Privacy Policy

QRC Dispatch (“QRC,” “we,” “us”) collects only the data we need to operate the service for your brokerage:

• Account information: name, email address, phone number, role, and a hashed password.
• Brokerage data: brokerage name, MC and DOT numbers, addresses, office structure, branding assets, and default terms.
• Load and Rate Confirmation data: load details, stops, rates, equipment, commodity, and any other content you enter into the form or generate via the platform.
• Address book contacts: carrier and customer records you create or import, including contact names, phone numbers, MC/DOT numbers, and FMCSA verification data.
• Uploaded documents: W-9 forms, certificates of insurance, and other files you upload to a contact or load.
• Usage and operational data: log entries, IP addresses, browser metadata, request timestamps, and audit-trail records used to operate, secure, and improve the service.

We use your data solely to provide, maintain, and improve the service: rendering your dashboard, generating PDFs and emails, enforcing access controls, maintaining audit logs, supporting your team when you contact us, and diagnosing problems. We will never sell your data to third parties. We do not use your data for advertising. We do not share identifiable data with third parties except as needed to deliver the service (see Third-party services below) or as required by law.

Your data is stored in managed Postgres databases and object storage operated by Supabase on AWS infrastructure. All data is encrypted in transit (TLS) and at rest. Access to the production database is restricted to authorized personnel, requires multi- factor authentication, and is logged. Application- level access is gated by Row-Level Security policies that enforce tenant isolation at the database layer — not just in application code.

Each brokerage is a separate tenant. Users from one brokerage cannot read, write, list, or otherwise access any data belonging to another brokerage. This isolation is enforced at the database via Row-Level Security policies and additionally checked in application code on every request.

QRC relies on a small set of sub-processors to deliver the service. We choose vendors who publish their own security and privacy commitments and bind ourselves and them to those commitments contractually:

• Supabase / AWS — managed Postgres database, authentication, file storage, and the underlying cloud infrastructure.
• Netlify — application hosting and content delivery.
• FMCSA SAFER — public carrier verification data (publicly available; queried by MC/DOT number to populate carrier records).

Each sub-processor is contractually limited to processing your data on our instructions and only to deliver the service.

We use first-party session cookies to keep you signed in and to remember basic interface state. We do not use third-party advertising or tracking cookies, and we do not run analytics that profile individual users across the web. You may clear cookies at any time; doing so will sign you out.

We retain your data for as long as your account is active. Upon account closure or termination you may export your data for at least thirty (30) days, after which we will delete it from active systems within thirty days of your request. Backups containing deleted data are purged on a rolling thirty-day schedule. Audit-log entries necessary for security, compliance, or fraud-prevention purposes may be retained longer where permitted by law.

You may request access to, correction of, or deletion of your personal data at any time by contacting us at the address below. Brokerage owners may export and delete tenant-wide data on behalf of their organization. We will respond to verified requests within thirty (30) days. Depending on where you live, you may have additional rights under laws such as the GDPR or CCPA — we will honor those rights to the extent they apply.

QRC is a business-to-business product not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we may have collected information from a child, please contact us so we can remove it.

We may update this policy from time to time as the service evolves. Material changes will be communicated via email to the address on file or through an in-app notice. Continued use of the service after the effective date constitutes acceptance of the updated policy.

Privacy questions and data requests can be sent to privacy@qrcdispatch.com.