What we do with your data
Plain English summary of what we collect, why, and what we do with it.
What we collect
When you submit a transport request, we save:
- The full email or form submission you sent — body, attachments, headers
- Sender email + name
- All the structured details we extracted (pickup address, delivery address, contact phones, cargo description, etc.)
- The OnTime360 order we created from it (if approved)
- Any operator notes added during review
Why we collect it
- To do the job you asked us to do — book and run the transport
- For audit and compliance — TSA, customers' contracts, legal recordkeeping
- To improve future requests — past templates auto-fill the public form for existing vendors (only their own templates, never anyone else's)
What we do NOT collect
- We do not track you across other websites
- We do not sell your data
- We do not show your data to other vendors
Who can see your requests
Inside Modal:
- Dispatch (Troy and team) — sees everything in the inbox
- ProperTech engineers (the system administrators) — can see records when investigating issues, but day-to-day they don't read individual emails
- Modal admin / operations — limited access, on a need-to-know basis
Outside Modal:
- No one — your data is not shared with other vendors, customers, or third parties unless required for the actual shipment (e.g., the consignee at the delivery address).
How long we keep it
| Type of data | Retention |
|---|---|
| Order records (the OnTime360 entry) | Indefinitely — required for audit, billing reconciliation, claim handling |
| Original email body + attachments | Configurable; typically 90 days for raw email, 1 year for attachments |
| Extracted structured details | Indefinitely — small data, useful for analytics and template generation |
If you have a specific contractual retention requirement, let us know and we can adjust per-vendor.
Vendor PINs
PINs (used by existing vendors to access pre-filled templates) are stored as one-way scrypt hashes, not as plaintext. Even our engineers can't read the PIN from the database — only verify whether a guess matches. If you forget yours, we generate a new one rather than recovering the old.
Captcha
The online form uses Vercel's bot detection (called BotID) to keep automated scripts from spamming the form. It checks whether your browser looks like a real human's browser — no personal data leaves your machine to do this.
Data location
- Database: Neon Postgres, US East region
- Email storage: Vercel Blob, US region
- Email transit: Postmark (Boston, MA, US)
- Compute: Vercel functions, US East
If you have specific data-residency requirements (EU, UK, etc.), let us know — we'd need to discuss before bringing on a request that doesn't fit our current setup.
Questions
Contact us if you need anything specific about data handling for your contract.