Privacy Policy

How YardHawk collects, uses, and protects information across the platform.

Effective Date: July 1, 2026

This Privacy Policy explains how YardHawk LLC ("YardHawk," "we," "us," or "our") collects, uses, shares, and protects information in connection with the YardHawk yard and asset operations platform, including our website, our installed desktop and tablet applications, our demo environment, and any hardware we provide (collectively, the "Service").

YardHawk is provided to businesses ("Customers") on a business-to-business basis. If you are an employee, contractor, or other authorized user accessing the Service on behalf of a Customer, this policy explains what information we collect about you and how we handle it. Your employer or organization's administrator controls your account and may have its own policies governing your use of the Service.

1. Scope of This Policy

This policy applies to the YardHawk marketing website (yardhawkpro.com), our demo environment, the YardHawk desktop application (Windows), the YardHawk tablet application (Android), and any YardHawk-provided hardware paired to those applications. Production access to Customer Data is provided only through these installed, managed applications — we do not offer a general public web login, and our demo environment uses sample data only.

2. Information We Collect

2.1 Account & Contact Information

When your organization creates an account for you, or when you contact us, we may collect: your name, username, email address, phone number (if provided), job role or title, and your assigned role and permissions within the Service. Passwords are never stored in plain text — they are one-way hashed (via Supabase Auth, using bcrypt) and cannot be retrieved by us.

2.2 Customer Data

In the course of using the Service, your organization and its users input operational data such as trailer, rail car, and equipment records; yard and location maps; load/unload and inspection records, including photos, signatures, and free-text notes; hauling session logs; scale weights and weight tickets; and uploaded documents and forms ("Customer Data"). Customer Data belongs to your organization. For Customer Data, we act as a service provider processing information on your organization's behalf and instructions — we do not use it for our own independent purposes such as advertising, and we do not sell it.

2.3 Device & Pairing Information

Desktop and tablet devices connect to your organization's dedicated database through a time-limited, single-use pairing code. We store a hashed (non-reversible) version of each pairing code and device secret, along with device type, assignment, and last-seen timestamps, so your administrators can see which devices are paired and revoke access if a device is lost or decommissioned.

2.4 Usage, Log & Audit Data

We automatically log actions taken in the Service — such as record creation and edits, status changes, logins, and permission checks — together with a timestamp, the acting user, and technical details such as IP address and request metadata. These audit logs are immutable by design: they give your organization a reliable operational record and help us detect and investigate security issues.

2.5 AI Assistant

The Service includes an optional in-app AI assistant that answers questions about how to use YardHawk. When you use it, your question text, your current page/location in the app, your role, your enabled permission flags, and recent turns of the conversation are sent to Google's Gemini API (Google LLC) to generate a response. Please do not enter sensitive personal information, credentials, or confidential third-party data into the assistant. Questions and answers are also logged in your organization's own database so your administrators can review assistant usage; they are not used by us to train any model.

2.6 Contact Form Submissions

If you submit the "Request a Demo" or contact form on our marketing site, the name, email, company, phone number, and message you provide are transmitted to and processed by Formspree, a third-party form-processing service, and delivered to our sales inbox. Formspree's own privacy policy governs its handling of that submission in transit.

2.7 Payment & Billing Information

Subscription fees are billed directly by YardHawk based on the terms in your order form or invoice. We do not store full payment card numbers. If a third-party payment processor is used for a given Customer, that processor's own privacy and security practices govern the payment data it collects.

2.8 Cookies & Local Storage

The Service uses strictly necessary session cookies (HttpOnly, Secure, SameSite) to keep you signed in and to protect against cross-site request forgery. Our marketing site stores a single local preference (whether you've selected dark mode) in your browser's local storage; this value never leaves your browser. We do not use third-party advertising or cross-site tracking cookies.

3. How We Use Information

4. How Information Is Shared

We do not sell personal information. We share information only as described below, with the service providers ("sub-processors") who help us deliver the Service, with your organization's own administrators to the extent their role permits, when required by law or legal process, to protect the rights, property, or safety of YardHawk or others, or in connection with a merger, acquisition, or sale of assets (subject to continued protection under a policy at least as protective as this one).

Sub-processorPurposeData involved
SupabaseDatabase, authentication, encrypted file storage — one isolated project per CustomerCustomer Data, account data, audit logs
RenderApplication hostingAll data in transit through the Service
AWS SESTransactional email deliveryRecipient email address, message content
FormspreeMarketing site contact-form processingName, email, company, phone, message
Google LLC (Gemini API)Generates AI assistant responsesQuestion text, current page, role/permissions, recent conversation
GitHubPrivate source code hostingSource code only — no Customer Data

5. Storage, Security & Retention

Each Customer's data is stored in a physically separate, isolated database — never a shared table with other Customers. All traffic to the Service is encrypted in transit (TLS 1.2+), and data is encrypted at rest. Access is controlled through authentication and role-based permissions, and every meaningful action is captured in an audit log. We retain Customer Data for as long as your organization's account is active, plus a limited backup-retention window (typically 7–30 days) used solely for disaster recovery. Upon request following termination of your organization's account, we will export or delete Customer Data within a commercially reasonable time, except where retention is required by law or for legitimate backup/audit purposes.

6. Where Data Is Located

Our infrastructure (Supabase, Render, AWS SES) is hosted in the United States. If you access the Service from outside the United States, your information will be transferred to and processed in the United States.

7. Your Choices & Rights

If you are an individual user of a Customer's account, requests to access, correct, or delete your personal information should generally be directed to your organization's administrator, since they control your account. If you are a Customer organization, you may contact us directly using the information below to request access to, correction of, export of, or deletion of information we hold, and we will respond consistent with applicable law (which may include rights under laws such as the GDPR or U.S. state privacy laws, depending on where you're located).

8. Children's Privacy

The Service is a business tool intended for use by adult employees and contractors of business Customers. It is not directed at, and we do not knowingly collect information from, children.

9. Security Incident Notification

If we confirm unauthorized access to your organization's Customer Data, we will notify your organization's designated contact without undue delay, and in any event within 72 hours of confirming the incident, describing what happened, what information was involved, and the steps we are taking.

10. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will update the effective date above and, where appropriate, notify Customer administrators directly. Continued use of the Service after an update constitutes acceptance of the revised policy.

11. Contact Us

Questions about this Privacy Policy or your information can be sent to cory.niemann@yardhawkpro.com.

YardHawk LLC