Privacy Policy

1 Introduction

DLW Estate Trucking LLC ("Company," "we," "us," or "our") operates FleetCommand Pro, a transportation management and fleet operations platform accessible at derricktransport.com and through related mobile applications. This Privacy Policy describes how we collect, use, store, share, and protect personal information and operational data when you use our platform, carrier services, or interact with us in any capacity.

This policy applies to all users of FleetCommand Pro, including fleet owners, dispatchers, drivers, brokers, shippers, administrative personnel, and any individual who creates an account, submits information through our platform, or whose data is processed through our services. It also applies to information collected through our carrier operations, including data generated by electronic logging devices (ELDs), telematics systems, and fleet management tools.

We are committed to protecting your privacy and handling your data responsibly. The transportation industry requires us to collect and retain specific categories of information under federal regulations administered by the Federal Motor Carrier Safety Administration (FMCSA) and the Department of Transportation (DOT). This policy explains both our voluntary data practices and our regulatory obligations.

By using FleetCommand Pro, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, you should discontinue use of the platform.

2 Information We Collect

We collect several categories of information to operate FleetCommand Pro and comply with federal transportation regulations. The specific data we collect depends on your role (fleet owner, dispatcher, driver, broker, shipper) and which features you use.

2.1 Account and Identity Information

When you register for FleetCommand Pro or are added to a fleet account, we collect:

• Full legal name, email address, and phone number
• Company name, business address, and organizational role
• USDOT number, MC/MX/FF authority numbers, and SCAC code
• Employer Identification Number (EIN) for business accounts
• Account credentials (passwords are hashed and never stored in plaintext)
• Profile photo or company logo (if uploaded)

2.2 Driver Qualification Data

For drivers operating under your fleet, we collect and store driver qualification file information as required by 49 CFR Part 391:

• Commercial Driver's License (CDL) number, class, endorsements, and expiration date
• State of CDL issuance and license history
• DOT medical certificate dates, examiner information, and expiration tracking
• Motor Vehicle Records (MVR) and annual review certifications
• Pre-employment drug and alcohol testing results and dates
• Random, post-accident, and reasonable suspicion testing records
• Return-to-duty and follow-up testing documentation
• Training certifications, safety course completion records, and entry-level driver training (ELDT) information
• Employment application and previous employer verification records
• Road test certificate or equivalent documentation

2.3 Fleet and Vehicle Data

For each vehicle registered in FleetCommand Pro, we collect:

• Vehicle Identification Number (VIN), make, model, and year
• License plate number and registration state
• GVWR, vehicle class, and equipment type (tractor, trailer, straight truck)
• Maintenance records, repair history, and scheduled service data
• Pre-trip and post-trip inspection reports (DVIRs) per 49 CFR 396.11
• Annual inspection records and certifications per 49 CFR 396.17
• Tire condition reports, brake inspection records, and emissions data
• Insurance policy information, certificate of insurance, and expiration dates

2.4 ELD and Telematics Data

When drivers operate vehicles equipped with ELD or telematics devices connected to FleetCommand Pro, we automatically collect:

• GPS coordinates, speed, heading, and altitude at regular intervals
• Hours of Service (HOS) status changes (driving, on-duty not driving, sleeper berth, off-duty) per 49 CFR Part 395
• Engine hours, odometer readings, and vehicle miles traveled
• Engine diagnostic data including fault codes, coolant temperature, and fuel consumption
• Hard braking events, rapid acceleration, excessive speed incidents, and other driving behavior data
• Idle time duration and location
• Power-up and power-down events, ignition on/off cycles
• Unidentified driving time and data transfer records
• Malfunction and data diagnostic event indicators per 49 CFR 395.34

2.5 Financial and Billing Information

To process subscriptions and payments, we collect:

• Billing name, billing address, and company billing contact
• Subscription tier, renewal dates, and payment history
• Invoice records and transaction identifiers

2.6 Shipping and Load Data

When you use FleetCommand Pro for dispatch and load management, we collect:

• Bill of Lading (BOL) numbers, pro numbers, and reference numbers
• Cargo descriptions, weight, dimensions, commodity type, and hazmat classifications
• Pickup and delivery addresses, facility names, and contact information
• Consignee and shipper names, addresses, and contact details
• Rate confirmations, accessorial charges, and detention/layover records
• Proof of delivery (POD) documents, delivery photos, and signature captures
• IFTA fuel purchase records, mileage by jurisdiction, and tax calculation data

