Privacy Policy
Last updated: May 27, 2026 Effective date: May 27, 2026
1. Who we are
This privacy policy describes how Versys Technologies Inc. ("Versys," "we," "us," or "our") handles personal information.
- Legal entity: Versys Technologies Inc., a Nevada corporation
- Mailing address: 400 S. 4th St, Suite 318, Las Vegas, NV 89101
- Contact: Support@versysinc.com
We currently provide a Transportation Management System (TMS) for trucking carriers and owner-operators. Our TMS software is provided at no charge.
This policy applies to the TMS and to the public website where this policy is posted. If we launch additional products or features in the future, we will update this policy with at least 30 days' advance notice before the new practices take effect (see Section 14).
2. Who this policy covers
This policy applies to:
- Account holders — a business or individual who opens a Versys account — a trucking carrier or owner-operator.
- Team members invited by an account holder — users a carrier adds to their company account, such as dispatchers or back-office staff.
- Visitors — anyone browsing our public website at versysinc.com.
This policy does not cover:
- Information that an account holder enters into our system about its own drivers, customers, or counterparties on its own behalf. The account holder controls that data; Versys processes it as a service provider on the account holder's behalf. See Section 9.
- The privacy practices of third parties whose services we integrate with. Each of those companies has its own privacy policy; we link to the most relevant ones in Section 18.
3. Information we collect
We collect only what we need to operate our product, comply with law, and communicate with you.
This policy describes information that identifies you or could reasonably be linked to you. It does not cover:
- Publicly available information from government records (such as DOT, MC, or FMCSA registry data)
- Deidentified or aggregated information that cannot reasonably be linked back to you
- Information covered by sector-specific privacy laws — for example, driver medical certificates (which may be subject to HIPAA-related rules and the ADA), driver background-check reports (which may be subject to the Fair Credit Reporting Act), and financial information (which may be subject to the Gramm-Leach-Bliley Act). Where those laws apply, the related obligations apply in addition to this policy.
a. Account and business profile
When you create or maintain an account:
- Full legal name, including any DBA or trade name
- Business name and entity type
- Mailing address and physical operating address
- Phone number and email address
- Trucking-industry identifiers — DOT number, MC number, EIN, and similar registrations where applicable
- Username and password (your password is stored only as a one-way hash; we cannot read it)
- Authentication and security records — login events, two-factor verification timestamps, idle-session timeouts, and single-session enforcement state
- Activity logs of meaningful actions you take in the product (uploading documents, creating loads, sending invoices, and similar events) for security, audit, and internal cost-tracking purposes
b. Driver data provided by account holders
When an account holder adds drivers to their TMS account, we receive:
- Driver name and contact information
- Documents the account holder uploads about the driver — for example, CDL, medical certificate, or other compliance records
- Equipment and vehicle assignments
The account holder is responsible for the accuracy of this information and for the legal basis on which they share it with us. See Section 9.
c. Communications
- Emails you send to or receive from Support@versysinc.com
- Customer-support correspondence and any attachments you provide
d. Website and online activity
When you visit our public website or use the TMS:
- IP address, browser type, operating system, referring URL
- Cookies and similar technologies — described below
- Pages visited, features used, and timestamps
Cookies and similar technologies we set:
- Authentication cookie — keeps you signed in. Required. Cleared on logout.
- Two-factor verification token — confirms you completed 2FA for the current session. Required for admin sessions. Cleared on session end.
- Idle-activity timestamp — tracks last activity to enforce the 30-minute idle logout. Required for security.
- Theme preference — remembers your light/dark mode choice. Optional. Long-lived.
We do not currently use cookies for advertising, analytics, or cross-site tracking. We honor the Global Privacy Control browser signal as a request to opt out of any sale or sharing of your information.
4. How we use information
We use the information described above to:
- Provide and operate the TMS
- Authenticate users, secure accounts, and prevent fraud
- Communicate with you about your account, security alerts, customer support, product updates, and (with your consent) marketing
- Operate, improve, and develop our services
- Comply with applicable law, respond to lawful requests from authorities, and enforce our agreements
We do not currently use artificial intelligence or machine-learning systems to make automated decisions about you that produce legal or similarly significant effects without a human in the loop. If we add AI-powered features in the future, we will update this policy with at least 30 days' advance notice (see Section 14).
5. How we share information
We do not sell personal information.
We share information with the following categories of service providers, only as necessary to run the TMS and only under contracts that require them to protect what they receive. Our current sub-processors are:
| Provider | Purpose | Where data is processed |
|---|---|---|
| Supabase | Database, authentication, and file storage | United States |
| Vercel | Application hosting and content delivery | United States |
| Resend | Transactional email delivery (verification codes, account alerts, password resets) | United States |
We may also share information with:
- Professional advisors — auditors, accountants, and lawyers who help us operate the business
- Government authorities when we are legally required to disclose information
- Other parties in connection with a corporate transaction such as a merger, acquisition, or financing — in that case, the receiving party will be bound to honor this policy or give you notice and a chance to opt out before any new use
Business customers who require a Data Processing Agreement (DPA) for their own compliance obligations may request one by emailing Support@versysinc.com.
