Privacy Policy

1. Information We Collect

We collect information necessary to deliver, operate, and improve the SYNTRA platform. The categories of information we collect depend on how you interact with our services.

Account & Identity Information

• Name, business email address, phone number, and job title provided during account registration or demo requests.
• Company name, industry, fleet size, and operational details you share during onboarding.
• Billing contact information, payment method details (processed by our PCI-compliant payment processor — we do not store raw card numbers), and invoicing addresses.
• Login credentials, including hashed passwords and, where enabled, multi-factor authentication records.

GPS & Location Data from Hardware

• Real-time and historical GPS coordinates transmitted by SYNTRA tracking devices (trackers, temperature sensors, asset tags) installed on vehicles, trailers, containers, or other assets.
• Speed, heading, altitude, and geofence entry/exit events generated by our hardware.
• Sensor readings including temperature, humidity, door open/close status, and vibration data where applicable hardware is deployed.
• Device identifiers, firmware versions, signal strength, and cellular carrier data for hardware health monitoring.

Platform Usage & Operational Data

• Shipment records, load details, carrier assignments, and dispatch events created within the SYNTRA platform.
• Integration data received from connected TMS, WMS, ERP, and visibility systems through our API or pre-built connectors.
• User actions, feature interactions, workflow configurations, report queries, and alert rule settings within the platform.
• Communication logs including in-platform messaging, check-call records, and driver or carrier updates.

Technical & Device Data

• IP address, browser type and version, operating system, device type, and screen resolution for users accessing the platform via web browser.
• Session duration, page views, click-path data, and error logs collected automatically to support platform stability and performance analysis.
• API request logs including endpoints called, response codes, and request timestamps, used for debugging and rate-limit enforcement.

Cookies & Similar Technologies

We use cookies and similar browser-based technologies to maintain authenticated sessions, remember user preferences, and collect aggregate analytics. See Section 8 for full details.

2. How We Use Your Information

We use the information we collect only for the purposes described here. We do not use your data for advertising, we do not build consumer profiles for resale, and we do not use location data transmitted by your assets for any purpose outside of delivering the services you have subscribed to.

• Platform Delivery: To operate, maintain, and provide access to the SYNTRA logistics execution platform, including real-time tracking dashboards, alert engines, integration pipelines, and reporting tools.
• Hardware Management: To provision, configure, monitor, and update SYNTRA IoT devices deployed across your fleet and asset base; to detect hardware faults and push firmware updates remotely.
• Billing & Account Administration: To process subscription payments, issue invoices, manage account entitlements, handle renewals and upgrades, and communicate material account changes.
• Safety & Security: To detect unauthorized access attempts, investigate potential misuse, enforce our Terms of Service, and protect the integrity and availability of the platform for all customers.
• Product Improvement: To analyze aggregated, de-identified usage patterns to inform feature prioritization, identify performance bottlenecks, and improve the reliability of our integrations and hardware connectivity.
• Customer Support: To respond to support tickets, diagnose technical issues, replicate reported problems, and communicate resolutions or platform updates relevant to your account.
• Communications: To send transactional notifications such as alert triggers, shipment status updates, and platform maintenance windows. With your consent, to send product announcements and industry insights. You may opt out of non-essential communications at any time.
• Legal & Compliance: To comply with applicable laws, regulations, and lawful government requests; to enforce contractual agreements; and to protect SYNTRA's legal rights.

3. Data Sharing & Disclosure

SYNTRA does not sell, rent, or trade your personal information or operational data to third parties. We share information only in the limited circumstances described below.

