Howdy Dispatch

Privacy Policy

Last updated: May 2026

Who This Policy Applies To

Howdy Dispatch is a strictly business-to-business (B2B) software platform sold to U.S. licensed motor carriers. This Privacy Policy describes how we handle information about four groups of people:

  • Carrier owners and administrators who sign up and manage the account
  • Dispatchers who use the desktop application to assign loads and track trucks
  • Drivers who use the iOS application to receive assignments, capture photos, and report location
  • Marketing-website visitors who have not signed up

Howdy Dispatch is not sold to, marketed to, or intended for individual consumers, freight brokers, shippers, or anyone under the age of 18.

Information We Collect

We collect the minimum information needed to operate the platform. Categories below are organized by data subject so it is clear who the information is about and how it flows.

From Carrier owners, administrators, and dispatchers

  • Account information: name, email address, password (hashed by our identity provider), role within the Carrier, profile photo (optional)
  • Carrier information: company name, address, MC#, USDOT#, EIN (optional), billing email
  • Authentication signals: sign-in timestamps, IP address at sign-in, multi-factor enrollment status, opaque user identifier from our identity provider
  • Usage data: pages and features viewed inside the application, aggregate counts of loads and assignments created
  • Billing information: subscription plan, billing email, and the last four digits of the card on file. We do not store full card numbers; payment data is held by our PCI-compliant payment processor under their own controls.
  • Support communications: emails or messages you send us, and our responses

From drivers (via the iOS application)

  • Name, mobile phone number, email (optional)
  • Profile photo (optional)
  • Commercial Driver License (CDL) number and expiry date, voluntary fields that a Carrier admin may add to a driver record. Drivers may decline.
  • GPS coordinates collected while the driver is signed in and assigned to an active load. Typically every 60 to 90 seconds for the duration of the assignment. We do not collect GPS coordinates while a driver is signed out or not on assignment.
  • Photos that a driver uploads in the course of an assignment (load proof, manifest, delivery proof) and timestamps
  • Push notification token, used solely to deliver assignment-related notifications
  • Device model and operating-system version, for support and bug-triage

From marketing-website visitors

  • Standard server-side request data (IP address, user agent, referring URL) for security and abuse prevention
  • Cookies and aggregate analytics on which pages were viewed (see Cookies & Tracking)
  • Information you voluntarily submit through forms (name, email, company, fleet size, message)

We do not sell personal information, and we do not share personal data with third parties for their own marketing purposes.

Driver GPS : Special Notice

GPS collection is the most sensitive thing the Service does. Read this section closely.

  • When we collect: only while a driver is signed in to the iOS application AND assigned to an active load. Not while the driver is signed out. Not while the driver is between assignments.
  • How often: typically every 60 to 90 seconds during an active assignment.
  • What we collect: latitude, longitude, accuracy, and a server-side timestamp. We do not collect altitude, heading, or device sensor data unless required to deliver a specific feature the Carrier has explicitly enabled.
  • How long we keep it: 90 days of granular per-load GPS history, unless a legal-hold request requires longer retention. Aggregate route data may be retained longer in de-identified form to operate analytics features.
  • Who can see it: only Authorized Users on the Carrier's account. We do not share Driver GPS with brokers, customers, insurers, or law enforcement except by valid legal process.
  • The driver's right to refuse: a driver may decline GPS permission at the OS level. The iOS application will not function for assignment workflows without GPS, since dispatch visibility into active loads is the core product. A driver who declines should raise this with the employer-Carrier.
  • Carrier responsibility: the Carrier is the controller of Driver Data and is responsible for obtaining any notice or consent required from drivers under applicable state law. We act as a processor on the Carrier's behalf.

How We Use Your Information

We use information for the following defined purposes only:

  • Operate the platform: authenticate users, provision Carrier workspaces, deliver push notifications, render maps, and capture per-load records
  • Provide customer support: respond to questions, troubleshoot issues, recover access
  • Bill and account-manage: process subscriptions, send receipts, handle plan changes, cancellations, and refund requests
  • Send transactional communications: email verification, password resets, security alerts, billing notices
  • Improve the platform: aggregate, B2B-level usage analytics so we know which features matter. Driver Data and Load Data are not used for cross-Carrier analytics.
  • Maintain security and integrity: detect abuse, prevent fraud, enforce our Terms
  • Meet legal obligations: respond to lawful requests, comply with tax and accounting laws

We do not:

  • Sell personal information for any purpose
  • Use Driver GPS or photos for advertising or commercial profiling
  • Use Load Data or Driver Data to train AI models
  • Share Driver location with anyone outside the Carrier's account, except by valid legal process

How We Share Information

We share personal information only as follows:

  • With Authorized Users on the Carrier's account. Dispatchers can see drivers' assignments and location while on an active load.
  • With categories of service providers needed to operate the Service: cloud infrastructure, payment processing (Stripe, named because users are redirected to its checkout), email delivery, web analytics, customer-support tools, and mapping. A named list of service providers is available to enterprise carriers under NDA.
  • For legal compliance when required by valid legal process, or to protect rights, property, or safety.
  • In connection with a corporate transaction such as a merger, acquisition, or sale of assets. Any successor will be bound by privacy commitments at least as protective as this Policy.

