Privacy Policy

Last updated: May 13, 2026

1. Who we are

CertDirect is a software service that lets trucking insurance agencies issue ACORD-25 Certificates of Insurance from their own email domain. This Privacy Policy describes the personal information we collect from agencies, agency team members, and the trucking carriers those agencies serve, and how we use it.

2. Information we collect

We collect the following categories of information:

  • Account information. Name, email address, agency name, and authentication credentials when you sign up. Authentication is handled by our identity provider, Clerk.
  • Agency data. Information about insurance carriers, policies, coverage details, and certificate holders that you enter into the product.
  • Payment information. Billing details are collected and processed by our payment processor, Stripe. We do not store full payment card numbers.
  • Email, SMS, and certificate delivery data. Messages sent to monitored inboxes or phone numbers, recipient email addresses, sending logs, and delivery status for certificates and follow-up replies sent through the platform.
  • Connected account data. If you connect a third-party account, such as Gmail, we may collect account identifiers, OAuth tokens, message metadata, and message content needed to identify certificate requests and generate draft replies.
  • Usage information. Standard server logs, IP addresses, browser type, and pages accessed for security and operational purposes.

3. How we use information

  • To provide, operate, and maintain the CertDirect service
  • To send certificates of insurance on your behalf
  • To monitor connected inboxes or SMS channels for certificate requests that you have authorized us to process
  • To draft follow-up replies, request missing information, and route messages for human review
  • To process billing and manage subscriptions
  • To communicate with you about your account, security, and product updates
  • To comply with legal obligations and enforce our Terms of Service

4. Google user data

If you connect a Gmail account, CertDirect uses Google user data only to provide the email monitoring and reply features you request. This includes reading messages in the connected mailbox to identify Certificate of Insurance requests, extracting relevant request details, displaying message context in the agent inbox, and sending replies from the connected account when you choose to send them.

We do not use Google user data for advertising. We do not sell Google user data. We do not transfer Google user data to third parties except as necessary to provide or improve the Service, comply with law, or protect users and the Service. Our use and transfer of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

You can revoke CertDirect's access to your Google account at any time from your Google account permissions page or by disconnecting Gmail in the Service.

5. Service providers

We share information with a small set of trusted service providers who help us operate the platform. Each is bound by their own privacy and security commitments:

  • Clerk — user authentication and organization management
  • Stripe — billing and payment processing
  • Resend — outbound email delivery
  • Google — Gmail account connection, mailbox access, and email replies when you connect Gmail
  • OpenAI — message classification and draft generation for certificate request workflows
  • Text Request — SMS message intake and replies when you connect Text Request
  • Neon — managed PostgreSQL database hosting
  • Vercel — application hosting and content delivery

6. Data retention

We retain account and agency data for as long as your account is active. If you cancel, you may export your data and request deletion at any time by emailing support@certdirect.app. Backups are retained on a rolling basis as part of standard disaster-recovery practice.

7. Security

All data is encrypted in transit (HTTPS/TLS) and at rest. Access to production systems is limited to authorized personnel and authenticated through industry-standard mechanisms. No system is perfectly secure; we work in good faith to protect your information.

8. Your rights

Depending on where you live, you may have rights to access, correct, export, or delete the personal information we hold about you. To exercise any of these rights, contact support@certdirect.app.

9. Selling personal information

We do not sell personal information, and we do not share it with third parties for their own marketing purposes.

10. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will revise the “Last updated” date at the top of the page. For material changes, we will provide additional notice (e.g., via email or in-product notification).

11. Contact us

Questions about this Privacy Policy or our data practices? support@certdirect.app