2.7 Communications Data

We collect information from your interactions with us and within the platform:

• Customer support tickets, subject lines, and message content
• AI assistant chat logs and conversation history within FleetCommand Pro
• Email correspondence sent to or received from our support addresses
• In-app messaging between fleet members, dispatchers, and drivers
• Feedback submissions, feature requests, and survey responses

2.8 Technical and Usage Data

We automatically collect certain technical information when you access FleetCommand Pro:

• IP address, browser type, browser version, and operating system
• Device type, screen resolution, and device identifiers
• Login timestamps, session duration, and pages or features accessed
• Referring URL and search terms used to find our site
• Error logs and performance data related to your use of the platform
• API usage logs if you access FleetCommand Pro through our API

3 How We Use Information

3.1 Platform Operations and Service Delivery

• Operate, maintain, and improve FleetCommand Pro features and functionality
• Create and manage your account, authenticate your identity, and manage user permissions
• Process dispatch assignments, load tracking, and delivery confirmations
• Generate fleet analytics dashboards, performance reports, and operational summaries
• Run route optimization algorithms to reduce fuel costs and improve delivery times
• Execute load matching and carrier selection based on equipment type, location, and capacity
• Power AI-driven recommendations for maintenance scheduling, fuel optimization, and compliance alerts

3.2 Regulatory Compliance

• Monitor and enforce Hours of Service (HOS) compliance per 49 CFR Part 395
• Maintain driver qualification files per 49 CFR Part 391
• Track and store vehicle inspection and maintenance records per 49 CFR Part 396
• Calculate IFTA fuel tax liabilities by jurisdiction
• Generate and transmit ELD data files in the format required for roadside inspections per 49 CFR 395.24
• Track drug and alcohol testing program compliance per 49 CFR Part 382
• Support FMCSA compliance reviews and DOT safety audits
• Monitor CSA (Compliance, Safety, Accountability) scores and BASIC category performance

3.3 Financial Processing

• Process subscription payments, invoices, and billing adjustments
• Calculate IFTA tax reports and generate filing-ready documentation
• Track accessorial charges, detention time, and lumper fees
• Generate financial reports for fleet profitability analysis

3.4 Safety and Security

• Monitor driving behavior data to identify safety risks and coaching opportunities
• Send automated alerts for CDL expirations, medical certificate renewals, and annual inspection due dates
• Detect and prevent unauthorized access, fraud, and misuse of the platform
• Investigate potential violations of our Terms of Service
• Maintain audit logs for security and accountability purposes

3.5 Communications

• Send transactional notifications (load assignments, delivery confirmations, compliance alerts)
• Provide customer support and respond to inquiries
• Send service updates, maintenance notices, and platform announcements
• Deliver billing notifications and payment receipts

3.6 Product Improvement

• Analyze usage patterns to identify popular features and areas for improvement
• Train and improve AI models for route optimization, predictive maintenance, and load matching (using aggregated and de-identified data only)
• Conduct internal research and analytics to improve service quality
• Test new features and functionality in development environments using anonymized data

4 Legal Bases for Processing

We process personal information under one or more of the following legal bases:

4.1 Contract Performance

Processing that is necessary to fulfill our contractual obligations to you. This includes providing the FleetCommand Pro platform, processing your subscription, managing your account, executing dispatch and load management features, and delivering the services described in our Terms of Service.

4.2 Legal Obligation

Processing required to comply with laws and regulations applicable to the transportation industry. Federal law requires motor carriers and their service providers to collect and retain specific records. Key regulatory obligations include:

• 49 CFR Part 395 -- ELD data recording and retention for Hours of Service compliance
• 49 CFR Part 391 -- Driver qualification file maintenance and documentation
• 49 CFR Part 382 -- Drug and alcohol testing program record keeping
• 49 CFR Part 396 -- Vehicle inspection, repair, and maintenance records
• 49 CFR Part 390 -- General motor carrier safety regulations and accident records
• 26 USC Chapter 31 -- IFTA reporting and fuel tax record retention

4.3 Legitimate Interests

Processing that serves our legitimate business interests, provided those interests do not override your fundamental rights. Our legitimate interests include: maintaining platform security and preventing fraud; improving our services through aggregated analytics; providing customer support; and protecting the safety of drivers, cargo, and the public through safety monitoring features.

4.4 Consent

Where required by applicable law, we obtain your consent before processing. You may withdraw consent at any time by contacting us at the address in Section 16, though withdrawal will not affect the lawfulness of processing performed before the withdrawal. Certain data collection tied to federal regulatory requirements cannot be opted out of while using our platform for commercial motor vehicle operations.

