Hop And Haul Policies

Appearance

Data Classification & Handling Policy

Document ID: PLCY-DATA-001
Effective Date: December 22, 2025
Last Review: December 22, 2025
Owner: Hop And Haul Team

CONFIDENTIAL

This document is CONFIDENTIAL and for internal use only. Do not distribute outside the organization.

1. Purpose

This policy defines how Hop And Haul classifies, handles, stores, and disposes of data to ensure compliance with SOC II Trust Service Criteria for Confidentiality and Privacy.

2. Data Classification Levels

2.1 Classification Tiers

LevelDescriptionExamplesHandling Requirements
RestrictedHighly sensitive, limited accessN/A - Hop And Haul does not handle this tierN/A
ConfidentialPII requiring protectionDriver ID, name, email, phoneEncrypted, masked, access-logged
InternalOperational dataGPS traces, routes, ride metadataEncrypted, role-based access
PublicNon-sensitiveSystem documentationNo restrictions

3. Data Elements by Classification

3.1 Confidential (Moderate PII)

Data ElementCollection PurposeMasking AppliedRetention
Driver IDInternal identificationNever exposed externally24 months
First name + last initialDisplay to matched driverFull name never shown24 months
Company emailAuthentication, notificationsTruncated in logs24 months
Employee IDHR system linkageInternal only24 months
Phone numberContact during rideMasked after match24 months

3.2 Internal (Operational)

Data ElementCollection PurposeRetention
Pickup location (lat/long)Route matching6-12 months
Drop-off locationRoute matching6-12 months
Time windowScheduling6-12 months
Reason codeOperations tracking24 months
GPS tracesRoute monitoring6-12 months
Route deviationsSafety monitoring12 months
Unplanned stopsSafety monitoring12 months

3.3 Transactional

Data ElementCollection PurposeRetention
Acceptance logsAudit trail24 months
Ride metadataOperations record24 months
Payment recordsFinancial reconciliation24 months

3.4 Quality Metrics

Data ElementCollection PurposeRetention
Cleanliness ratingsOperational qualityEmployment + 1 year
Conduct ratingsOperational qualityEmployment + 1 year
Safety ratingsOperational qualityEmployment + 1 year
Communication ratingsOperational qualityEmployment + 1 year

4. Data Minimization Principles

4.1 Collect Only What Is Necessary

Hop And Haul adheres to minimum necessary data collection:

Collected:

  • Driver ID (internal, NOT SSN)
  • First name + last initial (NOT full name)
  • Company email / employee ID
  • Phone (masked after match)
  • Pickup/drop-off as lat/long (NOT free text addresses)
  • Reason codes (standardized list)

Explicitly NOT Collected:

  • Social Security Numbers
  • Medical data
  • Exact DOT logs (HOS verified via API, not stored)
  • Disciplinary history
  • Personal addresses
  • Biometric data
  • Health conditions
  • Religious or political affiliations

4.2 Compliance Basis

All collected data falls under legitimate business purpose:

  • Operational necessity for driver transport
  • DOT/FMCSA compliance verification
  • Company authorization documentation
  • Financial reconciliation

5. Data Masking Requirements

5.1 Masking Rules

Data ElementPre-Match DisplayPost-Match DisplayIn Logs
Driver nameNot shownFirst + Last InitialTokenized
Phone numberNot shownMasked (XXX-XXX-1234)Hashed
LocationFuzzed (1-2 mi radius)Precise (for pickup)Lat/long only
Drop-offDirection only (city)PreciseLat/long only

5.2 Location Fuzzification

Before match acceptance:

  • Pickup shown as approximate radius (1-2 miles)
  • Drop-off shown as direction/region only
  • Full routes NEVER exposed to requesting driver

After match acceptance:

  • Precise pickup location provided
  • Full route visible to matched parties only

6. Data Retention Schedule

See PLCY-RET-001 Records Retention Policy for authoritative retention schedule.

Summary of applicable retention periods:

Data CategoryRetention PeriodJustificationDisposal Method
Ride metadata24 monthsDOT audit coverageSecure deletion
GPS traces12 monthsOperational disputesSecure deletion
Acceptance logs24 monthsInsurance/legalSecure deletion
Ratings (aggregated)Employment + 1 yearTraining follow-upAnonymization
Payment records24 monthsIRS requirementsSecure deletion
System logs12 monthsSecurity monitoringSecure deletion

6.1 Retention Justification

Refer to PLCY-RET-001 for detailed justifications. Summary:

  • 24 months: Covers DOT audit windows and insurance dispute periods
  • 12 months: Standard operational data retention
  • Employment + 1 year: Allows remediation follow-up, then disposal

7. Data Handling Procedures

7.1 Collection

  • Data collected only through authorized system interfaces
  • No manual data entry of PII
  • Validation at point of entry

7.2 Storage

  • All data encrypted at rest (AES-256)
  • Database access restricted by role
  • No PII in log files (tokenized only)

7.3 Transmission

  • TLS 1.3 for all data in transit
  • No PII transmitted via email
  • API tokens expire after session

7.4 Access

  • Role-based access control enforced
  • Access logged and auditable
  • Least-privilege principle applied

7.5 Disposal

  • Automated deletion per retention schedule
  • Secure deletion (overwrite, not just delete)
  • Disposal logged for audit

8. Prohibited Data Handling

The following are explicitly prohibited:

ProhibitionRationale
Exporting PII to personal devicesData leakage risk
Sharing driver data outside systemPrivacy violation
Storing PII in unencrypted formatsSecurity requirement
Retaining data beyond schedulePrivacy exposure
Collecting health/medical dataOut of scope, HIPAA risk
Storing full SSNNot required for operations

9. Document Control

VersionDateAuthorChanges
1.0[DATE][NAME]Initial release

CONFIDENTIAL - Internal Use Only - Hop And Haul Policy Documentation

Hop And Haul Team - Do Not Distribute