6. Data retention
We keep different categories of information for different lengths of time.
| Category | Retention |
|---|---|
| Active account information | While your account is active |
| Personal information after account cancellation | Deleted within 30 days |
| Documents you uploaded to the TMS (load documents, driver documents, invoices, rate confirmations) | Deleted within 30 days of account cancellation unless a legal hold applies |
| Audit logs — login events, profile edits, document uploads | 3 years |
| Backups | Overwritten on a 30-day rolling basis |
| Marketing email lists | Until you unsubscribe |
We may keep information longer if a legal hold, dispute, regulatory inquiry, or pending obligation requires it. Where we keep information past the periods above, we limit access to those who need it for that specific purpose.
7. Your rights
You can ask us to:
- Access the personal information we hold about you
- Correct inaccurate or incomplete information
- Delete information we no longer need to keep, subject to the legal retention requirements in Section 6
- Export your information in a portable format
- Opt out of marketing emails at any time
To make a request, email Support@versysinc.com. Only you, or someone legally authorized to act on your behalf, may make a request. You may submit a request to know up to twice within a 12-month period.
Identity verification. We verify your identity before fulfilling a request. We match the requestor's email to an active account and may ask for one additional piece of information already on file (such as your DOT number or business name). We use information you provide in a request only to verify your identity.
Response timing. We confirm receipt of your request within 10 business days. We provide a substantive response within 45 days of receiving a verifiable request. If your request is complex or we need more time, we may extend our response by an additional 45 days and will inform you in writing of the reason and the new deadline. If we cannot fulfill a request — for example, because we are required by law to keep certain records — we will tell you why.
Format of disclosures. Data exports are provided in a machine-readable format (typically CSV or JSON).
Fees. We do not charge a fee for processing or responding to a request unless it is excessive, repetitive, or manifestly unfounded. If a fee is warranted, we will tell you why and provide a cost estimate before completing your request.
Non-discrimination. We will not deny you services, charge you different prices, or provide a different level of quality because you exercised any of these rights.
8. California residents (CCPA / CPRA)
This section provides additional disclosures for California residents under the California Consumer Privacy Act, as amended by the California Privacy Rights Act.
Categories of personal information collected
In the past 12 months we have collected the following categories of personal information about California residents, as defined under the CCPA / CPRA. We disclose information only to the service providers listed in Section 5 and only for the purposes described in Section 4. We do not sell personal information, and we do not share personal information for cross-context behavioral advertising.
| CCPA Category | Collected? | Disclosed to service providers? |
|---|---|---|
| A. Identifiers (name, email, postal address, phone number, account name, online identifiers, IP address) | Yes | Yes |
| B. Customer-records information (Cal. Civ. Code § 1798.80(e)) — business contact information, trucking-industry identifiers (DOT, MC, EIN) | Yes (limited) | Yes |
| C. Protected classification characteristics under California or federal law (race, religion, national origin, etc.) | No | No |
| D. Commercial information (records of services obtained, transactions inside the product) | Yes | Yes |
| E. Biometric information (fingerprints, faceprints, voiceprints, iris scans, etc.) | No | No |
| F. Internet or other electronic-network activity (browsing on our site, app usage, cookie data) | Yes | Yes |
| G. Geolocation data | Approximate only (derived from IP address); precise geolocation NOT collected | Yes (approximate only) |
| H. Sensory data (audio, electronic, visual, thermal, olfactory) | No | No |
| I. Professional or employment-related information (job title, employer associated with account) | Yes | Yes |
| J. Non-public education information (FERPA records) | No | No |
| K. Inferences drawn from any of the above | Limited (used internally for account management; we do not build profiles for advertising or sale) | No |
| L. Sensitive personal information (SPI) under CPRA | Limited — your account password, stored as a one-way hash, used solely to authenticate you. We do NOT collect SSN, driver's license numbers, precise geolocation, biometric information, financial-account credentials, racial or ethnic origin, religious beliefs, contents of communications, genetic data, health information, or sexual-orientation information | No |
Sources
We collect this information directly from you and automatically through your use of our services.
Purposes
We use this information for the purposes described in Section 4.
Sale or sharing
We do not sell or share personal information for monetary value or for cross-context behavioral advertising. We honor the Global Privacy Control browser signal as a request to opt out of any future sharing. If we ever begin selling or sharing personal information in the future, we will wait at least 12 months before asking you to re-authorize that activity after you have opted out.
Your rights as a California resident
You have the right to:
- Know what personal information we have collected, used, disclosed, and shared
- Delete personal information we have collected
- Correct inaccurate personal information
- Opt out of any sale or sharing
- Limit our use of sensitive personal information
- Be free from retaliation for exercising any of these rights
To exercise any of these rights, email Support@versysinc.com. You may designate an authorized agent to make a request on your behalf; we may require proof of authorization and verify your identity directly.
Other state residents
Residents of other states with consumer-privacy laws — including Colorado, Connecticut, Texas, Utah, and Virginia — have similar rights to access, correct, delete, and opt out of certain processing. To exercise any of those rights, email Support@versysinc.com. We will verify your identity and respond within the time period required by your state's law.
