Privacy Policy

• Account Registration Data: When you create an account, we collect your name, email address, and password (stored as a cryptographic hash via our authentication provider). If you register as an Owner, we additionally collect your food truck's name, description, cuisine categories, phone number, Instagram handle, and website URL.
• Profile Information: Profile photographs or avatars you choose to upload.
• Menu Data (Owners): Menu item names, descriptions, prices, categories, and photographs you upload to your truck's profile.
• Live Session Data (Owners): When an Owner initiates a live session, we collect a photograph of the truck's current setup and real-time GPS coordinates. This data is voluntarily submitted by the Owner.
• Communications: Any messages, feedback, bug reports, or support requests you send to us.
• Schedule Data (Owners): Days of operation, hours, and location notes you enter in the scheduling feature.

• Precise Geolocation (with permission): If you grant location permission, we collect your device's GPS coordinates to show you nearby trucks. We request location access only when needed and only in the foreground. We do not track your location in the background.
• Device and Browser Information: We automatically collect your IP address, browser type and version, operating system, device identifiers, screen resolution, and time zone.
• Usage Data: Pages visited, features used, time spent in the Service, search queries entered, trucks viewed, filters applied, and navigation paths within the app.
• Log Data: Server-side logs recording request timestamps, response times, error events, and referring URLs.
• Cookies and Similar Technologies: We use session cookies to maintain your authenticated session. We do not currently use third-party advertising or cross-site tracking cookies. See Section 8 for full cookie details.

• Authentication Providers: If you sign in via a third-party identity provider (e.g., Google or Apple via Clerk), we receive your name, email address, and profile photo URL as permitted by your authorization.
• Payment Processors (future): If we introduce paid features, payment information will be handled exclusively by a PCI-DSS-compliant processor. We will never store raw card numbers.

We do not intentionally collect sensitive personal information such as racial or ethnic origin, political opinions, religious beliefs, health data, biometric data, financial account numbers, or social security numbers. If you include such information in free-text fields (e.g., a truck description), you do so voluntarily. We encourage you not to share sensitive personal information through the Service.

We share personal information with third-party vendors who process data on our behalf under written data-processing agreements that prohibit them from using your information for their own purposes:

• Clerk, Inc. — Authentication and user identity management. Clerk Privacy Policy
• Supabase, Inc. — Database hosting, storage, and real-time infrastructure. Data hosted on servers in the United States. Supabase Privacy Policy
• Vercel, Inc. — Web application hosting and content delivery. Vercel Privacy Policy
• OpenStreetMap Foundation / CartoDB (Carto) — Map tile rendering. Map tile requests may include your IP address. Carto Privacy Policy

When an Owner activates a live session, their truck name, description, cuisine types, profile photo, and real-time GPS coordinates are made publicly visible within the Service to all users, including unauthenticated visitors. Owners should not share location information they wish to keep private. Live session data is removed from public display when the session ends.

We may disclose personal information if we believe in good faith that such disclosure is necessary to: (a) comply with applicable law, regulation, or legal process, including a valid subpoena, court order, or government demand; (b) protect the rights, property, or safety of TruckTracker, our users, or the public; (c) detect, prevent, or otherwise address fraud, security, or technical issues; or (d) enforce our Terms of Service.

If TruckTracker is involved in a merger, acquisition, financing, reorganization, bankruptcy, receivership, sale of assets, or transition of service to another provider, your personal information may be transferred as part of such transaction. We will provide notice before your information is transferred and becomes subject to a different privacy policy.

We may share aggregated, anonymized, or de-identified information — such as aggregate usage statistics or trend data — that cannot reasonably be used to identify you, with third parties for research, marketing, analytics, or other purposes.

If you are a Colorado resident, the Colorado Privacy Act (C.R.S. § 6-1-1301 et seq.) grants you the following rights with respect to your personal data:

• Right to Access: You may request confirmation of whether we process your personal data and a copy of that data.
• Right to Correction: You may request that we correct inaccurate personal data.
• Right to Deletion: You may request deletion of personal data we hold about you, subject to certain exceptions.
• Right to Data Portability: You may request a copy of your personal data in a portable, machine-readable format.
• Right to Opt Out of Sale: We do not sell your personal data. No opt-out is required, but you may contact us to confirm.
• Right to Opt Out of Targeted Advertising: We do not currently engage in targeted advertising as defined by the CPA.
• Right to Opt Out of Profiling: We do not engage in profiling that produces legal or similarly significant effects.
• Right to Appeal: If we deny your request, you have the right to appeal our decision. See Section 7.4.

If you are a California resident, the California Consumer Privacy Act (as amended by the California Privacy Rights Act) may grant you additional rights, including the right to know, delete, correct, and opt out of the sale or sharing of personal information. We do not sell or share personal information with third parties for cross-context behavioral advertising purposes. To exercise California rights, contact us using the information in Section 7.3.

To exercise any of the rights described above, submit a verifiable consumer request to:

• Email: datarights@trucktracker.app
• Subject line: “Privacy Rights Request — [Your Right]”

We will respond within 45 days of receipt of a verifiable request. If we need additional time (up to an additional 45 days), we will notify you in writing. We will not discriminate against you for exercising your privacy rights.

We may need to verify your identity before processing your request. Verification may include confirming your email address or other account information. We cannot respond to requests if we cannot verify your identity.

If we deny your privacy rights request, we will explain the reason. You may appeal by emailing datarights@trucktracker.app with the subject line “Privacy Rights Appeal.” We will respond within 45 days. If your appeal is denied, Colorado residents may contact the Colorado Attorney General at coag.gov.

You may delete your account at any time through the app settings (when available) or by emailing datarights@trucktracker.app. Upon verified deletion, we will remove your personal data from active systems within 30 days, subject to legal holds and the backup retention schedule described in Section 6.