attachments and troubleshooting details.

2.2 Electronic signature and audit trail information

When the Platform facilitates electronic signatures, we may collect and store an audit trail associated with the signing event. This may include: timestamp, signer email address, document identifiers, and technical signals used to operate the workflow (such as IP address and device/browser information).

2.3 OCR-extracted data (convenience only)

The Platform may use OCR to extract information from uploaded documents (for example, insurance certificates). OCR extraction is automated and may be inaccurate, incomplete, or outdated. We may store the original document and associated OCR output to provide Platform functionality.

2.4 Information collected automatically

• Log and usage data: IP address, device identifiers, browser type, operating system, timestamps, pages/screens viewed, and actions taken in the Platform.
• Security and integrity data: authentication events, account access history, and related signals used to protect against abuse.
• Cookies and similar technologies: we may use essential cookies for session management and security. If we add analytics or non-essential cookies in the future, we will update this policy and provide applicable choices where required.

2.5 Public and third-party data sources

The Platform may display information obtained from public or third-party sources (including governmental datasets such as FMCSA-related data). Such information is generally considered public/regulatory in nature and may be displayed to support carrier profile functionality.

3. How We Use Information

We use information to:

• provide, operate, maintain, and improve the Platform (including document storage, transmission, and workflow execution);
• facilitate electronic signature workflows and maintain associated records;
• perform OCR processing to enable convenience features you request or enable;
• authenticate users and secure accounts (including email-based verification codes for certain signing actions);
• monitor for misuse, fraud, security incidents, and platform integrity issues;
• provide customer support and respond to requests;
• comply with legal obligations and enforce our Terms.

4. How We Share Information

4.1 Sharing with other Platform users (workflow-based)

The Platform is designed to transmit documents and workflow outputs to the recipients you choose. For example, when a carrier (or broker) sends an insurance document through the Platform, the document and related metadata may be made available to the intended recipient(s) designated in that workflow.

4.2 Service providers (processors)

We use service providers to host the Platform, store documents, process OCR, monitor reliability, and deliver notifications. These providers process information on our behalf under contractual obligations consistent with providing the service. These providers may process or store information in the United States or other jurisdictions where they operate.

4.3 Legal, safety, and rights-protection

We may disclose information if we believe disclosure is reasonably necessary to comply with law, respond to lawful requests, protect the rights and safety of Carrier Shark, our users, or others, or investigate suspected fraud or security issues.

4.4 Corporate transactions

If Carrier Shark is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, information may be disclosed as part of that transaction, subject to standard confidentiality protections.

5. Public Carrier Profile Pages

Carrier Shark may provide public carrier profile pages that display public/regulatory information (for example, FMCSA-related data and other public records) to support transparency and operational workflows.

If you believe information displayed on a public profile page is inaccurate or should not be displayed, contact us at [email protected] with sufficient detail for us to evaluate the request.

6. Service Providers and Infrastructure

Carrier Shark uses third-party service providers to support Platform operations. Depending on your use of the Platform, these may include:

• Cloud hosting and infrastructure: DigitalOcean (including hosted environments for Platform components such as NiFi).
• Document storage: DigitalOcean Spaces (S3-compatible object storage) for uploaded documents.
• OCR processing: DocuPipe (as an OCR/processing provider for document extraction features).
• Monitoring and error tracking: Sentry (application reliability and error reporting).
• Source code management: GitHub (code repository and development workflows).
• Data stores: PostgreSQL and Redis for platform data, caching, and operational reliability.

Note: Providers and subprocessors may change over time as we improve the Platform. We will update this Privacy Policy if changes are material.

7. Data Retention

We retain information for as long as reasonably necessary to provide the Platform, support your account, comply with legal obligations, resolve disputes, and enforce agreements. Retention periods vary by data type:

• Account data: retained while your account is active.
• Documents (including insurance uploads): generally retained while the associated account/workflow is active and for a period after account closure (typically up to 3 years) unless a longer period is required for legal, dispute, or recordkeeping reasons.
• Audit trails and signature records: may be retained for longer periods (typically 5–7 years) to support contract integrity and dispute resolution.
• System logs and security records: retained for operational security, troubleshooting, and integrity monitoring.
• Backups: retained according to backup/retention schedules necessary for business continuity and disaster recovery.

8. Security

We use reasonable administrative, technical, and physical safeguards designed to protect information, including access controls, least-privilege practices, and encryption in transit. Certain signing actions may require an email-based verification code to help reduce unauthorized signing activity.

If Carrier Shark becomes aware of a security incident affecting your information, we may notify affected users where required by law or where we determine notice is appropriate.

No method of transmission or storage is 100% secure. If you believe your account has been compromised, contact us immediately at [email protected].

9. U.S. and Canada Privacy Rights

9.1 U.S. state privacy laws (general notice)

Depending on your jurisdiction, you may have rights to request access to, correction of, or deletion of certain personal information, and to obtain information about our data practices. Because Carrier Shark is primarily a business-to-business service, some state privacy laws may provide limited or different rights depending on how information is collected and used.

9.2 Canada (PIPEDA)

If you are located in Canada, you may have rights under applicable Canadian privacy laws (including PIPEDA) to access and correct personal information under our control, subject to certain exceptions.

9.3 How to exercise rights

To submit a request, contact us at [email protected]. We may need to verify your identity and authority to act on behalf of an organization before fulfilling a request. We may deny or limit certain requests where permitted by law, including where fulfilling the request would interfere with legal obligations, fraud prevention, security, or the rights of other users.

10. Children

The Platform is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided personal information through the Platform, contact us at [email protected].

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will post the updated version on this page and update the “Last Updated” date. If changes are material, we will provide reasonable notice consistent with applicable law.

12. Contact

Questions or requests regarding this Privacy Policy can be directed to: Carrier Shark LLC
Attn: Privacy
Atlanta, GA 30350
Email: [email protected]

© Carrier Shark. All rights reserved.