• Integration Partners (Customer-Authorized): When you configure an integration with a third-party TMS, WMS, ERP, visibility network, or carrier portal, data flows between SYNTRA and that system only as needed to execute the integration you have enabled. You control which integrations are active and what data is shared. SYNTRA does not independently connect your data to third-party systems without your explicit authorization.
• Service Providers: We engage trusted vendors to help operate our infrastructure, process payments, deliver email, provide cloud hosting, and support customer success activities. Each vendor is subject to a data processing agreement or equivalent contractual obligation requiring them to protect your data, use it only for the services they provide to us, and not disclose it to others. A current list of our sub-processors is available at syntraplatform.io/sub-processors and will be updated when material changes occur.
• Legal Requirements: We may disclose information if required to do so by applicable law, subpoena, court order, or lawful government request — including requests from Illinois state authorities. Where permitted, we will notify you before disclosing and will disclose only the minimum information legally required.
• Business Transfers: In the event of a merger, acquisition, asset sale, or other business combination involving SYNTRA, your information may be transferred to the successor entity. We will provide notice in advance and ensure your data continues to be protected under equivalent or stronger privacy terms.
• Protection of Rights: We may share information when we believe in good faith that disclosure is necessary to prevent fraud, protect the safety of our users or the public, or enforce our Terms of Service.

4. Location & GPS Data

Location and telematics data represent the operational core of the SYNTRA platform. Because of the sensitivity of this data and its significance to your business operations, we apply specific policies and principles to its handling.

Data Ownership Stays With You

All GPS coordinates, route histories, geofence records, temperature logs, and sensor data generated by SYNTRA hardware installed on your assets remain your property. SYNTRA processes this data as a data processor on your behalf — your organization is the data controller. We do not acquire ownership rights to this data at any point. Upon termination of your subscription, you may export your historical location data in standard formats before account closure.

Purpose Limitation

Location data transmitted by your assets is used exclusively to: power your real-time tracking dashboards, generate the alerts and geofence triggers you have configured, fulfill integration data feeds you have authorized, produce the operational reports available within your account, and support customer service and technical troubleshooting on your behalf. We do not use your asset location data to train AI or ML models sold to third parties, nor do we aggregate it for competitive intelligence.

Driver & Employee Location Data

Where SYNTRA hardware is used to track vehicles operated by employees or contractors, it is your responsibility as the operator to comply with applicable labor, employment, and privacy laws governing employee monitoring in your jurisdiction — including Illinois law and applicable notice and consent requirements. SYNTRA provides the tools; the legal obligation to inform and obtain consent from tracked individuals rests with you as the deploying organization.

5. Data Retention

We retain data only as long as necessary to deliver our services, meet legal obligations, and support legitimate business operations. The following retention periods apply by default.

• Account & Profile Data: Retained for the duration of your active subscription. Upon account cancellation or expiration, account data is retained for 90 days to support account recovery and audit purposes, after which it is permanently deleted from production systems.
• GPS & Location Data: Configurable by your account administrator within a range of 30 to 365 days of rolling history. The default retention window for new accounts is 180 days. Data beyond the configured retention window is automatically purged on a rolling basis.
• Sensor & Telemetry Data: Retained on the same schedule as GPS data unless your subscription tier includes extended historical telemetry, in which case your contracted retention period applies.
• Integration & API Logs: Retained for 90 days for debugging and audit trail purposes, then automatically deleted.
• Billing & Financial Records: Retained for a minimum of 7 years in accordance with applicable tax and accounting regulations, regardless of account status.
• Legal Holds: If your data becomes subject to a legal hold, litigation, regulatory inquiry, or law enforcement request, we may retain the affected data beyond standard retention periods for the duration of the relevant proceeding. We will notify you of any such holds where legally permissible.
• Backups: Data deleted from production systems may persist in encrypted backup archives for up to 30 additional days before being purged from backup media as part of our standard backup rotation.

6. Security

SYNTRA takes a defense-in-depth approach to security. We design our platform to meet the control requirements aligned with SOC 2 Type II, and we continuously evaluate our practices against industry standards for cloud-hosted B2B SaaS platforms.

• Encryption in Transit: All data transmitted between SYNTRA hardware, our cloud infrastructure, and end users is encrypted using TLS 1.2 or higher. API endpoints and the platform web application enforce HTTPS exclusively.
• Encryption at Rest: Customer data stored in SYNTRA databases and object storage is encrypted at rest using AES-256, with encryption keys managed through a dedicated key management service.
• Access Controls: Access to customer data within our internal systems is limited to personnel with a legitimate business need. We enforce role-based access controls, require multi-factor authentication for all internal system access, and maintain access logs for review.
• Infrastructure Security: Our cloud infrastructure is hosted in SOC 2-certified data centers. We apply network segmentation, regular vulnerability scanning, and automated patch management to our production environment.
• Penetration Testing: We conduct periodic third-party penetration tests against our platform and remediate identified vulnerabilities according to severity-based timelines.
• Incident Response: In the event of a confirmed data security incident that affects your account data, we will notify you without undue delay and in accordance with applicable breach notification laws, including the Illinois Personal Information Protection Act (PIPA). If the incident affects 500 or more Illinois residents, we will also notify the Illinois Attorney General as required by law. Our notification will describe the nature of the incident, the data affected, and the steps we are taking to contain and remediate it.

No system can guarantee absolute security. We encourage you to use strong, unique passwords, enable multi-factor authentication for your SYNTRA account, and promptly report any suspected unauthorized access to security@syntraplatform.io.

7. Your Rights

Depending on your location and applicable law, you may have the following rights with respect to your personal information. We honor these rights regardless of whether your jurisdiction legally mandates them, because we believe data control is foundational to trust.

• Access: You have the right to request a copy of the personal information we hold about you, including account details, usage records, and any personal data processed in connection with your account.
• Correction: You have the right to request correction of inaccurate or incomplete personal information. Most account profile fields can be updated directly within your account settings.
• Deletion: You have the right to request deletion of your personal information. Note that deletion of account data will result in termination of your SYNTRA subscription. Certain data may be retained as required by law or for legitimate legal defense purposes.
• Portability: You have the right to receive your personal information and operational data in a structured, machine-readable format (CSV, JSON) for transfer to another service provider. GPS and shipment history exports are available directly within the platform.
• Restriction of Processing: You may request that we restrict processing of your personal information in certain circumstances, such as while the accuracy of data is disputed.
• Objection: You may object to certain processing activities, including any use of your data for product improvement or communications not essential to service delivery.

California Residents (CCPA / CPRA)

California residents have the right to know what personal information is collected, the right to delete personal information, the right to opt out of the sale or sharing of personal information (SYNTRA does not sell or share personal information as defined under CCPA), the right to correct inaccurate personal information, and the right to limit use of sensitive personal information. California residents may exercise these rights without suffering discrimination in pricing or service access. To submit a verifiable consumer request, contact us at privacy@syntraplatform.io.

European Users (GDPR)

For users in the European Economic Area, United Kingdom, or Switzerland, SYNTRA processes personal data on the legal bases of contractual necessity (to deliver the services you have subscribed to), legitimate interests (for security, fraud prevention, and product improvement), legal obligation (for compliance with applicable laws), and consent (for optional communications). You have the right to lodge a complaint with your national data protection authority. Where SYNTRA acts as a data processor on behalf of your organization, your organization is the data controller and is responsible for ensuring an appropriate legal basis exists for the personal data you provide to or generate within the platform.

To exercise any of the above rights, contact us at privacy@syntraplatform.io. We will respond within 30 days of receiving a verifiable request.

8. Cookies & Tracking

SYNTRA uses a minimal set of cookies and browser-based technologies. We do not use advertising cookies, we do not participate in behavioral retargeting networks, and we do not sell data derived from your browsing activity.

• Essential Cookies (always active): Required for the platform to function. These include session authentication tokens, CSRF protection tokens, and user preference settings such as timezone and display configuration. These cookies cannot be disabled without breaking core platform functionality.
• Analytics Cookies (opt-out available): We use first-party analytics tools to measure aggregate page-level engagement on our public website (syntraplatform.io). These analytics do not track individuals across third-party sites, do not share data with advertising networks, and use IP anonymization. Logged-in platform users are not tracked for marketing analytics purposes.
• No Advertising Cookies: We do not deploy third-party advertising pixels, social media tracking scripts, or cross-site behavioral tracking technologies on our platform or website.

You can control cookies through your browser settings. Disabling all cookies may impair your ability to log in to the SYNTRA platform. To opt out of analytics tracking on our public website, you may use a browser-level do-not-track setting or contact us at privacy@syntraplatform.io to request analytics opt-out.

