Privacy Policy

Last updated: April 2, 2026

1. Introduction

HammerDash, Inc. ("we," "us," or "our") respects your privacy. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use HammerDash ("the Service").

2. Information We Collect

2.1 Information You Provide

  • Account information: Name, email address, phone number, company name
  • Business data: Vehicle information, driver records, expense records, trip data, fuel purchases, load details, invoices
  • Financial data: Revenue, expenses, tax-related information for IFTA, Schedule C, and per diem calculations
  • Uploaded files: Receipt images, bills of lading, proof of delivery documents
  • Payment information: Processed by Whop (our merchant of record) — we do not store your credit card or bank account numbers. Whop handles all payment data securely.

2.2 Information Collected Automatically

  • Usage data: Pages visited, features used, time spent, device type, browser
  • Log data: IP address, access times, referring URLs
  • Cookies: Session cookies for authentication and preferences

2.3 Third-Party Integrations

If you connect ELD providers (Samsara, Motive), fuel cards (WEX), banking (Plaid), or accounting software (QuickBooks), we receive data from those services as authorized by you. We only access data necessary to provide the Service.

3. How We Use Your Information

  • Provide, maintain, and improve the Service
  • Calculate IFTA taxes, per diem deductions, cost per mile, and load profitability
  • Process receipt OCR and AI-powered expense categorization
  • Generate invoices, reports, and tax estimates
  • Send transactional emails (invoices, alerts, account updates)
  • Respond to support requests
  • Detect and prevent fraud or abuse

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

4. AI Data Processing

HammerDash uses AI services (Anthropic Claude) for expense categorization, receipt scanning, tax estimates, and chat assistance. When you use these features:

  • Your data is sent to Anthropic's API for processing
  • We send only the minimum data needed for each request
  • Anthropic does not use your data to train their models (per their commercial API terms)
  • AI-processed data is not stored by third-party AI providers beyond the duration of the request

5. Data Sharing

We share your information only with:

  • Service providers: Supabase (database/auth), Anthropic (AI), Whop (payments/merchant of record), Resend (email), Vercel (hosting) — each bound by data processing agreements
  • Third-party integrations: Only when you explicitly connect them (ELD, fuel card, QuickBooks, Plaid)
  • Legal requirements: If required by law, court order, or government request
  • Business transfers: In connection with a merger, acquisition, or sale of assets (with prior notice)

6. Data Storage & Security

  • Data is stored on Supabase (hosted on AWS) in the United States
  • All data is encrypted in transit (TLS 1.2+) and at rest
  • Database access is controlled by Row-Level Security (RLS) policies ensuring tenant isolation
  • OAuth tokens for third-party integrations are encrypted at the application level
  • Receipt images are stored in private storage buckets with access policies
  • We conduct regular security reviews of our codebase and infrastructure

7. Data Retention

  • Active accounts: Data is retained as long as your account is active
  • IFTA records: Retained for a minimum of 4 years per federal audit requirements, even if you delete your account
  • Deleted accounts: Personal data is deleted within 30 days of account deletion, except where retention is required by law
  • Backups: Database backups are retained for up to 30 days and then automatically purged

8. Your Rights

You have the right to:

  • Access: Request a copy of your personal data
  • Correction: Update inaccurate information
  • Deletion: Request deletion of your account and data
  • Export: Download your data in a portable format
  • Restrict processing: Limit how we use your data
  • Withdraw consent: Disconnect third-party integrations at any time

To exercise these rights, contact ramazan.valiev@proton.me.

9. Cookies

We use essential cookies for authentication and session management. We do not use advertising or tracking cookies. No cookie consent banner is required as we only use strictly necessary cookies.

10. Children's Privacy

The Service is not intended for individuals under 18 years of age. We do not knowingly collect data from minors.

11. California Residents (CCPA)

If you are a California resident, you have additional rights under the CCPA, including the right to know what data we collect, request deletion, and opt out of data sales. We do not sell personal information. To exercise CCPA rights, contact ramazan.valiev@proton.me.

12. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be communicated via email or in-app notification at least 15 days before they take effect.

13. Contact

For privacy-related questions or requests:
ramazan.valiev@proton.me
HammerDash, Inc.
Georgia, United States