This Privacy Policy describes how Hey Beth LLC (“Company,” “we,” “us,” or “our”), operator of the Hey Beth service (“Service”), collects, uses, discloses, and protects information in connection with the Service. This Policy applies to information collected through the Service, the Hey Beth website at heybeth.co, and related communications.
By using the Service, you (“Customer,” “Broker,” or “you”) consent to the practices described in this Policy. If you do not agree, do not use the Service.
This Policy is incorporated by reference into the Hey Beth Terms of Service. Capitalized terms not defined here have the meanings given in the Terms of Service.
This Policy describes our practices with respect to:
Customers: Freight brokers and their authorized personnel who create and operate Customer Accounts;
Carriers: Motor carriers, owner-operators, and other third parties whose communications with a Customer’s dedicated Beth email address are processed by the Service; and
Website Visitors: Persons who visit heybeth.co without creating a Customer Account.
We treat data from Customers and Carriers under different obligations because Customers have consented to this Policy and Carriers have not. Sections 3 and 4 describe each category specifically.
When you create or use a Customer Account, we collect:
Account Information: name, email address, phone number, brokerage name, brokerage address, MC number, and DOT number (where provided);
Payment Information: billing name, billing email, and payment method details (note: payment card information is collected, processed, and stored by Stripe, not by us; we receive only confirmation of payment and limited transaction metadata);
Configuration Data: rate guardrails, lane templates, escalation rules, voice/tone preferences, and other Customer Parameters configured by the Customer;
Communications with Us: support requests, demo bookings, email correspondence, feedback, and any information you share in conversation with the Company; and
Account Activity: dashboard usage, log-in times, feature usage, and similar information.
When the Customer connects a dedicated email address to Beth via Google OAuth, the Service receives access to that specific email inbox to perform its function. The Service:
Reads inbound email received at the dedicated email address, including sender information, subject lines, message bodies, attachments (where applicable), timestamps, and threading metadata;
Sends outbound email from the dedicated email address as configured by the Customer;
Does not access the Customer’s other Gmail inboxes, personal email accounts, Drive files, Calendar, or any Google service other than the connected dedicated inbox; and
Stores message content and metadata as necessary to provide the Service, subject to the retention practices in Section 8.
The Customer is responsible for setting up the dedicated email address such that only carrier-related inquiries are routed to it. The Company has no technical means to determine whether an email received at the dedicated address is from a Carrier, a personal contact, or any other party.
We collect technical and usage information automatically when you use the Service, including:
Device Information: browser type, operating system, IP address, screen resolution, and device identifiers;
Usage Information: pages visited, features used, time spent in the dashboard, and click patterns; and
Diagnostic Information: error logs, performance metrics, and crash reports.
Where the Service accesses Customer email through Google OAuth or related Google APIs, we use data obtained from the connected dedicated inbox only to provide, maintain, secure, support, debug, evaluate, and improve Hey Beth’s user-facing features, including email response handling, intent classification, routing, escalation, response quality, safety systems, and Customer-specific configuration. We do not use Google API data for advertising, unrelated research, unrelated products, sale of data, or training third-party foundation models.
When Carriers communicate with a Customer’s dedicated Beth email address, we receive and process the content of those communications, including:
Carrier Email Addresses: the address the Carrier uses to send email;
Carrier-Provided Information: MC numbers, DOT numbers, driver names, driver phone numbers, ETAs, equipment information, and any other content the Carrier includes in their communications;
Signature Block Information: company names, contact persons, phone numbers, and similar information present in Carrier email signatures; and
Communication Metadata: timestamps, subject lines, threading information, and routing data.
We do not have a direct relationship with Carriers. Carriers communicate with the Customer’s brokerage; the Service processes those communications on the Customer’s behalf. Specifically:
Carriers do not have accounts with the Company;
Carriers have not agreed to this Privacy Policy;
The Company does not provide Carriers with privacy disclosures;
Any obligations the Customer owes to Carriers regarding the use of their information (under contract, industry practice, or applicable law) remain the Customer’s responsibility under the Terms of Service; and
Any required disclosures to Carriers regarding the use of automated communications, including AI-assisted communications, are the Customer’s responsibility.
We use Carrier information only for purposes related to the Service, including to:
Provide the Service to the Customer who received the Carrier communication;
Interpret, classify, route, escalate, and generate Beth’s outbound responses to the specific Carrier in the specific communication thread;
Maintain a per-Customer database of past Carriers to enable Beth’s outbound capability (where the Customer’s configuration enables this);
Debug, evaluate, test, secure, and improve Beth-specific Service functions, including intent classification, routing, escalation logic, response quality, safety systems, prompt templates, and customer-specific configurations; and
Generate Service Improvement Data and aggregate or anonymized analytics in accordance with Sections 6 and 9.
