TruckZen

Privacy Policy

Last updated: June 2026

TruckZen ("we," "us," or "our") operates the TruckZen platform, including the website at truckzen.pro and associated mobile applications (collectively, the "Service"). This Privacy Policy describes how we collect, use, disclose, and protect your personal information when you use our Service.

By accessing or using the Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with this policy, please do not use the Service.

1. Information We Collect

Account Information. When you create an account, we collect your name, email address, phone number, company name, and role within your organization. Shop owners may also provide business address, tax identification numbers, and payment information.

Service Data. Through your use of the Service, we collect data related to work orders, service records, vehicle information (including VINs, mileage, and maintenance history), customer records, parts inventory, invoices, and employee time-tracking data. This data is generated by you and your team in the course of using TruckZen to manage shop operations.

Vehicle Data. We collect vehicle identification numbers (VINs) and may decode them using the National Highway Traffic Safety Administration (NHTSA) database to retrieve vehicle specifications such as year, make, model, engine type, and gross vehicle weight rating.

Usage Data. We automatically collect information about how you interact with the Service, including pages visited, features used, timestamps, browser type, device type, operating system, IP address, and referring URLs.

Communications. If you contact us for support or provide feedback, we collect the content of those communications along with your contact information.

Workplace Timekeeping & Location Data. Where your employer or shop enables workplace clock-in features, the Service records timekeeping events (clock-in, clock-out, breaks, job timers) along with associated metadata. Depending on shop configuration, this may include device-trust identifiers (e.g., terminal cookies), approved-network identifiers, and geolocation/geofence indicators (latitude, longitude, accuracy, and whether the punch occurred inside the shop's configured geofence). Override reasons may be recorded when a clock-in is performed outside the geofence. These workplace records are made available to authorized administrators of the shop or organization, not to the public.

Uploaded Content. The Service stores files, documents, photos, and videos that you or your team upload (for example, work order attachments, customer documents, employee or driver documents, vehicle photos, and similar content). Uploaded content is retained according to the Data Retention section below and is made available to authorized users in your organization and, where applicable, to invited customers via the customer portal.

Audit & Activity Logs. The Service records audit and activity log entries for sensitive actions taken inside the platform — for example, who created, edited, sent, approved, or trashed a record. Log entries may include the acting user's identifier, role, department, IP address, user agent, request identifier, action label, and a before/after snapshot of the affected record.

Backups & Operational Metadata. The Service maintains operational backups of your data and generates internal notification metadata describing backup status (timestamps, table names, row counts, byte sizes, success/failure indicators). Backup notification emails sent to TruckZen operators contain metadata only and do not include row content or signed download URLs.

2. How We Use Information

We use the information we collect to:

  • Provide, maintain, and improve the Service, including work order management, invoicing, fleet tracking, compliance monitoring, and reporting features.
  • Process transactions and send related information, including purchase confirmations and invoices for your TruckZen subscription.
  • Send technical notices, updates, security alerts, and administrative messages.
  • Respond to your comments, questions, and support requests.
  • Monitor and analyze usage trends to improve user experience and develop new features.
  • Detect, investigate, and prevent fraudulent transactions and other illegal activities, and protect the rights and property of TruckZen and others.
  • Comply with legal obligations and enforce our terms of service.

3. Data Sharing

We do not sell your personal information. We may share your information in the following circumstances:

  • Service Providers. We share data with third-party vendors who perform services on our behalf, such as cloud application hosting (Vercel), database and storage (Supabase), transactional email delivery (Amazon SES and Resend during provider transition), and error monitoring / diagnostics (Sentry). These providers are contractually obligated to use your data only to perform services for us and in compliance with this policy. Our error-monitoring configuration is set to suppress default personally identifiable information, disable session replay on errors, and sanitize URLs before they reach the monitoring provider.
  • Within Your Organization. Data you enter into TruckZen is accessible to other authorized users within your shop or organization based on their assigned roles and permissions.
  • Customer Portal. When you share work order estimates or invoices with your customers through the TruckZen portal, those customers can view the specific information you choose to share.
  • Legal Requirements. We may disclose your information if required to do so by law, in response to a subpoena, court order, or other governmental request, or when we believe disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.
  • Business Transfers. If TruckZen is involved in a merger, acquisition, or sale of all or a portion of its assets, your information may be transferred as part of that transaction.

4. Data Retention

We retain account information and service data for as long as your account is active or as needed to provide the Service. Work order records, vehicle history, and financial records are typically retained for an extended period (commonly several years) to align with tax, accounting, and regulatory requirements applicable to automotive repair businesses.

