Privacy Policy — Logisticx Exchange
**Last updated: March 2026**
> This privacy policy applies to the Logisticx Exchange platform (logisticxexchange.com), operated by Logisticx Exchange Ltd ("we", "us", "our"). We are committed to protecting your personal data and complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
---
## 1. Who We Are
Logisticx Exchange is a UK-based logistics marketplace platform that connects shipping and courier companies with independent freelance drivers. Our platform allows companies to post delivery jobs, drivers to place bids, and both parties to manage jobs, invoices, and financial records in one place.
For data protection purposes, Logisticx Exchange Ltd is the
**data controller** responsible for your personal data.
**Contact:**
Email: info@logisticx.co.uk
---
## 2. What Data We Collect
### 2.1 Account Data (all users)
| Data | Purpose |
|---|---|
| Full name or company name | Identifying you on the platform |
| Email address | Login, account communications, notifications |
| Password (stored as a secure hash — never in plain text) | Authentication |
| Account role (Shipping Company / Freelance Driver / Driver Plus) | Determining platform access and features |
### 2.2 Profile Data (all users)
| Data | Purpose |
|---|---|
| Street address, city, county, postcode | Profile completion; displayed to counterparties on jobs |
| Telephone number | Contact details; displayed to counterparties on jobs |
### 2.3 Company Details (Shipping Company and Driver Plus accounts)
| Data | Purpose |
|---|---|
| Company registration number | Displayed on invoices and profile |
| VAT number | VAT calculation on invoices |
| Company website | Profile display |
| Company type and size | Profile display |
### 2.4 Driver Details (Freelance Driver and Driver Plus accounts)
| Data | Purpose |
|---|---|
| Vehicle type, registration, and size | Displayed to companies when bidding |
| Bank account name, account number, sort code | Displayed on invoices for payment purposes |
| VAT number (if registered) | VAT calculation on invoices |
### 2.5 Job and Transaction Data
| Data | Purpose |
|---|---|
| Job titles, descriptions, pickup and delivery addresses | Operating the platform |
| Job requirements (ADR, Refrigeration, Wide Load, AOG, vehicle size, weight) | Matching jobs to suitable drivers |
| Scheduled dates and job references | Managing the job lifecycle |
| Bid amounts and notes | The bidding process |
| Job status history | Tracking job progress |
| Proof of delivery — signature text and timestamp | Confirming delivery completion |
| Invoice data (amounts, VAT, line items, payment status) | Financial records for both parties |
### 2.6 Technical Data
| Data | Purpose |
|---|---|
| Login timestamps and session tokens (JWT) | Authentication and single-session enforcement |
| Audit log entries (action, entity, timestamp, user) | Platform integrity and dispute resolution |
| IP address (via standard web server logs) | Security and abuse prevention |
---
## 3. How We Use Your Data
We use your personal data for the following purposes and legal bases:
| Purpose | Legal Basis |
|---|---|
| Providing the platform and its features | **Contract** — necessary to perform our service to you |
| Processing jobs, bids, and invoices | **Contract** |
| Sending email notifications (bid awarded, invoice created, etc.) | **Contract** |
| Enforcing single-session security (token versioning) | **Legitimate interests** — protecting your account |
| Audit logging for dispute resolution | **Legitimate interests** — platform integrity |
| Rate limiting and abuse prevention | **Legitimate interests** — platform security |
| Monitoring platform performance (Prometheus/Grafana — anonymised metrics only) | **Legitimate interests** — service reliability |
