Railflagging ProRailflagging Pro

Privacy Policy

Effective Date: June 10, 2026  ·  Last Updated: June 10, 2026

1. Introduction

Railflagging Pro ("we," "our," or "us") operates the Railflagging Pro platform and associated services (collectively, the "Service"), accessible at railflagging-pro.madethis.app. This Privacy Policy explains how we collect, use, store, and share information about you and your organization when you use our Service.

By accessing or using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with its terms, do not use the Service.

This policy applies to all users of the Service, including company administrators, operations personnel, field crew members, employees, and railroad client portal users.

2. Information We Collect

2.1 Account and Organization Information

When you create an account or your employer provisions one for you, we collect: your full name, email address, phone number (if provided), job title or role, employer / company name, and account credentials.

2.2 Operational and Field Data

As part of delivering the Service, we collect data generated by your business operations, including: timecard entries and RFL activity codes, Daily Field Reports and associated photos, job site and dispatch records, payroll processing data (hours, pay rates, deductions), crew roster information, safety and compliance records, and invoice and billing data.

2.3 Usage and Technical Data

We automatically collect certain technical data when you use the Service, including: IP address, browser type and version, device type and operating system, pages visited and features used, session timestamps, and error logs. This data is used solely to operate, secure, and improve the Service.

2.4 Communications

If you contact us directly — via the demo request form, email, or support channels — we retain the content of those communications and any contact information you provide.

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Railflagging Pro platform
  • Process timecards, payroll exports, and billing transactions
  • Enable role-based access control across your organization
  • Deliver field reports and crew data to authorized railroad client portals
  • Send service-related communications (account notices, billing receipts, support responses)
  • Monitor for security threats, fraud, and unauthorized access
  • Comply with applicable laws, regulations, and legal obligations
  • Improve the Service through aggregated, de-identified analytics

We do not use your operational or employee data for advertising purposes. We do not sell your data to third parties.

4. Data Storage and Security

All data is stored in the United States on cloud infrastructure that meets industry-standard security requirements. We implement multi-tenant data isolation — meaning your organization's data is strictly separated from other customers' data at the application and database layer.

We maintain the following security controls:

  • Encryption in transit (TLS 1.2+) for all data transmitted to and from the Service
  • Encryption at rest for stored data
  • Role-based access controls limiting data access to authorized personnel
  • Audit logging of administrative and sensitive data access
  • Regular security assessments and vulnerability management

We are pursuing SOC 2 Type II certification. In the meantime, we adhere to the security principles and controls consistent with that framework.

No method of transmission over the internet or electronic storage is 100% secure. While we use commercially reasonable measures to protect your information, we cannot guarantee absolute security.

5. Data Retention

We retain your data for as long as your account is active and as needed to provide the Service. If your subscription ends, we retain your data for 90 days to allow for account reactivation or data export requests. After that period, data is permanently deleted from our systems, except where we are required by law to retain it longer.

Upon written request, we can accelerate data deletion prior to the 90-day window, subject to any legal hold obligations.

6. Third-Party Sharing

We do not sell your personal information. We may share your information with third parties only in the following limited circumstances:

  • Service Providers: We engage third-party vendors who process data on our behalf to operate the Service (e.g., cloud hosting, payment processing, analytics). These vendors are contractually required to process data only as directed by us and to maintain appropriate security controls.
  • Payroll Integrations: If you configure payroll integrations (ADP, Paychex, QuickBooks, Gusto), your payroll data is transmitted to those providers in accordance with your configuration and their respective privacy policies.
  • Railroad Client Portals: Data you explicitly make available to a railroad client through the Client Portal add-on is accessible to that specific client. No data is shared across client boundaries.
  • Legal Requirements: We may disclose your information if required to do so by law or in response to a valid legal process (subpoena, court order, or government request).
  • Business Transfers: In the event of a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you via email or prominent notice on the Service prior to your data being transferred.

7. Your Rights and Choices

Depending on your location, you may have certain rights with respect to your personal information, including:

  • Access: The right to request a copy of the personal information we hold about you.
  • Correction: The right to request correction of inaccurate personal information.
  • Deletion: The right to request deletion of your personal information, subject to legal retention requirements.
  • Portability: The right to receive your data in a structured, machine-readable format.
  • Objection: The right to object to certain processing of your personal information.

To exercise any of these rights, contact us at team@railflagging-pro.madethis.app. We will respond within 30 days.

If you are an employee whose data is processed by your employer through Railflagging Pro, please contact your employer as the data controller for your employment records.

8. Cookies and Tracking

We use cookies and similar tracking technologies to maintain session state, remember your login, and collect aggregated usage analytics. We use analytics tools (such as PostHog) to understand how the Service is used; this data is collected in aggregate and is not used to identify individual users.

You can control cookies through your browser settings. Disabling cookies may affect certain features of the Service.

9. Children's Privacy

Railflagging Pro is a business-to-business platform intended for use by companies and their employees. We do not knowingly collect information from individuals under the age of 16. If we become aware that a child under 16 has provided us with personal information, we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by updating the "Last Updated" date at the top of this page and, where appropriate, by sending a notification to the email address on file for your account. Your continued use of the Service after any changes constitutes your acceptance of the updated policy.

11. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or how we handle your data, please contact us:

Railflagging Pro

Email: team@railflagging-pro.madethis.app

Website: railflagging-pro.madethis.app