California "Shine the Light" Law
California Civil Code Section 1798.83 permits California residents to request information regarding our disclosure of personal information to third parties for their direct marketing purposes. We do not disclose your personal information to third parties for their direct marketing purposes. To request more information, email Support@versysinc.com.
9. Information about drivers added by account holders
When a carrier or owner-operator uses the TMS, they may upload records about their own drivers (name, contact information, license number, compliance documents, equipment assignments). For that information, the account holder — not Versys — controls the data and is the privacy-law "controller." Versys processes that data as a service provider on the account holder's behalf.
When you provide us with personal information about another person (a driver, employee, customer, or counterparty), you represent and warrant that:
- You have a lawful basis to share that information with us — for example, an employment relationship, a signed authorization, or another lawful basis under applicable law
- You have provided any notices to that person required by applicable law, and obtained any consents required by applicable law
- You will honor that person's requests to access, correct, or delete their information, and you will inform us if that person makes such a request
If you are a driver, employee, or other individual whose information was uploaded by a Versys account holder, contact the account holder first to access, correct, or delete that information. If they do not respond or you cannot reach them, contact us at Support@versysinc.com and we will help.
10. Children
Our services are intended for businesses and the adult employees of those businesses. We do not knowingly collect personal information from anyone under 18 years of age. If you believe a minor has provided information to us, contact Support@versysinc.com and we will delete it.
11. Communications and marketing
We send transactional emails — verification codes, account alerts, password resets, invoices, and similar — as part of operating the service. You cannot opt out of transactional emails while your account is active.
We may also send marketing emails about our products, features, and offers when you have provided your email address. Every marketing email includes a one-click unsubscribe link. You can also opt out by emailing Support@versysinc.com.
We do not currently send marketing text messages. If we begin sending SMS in the future, we will collect express consent first and update this policy.
12. International transfers
Our services are operated from and intended for the United States. The infrastructure providers and other service providers we use are also based in the United States.
Our services are not directed at residents of the European Union, the United Kingdom, or other jurisdictions outside the United States. If you access our services from outside the United States, you understand and agree that your information will be transferred to and processed in the United States, which may have different data-protection laws than your jurisdiction.
13. Security
We take reasonable administrative, technical, and physical safeguards to protect personal information. Our current safeguards include:
- Encryption in transit — all data exchanged with the TMS travels over HTTPS / TLS.
- Encryption at rest — data stored in our database and file storage is encrypted at the storage layer using industry-standard AES-256 encryption provided by our infrastructure platform.
- Tenant isolation — every database table that holds tenant data is protected by row-level security policies that prevent one carrier's data from being visible to another carrier.
- Two-factor authentication (2FA) — required for any user with administrator privileges, delivered by email code.
- Single-session enforcement — signing in on a new device automatically signs you out everywhere else, so a stolen session cannot run in parallel.
- Idle-session timeout — sessions automatically expire after 30 minutes of inactivity.
- Audit logging — security-relevant events (logins, profile edits, document uploads, role changes) are logged and retained.
- Least-privilege access controls — Versys staff can only access tenant data when necessary to deliver support or operate the service, and access is logged.
- Infrastructure security — we use major U.S.-based infrastructure providers (Supabase, Vercel, Resend) that maintain SOC 2 (or equivalent) compliance and undergo independent security audits.
Breach notification. No system is perfectly secure. If we experience a security incident that compromises your personal information, we will notify affected account holders and any required authorities within the timeframes required by applicable law (typically within 30 to 60 days, depending on the jurisdiction).
If you believe your account has been compromised, contact Support@versysinc.com immediately.
14. Changes to this policy
We may update this policy from time to time. For material changes — meaning changes that affect the types of information we collect, how we use it, or your rights — we will give at least 30 days' notice by email and through an in-app banner before the change takes effect. The "Last updated" date at the top of this page always reflects the most recent revision.
If you do not agree with a material change, you may close your account before the change takes effect.
15. Disputes and governing law
Disputes relating to your use of our services, and the governing law for the commercial relationship between you and Versys, are addressed in our Terms of Service. This privacy policy describes our data-handling practices and does not itself create the contractual relationship between you and Versys.
16. Other terms
If any provision of this policy is found invalid or unenforceable, the rest stays in effect. Our failure to enforce any provision is not a waiver of our right to enforce it later.
This policy is the entire understanding between you and Versys about how we handle your personal information. It supersedes any prior privacy notices.
17. Contact us
For privacy questions, requests, or complaints:
- Email: Support@versysinc.com
- Mail: Versys Technologies Inc., 400 S. 4th St, Suite 318, Las Vegas, NV 89101
18. Third-party privacy policies
When you use our TMS, your data is processed by the service providers listed in Section 5. Each maintains its own privacy and security commitments. Links to their privacy policies:
- Supabase: https://supabase.com/privacy
- Vercel: https://vercel.com/legal/privacy-policy
- Resend: https://resend.com/legal/privacy-policy