Privacy Policy

This Privacy Policy describes how Border Connect Inc., an Ontario corporation with offices at 1801 Walker Road, Second Floor, Windsor, Ontario, Canada N8W 3P3 (“BorderConnect,” “we,” “us,” or “our”), collects, uses, discloses, and protects information in connection with the BorderConnect software platform and related services (the “Services”). “BorderConnect” is a trademark of Border Connect Inc. and is used in this policy to refer both to Border Connect Inc., as the controller of personal information, and to the BorderConnect software platform that Border Connect Inc. operates; the intended meaning is determined by context. Border Connect Inc. is the controller of personal information processed under this Privacy Policy.

BorderConnect provides software and related services to trucking, customs, and logistics businesses operating across the U.S.-Canada and U.S.-Mexico borders. Our customers and their authorized users may submit, connect, upload, transmit, annotate, or process information through the services — including manifest data, shipment and trip records, driver and equipment records, supporting documents, connected mailbox content, OCR text, AI outputs, comments, and audit logs.

This policy distinguishes between two categories of information:

• BorderConnect-Controlled Data — information BorderConnect collects directly, such as website, marketing, account, billing, support, security, and usage data.
• Customer Data — information our customers and their authorized users submit, connect, upload, or otherwise process through the services.

As between BorderConnect and the customer, the customer owns or controls Customer Data. BorderConnect processes Customer Data only to provide, secure, support, improve, and operate the services, as described in this privacy policy, our agreements with customers, and applicable law.

Because we operate at the U.S.-Canada and U.S.-Mexico borders, much of the information submitted through BorderConnect is required by law to be transmitted to government agencies, including U.S. Customs and Border Protection (CBP) and the Canada Border Services Agency (CBSA).

This policy applies to borderconnect.com, our web application, our mobile eManifest App, our eManifest API, and any white-labelled portal we operate on behalf of a service provider.

We collect only the information we need to operate the service, file manifests on your behalf, bill you, support you, and improve the platform. The categories below describe what we collect and where it comes from.

We use the information described above for the following business purposes, subject to your consent and choices where required by applicable law:

• Deliver the service. Authenticate users, run the application, transmit eManifests and related messages to customs authorities, and generate barcodes and lead sheets.
• Customer support. Respond to your questions, help you fix rejected manifests, train new users, provide our optional customs consulting services, and review recorded phone support calls and chat support transcripts for quality assurance, training, and analytics as described under Phone support communications and Chat support communications in the previous section.
• Billing. Generate invoices, process payments, prevent fraud, and collect amounts owed.
• Security and reliability. Detect and respond to abuse, fraud, security incidents, and outages; investigate suspected violations of our terms; and keep audit logs of significant actions.
• Operate AI, OCR, and automation features as described in the dedicated section below.
• Improve the platform. Analyze aggregate usage to fix bugs, improve performance, and design new features.
• Communicate with you. Send service notices, security alerts, training resources, regulatory updates from CBP/CBSA, and (where you have opted in) marketing communications.
• Legal compliance. Comply with applicable laws, customs regulations, lawful requests from government agencies, and our own legal obligations.

We do not sell personal information, and we do not use Customer Data or Google User Data to train generalized machine-learning or artificial-intelligence models. The limited service-delivery uses of Customer Data by AI and OCR providers are described in AI, OCR & Automation.

The BorderConnect Mail Client is an optional add-on to our core software. This section applies only if you choose to enable the Mail Client and connect your Google account to it. If you don't use the Mail Client, BorderConnect does not request, access, store, or otherwise process any Google user data described below — you can use the rest of BorderConnect without ever granting these permissions.

When you do connect your Google account to the Mail Client, BorderConnect uses Google APIs to deliver a full email experience inside our platform, and to power optional features such as OCR, shipment linking, shared inboxes, annotations, and workflow automation. The rest of this section explains exactly what Google account data we access, why we need it, and how we handle it.

BorderConnect uses artificial intelligence, optical character recognition (OCR), machine learning, and automation service providers — including OpenAI, Anthropic, and Google, alongside other providers identified in our subprocessor documentation — to process Customer Data as needed to provide user-facing BorderConnect features.

