1. Who We Are

OverTheRoad.ai is a product of Milisec Solutions LLC, a Minnesota limited liability company ("we," "us," or "our"). We operate a web-based back-office platform built for independent owner-operators and small trucking fleets. We provide tools for load management, invoicing, IFTA reporting, compliance tracking, cash-flow forecasting, and fleet monitoring.

2. Information We Collect

We collect the following categories of information:

Account information — name, email address, and phone number provided during sign-up (managed by Clerk, our authentication provider).
Business information — DOT number, MC number, company name, business address, and EIN used for compliance tracking and IFTA filings.
Financial data — load rates, expenses, fuel purchases, and invoice details you enter or import into the platform.
Fleet & ELD data — vehicle information, driver details, hours-of-service logs, inspection reports, fault codes, GPS locations, and fuel records synced from integrated services (e.g., Samsara).
Bank account data — when you connect your bank account via Plaid, we access your account balance and transaction history. We receive transaction dates, amounts, merchant names, and categories. We do not receive or store your bank login credentials — those are handled entirely by Plaid. See Section 4a below for details on Plaid's data handling.
Documents — rate confirmations, BOLs, receipts, and other files you upload for parsing or storage.
Usage data — pages visited, features used, and interaction patterns to improve the product.
Communication data — SMS messages we send to your phone number for alerts and notifications (e.g., HOS violations, payment confirmations, compliance deadlines).

3. How We Use Your Information

To operate and improve the OverTheRoad.ai platform and its features.
To generate invoices, IFTA reports, compliance alerts, and cash-flow projections on your behalf.
To sync data with third-party services you connect (Samsara, QuickBooks) at your direction.
To send transactional and operational notifications via email or SMS (e.g., invoice delivery confirmations, HOS violation alerts, compliance reminders, low-balance warnings).
To process payments through Stripe for your subscription.
To provide AI-powered assistance via our chat feature (powered by Anthropic's Claude).
To generate aggregate broker payment-performance statistics (e.g., average days-to-pay), facility wait-time benchmarks, lane rate averages, and similar insights that help all users make better decisions. Individual transactions are never displayed to other users — only aggregate statistics computed across many users are shown publicly. We may retain and use your underlying submitted data internally for model training, fraud detection, broker scoring, and product improvement.

3a. AI Data Processing (Anthropic)

Our AI assistant is powered by Anthropic's Claude. When you use the AI chat feature:

Your prompts and relevant account context (e.g., load details, financial summaries) are sent to Anthropic's API for processing.
Anthropic processes this data solely to generate a response and does not use it to train their models.
Anthropic retains API inputs and outputs for up to 30 days for trust and safety purposes, after which they are deleted. See Anthropic's Privacy Policy for details.
You may delete your AI chat history at any time from Settings.

3b. Broker, Lane & Facility Intelligence

OverTheRoad.ai builds broker payment metrics, lane rate benchmarks, and facility wait-time histories using load, invoice, settlement, rate-confirmation, and tool-submission data from across the platform. This data:

Is derived from records you and other users submit, both inside the authenticated app and through our public tools (Check-A-Load, Performance, IFTA, and similar).
Is stored and used internally as submitted — including for model training, fraud detection, broker scoring, and product improvement.
Is shown to other users only in aggregate form (e.g., "Broker X averages 32 days to pay across 45 loads" or "This consignee averages 3hr 12min wait") — your individual transactions and counterparties are never displayed to other users in a way that identifies you.
Your individual records are never sold to brokers, factoring companies, insurance providers, or any other third party for their marketing purposes. We may, however, share or license the aggregate benchmark datasets described above (broker payment averages, lane rate ranges, facility wait-time histories) to third parties — these aggregates contain no information that can be used to identify you, your business, or your specific transactions.
You may request deletion of your underlying data at any time by emailing support@overtheroad.ai or using the deletion tool in Settings. After deletion, your data no longer contributes to future aggregate calculations, and we retain only aggregate statistics that can no longer be linked to you.

3c. Co-Driver AI Actions Processing

When you use the Co-Driver feature, your business data — including load details, invoice records, bank transactions (if Plaid is connected), QuickBooks payment records (if QuickBooks is connected), and ELD mileage data (if Samsara is connected) — is processed by Anthropic's Claude AI to generate responses and execute confirmed actions. Data sent to Claude is used solely to respond to your queries and is subject to Anthropic's data processing terms. We do not use your data to train Anthropic's models. All Co-Driver queries are scoped to your own account data only.

When Co-Driver accesses connected services on your behalf (QuickBooks, Plaid, Samsara, Clerk), it uses the OAuth tokens you previously authorized. Data retrieved from these services is used solely to answer your query and is not stored beyond the immediate session except where it updates existing records in your OTR.AI account (e.g., marking an invoice paid).

