HaulPapers
Terms Privacy DPA Last updated July 14, 2026

Data Processing Addendum

How HaulPapers processes driver and compliance records on your behalf — security, sub-processors, breach notification, and data-subject requests.

This Data Processing Addendum (“DPA”) forms part of the agreement between your organization (“Customer,” “you”) and HaulPapers (“HaulPapers,” “we,” “us”) governing your use of the Service (the “Agreement,” which includes our Terms of Service). It applies where HaulPapers processes Personal Data on your behalf — most importantly, the driver-qualification and compliance records you store in the Service. If any term here conflicts with the Terms of Service with respect to the processing of Personal Data, this DPA controls.

1. Roles and Definitions

For the compliance records you upload, you are the controller (or “business”) and HaulPapers is the processor (or “service provider”). HaulPapers processes that Personal Data only on your documented instructions and on your behalf.

  • “Personal Data” means information relating to an identified or identifiable individual that HaulPapers processes on your behalf under the Agreement — primarily your drivers’ records, which may include names, contact details, dates of birth, Social Security numbers, driver’s license and medical-certificate information, motor vehicle records, employment and road-test records, and drug-and-alcohol testing records.
  • “Processing,” “controller,” “processor,” “service provider,” and “business” have the meanings given under applicable data-protection law, including U.S. state privacy laws such as the California Consumer Privacy Act, as amended (the “CCPA”).
  • “Sub-processor” means a third party engaged by HaulPapers to process Personal Data.

2. Scope and Instructions

HaulPapers will process Personal Data only:

  • to provide, secure, and support the Service as described in the Agreement;
  • in accordance with your documented instructions, including through your use of the Service’s features and settings; and
  • as required by applicable law, in which case we will inform you unless legally prohibited.

We will not “sell” or “share” Personal Data (as those terms are defined under the CCPA), and we will not retain, use, or disclose Personal Data for any purpose other than providing the Service to you or as permitted by law. We will not combine Personal Data with data from other sources except as necessary to provide the Service to you.

3. Confidentiality

We limit access to Personal Data to personnel who need it to provide, support, or secure the Service, and those personnel are bound by appropriate obligations of confidentiality.

4. Security Measures

We maintain technical and organizational measures designed to protect Personal Data against unauthorized or unlawful processing and against accidental loss, destruction, or damage, appropriate to the sensitivity of driver records. These include:

  • encryption of Personal Data in transit;
  • logical access controls that scope each organization’s data to that organization and authenticate and authorize every request;
  • authorization checks on file access so records are reachable only by permitted users;
  • least-privilege internal access and administrative controls; and
  • monitoring, logging, and routine review of our systems and dependencies.

You are responsible for configuring your account, managing your users and their permissions, and safeguarding your credentials.

5. Sub-processors

You authorize HaulPapers to engage Sub-processors to process Personal Data in connection with the Service. We impose data-protection and security obligations on each Sub-processor that are no less protective than those in this DPA, and we remain responsible for their performance.

Our current Sub-processors include:

  • Cloud hosting and file storage — infrastructure and object storage for the application and uploaded documents.
  • Managed database — storage of application and record data.
  • Email delivery — transactional and reminder emails.
  • Payment processing (Stripe) — billing; processes billing data, not driver compliance records.

We will provide a means to learn of changes to our Sub-processors and, on request, advance notice of the addition of a new Sub-processor so you may object on reasonable data-protection grounds.

6. Personal Data Breach

If we become aware of a Personal Data breach affecting your Personal Data, we will notify you without undue delay after becoming aware, provide information reasonably available to us about the nature and scope of the incident, and take reasonable steps to mitigate and remediate it. We will cooperate with you to support any notifications you are required to make.

7. Assistance and Data-Subject Requests

Because you control the compliance records in your account, you can access, correct, export, and delete them directly through the Service. If we receive a request from an individual seeking to exercise rights over Personal Data we process on your behalf, we will not respond directly (except to confirm the request relates to you) and will instead refer the individual to you or forward the request, so that you can respond as the controller. We will provide reasonable assistance for data-subject requests, data-protection assessments, and inquiries from regulators, taking into account the nature of the processing.

8. Return and Deletion of Data

Upon termination or expiration of the Agreement, and after any export window described in the Terms of Service, we will delete or de-identify Personal Data we process on your behalf, except to the extent retention is required by law. On request during your subscription and for a reasonable period afterward, you may export your Personal Data from the Service. We will not condition the return or export of your Personal Data on payment of disputed amounts.

9. International Transfers

HaulPapers processes Personal Data in the United States. You are responsible for determining whether your use of the Service, which is intended for U.S. motor carriers, is appropriate for the Personal Data you choose to upload.

10. Liability

Each party’s liability under this DPA is subject to the limitations and exclusions of liability set out in the Terms of Service.

11. Contact

Questions about this DPA or our data-processing practices? Email us at privacy@haulpapers.com.