Effective Date: July 1, 2026
This Privacy Policy explains how YardHawk LLC ("YardHawk," "we," "us," or "our") collects, uses, shares, and protects information in connection with the YardHawk yard and asset operations platform, including our website, our installed desktop and tablet applications, our demo environment, and any hardware we provide (collectively, the "Service").
YardHawk is provided to businesses ("Customers") on a business-to-business basis. If you are an employee, contractor, or other authorized user accessing the Service on behalf of a Customer, this policy explains what information we collect about you and how we handle it. Your employer or organization's administrator controls your account and may have its own policies governing your use of the Service.
Contents
1. Scope of This Policy
This policy applies to the YardHawk marketing website (yardhawkpro.com), our demo environment, the YardHawk desktop application (Windows), the YardHawk tablet application (Android), and any YardHawk-provided hardware paired to those applications. Production access to Customer Data is provided only through these installed, managed applications — we do not offer a general public web login, and our demo environment uses sample data only.
2. Information We Collect
2.1 Account & Contact Information
When your organization creates an account for you, or when you contact us, we may collect: your name, username, email address, phone number (if provided), job role or title, and your assigned role and permissions within the Service. Passwords are never stored in plain text — they are one-way hashed (via Supabase Auth, using bcrypt) and cannot be retrieved by us.
2.2 Customer Data
In the course of using the Service, your organization and its users input operational data such as trailer, rail car, and equipment records; yard and location maps; load/unload and inspection records, including photos, signatures, and free-text notes; hauling session logs; scale weights and weight tickets; and uploaded documents and forms ("Customer Data"). Customer Data belongs to your organization. For Customer Data, we act as a service provider processing information on your organization's behalf and instructions — we do not use it for our own independent purposes such as advertising, and we do not sell it.
2.3 Device & Pairing Information
Desktop and tablet devices connect to your organization's dedicated database through a time-limited, single-use pairing code. We store a hashed (non-reversible) version of each pairing code and device secret, along with device type, assignment, and last-seen timestamps, so your administrators can see which devices are paired and revoke access if a device is lost or decommissioned.
2.4 Usage, Log & Audit Data
We automatically log actions taken in the Service — such as record creation and edits, status changes, logins, and permission checks — together with a timestamp, the acting user, and technical details such as IP address and request metadata. These audit logs are immutable by design: they give your organization a reliable operational record and help us detect and investigate security issues.
2.5 AI Assistant
The Service includes an optional in-app AI assistant that answers questions about how to use YardHawk. When you use it, your question text, your current page/location in the app, your role, your enabled permission flags, and recent turns of the conversation are sent to Google's Gemini API (Google LLC) to generate a response. Please do not enter sensitive personal information, credentials, or confidential third-party data into the assistant. Questions and answers are also logged in your organization's own database so your administrators can review assistant usage; they are not used by us to train any model.
2.6 Contact Form Submissions
If you submit the "Request a Demo" or contact form on our marketing site, the name, email, company, phone number, and message you provide are transmitted to and processed by Formspree, a third-party form-processing service, and delivered to our sales inbox. Formspree's own privacy policy governs its handling of that submission in transit.
2.7 Payment & Billing Information
Subscription fees are billed directly by YardHawk based on the terms in your order form or invoice. We do not store full payment card numbers. If a third-party payment processor is used for a given Customer, that processor's own privacy and security practices govern the payment data it collects.
2.8 Cookies & Local Storage
The Service uses strictly necessary session cookies (HttpOnly, Secure, SameSite) to keep you signed in and to protect against cross-site request forgery. Our marketing site stores a single local preference (whether you've selected dark mode) in your browser's local storage; this value never leaves your browser. We do not use third-party advertising or cross-site tracking cookies.
3. How We Use Information
- To provide, maintain, and secure the Service
- To authenticate users and enforce role-based permissions
- To generate the audit trail your organization relies on for operations, accounting, and compliance
- To respond to support requests and demo/contact inquiries
- To detect, investigate, and prevent fraud, abuse, and security incidents
- To communicate service updates, security notices, and, where appropriate, product news
4. How Information Is Shared
We do not sell personal information. We share information only as described below, with the service providers ("sub-processors") who help us deliver the Service, with your organization's own administrators to the extent their role permits, when required by law or legal process, to protect the rights, property, or safety of YardHawk or others, or in connection with a merger, acquisition, or sale of assets (subject to continued protection under a policy at least as protective as this one).
| Sub-processor | Purpose | Data involved |
|---|---|---|
| Supabase | Database, authentication, encrypted file storage — one isolated project per Customer | Customer Data, account data, audit logs |
| Render | Application hosting | All data in transit through the Service |
| AWS SES | Transactional email delivery | Recipient email address, message content |
| Formspree | Marketing site contact-form processing | Name, email, company, phone, message |
| Google LLC (Gemini API) | Generates AI assistant responses | Question text, current page, role/permissions, recent conversation |
| GitHub | Private source code hosting | Source code only — no Customer Data |
5. Storage, Security & Retention
Each Customer's data is stored in a physically separate, isolated database — never a shared table with other Customers. All traffic to the Service is encrypted in transit (TLS 1.2+), and data is encrypted at rest. Access is controlled through authentication and role-based permissions, and every meaningful action is captured in an audit log. We retain Customer Data for as long as your organization's account is active, plus a limited backup-retention window (typically 7–30 days) used solely for disaster recovery. Upon request following termination of your organization's account, we will export or delete Customer Data within a commercially reasonable time, except where retention is required by law or for legitimate backup/audit purposes.
6. Where Data Is Located
Our infrastructure (Supabase, Render, AWS SES) is hosted in the United States. If you access the Service from outside the United States, your information will be transferred to and processed in the United States.
7. Your Choices & Rights
If you are an individual user of a Customer's account, requests to access, correct, or delete your personal information should generally be directed to your organization's administrator, since they control your account. If you are a Customer organization, you may contact us directly using the information below to request access to, correction of, export of, or deletion of information we hold, and we will respond consistent with applicable law (which may include rights under laws such as the GDPR or U.S. state privacy laws, depending on where you're located).
8. Children's Privacy
The Service is a business tool intended for use by adult employees and contractors of business Customers. It is not directed at, and we do not knowingly collect information from, children.
9. Security Incident Notification
If we confirm unauthorized access to your organization's Customer Data, we will notify your organization's designated contact without undue delay, and in any event within 72 hours of confirming the incident, describing what happened, what information was involved, and the steps we are taking.
10. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will update the effective date above and, where appropriate, notify Customer administrators directly. Continued use of the Service after an update constitutes acceptance of the revised policy.
11. Contact Us
Questions about this Privacy Policy or your information can be sent to cory.niemann@yardhawkpro.com.
YardHawk LLC