Privacy Policy
Last updated: March 29, 2026
This Privacy Policy explains how Under the Sun Logistics (“we,” “us,” or “our”) collects, uses, stores, and protects your personal information when you use UTS Logistics Terminal (“the Service”) at app.utslogistics.net and our website at utslogistics.net.
1. Information We Collect
1.1 Account Information
When you sign in using Google Authentication, we receive and store the following from your Google account:
- Your name
- Your email address
- Your Google profile photo URL
- Your unique Google account identifier (UID)
We do not receive or store your Google password.
1.2 Business Data You Enter
Through your use of the Service, you may provide:
- Driver names and profiles
- Load details (origin, destination, revenue, miles, dates, broker information)
- Equipment and vehicle information
- Company information
- Financial data (revenue, expenses, fees)
- Documents uploaded for AI extraction (rate confirmations, bills of lading)
- Notes and operational data
1.3 Automatically Collected Information
When you use the Service, we may automatically collect:
- Browser type and version
- Device type
- IP address
- Pages visited and features used
- Date and time of access
- Referring URL
2. How We Use Your Information
We use your information to:
- Provide and operate the Service, including storing your dispatch data and syncing it across your devices.
- Authenticate your identity and manage your account.
- Process documents you upload through our AI-powered extraction feature.
- Process payments and manage your subscription (through Paddle).
- Communicate with you about your account, service updates, and support inquiries.
- Improve and develop the Service.
- Comply with legal obligations.
3. How We Store Your Data
3.1 Cloud Storage
Your account and business data is stored in Google Firebase (Cloud Firestore), hosted on Google Cloud Platform infrastructure. Data is stored as encrypted documents associated with your unique user account. Google Cloud data centers are primarily located in the United States.
3.2 Local Storage
If you use the Service in “local-only mode” (without signing in), your data is stored exclusively in your browser’s local storage and is not transmitted to our servers.
3.3 Data Encryption
Data is encrypted in transit using TLS/SSL encryption. Data at rest in Firebase is encrypted using Google Cloud’s default encryption.
4. Third-Party Services
We use the following third-party services that may process your data:
| Service | Provider | Purpose | Data Shared |
|---|---|---|---|
| Firebase Authentication | Google LLC | User sign-in and identity | Email, name, profile photo |
| Cloud Firestore | Google LLC | Data storage and sync | All business data you enter |
| Gemini API | Google LLC | AI document extraction | Document content you upload for processing |
| Paddle | Paddle.com Market Ltd | Payment processing | Email, name, payment details |
| Vercel | Vercel Inc. | Application hosting | IP address, browser info (server logs) |
Each third-party service operates under its own privacy policy:
5. AI Document Processing
When you use the Magic Fill feature to extract data from uploaded documents:
- Your document content is sent to Google’s Gemini API for real-time processing.
- Google processes the document to extract structured data (origin, destination, revenue, dates, etc.) and returns the results to the Service.
- Under the Gemini API’s paid tier terms, your input data is not used by Google to train or improve their models.
- Document content is not stored by the AI service beyond the processing session.
6. Payment Information
We do not directly collect, store, or process credit card numbers or payment details. All payment processing is handled by Paddle, who acts as the Merchant of Record. Paddle collects and processes your payment information in accordance with PCI DSS standards and their own privacy policy. We receive only transaction confirmation details (subscription status, plan type, billing dates) from Paddle.
7. Data Sharing
We do not sell, rent, or trade your personal information or business data to third parties. We may share your information only in the following circumstances:
- Service providers: With the third-party services listed in Section 4, solely to provide and operate the Service.
- Legal requirements: When required by law, regulation, legal process, or enforceable governmental request.
- Protection of rights: When necessary to protect our rights, safety, or property, or the rights, safety, or property of our users or the public.
- Business transfer: In connection with a merger, acquisition, or sale of assets, in which case your data would remain subject to this Privacy Policy.
8. Your Rights
8.1 General Rights (All Users)
- Access: Request a copy of the personal data we hold about you.
- Correction: Request correction of inaccurate data.
- Deletion: Request deletion of your account and associated data.
- Export: Export your data using the Service’s built-in features.
8.2 EU/EEA Residents (GDPR)
If you are located in the European Union or European Economic Area, you have additional rights under the General Data Protection Regulation (GDPR):
- Legal basis: We process your data based on: (a) your consent (account creation), (b) contract performance (providing the Service), and (c) legitimate interests (service improvement, security).
- Data portability: Receive your data in a structured, machine-readable format.
- Restriction: Request restriction of processing in certain circumstances.
- Objection: Object to processing based on legitimate interests.
- Withdrawal of consent: Withdraw consent at any time by deleting your account.
- Complaint: Lodge a complaint with your local data protection authority.
8.3 California Residents (CCPA)
If you are a California resident, you have the right to:
- Know what personal information we collect and how it is used.
- Request deletion of your personal information.
- Opt out of the sale of personal information. Note: We do not sell personal information.
- Non-discrimination for exercising your privacy rights.
9. Data Retention
We retain your data for as long as your account is active or as needed to provide the Service. If you delete your account or request data deletion:
- Active data is deleted within 30 days.
- Backup copies are deleted within 90 days.
- Anonymized, aggregated data (which cannot identify you) may be retained indefinitely for analytics purposes.
10. Security
We implement industry-standard security measures to protect your data, including:
- TLS/SSL encryption for all data in transit.
- Encryption at rest via Google Cloud Platform.
- Firebase security rules restricting data access to authenticated account owners.
- Regular security reviews of our codebase and infrastructure.
No system is 100% secure. While we strive to protect your data, we cannot guarantee absolute security. You are responsible for maintaining the security of your account credentials.
11. International Data Transfers
Your data may be transferred to and processed in the United States (where Google Cloud and Vercel infrastructure is located) and the United Kingdom (where Paddle is headquartered). These transfers are protected by:
- Google’s Standard Contractual Clauses and Data Processing Terms.
- Paddle’s compliance with applicable data protection regulations.
- Vercel’s Data Processing Addendum.
12. Children’s Privacy
The Service is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will delete it promptly.
13. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the Service. The “Last updated” date at the top of this policy reflects the most recent revision.
14. Contact Us
For privacy-related questions, data access requests, or to exercise your rights:
- General support: support@utslogistics.net
- Privacy and data requests: privacy@utslogistics.net
- Dispatch inquiries: dispatch@utslogistics.net
- Website: utslogistics.net