Privacy Notice

1. Introduction

This Privacy Notice (the "Notice") describes how WARP Technology Co. ("WARP", "Company", "we", "us", or "our") collects, stores, uses, discloses, and otherwise processes your personal information when you use our Services, including (without limitation) when you:

• Visit our websites at wearewarp.com, customer.wearewarp.com, or any related domain;
• Download and use our mobile applications (including WARP Carrier — Driver);
• Register for or operate an account (whether as a shipper, broker, motor carrier, driver, employee, or other operator);
• Opt in to receive SMS or text messages from WARP;
• Use our APIs, MCP server, CLI tools, or webhooks;
• Receive freight from us, tender freight to us, or otherwise participate in the WARP network;
• Communicate with us by email, phone, support chat, or any other means;
• Engage with us at events, marketing, sales, or partnership activities.

If you have questions or concerns, please contact privacy@wearewarp.com. Reading this Notice will help you understand your privacy rights and choices. If you do not agree with our policies and practices, please do not use the Services.

2. Information we collect

We collect personal information that you voluntarily provide to us, information that is generated automatically when you interact with the Services, and information that we obtain from third parties.

2.1 Information you provide to us

The personal information we collect depends on the context of your interactions with us and the choices you make. It may include:

• Identity & contact information: name, email address, phone number, mailing address, employer, job title;
• Authentication information: account password, magic-link tokens, two-factor authentication codes;
• Business information: company name, DOT and MC numbers, EIN, motor carrier authority, certificates of insurance, W-9 / W-8 forms, banking details for settlement;
• Driver information: commercial driver's license (CDL) number, license photo, vehicle photos, license plate, equipment type;
• Shipment information: origin and destination addresses, contact information for pickup and delivery, commodity descriptions, weights, dimensions, hazmat status, special instructions;
• Payment information: credit-card details, ACH information (we use PCI-compliant payment processors and do not store full credit-card numbers on our servers);
• Communications: messages you send to us (email, SMS, chat, phone recordings where permitted), Slack messages, feedback;
• User Content: proof-of-delivery photos, bills of lading, signatures, comments, and other documentation.

2.2 Information collected automatically

Some information — such as your Internet Protocol (IP) address, browser type, device characteristics, and operating system — is collected automatically when you visit or use our Services. This information does not by itself reveal your identity, but may include:

• Log and usage data: IP address, browser type and settings, device information, dates and times of access, pages viewed, actions taken, search queries, error reports, performance data;
• Device data: device model, operating system version, mobile carrier, network signal strength, language preferences, system configuration, hardware identifiers (where permitted by law);
• Location data: precise GPS location (in the driver app, during active shipments and on-duty time, with your express device permission) and imprecise location derived from IP address;
• Cookies and similar technologies: see Section 6 below.

2.3 Information from third parties

We may receive information about you from third parties, including:

• Carrier vetting and monitoring services (e.g., Highway), which verify motor carrier authority, insurance, safety ratings, and broker-carrier status;
• Payment processors and factoring companies, which provide information about transactions, balances, and account status;
• Third-party integration partners (TMS, ELD providers, EDI partners) that share shipment data on your behalf;
• Publicly available sources, including FMCSA databases, court records, and public business registries.

2.4 Sensitive personal information

In general, we do not process sensitive personal information (such as government ID numbers, racial or ethnic origin, religious beliefs, biometric data, or health information). To the extent we process driver's license numbers, banking information, or other regulated information necessary to provide the Services, we treat such information with appropriate safeguards.

3. How we use information

We process your information for a variety of reasons, depending on how you interact with the Services. Specifically, we use information to:

• Provide, operate, maintain, and improve the Services;
• Create, authenticate, and manage user accounts;
• Match shippers with motor carriers, dispatch loads, track shipments, and provide proof-of-delivery;
• Process payments, settle carriers, and reconcile billing;
• Respond to inquiries, provide customer support, and resolve disputes;
• Send transactional communications (shipment status, payment receipts, account alerts);
• Send marketing communications (with your separate consent), event invitations, and surveys;
• Operate and improve our AI-driven dispatch, pricing, and routing systems;
• Conduct analytics and research to understand and improve the Services;
• Protect the security and integrity of the Services and prevent fraud or abuse;
• Comply with our legal obligations, respond to lawful requests, and exercise or defend our legal rights.