Different categories of data may be retained for different periods based on operational, legal, accounting, audit, security, and backup needs:

  • Soft-deleted records. Records placed in the trash are scheduled for purge after a configured retention window. The current operational default is a 45-day purge cycle for supported tables; specific tables may be exempted (for example, employee documents retained for audit).
  • Audit, activity, and security logs. Audit trail entries, activity logs, login attempts, blocked-IP records, and platform activity logs may be retained for longer periods to support security review, investigation, and accountability.
  • Backups. Encrypted operational backups and their notification metadata may be retained beyond the original record's lifecycle to support disaster-recovery requirements.
  • Uploaded content. Storage objects associated with deleted database rows may not be immediately removed from underlying storage; cleanup of orphaned storage objects is performed on a separate schedule.

If you request account deletion, we will make commercially reasonable efforts to delete or anonymize your personal information within a reasonable period, except where retention is required by law, audit, accounting, or for legitimate business purposes such as resolving disputes or enforcing our agreements. Specific retention windows for each category are subject to ongoing review by counsel and may evolve as the Service matures.

5. Cookies, Session & Local Storage

The Service uses cookies, session storage, and local storage in your browser to maintain your session, remember your preferences, and understand how you use the Service:

  • Essential cookies and session data. Required for authentication, role and permission handling, kiosk and terminal device-trust, and core functionality. These cannot be disabled while you use the Service.
  • Local storage. The Service may store small amounts of UI state in your browser's local storage to preserve preferences and recent context between sessions.
  • Error and performance telemetry. The Service may send error reports and limited diagnostic data to our error-monitoring provider for the purpose of debugging and reliability.
  • Analytics. We do not use third-party advertising trackers, and our error-monitoring telemetry is configured to suppress default PII and disable session replay on errors.

You can control browser cookies through your browser settings, but disabling cookies, session storage, or local storage may prevent the Service from working correctly.

6. Children's Privacy

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16, we will take steps to delete such information promptly. If you believe we may have collected information from a child under 16, please contact us at support@truckzen.pro.

7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

  • Access. You may request a copy of the personal information we hold about you.
  • Correction. You may request that we correct inaccurate or incomplete personal information.
  • Deletion. You may request that we delete your personal information, subject to certain exceptions.
  • Portability. You may request a machine-readable copy of your data. TruckZen supports data export for work orders, customers, vehicles, and financial records.
  • Objection. You may object to certain processing of your personal information.
  • Restriction. You may request that we restrict processing of your personal information under certain circumstances.

To exercise any of these rights, contact us at support@truckzen.pro. We will respond to your request within 30 days.

8. Security & Error Monitoring

We implement security measures intended to protect your personal information, including encryption of data in transit (TLS), encryption of stored data and backups where supported by our infrastructure providers, role-based access controls, session management, rate limiting on authentication, and infrastructure hosted on reputable cloud providers (currently Vercel and Supabase). However, no method of transmission over the Internet or method of electronic storage is fully secure, and we cannot guarantee absolute security.

We operate an error-monitoring and diagnostic surface to detect and investigate Service issues. This surface is currently configured to suppress default personally identifiable information, disable session replay on errors, and sanitize URL query strings before they are sent to the monitoring provider. The Service's public error page intentionally does not render raw error messages to end users; it displays only an opaque incident identifier.

Unauthorized access monitoring. The Service logs and preserves information about attempts by authenticated users to reach owner-only backend, developer, administrative, platform, or API-key surfaces they are not authorized to use, including probing, scraping, credential or API-key discovery, attempts to bypass role checks, data exfiltration, reverse engineering, and vulnerability scanning. These security records may include the acting user's identifier, role, IP address, user agent, and the requested route path only; they never include request bodies, credentials, API keys, tokens, cookies, authorization headers, environment variables, full URLs, or query strings. We may use these records to investigate abuse, automatically disable accounts that repeatedly probe restricted surfaces, notify affected organizations, preserve evidence, refer matters to law enforcement, and pursue legal remedies (including seeking damages and injunctive relief) where permitted by law.

Workplace logging. Where shop administrators enable workplace clock-in features, the Service records timekeeping, geofence status, terminal-device identifiers, and override reasons as described in Section 1. Employees and other workers may be subject to this logging when they use the Service while their employer or shop has these features enabled. A separate workplace-monitoring disclosure may be required by your employer's policies and applicable law.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. For significant changes, we will provide additional notice through the Service or via email. Your continued use of the Service after any changes constitutes acceptance of the updated policy.

10. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:

TruckZen
Email: support@truckzen.pro
Website: truckzen.pro