Privacy Policy

MANAGEMENT APPLICATION FOR ROUTE STRATEGY SRL ("MARS", "we", "us", or "our") operates the MARS platform, accessible at marsapp.ai and through our mobile applications (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.

1. Information We Collect

1.1 Personal Information

When you register or use the Service, we may collect:

• Name, email address, phone number
• Company name, address, and tax identification number (CUI/VAT)
• Driver license information and professional qualifications
• Login credentials (passwords are hashed and never stored in plain text)

1.2 Location Data

Our mobile application collects precise GPS location data to provide real-time vehicle tracking and geofence-based arrival/departure detection. Location data is collected:

• Foreground: When the app is actively in use
• Background: When a driver has an active transport assignment (required for continuous tracking)

Background location tracking is only active during assigned transports and can be disabled by the driver when not on duty. Location data is associated with the transport and retained as part of the transport history.

1.3 Usage Data

We automatically collect certain information when you use the Service, including:

• Device type, operating system, and browser type
• IP address and general geographic location
• Pages visited and features used
• Date and time of access

1.4 Transport and Business Data

We process data related to your transport operations, including:

• Shipment details (origin, destination, cargo description)
• Vehicle and fleet information
• Driver hours and rest period records
• Documents (CMR, delivery notes, photographs)
• Communication records within the platform

1.5 Camera and Photos

Our mobile application accesses your device camera to capture photographs of transport documents (CMR, proof of delivery, cargo condition photos). Photos are uploaded to our servers, associated with the relevant transport record, and retained as part of the transport history. You will be prompted for camera permission before first use. You can revoke camera access at any time through your device's Settings.

1.6 Push Notification Tokens

When you enable push notifications, we collect a device token (a unique identifier issued by Apple or Google) to deliver transport status updates, assignment alerts, and messages to your device. These tokens are stored securely on our servers and shared with our push notification delivery service (see Section 3). You can disable push notifications at any time through your device's Settings.

1.7 Phone Number for Authentication

If you use phone-based login (available for drivers), we collect your phone number to send one-time verification codes via SMS. Your phone number is stored as part of your account profile and is not shared with third parties for marketing purposes.

2. How We Use Your Information

We use collected information to:

• Provide, maintain, and improve the Service
• Process transport operations and calculate accurate ETAs
• Track vehicle positions and detect geofence arrivals/departures
• Send notifications via email, WhatsApp, and push notifications
• Ensure compliance with EU Regulation 561/2006 (driver hours)
• Verify carrier credentials and business documentation
• Provide customer support
• Detect and prevent fraud or security issues
• Comply with legal obligations

3. Legal Basis for Processing (GDPR)

We process your personal data on the following legal grounds:

• Performance of contract: Providing the Service, processing transports, calculating ETAs, managing fleet and driver assignments, facilitating marketplace transactions.
• Legitimate interest: Platform security, fraud prevention, service improvement, anonymous usage analytics, push notification delivery for operational alerts.
• Consent: Background location tracking (drivers), camera access for document photos, push notification preferences, marketing communications.
• Legal obligation: Retention of transport records and driver hours data under EU transport regulations (Regulation 561/2006), tax record retention, responding to lawful requests from authorities.

Where processing is based on consent, you may withdraw your consent at any time. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal. You can withdraw consent by adjusting your device permissions in Settings, contacting us at support@marsapp.ai, or using the in-app settings. Please note that withdrawing certain permissions (such as location) may affect the designed functionality of the Service.

4. Data Sharing and Disclosure

We may share your information with:

• Your organization: Data is shared within your company's account as configured by your administrator
• Transport participants: Relevant transport data is shared with parties involved in a shipment (shippers, carriers, drivers, clients)
• Service providers: Third-party services that help us operate the platform, as listed below
• Legal requirements: When required by law, regulation, or legal process

We do not sell your personal information to third parties.

4.1 Third-Party Service Providers

We use the following categories of service providers, who process data on our behalf under appropriate data processing agreements:

• Cloud hosting & storage: Microsoft Azure (EU region) — application hosting, database, file storage
• Mapping & routing: PTV Group (PTV Developer) — route calculation, distance and ETA computation
• Push notifications: Expo Application Services — delivery of push notifications to mobile devices
• Email delivery: Resend — transactional emails (alerts, password resets, reports)
• WhatsApp messaging: Twilio — transport status notifications via WhatsApp
• SMS delivery: Twilio — one-time verification codes for driver phone login

Each provider processes only the minimum data necessary for its function and is contractually bound to protect your data.

5. International Data Transfers

Our primary infrastructure is hosted in the European Union (Microsoft Azure, EU region). However, some of our service providers may process data outside the European Economic Area (EEA), including in the United States (Twilio, Resend, Expo).

Where data is transferred outside the EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission and, where applicable, the EU-US Data Privacy Framework certification of the receiving party.

6. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. Transport records and associated data are retained for the duration required by applicable transport and tax regulations (typically 5 years). You may request deletion of your account and personal data at any time by contacting us.

7. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

• Encryption of data in transit (TLS/HTTPS)
• Hashed password storage
• Multi-tenant data isolation with row-level security
• Regular security assessments

While we strive to protect your information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

8. Your Rights (GDPR)

If you are located in the European Economic Area, you have the right to:

• Access your personal data
• Rectify inaccurate or incomplete data
• Erase your personal data ("right to be forgotten")
• Restrict processing of your data
• Data portability — receive your data in a structured, machine-readable format
• Object to processing based on legitimate interests
• Withdraw consent at any time where processing is based on consent

To exercise any of these rights, contact us at support@marsapp.ai. We will respond within 30 days.

You also have the right to lodge a complaint with the Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) at www.dataprotection.ro, or with your local supervisory authority if you are located in another EU/EEA member state.

9. Device Permissions

Our mobile application may request the following device permissions. You will be prompted before each permission is first used, and you can change these at any time through your device's Settings app:

• Location (foreground & background): Required for real-time vehicle tracking during active transports. Background location is only active when a driver has an assigned transport. Disabling location access will prevent tracking features from working.
• Camera: Used to capture photos of transport documents and delivery proof. Disabling camera access will prevent document photo features.
• Push notifications: Used for transport status alerts, assignment notifications, and messages. Disabling notifications will prevent real-time alerts.
• Photo library: Used to attach existing photos to transport documents.

10. Cookies

The Service uses essential cookies and local storage for authentication and session management. We do not use third-party advertising or analytics cookies.

11. Children's Privacy

The Service is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal data, please contact us so we can take appropriate action.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. Continued use of the Service after changes constitutes acceptance of the revised policy.

13. Contact Us

If you have questions about this Privacy Policy, please contact us:

• Email: support@marsapp.ai
• Company: MANAGEMENT APPLICATION FOR ROUTE STRATEGY SRL
• Address: Str. Simion Barnutiu Nr. 34, Timisoara, Romania
• CUI: 43486371