4. Legal bases for processing (EU / UK)

If you are located in the European Economic Area, United Kingdom, or Switzerland, we rely on the following legal bases to process your personal information:

• Performance of a contract: when processing is necessary to provide the Services you have requested;
• Legitimate interests: when processing is necessary for our legitimate business interests (such as fraud prevention, security, analytics, improving the Services) and these interests are not overridden by your rights and freedoms;
• Consent: when you have given us consent to process your information for a specific purpose (such as marketing communications, certain cookies, or SMS messaging);
• Legal obligation: when we are required to process the information to comply with applicable law.

5. When and with whom we share your information

We do not sell personal information. We may share information in the following limited situations and with the following parties:

• Service providers: with vendors, consultants, and other service providers who need access to perform work on our behalf (cloud hosting, payment processing, SMS providers, mapping services, customer support tools, analytics). These parties are bound by confidentiality and data protection obligations and may only use the information to provide services to us;
• Carriers, shippers, and partners: with motor carriers and shippers as necessary to arrange, perform, track, and bill the shipment of goods;
• Integration partners: with the TMS, ELD, EDI, factoring, or other systems you have connected to your account at your direction;
• Business transfers: in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business by another company;
• Legal compliance and protection: when required by law, regulation, legal process (such as a subpoena, court order, or government request), or to protect the rights, property, or safety of WARP, our users, or others.

6. Cookies and similar tracking technologies

We use cookies, pixels, local storage, and similar technologies to operate and analyze the Services. Cookies are small data files that are placed on your device when you visit a website. We use:

• Strictly necessary cookies: required for the Services to function (e.g., authentication, security);
• Functional cookies: remember your preferences and personalize your experience;
• Analytics cookies: help us understand how visitors use the Services so we can improve them;
• Marketing cookies: used (with your consent where required) to deliver relevant advertising.

You can control cookies through your browser settings or, where applicable, our cookie preferences banner. Disabling certain cookies may limit your ability to use parts of the Services.

7. Third-party services

The Services may contain links to or integrate with third-party services (such as payment processors, mapping providers, ELD providers, factoring companies, and SMS providers). We are not responsible for the privacy practices of those third parties; their use of your information is governed by their own privacy policies.

8. International data transfers

WARP is based in the United States and processes information in the United States and other countries where our service providers operate. If you are located outside the United States, your information may be transferred to, stored, and processed in countries that have different data-protection laws than your country of residence. Where required by law (such as for EU/UK transfers), we rely on appropriate safeguards (such as the EU Standard Contractual Clauses).

9. How long we keep your information

We retain personal information only for as long as is necessary to fulfill the purposes described in this Notice, unless a longer retention period is required or permitted by law (such as tax, accounting, regulatory, insurance, or legal requirements applicable to motor carrier and broker operations under the FMCSA and IRS).

When we no longer have a legitimate business need to process your personal information, we will either delete or anonymize it. If this is not possible (for example, because the information has been stored in backup archives), we will securely store the information and isolate it from any further processing until deletion is possible.

10. How we keep your information safe

We have implemented appropriate and reasonable technical and organizational security measures designed to protect the confidentiality, integrity, and availability of your personal information. These measures include access controls, encryption in transit and at rest (where appropriate), network segmentation, audit logging, employee training, and vendor management.

However, no electronic transmission over the Internet or storage method can be guaranteed to be 100% secure. We cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information. Although we will do our best to protect your personal information, transmission of personal information to and from our Services is at your own risk.