5 Data Retention

We retain information for the minimum period required by applicable law or for as long as reasonably necessary to fulfill the purposes described in this policy. Many retention periods in the transportation industry are set by federal regulation and cannot be shortened.

When a retention period expires, we either delete the data or de-identify it so that it can no longer be linked to a specific individual. If deletion of specific records is technically impractical (for example, data stored in encrypted backups), we will isolate and protect the data from further processing until deletion becomes feasible.

You may request early deletion of data that is not subject to a regulatory retention requirement. See Section 15 for how to submit a data request.

6 Data Sharing and Disclosure

We do not sell your personal information. We have not sold personal information in the preceding 12 months and have no plans to do so. We share data only in the following circumstances:

6.1 Service Providers

We work with third-party service providers who process data on our behalf under contractual obligations to protect your information. These providers include:

• Stripe, Inc. -- Payment processing and subscription billing. Stripe is PCI DSS Level 1 certified. See stripe.com/privacy.
• Clerk, Inc. -- User authentication, session management, and identity verification. See clerk.com/legal/privacy.
• Cloud Hosting Providers -- Infrastructure hosting and data storage, located within the United States.
• AI/ML Providers -- Certain AI features may use HuggingFace inference endpoints or Cloudflare Workers AI for processing. Only operational queries are sent to these services; personal information is minimized to what is strictly necessary. No personal data is used to train third-party AI models.
• Email Service Providers -- For sending transactional emails and platform notifications.

6.2 Regulatory and Legal Disclosures

We will disclose information when required by law or in response to valid legal process, including:

• FMCSA compliance reviews and safety audits (49 CFR Part 385)
• DOT roadside inspections requiring production of ELD records (49 CFR 395.24)
• Law enforcement requests supported by subpoena, warrant, or court order
• Responses to valid civil discovery requests or regulatory investigations
• Reports required under state and federal accident reporting laws
• Drug and alcohol testing information required by 49 CFR Part 40 for Substance Abuse and Mental Health Services Administration (SAMHSA) reporting

6.3 Fleet Organization Sharing

Within a fleet organization on FleetCommand Pro, authorized users (fleet owners, administrators, dispatchers, and safety managers) can access data about drivers, vehicles, loads, and operations within their organization as determined by their role and permissions. Drivers should understand that their employer or fleet operator has access to ELD data, driving behavior data, location data, and compliance records within the platform.

6.4 Business Transfers

If DLW Estate Trucking LLC is involved in a merger, acquisition, asset sale, or bankruptcy proceeding, your information may be transferred to the acquiring entity. We will notify you via email or a prominent notice on our platform before your personal information becomes subject to a different privacy policy.

6.5 With Your Consent

We may share information with third parties when you have given us explicit consent to do so. For example, if you choose to integrate FleetCommand Pro with a third-party load board, factoring company, or ERP system, we will share the data necessary to enable that integration.

6.6 Aggregated and De-Identified Data

We may share aggregated, de-identified data that cannot reasonably be used to identify you. This includes industry benchmarks, aggregate fleet performance metrics, and anonymized usage statistics. This data is not considered personal information under applicable privacy laws.

7 State Privacy Rights

Depending on your state of residence, you may have specific privacy rights under state consumer privacy laws. This section describes your rights and how to exercise them.

7.1 California (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (Cal. Civ. Code Section 1798.100 et seq.), provides you with the following rights:

• Right to Know: You may request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purposes for collection, and the categories of third parties with whom we share your data.
• Right to Delete: You may request deletion of your personal information, subject to exceptions for data we are required to retain under federal transportation regulations.
• Right to Correct: You may request that we correct inaccurate personal information we hold about you.
• Right to Opt-Out of Sale or Sharing: We do not sell personal information and do not share personal information for cross-context behavioral advertising. However, you have the right to direct us not to do so, and we will honor such requests.
• Right to Limit Use of Sensitive Personal Information: To the extent we process sensitive personal information (such as CDL numbers or precise geolocation), you may request that we limit use to what is necessary for providing our services and complying with the law.
• Right to Non-Discrimination: We will not deny you services, charge different prices, or provide a different quality of service because you exercised your privacy rights.

California residents may submit requests by contacting us at derrick@derricktransport.com or using the process described in Section 15. We will respond within 45 calendar days, with one 45-day extension if reasonably necessary.

