TowPin

TowPin Privacy Policy

Effective Date: May 21, 2026

This Privacy Policy describes how TowPin LLC ("TowPin," "we," "us") collects, uses, and shares personal information.

1. Who We Are

TowPin LLC is an Arizona limited liability company that provides dispatch software to towing companies. Contact us at privacy@towpin.net.

2. Information We Collect

From Vendors (towing companies):

  • Company name, business address, contact email, phone number
  • Account credentials (passwords are stored hashed, never in plaintext)
  • Payment method tokens (collected and stored by Stripe; we do not store card numbers)
  • Stripe Connect KYC information (collected by Stripe directly)

From Drivers:

  • Name and optional photo
  • Real-time location while assigned to an active job
  • Phone number for SMS dispatch

From Customers (collected on behalf of Vendors):

  • Name and phone number entered by the dispatcher
  • Pickup and drop-off addresses
  • Vehicle information (make, model, condition)
  • Confirmed location (GPS) when shared via the locate link
  • Payment information (collected and processed by Stripe; we receive only the last 4 digits of the card and a payment confirmation token)

3. How We Use Information

  • To provide the dispatch service (matching, SMS, payment links)
  • To bill Vendors and process Vendor subscription fees
  • To facilitate Vendor receipt of customer payments via Stripe Connect
  • To prevent fraud and abuse
  • To comply with legal obligations
  • To improve the service (aggregated, non-identifying analytics only)

We do not sell personal information. We do not use personal information for targeted advertising.

Mobile information will not be shared with third parties for marketing or promotional purposes.

4. Who We Share With (Subprocessors)

  • Stripe, Inc. — payment processing and Stripe Connect
  • Telnyx LLC — SMS delivery
  • Mapbox, Inc. — map tiles and geocoding
  • Resend — transactional email
  • Hetzner Online GmbH — hosting infrastructure
  • Cloudflare, Inc. — DNS and CDN

We do not share personal information with any other third party except when required by law or to protect rights and safety.

5. Data Retention

  • Vendor account data: retained while the account is active, deleted 90 days after termination.
  • Customer job data: retained for 7 years for tax, audit, and legal-defense purposes.
  • SMS delivery logs: retained for 4 years (TCPA statute of limitations).
  • Driver location data: retained 90 days, then aggregated/deleted.

6. Security

We use industry-standard encryption in transit (TLS) and at rest. Access to personal information is limited to authorized personnel and protected by multi-factor authentication. No system is completely secure; we do not guarantee that personal information will never be compromised.

7. Your Rights

If you are a California resident under CCPA/CPRA:

  • Right to know what we collect
  • Right to delete (subject to retention exceptions)
  • Right to correct
  • Right to opt out of sale (we do not sell)
  • Right to limit use of sensitive personal information
  • Right to non-discrimination for exercising these rights

If you are a Texas resident under TDPSA:

  • Right to confirm we are processing your data
  • Right to access
  • Right to correct
  • Right to delete
  • Right to data portability
  • Right to opt out of targeted advertising, sale, or profiling (we do not engage in any of these)

To exercise rights, email privacy@towpin.net. We respond within 45 days.

8. Children

The Service is not directed to children under 13. We do not knowingly collect information from children under 13.

9. Google OAuth — Sign-in with Google

TowPin offers "Sign in with Google" as an authentication option. When you use it, Google shares the following data with us:

  • Data accessed: your Google account email address, display name, and profile photo URL.
  • Data usage: solely to create and authenticate your TowPin account. We do not read your Gmail, Drive, Calendar, or any other Google service.
  • Data sharing: we do not share your Google account data with any third party except our authentication infrastructure provider (Supabase, which stores session tokens on our behalf). We do not use this data for advertising or sell it.
  • Data storage and protection: stored in our Supabase-hosted database with encryption in transit (TLS) and at rest. Access is restricted to authorized personnel.
  • Data retention and deletion: retained for the life of your account. To request deletion, email privacy@towpin.net; we will remove your account and all associated data within 30 days.

TowPin's use of Google user data is limited to the practices described in this Privacy Policy and complies with the Google API Services User Data Policy, including the Limited Use requirements.

10. International Transfers

The Service is hosted in the United States. By using the Service, you consent to processing in the United States.

11. Changes

We may update this Privacy Policy. Material changes will be notified by email at least 30 days in advance. The "Effective Date" will reflect the last material update.

12. Contact

TowPin LLC
privacy@towpin.net