11. Children's privacy

The Services are not directed to children under 18 years of age. We do not knowingly solicit data from, or market to, children under 18. By using the Services, you represent that you are at least 18 or that you are the parent or guardian of such a minor and consent to the minor dependent's use of the Services. If we learn that personal information from users less than 18 years of age has been collected, we will deactivate the account and take reasonable measures to promptly delete such data from our records. If you become aware of any data we may have collected from children under 18, please contact us at privacy@wearewarp.com.

12. Your privacy rights

Depending on where you are located, applicable privacy laws may give you certain rights regarding your personal information. These rights generally include the right to:

• Access: request a copy of the personal information we hold about you;
• Rectification: request correction of inaccurate or incomplete information;
• Erasure / Deletion: request that we delete certain personal information about you;
• Restriction: request that we restrict the processing of your personal information;
• Portability: receive your personal information in a structured, commonly used, machine-readable format;
• Objection: object to certain types of processing, including processing for direct marketing;
• Withdraw consent: where we rely on your consent, withdraw it at any time (without affecting the lawfulness of processing prior to withdrawal).

You can exercise these rights by contacting us at privacy@wearewarp.com or via our data subject request form at wearewarp.com/contact-us. We will consider and act upon any request in accordance with applicable data protection laws and may require verification of your identity before responding.

13. California residents (CCPA / CPRA)

If you are a California resident, the California Consumer Privacy Act, as amended by the California Privacy Rights Act ("CCPA/CPRA"), provides you with additional rights regarding our use of your personal information.

In the preceding twelve (12) months, we have collected the categories of personal information described in Section 2 (Information we collect). We use this information for the purposes described in Section 3 (How we use information). We disclose information to the parties described in Section 5 (When and with whom we share your information). We do not sell personal information and have not sold personal information in the preceding twelve months. We do not knowingly sell or share the personal information of minors under 16.

California residents have the right to:

• Request to know what personal information we have collected, used, disclosed, and (if applicable) sold or shared about them;
• Request deletion of personal information;
• Request correction of inaccurate personal information;
• Opt out of the sale or sharing of personal information (although, as noted, we do not sell or share);
• Limit the use of sensitive personal information;
• Not be discriminated against for exercising your CCPA rights.

To exercise these rights, please email privacy@wearewarp.com. Authorized agents may submit a request on your behalf, subject to verification.

In addition, under California Civil Code Section 1798.83 ("Shine the Light"), California residents may request, once per year, free of charge, information about categories of personal information (if any) we disclosed to third parties for direct marketing purposes in the preceding calendar year. Submit your request in writing to the address below.

14. EU / UK residents (GDPR / UK GDPR)

If you are located in the European Economic Area, the United Kingdom, or Switzerland, the General Data Protection Regulation ("GDPR") and the UK GDPR apply to our processing of your personal information. We rely on the legal bases described in Section 4. You have the rights described in Section 12 above and the right to lodge a complaint with your local data protection supervisory authority. EEA authorities are listed at ec.europa.eu/justice/data-protection, and Swiss authorities are listed at edoeb.admin.ch.

15. Canada residents (PIPEDA)

If you are located in Canada, we process your information consistently with the Personal Information Protection and Electronic Documents Act ("PIPEDA") and applicable provincial laws. We may process your information with your express or implied consent. You may withdraw your consent at any time by contacting us. In limited circumstances, we may process your information without your consent — for example, for investigations, fraud detection, business transactions, witness statements, identifying injured persons, financial-abuse investigations, journalistic purposes, or publicly available information specified by regulations.

16. Other regions

If you are located in Australia, Brazil, Japan, Singapore, or other jurisdictions with comprehensive privacy laws, additional rights and obligations may apply. Please contact us if you have specific questions about how we handle your information in your jurisdiction.

17. Controls for Do-Not-Track features

Most web browsers and some mobile operating systems include a Do-Not-Track ("DNT") feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. At this stage, no uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this Notice.

18. Mobile information & SMS data

18.1 No sharing of mobile information with third parties

No mobile information collected as part of the WARP SMS program — including, without limitation, your mobile phone number, opt-in status, consent records, message content, message history, and message frequency preferences — is shared, sold, rented, leased, licensed, transferred, or otherwise disclosed to any third parties, affiliates, partners, marketing agencies, lead-generation services, or any other entity for any marketing, promotional, advertising, lead-generation, or affiliate-marketing purpose.