4. Information Sharing

We do not sell, rent, or share your personal information with third parties for their marketing purposes. Personal information means data that identifies you or your business — your name, contact information, account credentials, EIN/SSN, bank or payment data, and your individual loads, invoices, settlements, and transactions.

We may share or license aggregate, de-identified benchmark datasets (e.g., broker payment averages, lane rate ranges, facility wait-time histories) with third parties. These aggregates are computed across many users and cannot be used to identify you, your business, or any specific transaction. See Section 3b for details.

We otherwise share data only with:

Service providers that help us operate the platform — including Clerk (authentication), Stripe (payments), Plaid (bank connectivity), Postmark (email delivery), Twilio (SMS), Anthropic (AI processing), and Railway (hosting). These providers only access data necessary to perform their services.
Integrations you authorize — when you connect Samsara, QuickBooks, or your bank account via Plaid, we exchange data with those services as directed by you.
Legal requirements — if required by law, regulation, or valid legal process.

4a. Plaid & Financial Data

When you connect your bank account through Plaid, Inc. ("Plaid"), you acknowledge and agree that:

Your bank login credentials are transmitted directly to Plaid and are never received, accessed, or stored by OverTheRoad.ai.
We receive only transaction data (dates, amounts, merchant names, categories) and account balances from Plaid.
Your use of Plaid is subject to Plaid's End User Privacy Policy.
We use your bank data solely to categorize business expenses, track fuel purchases, and generate cash-flow projections.
We do not sell, share, or use your bank data for advertising, marketing, or credit decisioning purposes.
You may disconnect your bank account at any time from Settings. Upon disconnection, we immediately delete your Plaid access token and all synced transaction data from our systems.

5. SMS & Communications

When you provide your phone number and opt in to notifications, we may send you SMS messages related to your account activity, including but not limited to:

Payment and invoice notifications
HOS violation and compliance alerts
Fault code and vehicle maintenance alerts
Cash-flow and low-balance warnings
IFTA deadline reminders

Message frequency varies based on your fleet activity. Message and data rates may apply. You can opt out at any time by replying STOP to any message or updating your notification preferences in your account settings. ArrowBendUpLeft HELP for assistance.

We do not use your phone number for marketing, promotional, or advertising messages. SMS is used strictly for operational and transactional alerts related to your trucking business.

By providing your phone number and checking the SMS opt-in box during account setup, you provide your express written consent under the Telephone Consumer Protection Act (TCPA) to receive automated transactional SMS messages at the number you provided. You are not required to consent to SMS as a condition of purchasing any service. Standard message and data rates apply. Supported carriers include all major US carriers. For help, reply HELP or contact support@overtheroad.ai. To stop, reply STOP at any time.

6. Data Security

We use industry-standard security measures to protect your information, including encrypted connections (TLS), secure database hosting, and access controls. Authentication is handled by Clerk with support for multi-factor authentication. Payment data is processed directly by Stripe and never stored on our servers.

7. Data Retention

We retain your data for as long as your account is active. If you cancel your subscription, we retain your data for 30 days in case you reactivate, then permanently delete it. You may request immediate deletion at any time by using the deletion tool in Settings or contacting us at privacy@overtheroad.ai.

8. Your Rights

You have the right to:

Access the personal data we hold about you.
Request correction of inaccurate data (CCPA/CPRA "Right to Correct").
Request deletion of your data (see Section 8a below).
Export your data in a portable format (CSV/JSON from the Export page).
Restrict processing of your data to storage only while a dispute is resolved.
Object to processing based on legitimate interests.
Withdraw consent at any time for consent-based processing (e.g., SMS, AI features).
Opt out of SMS notifications at any time by replying STOP.
Disconnect third-party integrations (Plaid, Samsara, QuickBooks) at any time from your Settings page.
Lodge a complaint with a data protection authority if you believe your rights have been violated. For EU residents, contact your local supervisory authority. For California residents, contact the California Attorney General's office.

To exercise any of these rights, use the data deletion tool in your account Settings or contact us at support@overtheroad.ai. We will respond to all rights requests within 30 days.

8a. Data Deletion & Account Closure

You may request deletion of your account and all associated data at any time by:

Using the "Request Account Deletion" button in your account Settings page, or
Emailing support@overtheroad.ai with the subject line "Delete My Account."

Upon receiving a verified deletion request, we will:

Disconnect all third-party integrations (Plaid, Samsara, QuickBooks) and revoke access tokens.
Delete all your loads, invoices, expenses, fuel transactions, documents, compliance records, chat history, bank transactions, and notification history.
Remove your account from our authentication provider (Clerk).
Complete the deletion within 30 days of the request.

We may retain anonymized, aggregated data that cannot be used to identify you (e.g., platform-wide average days-to-pay statistics). We may also retain records required by law (e.g., Stripe payment records for tax compliance) for the legally required retention period.