California "Shine the Light" (Cal. Civ. Code Section 1798.83): California residents may request information about our disclosure of personal information to third parties for their direct marketing purposes. We do not disclose personal information to third parties for their direct marketing purposes.

7.2 Virginia (VCDPA)

If you are a Virginia resident, the Virginia Consumer Data Protection Act (Va. Code Ann. Section 59.1-575 et seq.) provides you with the right to:

• Access and confirm whether we are processing your personal data
• Correct inaccuracies in your personal data
• Delete personal data you have provided or that we have obtained
• Obtain a portable copy of your personal data in a readily usable format
• Opt out of processing for purposes of targeted advertising, sale of personal data, or profiling that produces legal or similarly significant effects

If we decline your request, you may appeal by contacting us. If the appeal is also denied, you may file a complaint with the Virginia Attorney General.

7.3 Colorado (CPA)

Colorado residents have rights under the Colorado Privacy Act (C.R.S. Section 6-1-1301 et seq.), including the rights to access, correct, delete, and obtain a portable copy of personal data, and to opt out of targeted advertising, sale, and certain profiling. Colorado law also requires recognition of universal opt-out mechanisms. We honor Global Privacy Control (GPC) signals as a valid opt-out request.

7.4 Connecticut (CTDPA)

Connecticut residents have rights under the Connecticut Data Privacy Act (Conn. Gen. Stat. Section 42-515 et seq.) that are substantially similar to those described for Virginia. Connecticut law also requires recognition of universal opt-out mechanisms. We honor GPC signals from Connecticut residents.

7.5 Texas (TDPSA)

Texas residents have rights under the Texas Data Privacy and Security Act (Tex. Bus. & Com. Code Section 541.001 et seq.), effective July 1, 2024, including rights to access, correct, delete, and obtain a portable copy of personal data, and to opt out of the sale of personal data, targeted advertising, and certain profiling. Requests may be submitted to derrick@derricktransport.com, and we will respond within 45 days.

7.6 Utah (UCPA)

Utah residents have rights under the Utah Consumer Privacy Act (Utah Code Section 13-61-101 et seq.), including the right to access and delete personal data, and to opt out of the sale of personal data or targeted advertising.

7.7 Other State Laws

Privacy laws are being enacted across the United States. Residents of Oregon, Montana, Iowa, Indiana, Tennessee, and other states with consumer privacy statutes may have rights similar to those described above. We will comply with all applicable state privacy laws. If you are unsure whether your state provides specific privacy rights, contact us at the address in Section 16 and we will advise you of your rights based on your state of residence.

8 Children's Privacy

FleetCommand Pro is a business-to-business platform designed for commercial motor carrier operations. Our services are not directed at individuals under the age of 18. Operating a commercial motor vehicle requires a CDL, which cannot be obtained by individuals under 18 (and interstate CMV operation requires a minimum age of 21 per 49 CFR 391.11).

We do not knowingly collect personal information from children under the age of 13 in compliance with the Children's Online Privacy Protection Act (COPPA, 15 USC Section 6501 et seq.) or from individuals under 18. If we become aware that we have inadvertently collected personal information from a person under 18, we will take prompt steps to delete that information.

If you believe a minor's information has been submitted to FleetCommand Pro, please contact us immediately at derrick@derricktransport.com so we can investigate and remove the data.

9 GPS and Location Data

Location data is a core component of fleet management and is subject to specific legal requirements and privacy considerations. This section explains how we handle GPS and telematics location data.

9.1 How Location Data Is Collected

GPS location data is collected through:

• ELD devices installed in commercial motor vehicles, which record location at each change of duty status and at minimum 60-minute intervals during driving (per 49 CFR 395.26)
• Telematics hardware connected to the vehicle's OBD-II port or J1939 data bus
• Mobile devices running the FleetCommand Pro driver application (when location permissions are granted)
• Manual location entries by drivers or dispatchers

9.2 How Location Data Is Used

• Verifying Hours of Service records and duty status changes as required by FMCSA regulations
• Real-time fleet tracking for dispatch, load assignment, and customer ETAs
• Route optimization, fuel efficiency analysis, and mileage calculations
• IFTA mileage reporting by jurisdiction
• Geofence alerts for facility arrivals, departures, and authorized operating areas
• Accident reconstruction and incident investigation when necessary
• Safety monitoring, including speed-by-location analysis

9.3 Driver Notification

Drivers whose location is tracked through FleetCommand Pro must be informed by their fleet operator that GPS tracking is active during the course of their duties. Fleet operators using FleetCommand Pro are responsible for providing this notice to their drivers, as well as for compliance with any state-specific employee location monitoring disclosure laws (including but not limited to California Labor Code Section 980.5, New York Civil Rights Law Section 52-c, and similar statutes).

