Privacy Policy
Version 2026.04.28-v2 · Effective April 28, 2026
What we collect, why we collect it, who can see it, and the rights you have over the data you share with Motha Transport™.
Motha Transport™ (the “Platform,” “we,” “us”) respects your privacy. This Privacy Policy explains what we collect, why, how we store and protect it, who we share it with, and the rights you have over it. It is incorporated by reference into the Platform Terms & Conditions.
1. Who We Are & Scope
The Platform is operated by its parent LLC. This policy covers all users of the Platform — bookers, drivers, carriers, fleet operators, enterprise clients, applicants, and visitors to the marketing site — and applies to data collected through the website, mobile views, in-app messaging, tracking, and supporting backend services.
2. Information We Collect
Account & profile: first/last name, email, phone, region, role (customer, driver, carrier, enterprise client, admin tier), onboarding role, and account status. Business profile (when used): display name, legal name, EIN, contact email/phone, website, hours, logo, banner, social links, ratings. Driver verification: license number, license class, state, expiration, license photo, background-check documents (criminal background, MVR, drug test, insurance, registration), AI-extracted document data, reviewer notes, risk level. Vehicle: make, model, year, color, plate, last 6 of VIN, photos, insurance and registration documents, expiration dates, approved Elite tier. Bookings: pickup/dropoff addresses and coordinates, mileage, vehicle type, rate, surcharge breakdown, photos at pickup/dropoff, delivery proof. Tracking: real-time GPS pings (lat/lng/heading/speed), route geometry, ETA. Payments: Stripe customer ID, payment method brand/last4/exp, subscription status, escrow holds, payouts, balance owed. Messaging: in-app direct messages, dispute thread messages, admin team messages, internal notes. Operational: audit log entries, IP address, browser user agent, session timestamps, last_active_at.
3. Why We Collect It (Lawful Basis & Purpose)
We process this data to: (a) operate the marketplace — match bookers to drivers, hold escrow, settle payouts; (b) verify drivers, carriers, and businesses for safety and regulatory reasons; (c) prevent fraud, abuse, and unsafe driving; (d) provide the GPS tracking and Motha Rescue safety features; (e) calculate gas + tolls surcharges and reconcile to actuals; (f) respond to disputes and provide evidence to both sides; (g) bill, invoice, and pay you; (h) communicate transactional notices and platform announcements; (i) comply with tax and IRS requirements (e.g., WOTC records for eligible drivers); and (j) defend our legal interests if a User threatens or files a claim.
4. AI Processing of Documents
Background-check documents and license images are analyzed by an AI model (Lovable AI / Google Gemini family) to extract expiration dates, flag tampering or low-quality scans, and produce an authenticity score. AI output is advisory only — a human admin makes the final decision. Raw AI responses (ai_raw_response, ai_summary, ai_flags, ai_extracted_expiration) are retained on the document record for audit purposes. We do not use your documents to train third-party AI models.
5. GPS & Real-Time Tracking
When a job is in transit, the assigned driver’s app sends location pings to the Platform so the booker, the driver, and Trust & Safety can see live progress and ETA. Tracking starts when the driver marks a job “in transit” and stops when the job is marked delivered or cancelled. Historical pings are retained for the life of the booking record and used for dispute evidence, mileage reconciliation, and safety review. The driver’s location outside an active job is not tracked.
6. In-App Messaging
Direct messages between booker and driver, dispute thread messages, and admin team messages are stored on our servers and are subject to row-level security: only the sender, the recipient, and authorized Platform admins can read them. Messages may be reviewed by Trust & Safety in connection with a dispute, a safety report, or a suspected policy violation. Do not share information in chat that you would not want a Platform admin to see in the course of a dispute review.
7. Who Sees What — Role-Based Access
The Platform enforces strict role-based access via row-level security: bookers see their own profile, bookings, escrow, payments, disputes, and the messages they are party to. Drivers see their own verifications, vehicles, slots, jobs, payouts, ratings, strikes, and messages. Enterprise clients additionally see Elite-Ready drivers and vehicles available to fulfill their contracts. Admins see records per their tier (support_admin, ops_admin, admin_supervisor, cfo, ceo, founder) — Founders see everything; lower tiers see only what their role requires. Founder Mode is restricted to the Founder’s account.
8. Third-Party Service Providers
We share data with vetted vendors only as needed to run the Platform: Supabase (database, auth, storage), Stripe (payments and payouts), Lovable AI Gateway (document analysis), email and SMS providers (transactional notices), and analytics tools (aggregate usage). These vendors are bound by their own contracts and may not use your data for their own marketing. We do not sell personal information.
