DispatchHQ
Terms & ConditionsRefund PolicySign in
Legal

Privacy Policy

Last updated: May 31, 2026  ·  Effective immediately

DispatchHQ Technologies operates the DispatchHQ platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our transport management platform.

01

Information We Collect

We collect the following categories of information when you use DispatchHQ:

Organization & Account Data

  • Company name, GSTIN, business address, state code, phone, email
  • User names, work emails, roles (Admin / Manager / Dispatcher / Viewer)
  • Razorpay customer ID, plan ID, subscription status, trial and billing period dates

Operational Data

  • Customer & supplier records: name, phone, email, GSTIN, address, city
  • Driver records: name, phone, email, license number, license expiry, address
  • Vehicle records: registration number, make, model, year, color, status
  • Bookings & duties: trip details, dates, pricing, passenger info, addresses
  • Billing & invoicing: invoice numbers, amounts, tax details, payment records

Technical & Usage Data

  • Trip location data: latitude, longitude, speed, heading, accuracy
  • Driver session tokens, device information, last seen timestamps
  • Export history, report requests, webhook configurations
  • Compliance documents: file URLs, issue/expiry dates for RC, Insurance, Permit, PUC, Fitness, DL
02

How We Use Your Information

  • Provide and maintain our transport management platform services
  • Manage user accounts, roles, and organization settings
  • Process bookings, duties, billing, and invoicing
  • Send SMS and WhatsApp notifications to customers and drivers
  • Generate reports, exports, and compliance documents
  • Process subscription payments via Razorpay or another PCI-DSS-compliant payment service provider
  • Enable inter-organization trip sharing via network features
  • Improve platform performance and user experience
  • Comply with applicable legal obligations
03

Data Storage & Security

Your data is stored in a PostgreSQL database hosted on Supabase, with Row-Level Security (RLS) enabled on all tables. Authentication is handled by Supabase Auth with secure session management.

Payment instrument details (card numbers, CVV, UPI handles, net-banking credentials) are handled directly by our PCI-DSS-compliant payment service provider (Razorpay) and are never stored on DispatchHQ servers. We retain only the tokenised customer ID, transaction reference, and amount required for billing reconciliation. We use industry-standard encryption for data in transit (TLS 1.2+) and at rest (AES-256).

Access to production data is restricted to authorised DispatchHQ personnel on a need-to-know basis, audited via access logs, and protected by multi-factor authentication. Database backups are encrypted and rotated on a defined retention schedule.

Each organization's data is isolated using a multi-tenant architecture where all database queries are scoped by organizationId.

04

Data Sharing & Third Parties

We do not sell your data. We share information only with the following trusted service providers:

Supabase

Database hosting, authentication, real-time services

Razorpay

Subscription billing, payment processing, and tokenised auto-debit

SMS / WhatsApp providers

Message delivery to customers and drivers

Vercel

Platform hosting and deployment infrastructure

Network partners

Limited booking details shared when using inter-org trip sharing

05

Data Retention

  • Active account data is retained while your subscription is active
  • Soft-deleted records are marked inactive but retained for audit and billing history
  • Hard-deleted records are permanently removed from the database
  • Upon subscription cancellation, you may request data export before permanent deletion (30-day grace period)
  • SMS and WhatsApp logs are retained for 90 days
06

Your Rights

Access

View all your organization's data from within the platform

Correction

Update organization, user, and operational data at any time

Deletion

Request permanent deletion by contacting support

Portability

Export your data in CSV / PDF formats via the export feature

Withdraw consent

Cancel your subscription at any time from billing settings

07

Data Breach Notification

In the event of a personal-data breach that is likely to result in risk to a data principal, DispatchHQ will, without undue delay and in any case in line with the timelines prescribed under the Digital Personal Data Protection Act, 2023 ("DPDP Act") and the rules thereunder:

  • Notify the affected organisation administrator(s) and, where required, the affected individuals via email or in-platform notice;
  • Notify the Data Protection Board of India and any other regulator with jurisdiction, where required by law;
  • Describe the nature of the breach, the categories and approximate number of records affected, the likely consequences, and the measures taken or proposed to mitigate the breach;
  • Cooperate fully with any investigation by the regulator or by an affected organisation administrator.
08

Cross-Border Data Transfers

DispatchHQ uses cloud infrastructure (Supabase, Vercel) and sub-processors (Razorpay, Resend, SMS/WhatsApp gateways) that may store, process, or transit personal data through data centres located outside India, including in the United States, the European Economic Area, and the Asia-Pacific region.

We rely on the lawful-transfer mechanisms permitted under the DPDP Act and the rules notified by the Central Government from time to time. We require each sub-processor to implement appropriate technical and organisational safeguards, contractually bind them to confidentiality and security obligations, and limit access to personal data to what is strictly necessary for the service they perform.

09

Grievance Officer

In compliance with the DPDP Act, 2023 and the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, the contact details of our Grievance Officer are:

NameThe Grievance Officer, DispatchHQ Technologies Private LimitedEmailgrievance@dispatchhq.comPostal addressDispatchHQ Technologies Pvt. Ltd., Bengaluru, Karnataka, IndiaAcknowledgementWithin 48 hours of receipt of a written grievance.ResolutionWithin thirty (30) days of receipt, in line with applicable law.

Data principals may also write to us to exercise rights under applicable data-protection law (access, correction, completion, erasure, withdrawal of consent, nomination of a successor in case of incapacity or death) at the contact above.

10

Cookies & Tracking

  • We use essential cookies for authentication sessions (managed by Supabase Auth)
  • We do not use third-party advertising or tracking cookies
  • You can clear cookies from your browser settings; this will require re-authentication
11

Children's Privacy

DispatchHQ is a business-to-business (B2B) platform intended for use by transport operators and fleet managers. We do not knowingly collect personal information from children under the age of 18. If you believe we have collected such information, please contact us immediately.

12

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify organization administrators via email and through the platform interface before any material changes take effect. Continued use of the platform after changes constitutes acceptance of the updated policy.

13

Contact Us

For any questions about this Privacy Policy or to exercise your data rights, reach out to us:

privacy@dispatchhq.comsupport@dispatchhq.com

© 2026 DispatchHQ Technologies. All rights reserved.

Terms & ConditionsRefund Policysupport@dispatchhq.com