FleetCommand Pro displays a visible indicator on the driver application whenever active location tracking is in progress.

9.4 Access to Location History

Drivers may request a copy of their GPS location history and ELD records from their fleet operator or from us directly. Fleet operators can access driver location data through the FleetCommand Pro dashboard consistent with their operational role and the permissions assigned to their account.

9.5 Location Data Retention

GPS data associated with ELD records is retained for a minimum of 6 months per 49 CFR 395.8(k). Location data used for IFTA calculations is retained for 4 years per IFTA Articles of Agreement. Non-regulatory location data (such as general fleet tracking data not tied to HOS records) is retained for 12 months and then deleted or de-identified.

10 Data Security

We implement administrative, technical, and physical security measures designed to protect your information against unauthorized access, alteration, disclosure, and destruction.

10.1 Technical Safeguards

• Encryption in Transit: All data transmitted between your device and FleetCommand Pro is encrypted using TLS 1.2 or higher. We do not support deprecated protocols (SSL, TLS 1.0, TLS 1.1).
• Encryption at Rest: Sensitive data stored in our databases is encrypted using AES-256 encryption.
• Access Controls: Role-based access control (RBAC) limits access to personal information to authorized personnel who need it to perform their job functions.
• Authentication: User authentication is managed through Clerk with support for multi-factor authentication (MFA). We recommend all users enable MFA on their accounts.
• Password Security: Passwords are hashed using bcrypt with appropriate salt rounds. We never store plaintext passwords.
• Network Security: Our infrastructure uses firewalls, intrusion detection systems, and network segmentation to protect against unauthorized access.

10.2 Administrative Safeguards

• Employee and contractor access to personal information is granted on a need-to-know basis
• Personnel with access to sensitive data are subject to confidentiality obligations
• Regular security awareness training for all team members
• Periodic reviews of access permissions and prompt revocation upon role changes

10.3 Security Assessments

We conduct regular security assessments of our platform, including vulnerability scanning and code review. We address identified vulnerabilities based on severity and risk.

10.4 Incident Response and Breach Notification

We maintain an incident response plan for handling data security incidents. In the event of a data breach involving personal information, we will:

• Investigate the scope and cause of the breach
• Take steps to contain and remediate the incident
• Notify affected individuals as required by applicable state breach notification laws (all 50 states have breach notification statutes)
• Notify state attorneys general or other regulators as required by applicable law
• Comply with state-specific notification timelines, which range from 30 to 60 days depending on the jurisdiction (for example, Florida requires notification within 30 days per Fla. Stat. Section 501.171; California requires notification "in the most expedient time possible" per Cal. Civ. Code Section 1798.82)

10.5 Limitations

No method of electronic transmission or storage is 100% secure. While we use commercially reasonable measures to protect your information, we cannot guarantee absolute security. We encourage you to use strong passwords, enable MFA, and notify us immediately if you suspect any unauthorized access to your account.

11 International Data

FleetCommand Pro is operated from the United States, and all data is processed and stored within the United States. We do not currently transfer personal information to any country outside the United States.

If you access FleetCommand Pro from outside the United States, please be aware that your information will be transferred to, stored, and processed in the United States, where our servers are located. The data protection laws of the United States may differ from those of your country of residence.

If we begin transferring data internationally in the future, we will update this Privacy Policy to describe the transfers, the safeguards in place (such as Standard Contractual Clauses or other approved transfer mechanisms), and your rights regarding such transfers.

12 Cookies and Tracking Technologies

12.1 Cookies We Use

FleetCommand Pro uses a limited number of cookies necessary for platform operation:

• Session Cookies: Required for user authentication, maintaining your login state, and ensuring platform security. These cookies expire when you close your browser or after your session times out.
• Preference Cookies: Store your display preferences, such as dashboard layout settings and timezone selection. These persist between sessions for your convenience.
• CSRF Tokens: Security cookies that protect against cross-site request forgery attacks.

12.2 Analytics

We use Umami Analytics, a privacy-focused analytics service that does not collect personal information, does not use cookies, does not track users across websites, and does not store IP addresses. Umami provides us with aggregate page view and usage statistics without identifying individual users. No data collected by Umami is shared with third parties.

