Privacy Policy

1. Overview

RunSheet ("we," "us," or "our") operates the delivery route management platform at my-runsheet.com. This Privacy Policy explains what information we collect, how we use it, and your choices regarding your data. By using RunSheet, you agree to the practices described here.

2. Information We Collect

Account and Business Information

• Company name and subdomain
• Account administrator name, username, and email address
• Driver and dispatcher names and contact information you enter
• Billing address and payment method (handled by Stripe — we do not store full card numbers)

Operational Data

• Customer delivery addresses, phone numbers, email addresses, and delivery instructions you upload
• Route history, delivery timestamps, stop sequences, and driver notes
• Proof-of-delivery photos uploaded by drivers
• Delivery status records and per-action audit log entries
• Route templates and recurring schedule configurations

Driver Location Data

• If the location tracking feature is active, we collect GPS coordinates (latitude and longitude) from drivers' devices while they are on an active route
• Location data is used only to display driver position to dispatchers in real time and to support geofence-based arrival notifications
• Location pings are not stored long-term; data older than 10 minutes is discarded
• Drivers consent to GPS location collection when using the driver app during an active route

SMS and Customer Communications

• If you enable SMS notifications, we collect and transmit customer phone numbers to Twilio to deliver delivery status messages on your behalf
• SMS opt-in is implicit when a customer's phone number is provided by you and SMS is enabled; recipients may opt out at any time by replying STOP
• We do not use customer phone numbers for any purpose other than delivering notifications you initiate

AI-Processed Data

• Proof-of-delivery photos may be analyzed by Anthropic's Claude AI to generate a natural-language description of the delivery
• Driver notes may be processed by Anthropic's Claude AI to extract actionable delivery instructions
• No personally identifiable information is deliberately included in AI prompts beyond what is necessary to generate a delivery description

Security and Access Data

• Active login sessions (JWT identifiers, creation time, IP address, user agent) for session management
• API key metadata (hashed key, name, creation date, last used — the raw key is never stored)
• Webhook endpoint URLs and configuration you provide

Usage and Technical Data

• IP addresses and device information when you access the Service
• Log data including pages visited, actions taken, and timestamps
• Browser type and operating system

3. How We Use Your Information

• To provide, operate, and improve the Service
• To process payments and manage your subscription
• To send transactional emails (account verification, billing receipts, payment failure notices, driver daily summaries, customer delivery notifications)
• To geocode delivery addresses and calculate optimized routes
• To display driver locations to dispatchers during active routes
• To generate delivery analytics and performance reports within your account
• To transmit delivery event data to webhook endpoints you configure
• To respond to support requests and communicate about the Service
• To detect and prevent fraud and abuse
• To comply with legal obligations

We do not sell your data or use it for advertising purposes.

4. Customer Delivery Notifications and Portals

RunSheet offers two optional features that involve sending information to your end customers:

• Delivery notification emails: When enabled by your account administrator, an automated email is sent to a customer's email address when their delivery is marked complete. These emails are sent via Resend using the customer email address you have on file.
• Customer delivery portal: Each customer record is assigned a unique, unguessable portal token. The portal URL may be shared with your customer (e.g. included in a delivery notification email) to allow them to view their recent delivery history without logging in.

Both features are disabled by default. You are responsible for ensuring you have the necessary consent from your customers before enabling these features and for complying with applicable communications laws.

5. Third-Party Services

We use the following third-party services to operate RunSheet. Each has its own privacy policy governing their use of your data:

6. Data Retention

We retain your data as long as your account is active. Specific retention periods:

• Delivery history and proof-of-delivery photos: retained per your plan's history limit — Starter: 30 days, Growth: 90 days, Business: 365 days
• Audit log entries: retained for the life of your account
• Driver location data: not retained beyond 10 minutes of collection
• Active session records: retained until the session expires or is revoked
• Account and billing records: retained for the duration of your account plus 7 years for tax/legal compliance
• Server logs: retained for 30 days
• AI-generated delivery descriptions: retained as part of the delivery record, subject to the same history limit as above

When you cancel your account, your operational data (routes, clients, deliveries) is deleted within 30 days. You may export your data before cancellation by contacting support.

