Legal

Privacy Policy

Last updated: May 9, 2025 · Effective: May 9, 2025

This Privacy Policy explains how Logistify collects, uses, stores, and protects your personal information when you use our Chrome extension and web application (the "Service"). We are committed to protecting your privacy and handling your data transparently and responsibly.

      Plain language summary: We collect only what we need to run the Service — your
      Google account identity and the data you create while using Logistify. We do not sell your data,
      we do not read your emails, and we use the Gmail API solely to send messages you explicitly
      authorize.
    

1. Information We Collect

1.1 Information from Google OAuth

When you sign in with Google, we receive the following data from Google's OAuth 2.0 service:

Name — your full name as registered with Google.
Email address — your primary Gmail address.
Google ID — a unique identifier assigned by Google (not your password).
OAuth refresh token — used to generate short-lived access tokens for the Gmail API on your behalf.

We do not receive or store your Google password.

1.2 Load and Usage Data

When you use the extension on freight load boards, the Service may collect and store:

Load details scraped from the page: origin, destination, rate, mileage, equipment type, broker name, and posting date.
Computed load scores generated by our scoring algorithm.
Email templates you create and save within the Service.
Custom CSS selector configurations you define for supported websites.

1.3 Technical Data

Extension version and browser type (for compatibility).
Server-side request logs including timestamps, request paths, and HTTP status codes.

We do not use tracking pixels, advertising cookies, or behavioral analytics services.

2. How We Use Your Information

Purpose	Data used
Authenticate you and maintain your session	Google ID, email, JWT token
Send emails via Gmail on your behalf	OAuth refresh token, recipient email, template content
Store and display your saved loads and templates	Load data, email templates
Persist custom selector configurations across extension reinstalls	Hostname, CSS selector configuration
Improve service reliability and debug issues	Server logs, error reports

We use the Gmail API exclusively to send messages you compose and authorize through the Service. We do not read, index, store, or analyze the contents of your inbox or any received emails.

3. Data Storage and Security

Your data is stored in a managed PostgreSQL database hosted on Railway, a cloud infrastructure provider. The database is not publicly accessible and all connections are encrypted using TLS.

Within the Chrome extension, your authentication token is stored in chrome.storage.local — isolated to the extension and not accessible to websites you visit. Custom selector configurations are synchronized with our backend database so they persist across extension reinstalls.

We implement the following safeguards:

All API communication is encrypted via HTTPS (TLS 1.2+).
Authentication tokens (JWTs) expire after 7 days.
OAuth refresh tokens are stored server-side and never exposed to the client.
Passwords are not used — authentication is handled entirely by Google OAuth.

4. Data Sharing

We do not sell, trade, rent, or otherwise share your personal information with third parties for commercial purposes. We may share data only in the following limited circumstances:

Google LLC — to process Gmail sends via the Gmail API under Google's terms.
Railway — our database and backend hosting provider, bound by a data processing agreement.
Legal requirements — if required by a valid legal process (e.g., court order or subpoena).

5. Google API Scopes

Logistify's use of the Google API is limited to the following OAuth scopes:

openid — identifies your Google account.
profile — reads your name and profile picture.
email — reads your email address.
https://www.googleapis.com/auth/gmail.send — sends email on your behalf. We cannot read your inbox.

Logistify's use and transfer of information received from Google APIs to any other app will adhere to Google API Services User Data Policy, including the Limited Use requirements.

6. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. If you delete your account or revoke access, we will delete your personal data within 30 days, except where retention is required by law or for legitimate business purposes such as fraud prevention.

7. Your Rights

You have the right to:

Access — request a copy of the personal data we hold about you.
Correction — request correction of inaccurate data.
Deletion — request deletion of your account and associated data.
Revocation — revoke Google OAuth access at any time via your Google Account settings. Revoking access will prevent the Service from sending emails on your behalf.
Portability — request an export of your data in a machine-readable format.

To exercise any of these rights, contact us at chakopss@gmail.com.

8. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that a child has provided us with personal information, we will promptly delete it.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via the email address associated with your account at least 7 days before taking effect. Continued use of the Service after the effective date constitutes acceptance of the updated policy.

10. Contact

For privacy-related questions, requests, or concerns, contact us at: chakopss@gmail.com