The only exception is sharing with subcontractors that strictly support our SMS messaging program (for example, our messaging platform provider Twilio), and only to the limited extent necessary to deliver, route, or troubleshoot the messages you have requested. These subcontractors are bound by written confidentiality and data-protection obligations and are prohibited from using your mobile information for their own marketing, advertising, or any secondary purpose.

WARP does not engage in affiliate marketing, lead generation, or the resale of mobile information collected through our SMS program. This restriction applies even if WARP is acquired, merged, or otherwise reorganized.

18.2 Opt-in workflow

SMS messaging from WARP is strictly opt-in. We obtain your express written consent through one of the following affirmative-consent workflows:

• Web and app registration: when you create an account or update your profile, you may choose to receive SMS notifications by entering your mobile phone number and actively checking an unchecked opt-in checkbox. The checkbox is never pre-selected, pre-checked, or defaulted to "yes"; you must affirmatively check it to consent. The opt-in form displays the type of messages you will receive, the expected message frequency, the disclosure that "Message and data rates may apply", the STOP and HELP keywords, and a link to this Privacy Notice and our Terms of Service. Consent to receive SMS is not a condition of creating an account, requesting a quote, booking a shipment, or purchasing any product or service from WARP.
• Keyword opt-in: by texting a published keyword (such as START, JOIN, or another program-specific keyword) to one of our short codes or long codes.
• Paper or in-person consent: when permitted, by signing a paper opt-in form or carrier-onboarding document that contains the same disclosures listed above and a link or QR code to this Privacy Notice.

You may withdraw consent and opt out at any time by replying STOP to any SMS you receive from us. After you send the STOP message, we will send a one-time confirmation message and you will no longer receive SMS from that program. To opt back in, reply START or contact support@wearewarp.com. For help, reply HELP or contact us at the same address.

18.3 Categories of SMS messages

The WARP SMS program is purely operational and transactional. We send only the following categories of messages, all of which are directly related to the freight transportation Services you have requested:

• Account alerts (two-factor authentication codes, password resets, security notifications);
• Shipment lifecycle notifications (dispatch, pickup, in-transit, delivery, exception, proof-of-delivery);
• Load offers and dispatch communications (for carriers and drivers);
• Payment and settlement notifications;
• Customer support replies.

We do not send marketing, promotional, advertising, sweepstakes, contest, affiliate, third-party-offer, or lead-generation SMS through the WARP SMS program.

For more details, see our Terms of Service — SMS Section.

19. Account information

If you would like to review or change the information in your account, or terminate your account, you can:

• Log in to your account at customer.wearewarp.com and update your profile settings;
• Contact us at support@wearewarp.com for assistance.

Upon a verified request to terminate your account, we will deactivate or delete your account and information from our active databases. However, we may retain some information in our files to prevent fraud, troubleshoot problems, assist with any investigations, enforce our legal terms, comply with applicable legal requirements, or fulfill records-retention obligations under the FMCSA, IRS, and similar bodies.

20. Updates to this notice

We may update this Privacy Notice from time to time. The updated version will be indicated by an updated "Last updated" date, and the updated version will be effective as soon as it is accessible. If we make material changes, we may notify you either by prominently posting a notice of such changes on our Services, by directly sending you a notification, or by other reasonable means. We encourage you to review this Notice periodically to be informed of how we are protecting your information.

21. Contact us

If you have any questions or comments about this Privacy Notice or our privacy practices, please contact us:

22. How to review, update, or delete the data we collect

Based on the applicable laws of your country, you may have the right to request access to the personal information we collect from you, change that information, or request its deletion. To request to review, update, or delete your personal information, please visit our data-subject request page: wearewarp.com/contact-us, or email privacy@wearewarp.com. We will respond to your request in accordance with applicable law and may request additional information to verify your identity.