12.3 What We Do Not Use

We do not use:

• Third-party advertising cookies or tracking pixels
• Social media tracking widgets or share buttons that transmit data to social platforms
• Cross-site tracking technologies
• Fingerprinting techniques to identify users across websites

12.4 Managing Cookies

You can configure your browser to refuse cookies, but disabling session cookies will prevent you from logging into FleetCommand Pro. Because we do not use tracking cookies, there is no need for a cookie consent banner on our platform for most jurisdictions. If applicable law requires additional cookie disclosures, we will update this section.

13 Third-Party Links and Integrations

FleetCommand Pro may contain links to third-party websites, services, or integrations (such as load boards, factoring companies, fuel card providers, or mapping services). This Privacy Policy does not apply to any third-party websites or services. We are not responsible for the privacy practices, content, or security of any third-party service.

When you click a link to a third-party site or activate a third-party integration, you are subject to that party's privacy policy and terms of service. We recommend reviewing the privacy policy of any third-party service before providing it with your personal information.

If you connect a third-party service to FleetCommand Pro through an API integration, we will only share the data categories you authorize, and you may revoke that access at any time through your FleetCommand Pro account settings.

14 Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, new features, legal requirements, or regulatory guidance.

14.1 Material Changes

For material changes that significantly affect how we collect, use, or share your personal information, we will provide at least 30 days' advance notice before the changes take effect. Notice will be provided through:

• Email notification to the address associated with your FleetCommand Pro account
• A prominent banner or notification within the FleetCommand Pro platform
• An updated "Last Updated" date at the top of this policy

14.2 Non-Material Changes

For minor changes that do not materially affect your rights (such as formatting updates, clarifications, or grammatical corrections), we will update the "Last Updated" date without additional notice.

14.3 Continued Use

Your continued use of FleetCommand Pro after the effective date of an updated Privacy Policy constitutes your acceptance of the revised policy. If you do not agree with any changes, you should discontinue use of the platform and contact us to request deletion of your account and non-regulatory data.

15 Contact and Data Requests

15.1 How to Submit a Privacy Request

You may submit a privacy request (access, deletion, correction, portability, or opt-out) by:

• Emailing derrick@derricktransport.com with the subject line "Privacy Request"
• Writing to us at the mailing address in Section 16

In your request, please include:

• Your full name and the email address associated with your FleetCommand Pro account
• The specific right you are exercising (access, deletion, correction, portability, or opt-out)
• Any details that will help us locate your information (such as account name, DOT number, or date range)
• Your state of residence (so we can apply the appropriate legal framework)

15.2 Identity Verification

To protect your privacy, we must verify your identity before processing your request. Verification methods may include:

• Confirming information that matches what we have on file (email, phone number, account details)
• Sending a verification link or code to your registered email address
• For high-sensitivity requests (such as full data access or deletion), we may require additional verification such as a signed declaration under penalty of perjury

If you use an authorized agent to submit a request on your behalf (as permitted under California law), we may require the agent to provide proof of authorization (such as a signed written permission or power of attorney) and we may still verify your identity directly.

15.3 Response Timeline

We will acknowledge your request within 10 business days and provide a substantive response within 45 calendar days of receiving a verifiable request. If we need additional time (up to 45 additional calendar days), we will notify you of the extension and the reason for it. There is no fee for processing your first two requests in a 12-month period. For excessive or manifestly unfounded requests, we may charge a reasonable fee or decline to act, as permitted by applicable law.

15.4 Limitations on Deletion

We may not be able to delete all of your data if retention is required by federal regulation. In such cases, we will inform you of the specific data we are required to retain and the applicable regulatory authority. Data subject to mandatory retention will continue to be protected under this Privacy Policy for the duration of the retention period.

15.5 Appeals

If we deny your privacy request, we will provide a written explanation of the basis for the denial. Residents of Virginia, Colorado, Connecticut, and other states with appeal rights may appeal the decision by responding to the denial email with "Appeal" in the subject line. We will process appeals within 60 days. If the appeal is denied, we will provide information about how to file a complaint with your state attorney general or relevant regulatory authority.

16 Contact Information

If you have questions, concerns, or complaints about this Privacy Policy or our data practices, please contact us:

We will acknowledge all privacy-related communications within 10 business days. If you are not satisfied with our response, you may file a complaint with your state attorney general's office or the Federal Trade Commission (FTC) at reportfraud.ftc.gov.