7. Your Customer Data

You are the data controller for customer information you upload to RunSheet (delivery addresses, phone numbers, email addresses, etc.). You are responsible for ensuring you have a legal basis to store and process that information. RunSheet processes this data only as a data processor acting on your instructions.

Your customers' delivery addresses are transmitted to Google Maps Platform for geocoding and routing. If you enable customer notifications or delivery portals, your customers' email addresses are used to send delivery status communications. You should disclose these practices to your customers if required by applicable privacy law.

8. Security

We use industry-standard security measures including:

• Encrypted HTTPS connections for all data in transit
• Bcrypt-hashed passwords and SHA-256-hashed API keys (raw values are never stored)
• Tenant isolation — your data is logically separated from other accounts at the database level
• Access-controlled photo serving — proof-of-delivery photos are only accessible to authenticated users within your account
• Session management — you can view and revoke active login sessions from the Users page
• HMAC-SHA256 webhook signatures to allow verification of outbound payloads

No system is perfectly secure, and we cannot guarantee absolute security of your data.

9. Your Rights

Depending on your location, you may have rights regarding your personal data, including:

• Access to the personal data we hold about you
• Correction of inaccurate data
• Deletion of your account and associated personal data
• Export of your data in a machine-readable format (CSV export available in the app)
• Objection to certain processing activities

To exercise any of these rights, contact us at support@my-runsheet.com. We will respond within 30 days.

10. California Consumer Privacy Act (CCPA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):

• Right to Know: You may request disclosure of the categories and specific pieces of personal information we have collected about you
• Right to Delete: You may request deletion of personal information we have collected from you, subject to certain exceptions
• Right to Opt-Out: We do not sell personal information. There is nothing to opt out of with respect to the sale of your data
• Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights

To submit a CCPA request, contact us at support@my-runsheet.com. We will verify your identity before processing the request and respond within 45 days.

11. GDPR — Rights of EU/EEA Users

If you are located in the European Union or European Economic Area, you have the following rights under the General Data Protection Regulation (GDPR):

• Right of Access (Art. 15): Obtain a copy of your personal data and information about how it is processed
• Right to Rectification (Art. 16): Request correction of inaccurate or incomplete personal data
• Right to Erasure (Art. 17): Request deletion of your personal data where there is no compelling reason for continued processing
• Right to Restriction (Art. 18): Request that we restrict processing of your personal data in certain circumstances
• Right to Data Portability (Art. 20): Receive your personal data in a structured, machine-readable format
• Right to Object (Art. 21): Object to processing of your personal data where we rely on legitimate interests as our legal basis
• Right to Lodge a Complaint: You have the right to lodge a complaint with your local data protection authority

Our legal basis for processing personal data is primarily contractual necessity (providing the Service you signed up for) and legitimate interests (security, fraud prevention, service improvement). To exercise any GDPR rights, contact us at support@my-runsheet.com. We will respond within 30 days.

Please note that our server infrastructure is hosted in the EU (Hetzner, Falkenstein, Germany). Data processed by sub-processors located outside the EEA (such as Stripe, Twilio, Google, and Anthropic in the United States) is transferred under Standard Contractual Clauses or equivalent transfer mechanisms.

12. Cookies and Local Storage

RunSheet does not use tracking or advertising cookies. Our use of browser-based storage is limited to the following:

• localStorage: We store your authentication token (JWT), language preference, and UI state (e.g., hide-completed preference) in browser localStorage. This data stays on your device and is not transmitted to any third party other than as an authorization header in API requests to our own servers
• IndexedDB: The driver app uses IndexedDB to queue deliveries for offline submission when network connectivity is unavailable. Queued data is uploaded to our servers when connectivity is restored and deleted from local storage on successful upload
• Session cookies: We may use session cookies for authentication state management. These expire when you close your browser or log out

The customer delivery portal uses URL-embedded tokens and does not require any login or additional cookies.

13. Children's Privacy

RunSheet is a business tool and is not directed at individuals under 18. We do not knowingly collect personal information from minors. If you believe a minor has provided us with personal information, contact us and we will delete it.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by displaying a notice in the Service. The "last updated" date at the top of this page reflects the most recent revision.

15. Contact

Questions about this Privacy Policy or your data? Contact us at support@my-runsheet.com.