Privacy Policy
Last updated: May 9, 2026
This Privacy Policy explains how Borah Logistics LLC ("we," "us") collects, uses, shares, and protects your information when you use Region Pilot (the "Service") at regionpilot.com or related properties.
If you don't agree with this policy, don't use the Service.
1. Who We Are
Borah Logistics LLC, an Alabama limited liability company. Contact for privacy inquiries: privacy@regionpilot.com.
2. Information We Collect
Information you give us
- Account information: name, email address, password (stored hashed), role
- Company information: company name, industry, website, and notes you provide during onboarding
- Customer Data: the dealer, lead, sales, route, calendar, and communication records you create or upload while using the Service. This may include third-party contact details (such as dealer email addresses or phone numbers) you choose to enter
- Payment information: when you subscribe, payment details are collected and processed by Stripe, Inc. We do not see or store your full card number — Stripe sends us only a token and metadata (last 4 digits, card brand, expiry)
- Communications: if you email us or use in-product help, we keep records of those conversations
Information collected automatically
- Usage data: pages visited, features used, timestamps, errors
- Device data: browser type, operating system, screen size, IP address
- Cookies and local storage: we use these to keep you signed in, remember preferences, and provide core functionality. We do not use third-party advertising cookies.
3. How We Use Your Information
We use your information to:
- Provide and operate the Service
- Authenticate you and protect your account
- Process subscription payments (via Stripe)
- Send transactional emails (account confirmations, password resets, billing receipts, important service notices)
- Send product updates and tips, where you have not opted out
- Diagnose problems and improve the Service
- Comply with legal obligations
- Detect and prevent fraud, abuse, and security incidents
We do not sell your personal information. We do not share Customer Data with advertisers. We do not use Customer Data to train any AI model unless you have explicitly opted in.
4. Legal Bases (for users in the EU/UK)
Where the GDPR or UK GDPR applies, we rely on:
- Performance of a contract — to provide the Service you've requested
- Legitimate interests — to improve the Service, prevent fraud, and protect our rights
- Consent — for optional marketing emails and any feature you specifically opt into
- Legal obligation — to comply with tax, accounting, and other laws
You may withdraw consent at any time via account settings or by emailing privacy@regionpilot.com. Withdrawing consent doesn't affect the lawfulness of prior processing.
5. Sub-processors and Sharing
To run the Service, we share information with the following sub-processors. They process data on our behalf under contractual privacy and security obligations.
| Sub-processor | Purpose | Data | Location |
|---|---|---|---|
| Supabase (Supabase Inc., USA) | Database, authentication, file storage | Account data, Customer Data | United States |
| Stripe, Inc. (USA) | Payment processing and subscription billing | Payment information, billing email | United States |
| Cloudflare, Inc. (USA) | Hosting, CDN, DDoS protection, DNS | Page requests, IP addresses | Globally distributed (data is encrypted in transit) |
| Resend (Resend Co., USA) | Transactional email delivery | Email address, message content | United States |
| Anthropic, PBC (USA) | AI-assisted features (e.g., website auto-fill of dealer details) | URLs and text you submit to AI features | United States |
We may add or change sub-processors. Material changes will be reflected in this policy and, where required, communicated to you in advance.
We may also disclose information when:
- Required by law, subpoena, or court order
- Necessary to investigate fraud, security issues, or violations of our Terms of Service
- We are involved in a merger, acquisition, or asset sale (with notice and the option to delete your data before transfer where required by law)
6. Data Retention
We retain your information for as long as your account is active, plus a recovery window after cancellation (typically up to 30 days), after which we delete or anonymize it unless we are required to retain it longer for legal reasons (e.g., tax records, audit logs).
You can request earlier deletion at any time — see Section 7.
7. Your Rights
Depending on your location, you may have the right to:
- Access — request a copy of the information we hold about you
- Correct — fix inaccurate information
- Delete — request deletion of your account and personal information (subject to legal retention requirements)
- Export — request a portable copy of your Customer Data
- Object or restrict — limit how we process your information
- Withdraw consent — for processing based on consent
To exercise these rights, email privacy@regionpilot.com. We will respond within 30 days (or longer if required by applicable law, with notice). We may need to verify your identity before fulfilling the request.
If you are in the European Economic Area or UK, you also have the right to lodge a complaint with your local data protection authority.
If you are a California resident, you have additional rights under the California Consumer Privacy Act, including the right to know what personal information we collect, the right to delete, and the right to opt out of any "sale" of personal information (we do not sell personal information).
8. Security
We protect your information using:
- Encryption in transit (HTTPS/TLS for all connections) and at rest (managed by Supabase)
- Row-level security in our database, so users can only access their own organization's data
- Hashed passwords — we never see or store your password in clear text
- Access controls limiting access to production systems
- Routine backups to recover from accidental data loss
No system is perfectly secure. If we discover a security incident affecting your information, we will notify you and take appropriate remedial steps.
9. International Users
We are based in the United States. By using the Service, you understand that your information will be transferred to and processed in the United States, which may have different data protection laws than your country.
For users in the European Economic Area or UK, we rely on Standard Contractual Clauses (or equivalent legal mechanisms) when transferring personal data internationally.
10. Children's Privacy
The Service is not intended for individuals under 18 and we do not knowingly collect information from anyone under that age. If you believe a minor has provided information, please contact us and we will delete it.
11. Cookies and Local Storage
We use only the cookies and local storage mechanisms necessary to operate the Service:
- Session and authentication tokens to keep you signed in
- Preferences (such as your selected view or filter)
- Operational data caches to make the app faster
We do not use cookies for cross-site tracking or third-party advertising. You can control cookies through your browser settings, but some Service functionality won't work if you disable them.
12. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be notified by email or in-product notification at least 14 days before they take effect. The "Last updated" date at the top reflects the most recent version.
13. Contact
For privacy questions, requests, or complaints: