Privacy Policy

Last updated: March 7, 2026

1. Who We Are

10-8 Broker Copilot ("10-8", "we", "us", or "our") is a Chrome Extension and cloud service that helps freight brokers automate email-based quoting workflows. Our registered domain is ten-eight.ai. You can contact us at [email protected].

2. Information We Collect

2.1 Google Account Information

When you authenticate via Google OAuth, we collect:

• Your name (first and last) — used to sign outgoing quote emails on your behalf
• Your email address — used as your account identifier
• Your Google User ID — used to associate your account with your data

We do not collect your Google password, Google Calendar data, Google Drive data, or any Google data outside the scopes listed in Section 4.

2.2 Gmail Data

We access your Gmail account using the following scopes:

• gmail.readonly — to poll your inbox for inbound freight RFQ emails every 60 seconds
• gmail.send — to send quote reply emails on your behalf when you approve or auto-approve a quote

We scan email metadata (sender, subject) and content to identify freight RFQ patterns. Emails that do not match freight load signals are discarded immediately without storage. Only emails that match RFQ patterns are processed further to extract logistics fields (origin, destination, weight, equipment type, pickup date). Raw email bodies are not retained in our database beyond a 24-hour processing window.

2.3 Freight Load Data

We store structured freight data extracted from RFQ emails:

• Origin and destination ZIP codes and cities
• Equipment type, weight, commodity description
• Pickup and delivery dates
• Quoted rates and market rate data
• Shipper domain (e.g., walmart.com) — not individual shipper contact names

2.4 Data Stored Locally (Never Transmitted)

The following credentials are stored exclusively in your browser's local storage (chrome.storage.local) and are never transmitted to our servers:

• DAT, Greenscreens, and Truckstop session credentials
• TMS (Turvo, AscendTMS) credentials
• Any other market data provider credentials you configure

3. How We Use Your Information

• Provide the service: Read RFQ emails, analyze freight loads, generate market-rate quotes, send replies
• Improve your personal experience: Track which quotes you approved, edited, or rejected to improve your own future quote suggestions. This data is per-user and never aggregated for shared model training.
• Security: Detect anomalous access patterns and protect your account
• Communication: Send service notifications (execution confirmations, errors, re-authentication requests)

We do not use your Gmail data to train machine learning models. We do not use your data for advertising. We do not sell your data to any third party.

4. OAuth Scopes — Detailed Justification

We request the minimum Gmail permissions required for the service to function:

• openid, profile, email — required for Google Sign-In. Provides your name and email address only.
• gmail.readonly — required so our backend Mail Poller can detect inbound RFQ emails without requiring you to keep a browser tab open. This enables 24/7 monitoring and overnight autopilot functionality.
• gmail.send — required to send quote reply emails on your behalf. Replies are sent only when you explicitly approve them (or have configured auto-approval for trusted shippers). All sent emails are visible in your Gmail Sent folder.

5. Data Retention

• Raw email content: deleted within 24 hours of processing
• Extracted freight data (Load DNA): retained until you delete your account
• Gmail OAuth tokens: retained while your account is active; revocable at any time via Google Account settings
• Account data: deleted within 30 days of account deletion request

6. Data Sharing

We do not sell, rent, or share your personal data with third parties except:

• Infrastructure providers: AWS (hosting, secrets management), Supabase (database). AWS processes data under its standard Customer Agreement which includes data processing terms. Supabase processes data under its Privacy Policy.
• Legal requirements: If required by law, court order, or to protect the rights of 10-8 or its users.

7. Security

Gmail OAuth tokens are encrypted at rest using AES-256-GCM with keys stored in AWS Secrets Manager. All data in transit is encrypted via TLS 1.2+. We apply Row-Level Security (RLS) on all database tables, ensuring brokers can only access their own data.

8. Your Rights

You may at any time:

• Revoke Gmail access at myaccount.google.com/permissions
• Delete your account by emailing [email protected]
• Request a copy of your stored data by emailing [email protected]
• Opt out of any optional data collection features

9. Children's Privacy

10-8 Broker Copilot is a professional tool intended for freight brokers. We do not knowingly collect data from individuals under the age of 18.

10. Changes to This Policy

We will notify you of material changes to this Privacy Policy via email and via a notice in the extension. Continued use after notification constitutes acceptance.

11. Contact

For privacy questions or data requests: [email protected]

12. Google API Services User Data Policy

10-8 Broker Copilot's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically, we affirm that:

• Google user data is used only to provide or improve the features described in this Privacy Policy
• Google user data is not used for advertising, including retargeting or personalized advertising
• Google user data is not sold, rented, or shared with third parties except as described in Section 6
• Google user data is not used to train machine learning or AI models beyond the user's own personalized service features
• Humans at 10-8 do not read Gmail content except for security purposes, to comply with applicable law, or with the user's explicit consent