What we collect

• Account — name, email, phone, payment method. Required to dispatch a job to you.
• Location during a job — driver, pickup, drop-off coordinates. Used only for routing and the rider's live track view. Discarded 30 days after the job closes.
• Cargo metadata — class, temperature, weight. We don't read package contents.
• Audit events — every state change is signed. Signatures are public; payloads are scoped to the involved parties.

What we don't do

• We never sell personal data.
• We don't ad-target. There are no ads.
• We don't share location with third parties beyond the driver–rider pairing during an active job.
• Internal error reporting hashes any identifier-shaped string before it leaves a device — driver, rider, vehicle, tenant IDs are all hashed by the SDKs.

Deletion + portability

You can ask us to delete your account and the personal data we hold for you. Audit events that name you cryptographically (signed by a driver, by an agent) are redacted to hash-only references — we can't unsign the past. We respond within 30 days, usually within 5.

Reach us through /contact or directly at privacy@l1fe.ai.

Subprocessors

We process data with Cloudflare (edge + R2), Postgres (Citus), Redis (Sentinel), Sentry (with PII scrubbed at source), PagerDuty (ops-only events), and our own self-hosted OSRM. We never depend on Google Directions / Maps for routing. Full list is in our SOC 2 control inventory; ask security@l1fe.ai.