CoreCompliance
Sign InGet Started

Privacy Policy

Last updated: February 19, 2026

1. Introduction

Core Compliance ("we," "us," "our") operates DQ Manager, a driver qualification file management platform available at corecompliance.io (the "Service"). This Privacy Policy describes how we collect, use, store, and protect personal information when you use our Service.

By accessing or using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use the Service.

2. Information We Collect

We collect the following categories of information in order to provide, maintain, and improve the Service.

Account Information (via Clerk)

When you register for an account, we collect your name, email address, profile photo, and organization name. This information is collected during registration and managed by our authentication provider, Clerk. Clerk stores and processes your account credentials on our behalf.

Driver Data (provided by you)

Authorized users within your Organization enter driver information into the Service. This data may include first name, last name, email address, phone number, location, driver ID number, job title, driver type (Light, Medium, or Heavy), endorsements, hire date, and employment status.

You are the data controller for Driver Data; Core Compliance acts as the data processor. You are responsible for ensuring you have the appropriate legal basis to collect and share this information with us.

Driver Documents (stored in Cloudflare R2)

Users may upload files to the Service including, but not limited to, commercial driver's licenses (CDLs), medical certificates, motor vehicle reports (MVRs), employment applications, road test certificates, and other driver qualification documents. These files are stored in Cloudflare R2 along with metadata such as file name, file size, file type, upload date, and expiration date.

Organization Data

We collect information about your Organization, including organization name, billing plan, trial start and end dates, subscription details, and Stripe customer identifiers. This data is used to manage your account, process payments, and enforce plan limits.

Usage Data (collected automatically)

When you access the Service, we automatically collect certain technical information including your IP address, browser type and version, pages visited, timestamps, and error logs. This data is collected via our hosting provider and error monitoring service to help us maintain performance and diagnose issues.

3. How We Use Information

We use the information we collect for the following purposes:

  • To provide and maintain the Service, including managing driver records and documents.
  • To process subscriptions and billing through Stripe.
  • To send expiration alerts and service notifications related to your driver qualification files.
  • To monitor application performance and resolve errors.
  • To comply with applicable legal obligations.
  • To communicate service updates, changes, and important account-related information.

We do not sell personal information to third parties.

4. Third-Party Services

We rely on trusted third-party providers to operate the Service. Each provider processes only the data necessary for its function. Below is a summary of each provider, its role, the data it processes, and a link to its privacy policy.

Clerk (clerk.com)

Role: Authentication and user management.

Data processed: Email address, name, profile photo, and session data.

Privacy policy: https://clerk.com/legal/privacy

Stripe (stripe.com)

Role: Payment processing and subscription management.

Data processed: Payment method details, billing address, and email address. We do not store credit card numbers directly; all payment information is handled by Stripe.

Privacy policy: https://stripe.com/privacy

Cloudflare R2 (cloudflare.com)

Role: Document file storage.

Data processed: Uploaded files and associated metadata (file name, size, type, and dates).

Privacy policy: https://www.cloudflare.com/privacypolicy/

Sentry (sentry.io)

Role: Error monitoring and performance tracking.

Data processed: Error logs, stack traces, and browser metadata.

Privacy policy: https://sentry.io/privacy/

Vercel (vercel.com)

Role: Application hosting and deployment.

Data processed: Request logs and IP addresses.

Privacy policy: https://vercel.com/legal/privacy-policy

Neon (neon.tech)

Role: Database hosting (PostgreSQL).

Data processed: All structured data including driver records, organization data, and document metadata. Neon does not store uploaded files.

Privacy policy: https://neon.tech/privacy

5. Cookies and Tracking

Our authentication provider, Clerk, uses essential session cookies to maintain your logged-in state. These cookies are strictly necessary for the Service to function and cannot be disabled while using the Service.

We do not use third-party advertising or tracking cookies. We do not participate in ad networks or cross-site tracking. Only functional cookies necessary for the Service to operate are used.

6. Data Storage and Security

We take the security of your data seriously and implement multiple layers of protection:

  • Database: Hosted on Neon (PostgreSQL) with encryption at rest.
  • File storage: Files are stored on Cloudflare R2 with server-side encryption.
  • Network security: All network traffic is encrypted via TLS/HTTPS.
  • Multi-tenant isolation: Each Organization's data is segregated and accessible only to authenticated members of that Organization.
  • Security headers: We configure security headers including X-Content-Type-Options, X-Frame-Options, and Referrer-Policy to protect against common web vulnerabilities.

We implement industry-standard security practices; however, no method of electronic transmission or storage is completely secure, and we cannot guarantee absolute security.

7. Data Retention

We retain your data according to the following schedule:

  • Active subscriptions: Data is retained for the duration of the subscription.
  • Expired trial accounts: After trial expiration, your account enters a 30-day read-only grace period. Data is permanently deleted 60 days after trial expiration.
  • Cancelled paid subscriptions: Data is retained for 30 days after the end of the billing period, then permanently deleted.
  • Document versions: Superseded document versions are retained for audit history as long as the account is active.

Upon account deletion, all associated data including uploaded documents is permanently removed from our systems.

8. Your Rights

You have the following rights regarding your personal information. You may:

  • Access your data through the dashboard or by contacting us directly.
  • Request a copy of your data in a portable format.
  • Request correction of any inaccurate information.
  • Request deletion of your data, subject to any legal retention requirements.
  • Withdraw consent for optional data processing at any time.

For individuals covered by the General Data Protection Regulation (GDPR), you also have the right to restrict processing, object to processing, and lodge a complaint with a supervisory authority in your jurisdiction.

To exercise any of these rights, please contact us at support@corecompliance.io.

9. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected information from a child under 18, we will take steps to delete that information promptly. If you believe a child has provided us with personal data, please contact us at support@corecompliance.io.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you via email or through an in-app notification at least 30 days before the changes take effect.

The "Last updated" date at the top of this page will be revised accordingly. Continued use of the Service after changes take effect constitutes your acceptance of the revised Privacy Policy.

11. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at:

Core Compliance
Email: support@corecompliance.io