Privacy Policy

We collect information in three main ways: information you provide directly, information collected automatically, and information from third parties.

We use the information we collect for the following purposes:

• Platform Operation: Creating and maintaining your account; authenticating your identity; displaying your profile to authorized parties; enabling gig applications, postings, and matching.
• Driver Qualification Management: Populating and maintaining Driver Qualification files; sharing DQ file data with Bus Companies or Tour Organizers you have authorized; supporting FMCSA compliance workflows.
• Fleet and Operations Management: Tracking fleet vehicle metrics (mileage, generator hours); generating work orders and service reports; enabling bus scheduling and booking assignment.
• Safety and Compliance: Displaying FMCSA safety scorecard data; supporting CDL verification; background check facilitation; maintaining regulatory records.
• Communications: Sending transactional emails (account verification, password resets, gig notifications, billing confirmations); sending in-app notifications and push notifications (with your consent).
• Payments: Processing subscription payments via Stripe; managing billing cycles and subscription upgrades or downgrades.
• Gamification: Awarding, tracking, and displaying points; calculating tier-based multipliers; processing rewards and PTO credit redemptions.
• Customer Support: Responding to your inquiries, trouble tickets, and disputes.
• Analytics and Improvement: Understanding usage patterns; improving features; troubleshooting; performing research and analysis (using aggregated or de-identified data where possible).
• Safety and Security: Detecting and preventing fraud, abuse, and unauthorized access; enforcing our Terms of Use; protecting the rights, property, and safety of HopSeat and its users.
• Legal Compliance: Complying with applicable laws, regulations, and legal processes; responding to lawful government requests.

HopSeat handles highly sensitive Driver data. We treat the following categories with heightened security and access controls:

• CDL Document Images — stored encrypted, accessible only by the Driver and authorized Bus Companies;
• Medical Examiner's Certificates — encrypted storage, limited access;
• Employment History and Safety Performance Records — shared only within authorized DQ relationships;
• Background Check Data — processed in compliance with the Fair Credit Reporting Act (FCRA) and applicable state laws. Drivers will receive required FCRA disclosures and authorizations separately.

HopSeat does not collect fingerprints, retina scans, or other biometric identifiers.

We implement technical, administrative, and physical security measures designed to protect your information from unauthorized access, disclosure, alteration, and destruction, including:

• Encryption of data in transit (TLS/HTTPS) and at rest for sensitive fields;
• JSON Web Token (JWT) based authentication with httpOnly cookie support;
• Role-based access controls ensuring users only access data appropriate to their role;
• Secure, hosted cloud infrastructure with access logging;
• Regular security reviews and dependency updates.

No security system is impenetrable. In the event of a data breach that affects your personal information, we will notify you as required by applicable law. You should immediately report any suspected unauthorized access to support@hopseat.app.

We retain personal information for as long as your account is active or as needed to provide services, comply with legal obligations, resolve disputes, and enforce agreements. Specifically:

• Active accounts: Data is retained while your account is active.
• After account deletion: Most personal data is deleted within 90 days of a deletion request. Some data may be retained longer where required by law (e.g., financial records for tax purposes, records required under FMCSA regulations).
• DQ Records: Driver Qualification file data may be retained as required by DOT regulations (49 C.F.R. §391.51) even after account closure.
• Backup systems: Copies of data may persist in encrypted backups for up to 90 additional days after deletion from active systems.

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

• Right to Know: You may request information about the categories and specific pieces of personal information we have collected about you and how we use and share it.
• Right to Delete: You may request deletion of your personal information, subject to certain exceptions.
• Right to Correct: You may request correction of inaccurate personal information.
• Right to Opt-Out of Sale or Sharing: HopSeat does not sell or share your personal information for cross-context behavioral advertising. You do not need to opt out.
• Right to Limit Use of Sensitive Personal Information: You may request that we limit the use of sensitive personal information (such as CDL and medical data) to what is necessary to perform services you have requested.
• Right to Non-Discrimination: We will not discriminate against you for exercising any CCPA rights.

To exercise any California rights, contact us at privacy@hopseat.app with the subject line "California Privacy Request." We will respond within 45 days (extendable by an additional 45 days with notice). We may require identity verification before processing requests.

Nevada residents may opt out of the sale of personal information. HopSeat does not sell personal information to third parties. If you have questions, contact us at privacy@hopseat.app.

Each third-party service is subject to its own privacy policy. We encourage you to review those policies independently.

The Platform is not directed to individuals under the age of 18. We do not knowingly collect personal information from anyone under 18. If we become aware that a person under 18 has provided us personal information, we will take steps to delete that information promptly. If you believe a minor has submitted information to us, please contact privacy@hopseat.app.

HopSeat is based in the United States. If you access the Platform from outside the United States, your information will be transferred to and processed in the United States, which may have different data protection standards than your country of residence. By using the Platform, you consent to the transfer and processing of your data in the United States.

For users in the European Economic Area (EEA) or United Kingdom, we rely on appropriate safeguards (such as Standard Contractual Clauses) to transfer personal data internationally. Contact us at privacy@hopseat.app for more information.

Some browsers send "Do Not Track" (DNT) signals. The Platform does not currently respond to DNT signals because there is no uniform standard for how to interpret them. We continue to monitor developments in this area.

We may update this Privacy Policy from time to time. We will notify you of material changes by updating the "Effective Date" at the top of this page and, where appropriate, by sending an email to your registered address or displaying an in-app notification. Your continued use of the Platform after any change constitutes your acceptance of the updated policy.

For questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our Privacy team: