Privacy Policy

Lugixa Logistics LLC ("Lugixa," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and disclose information when you use the Lugixa platform and related services (the "Service"). By using the Service, you consent to the data practices described in this policy. If you do not agree, please discontinue use of the Service.

We collect information in the following categories: Account & Company Information When you register, we collect your name, email address, company name, role, phone number, and any other information you provide during onboarding. Company administrators may provide information about their drivers, dispatchers, trucks, and operational contacts. Operations Data Information you enter into the platform — including load records, driver profiles, truck information, route data, and dispatch notes — is stored as part of your company's operational data. Billing Information Payment details are collected and processed by Stripe, Inc. Lugixa does not store full card numbers, CVV codes, or full billing account numbers on its own servers. We retain billing contact details, invoice history, and subscription status. Usage and Analytics Data We may collect information about how you interact with the Service, including pages visited, features used, session duration, browser type, operating system, IP address, and referring URLs. This data is used to improve the platform and diagnose issues. Communications When you contact our support team or respond to system notifications, we retain a record of that communication to provide continuity of support. Cookies and Session Data The Service uses cookies and local storage to maintain your logged-in session, remember preferences, and analyze usage patterns. See Section 8 for details.

We use collected information to: • Provide, operate, and maintain the Service • Process transactions and send billing-related communications • Respond to support requests and troubleshoot issues • Send product updates, feature announcements, and operational notices (you may opt out of marketing communications) • Detect and prevent fraud, abuse, and security incidents • Analyze usage patterns to improve performance and user experience • Comply with legal obligations and enforce our Terms & Conditions • Communicate critical service changes or policy updates We do not sell your personal data to third parties. We do not use your operational data (loads, drivers, trucks) for advertising or data monetization.

All payment card transactions are processed by Stripe, Inc. Lugixa integrates with Stripe's secure payment infrastructure and does not have access to your raw card information. When you enter payment details in the Lugixa platform, that information is transmitted directly to Stripe using encryption. Stripe stores and manages your payment data in compliance with PCI-DSS Level 1 standards. By providing payment information, you also agree to Stripe's Privacy Policy and Terms of Service. Lugixa receives a Stripe payment token and metadata (last four digits, card type, expiry) sufficient to display billing information and process renewals.

We share data only with service providers that help us operate the platform. Current third-party providers include: • Stripe, Inc. — Payment processing • Supabase — Database hosting and authentication infrastructure • Vercel — Web application hosting and edge delivery • Resend — Transactional email delivery • Cloudflare — DNS, email routing, and DDoS protection All third-party providers are contractually required to handle data securely and only for the purposes for which they are engaged. We do not allow third-party providers to use your data for their own marketing or analytics. We may disclose information if required by law, court order, or to protect the rights and safety of Lugixa, its users, or the public.

The Lugixa platform is a multi-tenant SaaS service. Each company account's data is logically isolated using company-scoped access controls. No company can access another company's data. Our platform enforces this at the database query level on every API request. Company administrators control access within their organization through role-based permissions. Lugixa employees access customer data only when necessary to resolve support issues, and only with appropriate authorization and logging.

We retain your data for as long as your account remains active. After account cancellation: • Your data is retained for 90 days to allow for recovery or export • After 90 days, account data is queued for permanent deletion • Billing records and audit logs may be retained for up to 7 years to comply with accounting and legal requirements You may request deletion of your data before the 90-day period by contacting support@lugixa.com.

The Service uses the following types of cookies and local storage: Session Cookies — Required for authentication. These expire when you close your browser and are essential for the Service to function. Preference Cookies — Store settings like timezone, display preferences, and language. These persist across sessions. Analytics Cookies — We may use first-party analytics tools to understand feature usage. We do not currently use third-party advertising cookies. You can control cookies through your browser settings. Disabling certain cookies may affect your ability to use the Service.

We implement industry-standard security measures including: • TLS/HTTPS encryption for all data in transit • Encryption at rest for sensitive database fields • Row-level security policies enforced at the database level • Two-factor authentication (2FA) support • Company-wide MFA enforcement option for administrators • Regular security reviews and access audits While we take reasonable precautions, no internet transmission or storage system is 100% secure. If you believe your account has been compromised, contact security@lugixa.com immediately.

Depending on your jurisdiction, you may have the following rights: • Access — Request a copy of the personal data we hold about you • Correction — Request that inaccurate data be corrected • Deletion — Request deletion of your personal data (subject to legal retention requirements) • Portability — Request your data in a machine-readable format • Opt-out — Unsubscribe from marketing communications at any time To exercise any of these rights, contact support@lugixa.com. We will respond within 30 days. For verified requests from EU/EEA residents under GDPR or California residents under CCPA, we will respond within the legally required timeframe.

The Service is not directed at individuals under the age of 18. We do not knowingly collect personal information from children. If we learn that we have inadvertently collected data from a minor, we will promptly delete it. Contact support@lugixa.com if you have a concern.

Lugixa is based in the United States. If you access the Service from outside the United States, your information may be transferred to, stored, and processed in the U.S. By using the Service, you consent to this transfer. We take steps to ensure that data transferred internationally is treated securely and in accordance with applicable privacy laws.

We may update this Privacy Policy from time to time. When we make material changes, we will notify you via email or a prominent notice in the platform at least 14 days before the changes take effect. The "Last Updated" date at the top of this page reflects the most recent revision.

If you have questions, concerns, or requests regarding this Privacy Policy, please contact: Lugixa Logistics LLC Privacy Team: support@lugixa.com Security Issues: security@lugixa.com Website: https://lugixa.com