Privacy Policy

Last updated 2026-05-14

deliveryops ("deliveryops," "we," "us") provides operations software for small-fleet furniture-delivery and moving operators. This policy explains what we collect, why, and what choices you have. We keep it short and concrete on purpose — we'd rather you read it than skim it.

Who this policy covers

Operators — the businesses that sign up for deliveryops to run their fleet.
Workers — the drivers and helpers an operator invites into the platform.
Operator customers — the end-customers who book deliveries with an operator and receive SMS, email, or web links from the operator through deliveryops. We process this data on behalf of the operator.
Site visitors — anyone visiting deliveryops.net.

What we collect

Account info — business name, address, EIN or sole-prop status, phone, email, service area, fleet size.
Worker info — names, phone numbers (used for sign-in PINs and worker SMS), pay rates set by the operator.
Operational data — jobs, customers, addresses, pickup/delivery photos, GPS waypoints during clock-in, signed bills of lading, time entries, invoices, payments, expenses.
Communications — SMS and email content sent through deliveryops, between operators, workers, and operator customers.
Payment info — billing details for the operator's subscription are processed by Stripe; we receive payment status and last-4 of card, never full numbers.
Site analytics — anonymous page views, errors, and feature usage via PostHog and Cloudflare. No personal data is sent to analytics by default.

How we use it

Running the product — dispatching jobs, generating invoices, capturing photo evidence, tracking workers' time and routes.
Customer communications on the operator's behalf — sending SMS and email to operator customers about quotes, arrivals, signatures, and receipts. These messages display the operator's name and phone number, not ours.
Support and improvements — diagnosing issues, improving the product, training models we operate internally. We do not sell data to third parties.
Legal compliance — responding to subpoenas, court orders, and lawful requests when required.

SMS specifics (carrier compliance)

deliveryops uses Twilio to send SMS on behalf of operators. By giving us your phone number, you consent to receive SMS related to deliveryops accounts, services, and deliveries you have booked. Standard message and data rates may apply.

Opt-in — you opt in to SMS by (a) checking the SMS-consent checkbox on the deliveryops beta-signup form at deliveryops.net, (b) checking the equivalent SMS-consent checkbox on an operator's booking form, or (c) providing your phone number directly to an operator who uses deliveryops. We record the exact consent text, timestamp, and IP address at the moment you submit.
Opt-out — reply STOP to any message at any time. You will be unsubscribed immediately and confirmed. Reply HELP for assistance.
Frequency — message frequency varies by use case (typically 1–5 messages per delivery for customers; 5–30 per day for workers in active use).
Carriers — SMS messages are routed through US wireless carriers and our partner Twilio. Mobile carriers are not liable for delayed or undelivered messages.

Who we share data with

We share data only with service providers necessary to run the product, under contract:

Twilio — SMS, voice, and phone-number provisioning.
Stripe — subscription billing and operator-to-customer payments.
SendGrid — email delivery (invoices, receipts, BOL PDFs).
Cloudflare — site hosting, edge analytics, storage (photos, BOL PDFs).
PostHog — product analytics (anonymous unless you have an account).
QuickBooks Online / Xero — optional accounting integration; only if the operator turns it on.
Google Cloud (Gemini) — optional receipt OCR if enabled by the operator.

We do not sell data to advertisers or data brokers. We do not use your operational data to train external AI models. We do not share data between operators.

Data retention

Operational records (jobs, photos, BOLs, invoices) — retained for 7 years to support claim defense, tax recordkeeping, and accounting reconciliation, then deleted on request.
SMS and email logs — retained for 90 days for support and deliverability troubleshooting, then archived.
Site analytics — retained for 12 months.
Closed accounts — data is exportable for 30 days after cancellation. After 30 days, identifying information is removed; aggregated, de-identified usage data may be retained for product improvement.

Your rights

Regardless of the state you live in, you can request:

A copy of the data we hold about you.
Correction of inaccurate data.
Deletion of your data (subject to legal retention obligations).
To opt out of any non-essential communication.

California residents have additional rights under the CCPA. Washington and Oregon residents have similar rights under state law. To exercise any right, email [email protected]. We respond within 30 days.

Security

Data is encrypted in transit (HTTPS/TLS) and at rest (AES-256 on Cloudflare R2 and SQLite). Passwords are hashed with bcrypt. We follow the principle of least privilege for internal access. We are not SOC 2 certified at this stage; we'll update this policy when we are.

Children

deliveryops is built for businesses. We do not knowingly collect data from anyone under 18. If you believe we have, contact us and we'll delete it.

Changes to this policy

We may update this policy. If we make material changes, we'll notify operators by email and update the "Last updated" date above. Continued use after notice means you accept the change.

Contact

Questions, requests, or concerns: [email protected].

deliveryops · operations software for furniture-delivery and moving operators · deliveryops.net · terms