We do not sell, rent, or share Carrier information with parties outside the subprocessors listed in Section 7, except as required by law, with the Customer’s instruction, or as otherwise described in this Policy.
We retain Carrier-provided information only as long as reasonably necessary for the purposes described in this Policy, including providing the Service, customer support, quality review, audit logging, dispute resolution, security, legal compliance, Service Improvement Data, and aggregate, anonymized, or de-identified analytics. After termination of the Customer Account, Carrier information may be deleted, de-identified, archived, or retained subject to the retention provisions and exceptions in Section 8.
We may maintain a general carrier-facing notice page at heybeth.co/carriers or a successor URL. The page may explain that freight brokers may use Hey Beth to assist with carrier email responses, that Hey Beth acts on behalf of broker customers, and that final booking remains subject to broker approval, carrier setup, and written rate confirmation. This general notice page is not a substitute for any disclosure that a Customer is legally required to provide to a Carrier.
We use the information described in Sections 3 and 4 to:
Provide the Service: operating Beth, processing email communications, generating responses, providing the dashboard, and similar core functions;
Communicate with Customers: sending operational notices, support responses, billing communications, product updates, and (with permission) marketing communications;
Improve the Service: analyzing usage patterns, debugging issues, developing new features, evaluating response quality, improving intent classification, improving routing and escalation logic, testing prompt and safety changes, and creating Service Improvement Data (using de-identified, aggregate, or anonymized data wherever practical);
Detect and Prevent Abuse: identifying suspicious activity, preventing fraud, enforcing the Terms of Service, and complying with legal obligations;
Comply with Law: responding to lawful requests, legal process, and regulatory inquiries; and
Maintain Aggregate Analytics: as described in Section 9.
We do not use Customer Data or Carrier information for purposes unrelated to the Service without obtaining additional consent.
The Service uses third-party large language models (“LLMs”) to interpret email content and generate responses. When the Service processes a Carrier communication or generates a response, the relevant content is sent to one or more LLM providers (currently Anthropic and OpenAI) for processing.
We do not use Customer Data or Carrier Communications to train, fine-tune, or improve third-party foundation models, general-purpose LLMs, or public AI models unless the Customer has expressly opted in or we update this Policy and obtain any consent required by applicable law. Specifically:
The Company uses third-party LLM APIs at inference time to operate the Service;
The Company selects LLM providers and API tiers that, under their commercial terms, do not use API-submitted data to train or improve their general models by default;
The Company periodically verifies its LLM providers’ applicable data-use terms; and
The Company does not authorize employees or contractors to paste raw Customer Data or raw Carrier Communications into unapproved consumer AI tools or non-approved AI systems.
However, the Service necessarily uses Customer Data and Carrier Communications to operate and improve Hey Beth-specific functionality. We may use Customer Data, Carrier Communications, and Service Improvement Data to provide, maintain, secure, debug, evaluate, test, and improve the Service, including intent classifiers, routing logic, escalation systems, response-quality systems, prompt templates, safety systems, customer-specific configurations, and other Service-specific machine-learning or rules-based components.
“Service Improvement Data” means labels, annotations, classifications, routing outcomes, quality-assurance notes, error reports, evaluation records, prompt-test results, safety-system outputs, de-identified excerpts, aggregate metrics, and other data or metadata derived from Customer Data or Carrier Communications and used to provide, maintain, secure, debug, evaluate, test, or improve the Service.
Raw Customer Data and raw Carrier Communications may be accessed and used only for permitted business purposes, including providing the Service, support, troubleshooting, quality review, security, abuse prevention, customer-specific tuning, classifier evaluation, error analysis, and legal compliance. We use commercially reasonable access controls and data-minimization practices for such access.
LLM providers may temporarily process and cache submitted content as necessary to generate responses. This processing is governed by the LLM providers’ own terms and privacy policies, which are referenced in Section 7.
The Customer controls Beth’s behavior through configured parameters. The Customer may, at any time, pause Beth, override individual decisions, modify parameters, or terminate the Service. Beth makes autonomous decisions only within the bounds the Customer has configured.
We use the following third-party service providers (“Subprocessors”) to operate the Service. Each Subprocessor is contractually bound to protect data consistent with this Policy:
| Subprocessor | Purpose | Data Processed | Location |
|---|---|---|---|
| Anthropic | AI inference (Claude API) | Email content for response generation | United States |
| OpenAI | AI inference fallback (GPT API) | Email content for response generation | United States |
| Supabase | Database and authentication | All Customer Data and Carrier Communications | United States |
| Stripe | Payment processing | Billing information, transaction data | United States |
| Replit | Application hosting | All processed data | United States |
| Google (Gmail API) | Email inbox access | Email content via OAuth | United States |
| Plausible Analytics | Website analytics | Aggregated, anonymized site usage data | European Union (privacy-compliant) |
We maintain an updated Subprocessor list at heybeth.co/subprocessors. We may add or change Subprocessors from time to time. Material changes will be communicated to Customers via email or dashboard notice with reasonable advance notice.
