Scope
Who we are and what this covers
TruckZen operates the TruckZen platform at truckzen.pro and related mobile-friendly web views. This Privacy Policy explains how we collect, use, share, protect, and retain information when you use the Service.
The Service is built for commercial truck repair facilities, fleet maintenance operations, and automotive service businesses. It supports work orders, estimates, invoices, parts, purchase orders, vendor bills, asset records, compliance-data organization, employee time tracking, customer records, uploaded documents, customer portals, Smart Drop, OCR-assisted imports, barcode and scanner workflows, audits, backups, and reporting.
Data categories
Information we collect
Account and contact information. We collect name, email address, phone number, shop or organization name, role, permissions, invite status, authentication metadata, multi-factor authentication settings where enabled, and policy acceptance or decline records.
Shop, customer, vendor, vehicle, driver, mechanic, and company data. We collect business profile information, customer and vendor records, contacts, vehicle and asset records, VINs, mileage, license plates, driver records, mechanic records, employee records, fleet records, service history, and similar operational information entered into the Service.
Work order, estimate, invoice, purchase order, vendor bill, and parts data. We collect the operational records your team creates, imports, edits, sends, approves, declines, matches, receives, adjusts, restores, or deletes, including line items, quantities, notes, manually recorded payments, customer approval events, and customer-portal activity.
Uploaded content and Smart Drop files. We store files, photos, videos, work order attachments, customer documents, employee documents, driver credentials, vehicle photos, vendor bills, purchase orders, invoices, Smart Drop uploads, OCR inputs, and metadata such as filename, type, size, uploader, storage path, and upload time.
Imports, OCR, AI, and scanner metadata. We may store source-system attribution, parsed fields, raw OCR text, confidence signals, classification results, matching context, parser versions, OCR policy versions, barcode values, and human review state for imported, extracted, scanned, or suggested records.
Workplace timekeeping, location, and device data. If enabled by your shop, we collect clock-in and clock-out events, job timers, break timers, GPS coordinates supplied by the device, geofence status, override reasons, approved-network context, terminal-device-trust identifiers, and related audit history.
Usage, audit, security, and platform logs. We collect page and feature usage, timestamps, browser and device information, IP address, user agent, request identifier, login attempts, blocked-IP events, policy acceptance records, platform admin actions, impersonation or support-access audit events, and before/after snapshots for sensitive record changes where supported.
Processing purposes
How we use information
We use information to:
- authenticate users, route them by role, maintain sessions, and protect accounts;
- operate work orders, estimates, invoices, purchase orders, vendor bills, parts, assets, customer records, customer portals, uploads, Smart Drop, OCR/imports, barcode and scanner workflows, reporting, and backups;
- deliver transactional emails such as invites, resets, estimates, invoices, approvals, work order updates, kiosk notices, and operational notifications;
- run workplace features your shop enables, including timekeeping, geofence checks, terminal-device trust, and job attribution;
- detect suspicious activity, investigate errors, preserve audit history, respond to security incidents, and enforce our Terms;
- restore service after failures, test backup and restore readiness, and monitor backup status; and
- improve reliability, performance, and product quality using aggregated or de-identified operational insight.
Imports, Smart Drop, AI, OCR, barcode, and scanner outputs are productivity aids only. They require human verification before use in operations, accounting, payroll, repair, regulatory, billing, compliance, or inventory decisions.
Lifecycle
Retention, trash, backups, and policy records
We retain account information and service data while your account is active and as needed for operations, support, accounting, tax, audit, security, legal, backup, restore, and dispute-resolution purposes.
- Trash and soft-delete. Supported records placed in trash are eligible for purge after the configured retention window. Some records are retained longer for audit or legal reasons.
- Audit, activity, and security logs. Audit logs, activity logs, platform admin logs, login attempts, blocked-IP records, and unauthorized-access records may be retained longer for accountability and investigation.
- Policy acceptance records. Required policy acceptance, decline, and review records are retained to show what policy version applied to a user and when the user responded.
- Backups and restore records. Encrypted backups, backup notification metadata, restore rehearsal metadata, table counts, byte sizes, timestamps, and success or failure indicators may be retained beyond the lifecycle of original rows.
- Uploaded content. Storage objects may not be removed immediately when a database row is deleted. Orphaned object cleanup may run on a separate schedule.
If you request deletion, we will use commercially reasonable efforts to delete or anonymize personal information within a reasonable period, except where retention is required for legal, accounting, audit, security, backup, operational, or legitimate business purposes.
Protection
Security and unauthorized-access monitoring
We use security measures intended to protect information, including TLS in transit, encrypted storage and backups where supported by infrastructure, role-based access controls, shop and tenant scoping, session management, password requirements, authentication rate limiting, audit logs, and AWS production operational monitoring.
The Service logs and preserves information about attempts by authenticated users to reach owner-only backend, developer, administrative, platform, or API-key surfaces they are not authorized to use, including probing, scraping, credential or API-key discovery, attempts to bypass role checks, reverse engineering, data exfiltration, and vulnerability scanning.
Security records may include user identifier, role, email, IP address, user agent, request identifier, route path, and event time. They are designed not to include request bodies, passwords, API keys, tokens, cookies, authorization headers, environment variables, full URLs, or query strings.
We may use these records to investigate abuse, disable access, notify affected organizations, preserve evidence, refer matters to law enforcement, and pursue legal remedies where permitted by law.
Control
Your rights and choices
Depending on your jurisdiction, you may have rights to access, correct, delete, export, object to, or restrict certain processing of your personal information. To make a request, contact support@truckzen.pro.
Some records may be controlled by your employer, shop, fleet, or organization rather than by TruckZen directly. If you use TruckZen through an organization, we may direct certain requests to that organization or process the request with that organization's involvement.
Updates
Changes and contact
We may update this Privacy Policy as the Service, vendors, infrastructure, features, and legal requirements change. When we do, we will update the "Last updated" date and, where appropriate, provide additional notice through the Service or by email.
Questions about this Privacy Policy or TruckZen data practices may be sent to support@truckzen.pro. See the Terms of Service for service-use rules.