8b. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

Right to Know — You may request the categories and specific pieces of personal information we have collected about you.
Right to Delete — You may request deletion of personal information we have collected (see Section 8a).
Right to Opt Out of Sale of Personal Information — We do not sell your personal information. If we ever begin selling personal information in the future, we will provide California residents with a clear "Do Not Sell My Personal Information" mechanism and notice as required by CCPA/CPRA before doing so. (Aggregate, de-identified benchmark datasets that contain no information capable of identifying you are not "personal information" under CCPA/CPRA and may be shared or licensed without invoking this right.)
Right to Non-Discrimination — We will not discriminate against you for exercising any of your privacy rights.

To submit a verifiable consumer request, email privacy@overtheroad.ai or use the data deletion tool in Settings. We will verify your identity by matching the request against your account email address.

9. Cookies & Analytics

We use essential cookies for authentication and session management. We may use analytics tools to understand how the platform is used. We do not use advertising cookies or trackers.

10. Children's Privacy

OverTheRoad.ai is intended for use by adults operating commercial motor vehicles. We do not knowingly collect information from anyone under the age of 18.

11. Partner & Referral Program Data

a. Referral Tracking

When you arrive at OverTheRoad.ai via a partner referral link, we collect the referral code and store it in a browser cookie (up to 30 days) and in your account metadata upon sign-up. This data is used solely to attribute the referral to the correct partner and calculate any applicable referral bonus.

b. Partner Account Data

If you participate in our Partner Program, we collect and process: your referral code, commission rate, referral history (which users you referred, excluding their personal data beyond first name and last initial), earnings ledger, and payout history. Partners who connect a Stripe Express account authorize Stripe to collect identity verification documents, bank account information, and tax documentation (W-9/W-8BEN) directly. This financial data is processed and stored by Stripe, not on our servers.

c. Stripe Connect Data Sharing

To process partner payouts, we share limited data with Stripe: payout amounts, partner identifiers, and transfer descriptions. Stripe processes this data under their own privacy policy. We do not share referred users' personal or financial information with Partners. Partners see only aggregated referral counts, first name and last initial of referrals, subscription status, and their own earnings.

d. Referred User Privacy

If you were referred by a Partner, the Partner can see: your first name and last initial, your subscription plan, whether your subscription is active, and the date you signed up. Partners cannot see your email address, phone number, company details, financial data, loads, invoices, or any other account information.

12. Legal Basis for Processing

OverTheRoad.ai operates exclusively in the United States. We process personal data under the following legal bases:

Contract performance: Account data, load/invoice data, subscription billing — necessary to provide the Service you signed up for.
Legitimate interest: Usage analytics, fraud prevention, broker performance aggregation, platform security — necessary for operating and improving the Service.
Consent: SMS notifications, AI-powered features (Co-Driver), referral tracking cookies — you may withdraw consent at any time via Settings or by contacting us.
Legal obligation: Tax records, payment records retained by Stripe, breach notification — required by applicable law.

12a. International Data Transfers

OverTheRoad.ai is based in and operates exclusively within the United States. Your data is processed in the US by the following service providers:

Stripe (payments, Connect payouts) — US, with global infrastructure
Clerk (authentication) — US-based
Anthropic (AI processing) — US-based
Plaid (bank connectivity) — US-based
AWS (document storage) — US regions
Railway (hosting) — US-based
Postmark (email) — US-based
Twilio (SMS) — US, with global network

All data processing occurs within the United States. By using the Service, you acknowledge that your data is processed in the US. The Service is intended for use by US-based businesses only.

12b. Data Retention

We retain different types of data for different periods:

Account data: Retained while your account is active. Deleted within 30 days of account closure.
Load, invoice, expense, fuel data: Retained while your account is active. Deleted with account.
ELD/Samsara data: Retained while the integration is connected. Deleted when disconnected or account closed.
Bank data (Plaid): Retained while connected. Access token revoked on disconnect; Plaid may retain data per their policy.
AI conversation history: Processed by Anthropic with 30-day retention per their policy. We do not store chat transcripts beyond your session.
SMS records: Delivery confirmations retained for 90 days for troubleshooting.
ComputerTower/application logs: Retained for 90 days, then automatically purged.
Payment records: Retained by Stripe per PCI compliance requirements (typically 7 years for tax purposes).
Partner referral data: Earnings and payout records retained for tax compliance. Anonymized aggregate data may be retained indefinitely.
Support emails: Retained for 2 years after last contact, then deleted.

13. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of material changes via email or an in-app notification. Continued use of the platform after changes constitutes acceptance.

14. Contact Us

If you have questions about this privacy policy or your data, contact us at:

Privacy inquiries: privacy@overtheroad.ai

General support: support@overtheroad.ai

Mailing address: Milisec Solutions LLC, Minnesota, United States

Privacy Policy