Privacy Policy

Last updated: June 2026

FreightProof is a carrier vetting and freight compliance service operated by Rootz Corp, based in Pittsfield, Massachusetts. This policy explains what data we collect, how we use it, and your rights regarding that data.

1. Information We Collect

Account information. When you sign up, we collect your email address, company name, and contact name. This is the minimum needed to create and manage your account.

Newsletter and contact information. If you sign up for product updates, we store your email address and your consent. If you use our contact form, we store the name, company, email, and message you provide, so we can respond. We use this only to reply to you and to send the updates you opted into — you can unsubscribe, or ask us to delete it, at any time.

Usage data and first-party analytics. We keep our own aggregate, privacy-respecting metrics — page views, which pages were visited, and whether a visit came from a person or an automated crawler — for service reliability and to understand what is useful. This is first-party only: no analytics cookies, no tracking pixels, no third-party ad or analytics scripts, and no cross-site tracking. We do not store your IP address or browser string as identifying data; visitor counts use a daily-rotating, one-way hash that cannot be tied back to you or linked across days.

Payment information. Payments are processed by Stripe. FreightProof never receives, stores, or processes your credit card numbers. Stripe handles all payment card data under their own PCI-DSS compliant privacy policy.

Carrier vetting records. When you run a carrier vetting report, FreightProof retrieves publicly available data from the FMCSA (a US federal government source in the public domain) and assembles an evidence package linked to your broker account.

2. How We Use Your Information

We use your information to:

  • Provide the service -- generate carrier vetting reports, maintain your account, and store your evidence packages.
  • Process payments -- pass necessary billing details to Stripe to complete transactions.
  • Send emails you have asked for -- magic-link sign-in emails and service notifications, and, only if you opted in, occasional product-update emails. Every update email includes an unsubscribe option. We do not sell your email address or send you anything you did not request.
  • Maintain evidentiary integrity -- anchor SHA-256 hashes of evidence packages to a public blockchain to create a tamper-evident record. Only the cryptographic hash is published on-chain; no personal information or document content is ever written to the blockchain.

    • 3. Cookies

    FreightProof sets one cookie:

    CookiePurposeTypeExpiry
    fp_sessionSession authenticationHttpOnly, Secure, SameSite=Lax30 days

    This is a functional session cookie required to keep you signed in. We do not use tracking cookies, analytics cookies, or any third-party cookies.

    4. Data Sharing

    We do not sell your personal data. We do not share your data with third parties for marketing or advertising purposes.

    We share data only with:

  • Stripe -- to process payments. Stripe acts as an independent data controller for payment card data under their own privacy policy.
  • Blockchain networks -- we publish SHA-256 hashes (not readable data) to anchor evidence timestamps. These hashes cannot be reversed to recover the underlying information.

    • We may disclose information if required by law, subpoena, or court order.

    5. Data Retention

  • Account data is retained for as long as your account is active. If you close your account, we will delete your account information upon request.
  • Carrier vetting records and evidence packages are retained as part of the evidentiary chain -- this is the core product. These records serve as your proof of carrier due diligence and are retained to preserve their evidentiary value. You may request deletion, but we will inform you of the compliance implications before proceeding.
  • Blockchain-anchored hashes are permanent by design. Since these are cryptographic hashes with no personal information, they cannot be deleted from the blockchain, nor can they be used to identify any individual.

    • 6. Your Rights

    You have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate information in your account.
  • Delete your account and associated personal data.
  • Export your data in a standard format.

    • To exercise any of these rights, email steven@sprague.com. We will respond within 30 days.

    7. Security

  • All data is transmitted over HTTPS (TLS encryption in transit).
  • Evidence packages are hashed (SHA-256) and blockchain-anchored to provide tamper evidence.
  • Session cookies use HttpOnly, Secure, and SameSite flags to prevent interception and cross-site attacks.
  • Data is stored on US-based servers.
  • Payment card data is handled entirely by Stripe and never touches our systems.

    • 8. Children

    FreightProof is a business-to-business freight compliance service. It is not directed at children under 13, and we do not knowingly collect information from children under 13.

    9. Changes to This Policy

    We may update this policy from time to time. If we make material changes, we will notify you by email or by posting a notice on the service. The "Last updated" date at the top reflects the most recent revision.

    10. Contact

    For questions about this privacy policy or your data:

    Rootz Corp 111 Swamp Rd Pittsfield, MA 01201

    Email: steven@sprague.com