| Complying with legal obligations | **Legal obligation** |
We do
**not** use your data for advertising, profiling, or sell it to third parties.
---
## 4. Who We Share Your Data With
### Other Platform Users
To operate the marketplace, certain data is visible to other users:
-
**Drivers** can see job details (title, description, addresses, requirements) posted by companies
- **Companies** can see a driver's name, vehicle details, and bid amount when reviewing bids
- **Both parties** can see each other's contact details (name, address, telephone, email) once a job is awarded — this is necessary to fulfil the delivery
- **Invoice data** is shared between the company and driver on a completed job
### Service Providers
We use the following third-party services to operate the platform:
| Provider | Purpose | Data shared |
|---|---|---|
| Cloud VPS provider (Hetzner) | Hosting the platform | All platform data (stored on their servers) |
| Let's Encrypt | SSL certificate issuance | Domain name only |
| OpenStreetMap / Nominatim | Map and address geocoding | Job pickup and delivery addresses |
| OSRM | Route calculation | Job pickup and delivery addresses |
We do not currently use any analytics, advertising, or social media tracking services.
### Legal Requirements
We may disclose your data if required to do so by law, court order, or a regulatory authority.
---
## 5. Bank Account Details
Drivers provide bank account details (account name, account number, sort code) for the purpose of displaying payment information on invoices. This data is:
- Stored securely in our database
- Displayed only on invoices visible to the specific company that engaged the driver
- Never transmitted to any payment processor (all payments are currently arranged directly between company and driver)
- Never shared with any third party beyond the counterparty on a job
---
## 6. Data Retention
We retain your data for as long as your account is active. If you close your account:
| Data | Retention |
|---|---|
| Account and profile data | Deleted within 30 days of account closure |
| Job and invoice records | Retained for 7 years (UK legal requirement for financial records) |
| Audit logs | Retained for 2 years |
| Server access logs | Retained for 90 days |
---
## 7. Data Security
We take the following measures to protect your data:
- Passwords are hashed using bcrypt — never stored in plain text
- All data in transit is encrypted via HTTPS (TLS) using Let's Encrypt certificates
- The database is not publicly accessible — it runs on an internal Docker network
- JWT tokens expire after 7 days; only one active session is permitted per account at a time (token versioning)
- API rate limiting prevents brute-force attacks (10 login attempts per minute per IP)
- Access to the server and database is restricted to authorised personnel only
No method of transmission or storage is 100% secure. If you become aware of any security issue, please contact us immediately at info@logisticx.co.uk.
---
## 8. Cookies and Local Storage
We do not use tracking cookies.
The platform uses
**browser localStorage** to store:
| Item | Purpose |
|---|---|
| JWT access token | Keeping you logged in between page loads |
| User details (name, email, role, profile status) | Displaying your name and routing you to the correct pages |
| Admin token (admin users only) | Keeping admin sessions separate from regular user sessions |
This data is stored only in your browser and is cleared when you sign out.
---
## 9. Your Rights Under UK GDPR
You have the following rights regarding your personal data:
| Right | What it means |
|---|---|
| **Access** | Request a copy of all personal data we hold about you |
| **Rectification** | Ask us to correct inaccurate or incomplete data |
| **Erasure** | Ask us to delete your data (subject to legal retention obligations) |
| **Restriction** | Ask us to restrict processing of your data in certain circumstances |
| **Portability** | Receive your data in a structured, machine-readable format |
| **Objection** | Object to processing based on legitimate interests |
| **Withdraw consent** | Where processing is based on consent, withdraw it at any time |
To exercise any of these rights, contact us at
**info@logisticx.co.uk**. We will respond within
**30 days**.
You also have the right to lodge a complaint with the
**Information Commissioner's Office (ICO)**:
- Website: ico.org.uk
- Phone: 0303 123 1113
---
## 10. Children
Logisticx Exchange is a professional B2B platform intended for use by businesses and adults (18+) operating in the logistics industry. We do not knowingly collect data from anyone under the age of 18.
---
## 11. Changes to This Policy
We may update this privacy policy from time to time. When we do, we will update the "Last updated" date at the top of this page and, where the changes are significant, notify users by email.
---
## 12. Contact Us
For any questions, requests, or concerns about this privacy policy or how we handle your data:
**Email:** info@logisticx.co.uk