9. Children's Privacy

The SYNTRA platform is a business-to-business service designed for use by freight brokers, third-party logistics providers, shippers, fleet managers, and enterprise operations teams. Our services are not directed at, and are not intended for use by, individuals under the age of 18.

We do not knowingly collect personal information from anyone under 18. If we become aware that we have inadvertently received personal information from a person under 18, we will delete that information promptly. If you believe we may have collected information from a minor, please contact us at privacy@syntraplatform.io.

10. Illinois-Specific Disclosures

SYNTRA Platform, Inc. is headquartered in Illinois. In addition to the rights and protections described elsewhere in this Privacy Policy, the following provisions apply specifically to residents and operators subject to Illinois law.

Illinois Biometric Information Privacy Act (BIPA)

Illinois BIPA (740 ILCS 14/) imposes strict requirements on the collection, use, storage, and destruction of biometric identifiers and biometric information, including fingerprints, retina or iris scans, voiceprints, scans of hand or face geometry, and similar identifiers.

SYNTRA's current platform and hardware do not collect or process biometric identifiers or biometric information as defined under BIPA. If SYNTRA introduces any feature or integration that would involve biometric data collection in the future, we will:

• Publish a written policy establishing a retention schedule and guidelines for permanent destruction of biometric data.
• Obtain a written release from each individual whose biometric data is collected, prior to collection.
• Never sell, lease, trade, or profit from biometric data.
• Never disclose biometric data without consent, except as required by law or to complete a financial transaction authorized by the individual.

If you deploy SYNTRA hardware or integrations that may involve biometric data collection by a third party (for example, driver-facing cameras with facial recognition through a connected system), you as the operator bear responsibility for ensuring BIPA compliance with respect to your employees and contractors. Contact us at privacy@syntraplatform.io with any BIPA-related questions.

Illinois Personal Information Protection Act (PIPA)

Under Illinois PIPA (815 ILCS 530/), SYNTRA is required to notify affected Illinois residents and, where a breach affects 500 or more Illinois residents, the Illinois Attorney General, in the event of a security breach involving personal information. In the event of a confirmed breach affecting Illinois residents, SYNTRA will:

• Notify affected Illinois residents in the most expedient time possible and without unreasonable delay.
• Notify the Illinois Attorney General if 500 or more Illinois residents are affected.
• Provide notice in the form required by Illinois law, including a description of the incident, the type of personal information involved, contact information for SYNTRA, and steps individuals can take to protect themselves.

Notice may be provided by written notice, electronic notice (where the affected individual has consented to electronic communications), or substitute notice in accordance with PIPA requirements.

Illinois Employee Monitoring

Illinois law (820 ILCS 40/ — the Illinois Electronic Mail Privacy Act and related statutes) imposes specific requirements on employers who monitor employee electronic communications and activity. If you use SYNTRA to track vehicles operated by Illinois-based employees or contractors, you are responsible for:

• Providing employees with advance written notice that electronic monitoring may occur.
• Complying with all applicable Illinois and federal requirements for employee monitoring consent and disclosure.
• Maintaining records of employee acknowledgment of monitoring notice as required by applicable law.

SYNTRA provides the platform and hardware; the legal obligations related to employee notice and consent under Illinois law rest with you as the deploying organization.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or operational procedures. When we make material changes, we will:

• Update the "Last updated" date at the top of this page.
• Send an in-platform notification and email notice to account administrators at least 14 days before material changes take effect.
• Where required by law, obtain renewed consent for any materially new processing activities.

We encourage you to review this Privacy Policy periodically. Your continued use of the SYNTRA platform after the effective date of any update constitutes acceptance of the revised policy. If you do not agree with a material update, you may terminate your subscription prior to the effective date by contacting our support team.

Previous versions of this Privacy Policy are available upon request by emailing privacy@syntraplatform.io.

12. Contact Us

If you have questions about this Privacy Policy, wish to exercise your data rights, have a concern about how your information is being handled, or need to report a potential privacy incident, please contact us through any of the following channels. We take all privacy inquiries seriously and will respond within 30 days.

For enterprise customers with a Customer Success Manager or dedicated account contact, you may also raise privacy-related questions directly through your account relationship. Your CSM will route your inquiry to our privacy team with appropriate priority.