We retain information for as long as reasonably necessary to provide, maintain, secure, support, debug, evaluate, and improve the Service; comply with legal, tax, accounting, security, audit, and contractual obligations; resolve disputes; enforce our agreements; prevent fraud or abuse; maintain business records; and exercise or defend legal rights.
We do not promise blanket automatic deletion of all Customer Data or Carrier Communications immediately upon account termination. Retention periods may vary based on the type of information, the purpose for retention, the Customer’s account status, legal requirements, backup practices, security needs, and whether a dispute, investigation, legal hold, or compliance obligation exists.
Subject to the exceptions in this Policy, our typical retention practices are:
Customer Account, Configuration, and Operational Data: retained while the Customer Account is active and for a reasonable period afterward as needed for account administration, export support, dispute resolution, audit, security, legal compliance, and legitimate business purposes;
Carrier Communications: retained while operationally useful for the Customer’s use of the Service, customer support, audit logs, dispute resolution, service improvement, security, and compliance purposes;
Billing, Tax, Contract, and Terms-Acceptance Records: retained as required or appropriate for legal, tax, accounting, corporate, and contract-enforcement purposes, which may be 4-7 years or longer where required by law or legal process;
Security, Diagnostic, and Audit Logs: retained for a period reasonably necessary for security, troubleshooting, fraud prevention, abuse prevention, audit, legal compliance, and incident response;
Service Improvement Data, Aggregate Data, Anonymized Data, and De-identified Data: may be retained indefinitely, provided it is not retained or disclosed in a manner that identifies a Customer, Carrier, or specific communication except where retention is otherwise permitted by this Policy; and
Backups and Disaster-Recovery Copies: retained until overwritten, deleted, or otherwise removed through ordinary backup rotation and disaster-recovery practices.
After termination, cancellation, or deactivation of a Customer Account, we may delete, de-identify, archive, or retain Customer Data and Carrier Communications according to this Policy and our then-current retention practices. We may retain information where reasonably necessary for legal, tax, accounting, security, fraud prevention, abuse prevention, audit, dispute, backup, business-continuity, Service Improvement Data, aggregate, anonymized, de-identified, or compliance purposes.
Customer is responsible for exporting or preserving any records it needs for broker recordkeeping, legal, tax, regulatory, operational, or compliance purposes before terminating the Service. We are not obligated to retain or restore Customer Data after termination unless expressly agreed in writing.
The Customer may request deletion of eligible Customer Data via the dashboard or by emailing sam@heybeth.co. We will respond within the timeframe required by applicable law. We may deny, limit, or delay deletion where retention is permitted or required for legal, tax, accounting, security, fraud prevention, abuse prevention, audit, backup, dispute resolution, contract enforcement, Service Improvement Data, aggregate, anonymized, de-identified, or other legitimate business purposes described in this Policy.
We collect and use aggregate and anonymized data derived from the operation of the Service for purposes including analytics, marketing, product improvement, and research. Aggregate and anonymized data does not identify any specific Customer, Carrier, or communication.
Examples of aggregate data we may publish or use:
Median response times across all conversations;
Total conversation volumes across all Customers;
Solo-handling rates and other operational metrics;
Language distribution of processed communications;
Carrier intent classification distributions; and
Trend data over time.
We maintain an internal threshold for aggregation: no published aggregate statistic will be derived from a sample so small that individual Customers or Carriers could be identified by inference.
We do not sell, rent, or trade Customer Data or Carrier Communications to any third party for any purpose. We have not done so in the prior 12 months and have no plans to do so.
We disclose information to Subprocessors as necessary to operate the Service, subject to confidentiality and data protection obligations as described in Section 7.
We may disclose information if required by law, legal process, or governmental request, including:
Subpoenas, court orders, or other legal process;
Investigations of fraud, security incidents, or violations of the Terms of Service;
Establishing or exercising the Company’s legal rights or defenses; and
Protecting the rights, property, or safety of the Company, Customers, or others.
Where legally permitted, we will notify the affected Customer prior to making any disclosure.
If the Company is involved in a merger, acquisition, asset sale, bankruptcy, or similar transaction, Customer Data and Carrier Communications may be transferred to the successor entity, subject to this Policy or a successor policy that provides equivalent or greater protection. Customers will be notified of any such transfer.
The Service is intended for US-based Customers and is operated from the United States. We do not actively market the Service to Customers outside the United States. Customer Data and Carrier Communications are stored on United States-based infrastructure (with the exception of Plausible Analytics, which is EU-hosted but processes only aggregate, anonymized site analytics).