We do not share personal information with insurers, brokers (except when a Carrier explicitly enables a per-load tracking share link), law enforcement (except by valid legal process), or any party for their own advertising or marketing purposes.

Cookies & Tracking

We use a small set of cookies on the marketing website and a session cookie inside the application:

  • Strictly necessary: session cookie for authentication; load-balancing cookies set by our hosting provider
  • Analytics (consent-gated): Google Analytics 4 with IP-anonymization on, fired only after explicit user consent through the cookie banner
  • Preference: a single first-party cookie storing your cookie-consent choice and theme preference

We honor the Global Privacy Control (GPC) signal: when your browser sends GPC, we treat it as a valid opt-out of analytics and any future targeted-advertising signals, and we do not show the cookie banner. You may also reopen the banner via the "Manage Cookies" link in the footer.

Your Privacy Rights : State Laws

Depending on where you live, you may have one or more of the following rights under state law: the right to know what personal information we hold about you, the right to correct it, the right to delete it, the right to a portable copy, the right to opt out of targeted advertising or sale (we do not engage in either), and the right to appeal a denial. These rights are recognized under, among others, the California Consumer Privacy Act / California Privacy Rights Act (CCPA/CPRA), the Texas Data Privacy and Security Act (TDPSA), the Virginia Consumer Data Protection Act (VCDPA), the Colorado Privacy Act (CPA), the Connecticut Data Privacy Act (CTDPA), and the Utah Consumer Privacy Act (UCPA).

To submit a request, email privacy@howdydispatch.comwith the subject line "Privacy Request" and indicate the right you are exercising. We will verify your identity with information reasonably linked to your account (email, Carrier name, MC#) before fulfilling the request. We respond within the timeframe required by applicable state law (typically 45 days, extendable once).

See also our Do Not Sell or Share My Personal Information page.

Your Privacy Rights : Federal

The Driver's Privacy Protection Act (DPPA, 18 USC §2721) restricts the use of state DMV records. We do not collect, purchase, or scrape DMV records. CDL information that appears in a driver's profile is voluntarily entered by the Carrier or driver and is used solely for the Carrier's internal management.

We do not perform background checks, credit checks, or consumer-report inquiries on drivers or any other individual. If a Carrier wishes to run such checks, the Carrier engages a separate consumer-reporting agency outside the Service.

Data Retention

  • Carrier account data: retained for the life of the subscription plus 30 days after termination for export, then deleted from active systems within a reasonable time
  • Driver GPS history: 90 days granular, unless a legal-hold request requires longer
  • Load photos and per-load records: retained for the life of the Carrier account (subject to FMCSA carrier record-retention norms; the Carrier remains the record-keeper of record)
  • Authentication and security logs: 13 months
  • Marketing-only contact data: retained on our CAN-SPAM suppression list for 5 years after unsubscribe to honor your opt-out
  • Backups: follow our standard retention cycle (typically 35 days for daily backups), then deleted

Data Security

We describe our security posture publicly at https://howdydispatch.com/security. Briefly: encryption in transit and at rest, multi-factor authentication required for owner and admin roles, audit logging, multi-tenant row-level isolation by Carrier, signed time-limited upload URLs, and daily managed-database backups.

No security program eliminates risk. If we discover a personal-data breach that materially affects you, we will notify you and any applicable regulator within the timeframes required by law.

International Data Transfers

Howdy Dispatch is a U.S.-only Service. We do not knowingly process personal data of individuals located outside the United States. We do not target the Service to residents of the European Economic Area, the United Kingdom, or other jurisdictions outside the U.S.

Children's Privacy

The Service is not intended for anyone under 18. We do not knowingly collect personal information from minors. If you believe a minor has provided personal information to us, contact privacy@howdydispatch.com and we will delete it promptly.

Marketing Communications

We send only transactional communications (billing, security, account, support) and, with your opt-in, occasional product or news emails. Every marketing email includes a one-click unsubscribe link, and our physical address as required by the CAN-SPAM Act. MVP does not send SMS messages.

Third-Party Sites

Our marketing site and blog may link to third-party sites such as FMCSA, broker portals, or industry publications. We do not control those sites and are not responsible for their privacy practices.

Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will give you at least 30 days' notice by email and by posting a notice in the Service before the changes take effect. The "Last updated" date at the top of this page reflects the most recent revision.

Contact

Questions about this Privacy Policy may be sent to:

Yikes Dude LLC
Operating as Howdy Dispatch
Austin, TX
privacy@howdydispatch.com