9a. Payment Data, Card on File & Stripe
Payment instruments (card brand, last 4 digits, expiration, country) are stored by our payment processor Stripe and never touch the Platform's database in raw form. The Platform stores only the Stripe customer ID, the Stripe payment-method ID, the brand/last4/exp surfaced for display, and the Stripe subscription, invoice, and payout IDs needed to operate billing. The Platform retains records of: the $1 verification hold and its credit toward the first booking; pending and active subscriptions, including plan slug, environment (test or live), 30-day cycle dates, and any scheduled downgrade; checkout sessions, prorated upgrade charges, and add-on charges; escrow holds and payouts including hold reasons; and reconciliation of estimated vs. actual gas/toll surcharges. This data is used solely to operate billing, dispute resolution, and tax reporting. Stripe is bound by its own privacy policy and PCI obligations.
9b. Test, Live & Demo Modes
The Platform runs three modes: LIVE (real users, real money), TEST (sandbox payments, real users, used during launch and recovery), and DEMO (synthetic data only, available to administrators for support and previews). Ordinary Users always operate in their own live experience and never see another User's data. Administrators may switch modes for support, debugging, or previews; mode changes are recorded in the audit log. Demo data is clearly labeled and never billed.
9c. Founder Mode, Ghost Mode & Tier Switching
Founder Mode (full access), Ghost Mode (preview as another User), and the cross-tier Switcher are restricted to administrative accounts. Ordinary Users see the same Command Center navigation but: (i) the Admin button is hidden, (ii) the Tier Switcher only allows movement between tiers they actually own, and (iii) attempts to switch to a higher tier route them to the Subscription page to upgrade. Every administrative bypass — view-as, mode change, role change, manual escrow action, dispute decision — is recorded in the audit_log table with the actor's user ID and email.
10. Data Retention
Active account data is kept for as long as your account is active. Booking, escrow, payout, and dispute records are retained for at least 7 years for tax, accounting, and legal-defense purposes. Audit log entries, internal notes, and admin team messages are retained indefinitely. Background-check documents are retained for the duration required by the issuing provider and applicable law. When you close your account, profile data is anonymized but transactional records are preserved in compliance with our retention obligations.
11. Your Rights
Subject to applicable law, you may: (a) access the personal data we hold about you, (b) correct inaccurate data through your profile and verification pages, (c) request deletion of your account (subject to retention obligations above), (d) export your data in a portable format, (e) opt out of non-transactional emails, and (f) object to certain processing. To exercise these rights, use the in-app Settings page or contact Trust & Safety through the Disputes flow.
12. Security
We use TLS in transit, encrypted-at-rest storage, role-based access control, row-level security, signed webhooks, and audit logging on sensitive actions. Document storage buckets (background-check-docs, business-verifications, delivery-proof, mileage-proof, driver-vehicle-docs) are private and accessible only to the document owner and authorized admins. No system is perfectly secure; you are responsible for keeping your account credentials safe and reporting any suspected compromise immediately.
13. Minors
The Platform is not intended for anyone under 18. By using the Platform you represent that you are at least 18. We do not knowingly collect personal information from minors; if we learn we have, we will delete it.
14. Where Your Data Is Stored
The Platform is operated from the United States and your data is stored on U.S.-based infrastructure. If you access the Platform from outside the U.S., you consent to the transfer and processing of your data in the United States.
15. Law Enforcement & Legal Process
We may disclose information when required by valid legal process (subpoena, court order, search warrant), to investigate suspected fraud or safety threats, to protect the rights and safety of Users and the Platform, or to comply with applicable law. We will notify the affected User where permitted to do so.
16. Changes to This Policy
We may update this policy from time to time. Material changes will be surfaced in-app and may require re-acknowledgment before next use. Continued use of the Platform after the effective date of any update constitutes acceptance.
17. Contact
Questions about this Privacy Policy or about the data we hold on you can be raised through the in-app Disputes & Claims page (route the request to Trust & Safety). Founder-level escalations may be marked accordingly and will be routed to the Founder.
By using the Platform you acknowledge that you have read this Privacy Policy and consent to the collection, use, and sharing of your information as described.
This document is the platform's plain-language privacy policy. It is not legal advice. Specific local, state, federal, or international regulations (e.g., CCPA/CPRA, GDPR) may apply and prevail where they do.