If a Carrier communicating with a Customer’s dedicated email address is located outside the United States, their communications may be processed by the Service. The Customer is responsible for any obligations arising from international data transfers triggered by such Carrier communications.
We do not maintain GDPR, UK GDPR, or PIPEDA compliance programs. Customers operating in or transferring data from jurisdictions with such requirements should consult their own legal counsel.
The Service is intended for business use by adult freight broker professionals. We do not knowingly collect information from children under 13 years of age (or the relevant minimum age in the Customer’s jurisdiction). If we become aware that we have collected such information, we will delete it promptly. If you believe we have collected information from a child, please contact us at sam@heybeth.co.
California residents and residents of other states with comparable privacy laws have the following rights with respect to their personal information:
Right to Know: request information about the categories and specific pieces of personal information we have collected;
Right to Access: receive a copy of the personal information we hold about you;
Right to Delete: request deletion of your personal information, subject to legal retention requirements (see Section 8.2(d));
Right to Correct: request correction of inaccurate personal information;
Right to Opt Out: opt out of any sale or sharing of personal information (note: we do not sell or share personal information; see Section 10.1);
Right to Non-Discrimination: we will not discriminate against you for exercising any of these rights; and
Right to Designate an Agent: California residents may authorize an agent to make requests on their behalf.
To exercise any of these rights, contact us at sam@heybeth.co. We will respond within 45 days, with up to a 45-day extension where reasonably necessary. We may need to verify your identity before processing requests.
These rights apply to personal information of Customers and, where applicable, Carriers. Carrier-side requests should generally be directed to the Customer through whom the Carrier communicated, as the Customer is the party with the operational relationship to the Carrier. We will assist the Customer in fulfilling such requests as needed.
We use limited cookies and tracking technologies on the Hey Beth website and dashboard:
Essential Cookies: required for authentication, security, and basic Service functionality. These cannot be disabled.
Plausible Analytics: we use Plausible, a privacy-friendly analytics service, to understand how the website is used. Plausible does not use cookies, does not track users across sites, and processes only aggregated, anonymized data. No cookie consent banner is required for Plausible’s use.
No Third-Party Advertising or Cross-Site Tracking: we do not use Google Analytics, Facebook Pixel, or similar tracking technologies. We do not participate in cross-site advertising networks. We do not engage in “sale” or “sharing” of personal information under CCPA’s definitions.
You can control cookies through your browser settings, though disabling essential cookies will impair the Service.
We implement administrative, technical, and physical safeguards designed to protect personal information. Our security practices include:
Encryption in Transit: all data transmitted between Customers, the Service, and Subprocessors is encrypted using TLS;
Encryption at Rest: data stored in our databases is encrypted using industry-standard methods;
Access Controls: access to production data is limited to authorized personnel and protected by authentication controls;
OAuth Token Security: Customer Gmail OAuth tokens are stored encrypted and accessed only as needed to process email;
Subprocessor Vetting: we use established Subprocessors with their own security programs (see Section 7); and
Incident Response: we maintain an incident response process to address security events promptly.
No system is fully secure. We cannot guarantee absolute security. In the event of a data breach affecting Customer or Carrier information, we will notify affected Customers as required by applicable law and consistent with the severity of the incident.
We do not claim compliance with HIPAA, PCI DSS, SOC 2, ISO 27001, or any other formal security certification. Our infrastructure providers (notably Stripe for payments) maintain their own certifications, and we rely on those certifications for the relevant data they process.
We may update this Policy from time to time. When we make material changes, we will:
Update the “Last Updated” date at the bottom of this Policy;
Notify Customers via email to the account email address or via prominent notice in the dashboard; and
Where required by law, obtain affirmative consent for the change.
Continued use of the Service after the effective date of an update constitutes acceptance of the updated Policy, except where applicable law requires affirmative consent.
When a Customer creates an account, connects a dedicated email inbox, checks an “I agree” box, clicks an acceptance button, or uses the Service after being presented with this Policy and the Terms of Service, the Customer consents to the Company’s collection, use, disclosure, retention, and processing practices described in this Policy.
We may maintain records of the Customer’s acceptance and consent, including the accepted document version, timestamp, account email, organization name, IP address, user identifier, and related onboarding acknowledgments. We use those records to demonstrate consent, authorization, account activity, legal compliance, and enforcement of the Terms of Service.
Questions, requests, or concerns regarding this Policy may be directed to:
Hey Beth LLC Attention: Privacy sam@heybeth.co 2521 Stony Creek Road, Lansdale, PA 19446
Last Updated: June 18, 2026 Version: 2.0 — Effective June 18, 2026