Loading
Transparent, secure, and responsible data handling. Learn how we protect your shipping data and maintain your trust.
Last Updated: January 2025 | Effective Date: January 2025 | Version: 1.0
These principles guide everything we do with your data
We implement industry-standard encryption, access controls, and security protocols to protect your data from unauthorized access, loss, or theft.
We clearly communicate what data we collect, why we collect it, how we use it, and who has access to it. No hidden practices or surprises.
We only collect and use data that is necessary for providing our logistics analytics services. We don't collect data "just in case."
You have the right to access, correct, delete, or export your data at any time. We provide clear processes for exercising these rights.
We never sell your shipping data to third parties. Your data is used solely to provide analytics services to you.
We retain your data only as long as necessary for business purposes or as required by law, then securely delete it.
We collect only the data necessary to provide logistics analytics services
Freight invoices, shipment details, carrier information, rates, lanes, weights, and delivery information that you provide or authorize us to access from your systems.
Business name, contact information, billing details, and user account credentials necessary to provide and manage your service account.
How you interact with our platform, features used, reports generated, and technical data like IP addresses and browser information for security and service improvement.
Your data is used exclusively to deliver analytics services
You provide shipping data through secure uploads or API connections
We harmonize, standardize, and analyze your data using automated systems
We create insights, reports, and visualizations for your business decisions
Your data is stored securely and only accessible to authorized personnel
We use your shipping data only to provide logistics analytics services, including data harmonization, carrier cost analysis, network optimization, and contract management. We do not use your data for marketing purposes, resale, or any purpose unrelated to your analytics services. Your data remains your property, and we act as a trusted data processor on your behalf.
Multi-layered security measures to keep your data safe
All data is encrypted in transit using TLS and at rest using AES-256 encryption. Your data is protected both during transmission and while stored.
Role-based access controls ensure only authorized personnel can access your data. All access is logged and monitored. Employees sign confidentiality agreements.
We use reputable cloud service providers with SOC 2 Type II compliance. Regular security audits, backups, and disaster recovery procedures protect your data.
Your data is logically separated from other clients' data through access controls, data identifiers, and strict permission systems. This ensures that each client can only access their own data, preventing unauthorized access or data leakage between clients.
Continuous monitoring for suspicious activity, unauthorized access attempts, and system anomalies. Automated alerts notify us of potential security issues immediately.
We maintain an incident response plan. In the unlikely event of a data breach, we will notify affected clients within 72 hours and take immediate remediation steps.
We are transparent about who has access to your data
Stride Datus does not sell, rent, or trade your shipping data to any third parties. Your data is used exclusively to provide analytics services to you.
We may use trusted third-party service providers (cloud hosting, email services) that help us operate our platform. These providers are contractually bound to protect your data and use it only for the services we've engaged them for.
We may disclose data if required by law, court order, or government regulation. We will notify you of such requests when legally permitted, unless prohibited by law or court order.
We retain data only as long as necessary
Active Accounts: We retain your shipping data while your account is active and for up to 7 years after account closure to comply with business record-keeping requirements and to provide historical analytics.
Account Closure: Upon account closure, you may request immediate deletion of your data. We will delete your data within 30 days of your request, except where retention is required by law or for legitimate business purposes (e.g., resolving disputes).
Secure Deletion: When data is deleted, it is permanently removed from our active systems. Backups containing your data are retained for up to 90 days for disaster recovery purposes, then securely purged.
You have control over your data
Request a copy of all data we hold about you or your business. We'll provide it in a machine-readable format within 30 days.
Request corrections to inaccurate or incomplete data. We'll update your information promptly upon verification.
Request deletion of your data. We'll delete it within 30 days, except where retention is required by law.
Export your data in standard formats (CSV, JSON, Excel) for use in other systems or for your records.
Request that we limit how we process your data while you resolve concerns or disputes.
Object to processing of your data for specific purposes. We'll respect your request unless we have compelling legitimate grounds.
To exercise any of these rights, please contact us at privacy@stridedatus.com or through your account manager. We will respond to your request within 30 days. We may need to verify your identity before processing certain requests to protect your data security.
We comply with applicable data protection laws
As a Canadian business, we comply with the Personal Information Protection and Electronic Documents Act (PIPEDA) and provincial privacy legislation.
We follow GDPR principles for international clients and maintain data processing agreements that meet global privacy standards.
We regularly review and update our practices to align with evolving privacy regulations and industry best practices for data handling.
If you have questions about this policy, want to exercise your data rights, or need clarification on how we handle your data, please reach out to us.
Privacy Officer: privacy@stridedatus.com
Response Time: We respond to privacy inquiries within 5 business days
Understanding the technical terms used in this policy
The process of converting readable data into an encoded format that can only be read or processed after it's been decrypted. Encryption protects data from unauthorized access by ensuring that even if data is intercepted or accessed without permission, it cannot be read without the proper decryption key.
A cryptographic protocol that provides secure communication over a computer network. TLS encrypts data as it travels between your device and servers (like Google Drive), protecting it from being intercepted or tampered with during transmission. TLS is what makes HTTPS secure and is used whenever you upload or download files.
Advanced Encryption Standard with 256-bit keys. AES-256 is a symmetric encryption algorithm widely considered one of the most secure encryption methods available. It's used to encrypt data "at rest" (when stored on servers). The "256" refers to the key size, which makes it extremely difficult to break through brute force attacks.
Data protection while it's being transmitted over a network (like the internet). When you upload files to Google Drive or access our platform, encryption in transit ensures your data is protected during the journey from your device to the server, preventing interception by third parties.
Data protection when data is stored on servers or storage devices. Even if someone gains unauthorized access to the physical storage, encrypted data at rest cannot be read without the decryption key. This protects your data when it's stored on Google Drive or our servers.
Security measures that restrict access to data and systems to authorized users only. This includes user authentication (verifying identity), authorization (determining what resources a user can access), and role-based permissions that ensure employees can only access data necessary for their job functions.
An organization that processes data on behalf of another organization (the data controller). As a data processor, Stride Datus processes your shipping data according to your instructions and for the purpose of providing analytics services, but you remain the owner and controller of your data.
Personal Information Protection and Electronic Documents Act. Canada's federal privacy law that governs how private sector organizations collect, use, and disclose personal information in the course of commercial activities. PIPEDA ensures that Canadian businesses handle personal data responsibly and transparently.
We may update this Data Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational, legal, or regulatory reasons. When we make material changes, we will notify you by email (to the address associated with your account) or through a prominent notice on our website at least 30 days before the changes take effect. Your continued use of our services after the effective date of any changes constitutes your acceptance of the updated policy. We encourage you to review this policy periodically.