These features may include:

• OCR of documents and email attachments;
• extracting trip, shipment, or document fields from text and images;
• classifying or linking emails to shipments;
• generating summaries or draft replies;
• detecting likely errors and recommending workflow steps;
• assisting with actions that authorized users initiate or configure.

BorderConnect’s core function is transmitting electronic manifests and related messages to government agencies on your behalf. When you submit a manifest, in-bond, or related message, the data is sent to the agency you have selected, including:

• U.S. Customs and Border Protection (CBP) — ACE eManifest, U.S. in-bond filings (QP), and related messages.
• Canada Border Services Agency (CBSA) — ACI eManifest, PARS, RNS Release Notifications, and Warehouse Arrival Certification Messages (WACM).

Once data is submitted to a government agency, its handling is governed by that agency’s laws and policies, not by this privacy policy. BorderConnect cannot retract, modify, or delete data that you have already transmitted to CBP or CBSA; corrections must be made by submitting an amendment through the appropriate program.

We may also be required to disclose information to law enforcement, regulators, or courts in response to a valid subpoena, court order, or other lawful request. Where we are permitted to do so, we will give the affected customer notice before responding.

We use cookies, similar technologies (such as browser local storage), and mobile device identifiers for the following purposes:

• Essential cookies keep you logged in, remember which company you are working in, and protect against cross-site request forgery. These cookies are required for the application to function.
• Preference cookies remember your settings, such as preferred columns or display options.
• Analytics and marketing cookies (described in the next section) help us understand how visitors use our public website.

You can clear or block cookies and local storage through your browser settings. If you block essential cookies, parts of the BorderConnect application may not function correctly.

We use Google Ads (including remarketing) and Google Analytics to measure the performance of our public marketing and to display relevant ads to people who have visited BorderConnect.com. These tools collect online identifiers, device and browser information, usage events, referral information, and similar public-website analytics data, which may be personal information depending on context. They do not give Google or advertising providers access to your BorderConnect account, Customer Data, Google User Data, Mail Client mailbox, customs submissions, or AI / OCR outputs.

We do not use Customer Data, customs submissions, Google User Data, or AI / OCR outputs for any advertising or analytics purpose.

If you’d like to opt out of online advertising through your browser, you can do so via the Network Advertising Initiative or by adjusting your Google Ads Settings.

We do not sell, rent, or trade personal information. We share information only in the limited circumstances described below.

1. Within your company and shared inboxes

Authorized users on the same BorderConnect account can see the trips, shipments, drivers, equipment, and other operational data belonging to that account, subject to the permissions configured by your account administrator. Depending on customer settings and user permissions, authorized coworkers in the same BorderConnect account may also be able to view connected mailbox content, attachments, OCR results, shipment links, annotations, comments, assignments, and workflow history. Account administrators are responsible for configuring permissions and removing access when users leave or change roles.

2. Government agencies

Manifest and in-bond data is transmitted to the customs authority you have selected (CBP, CBSA, or others). See Customs & Government Submissions above.

3. Service providers and subprocessors

We use service providers and subprocessors to host, secure, support, analyze, and operate the services. They process information only on our instructions and are bound by contractual confidentiality, security, and use restrictions consistent with this policy and applicable law. BorderConnect remains accountable for personal information that we transfer to a service provider for processing. Typical categories include:

• Cloud hosting and infrastructure providers that run our servers, databases, storage, and networks.
• AI, OCR, and automation providers — including OpenAI, Anthropic, and Google — that process Customer Data on our instructions to deliver AI and OCR features.
• Payment processors that process credit-card, ACH, and other payments for subscription billing and customer-initiated invoice and balance payments. Our primary payment processor is Stripe, Inc., which handles payment-card and bank-account data submitted through the Make a Payment page and other payment flows inside the BorderConnect application, as described under Billing and payment information in the Information We Collect section.
• Email, telephony, and fax providers used for service notices, support, and the optional Mail Client. Our primary telephony provider is RingCentral, Inc., which provides our toll-free support line and hosts the call recordings and associated metadata generated on that line, as described under Phone support communications in the Information We Collect section.
• Live chat provider used for in-product and website chat support. Our primary chat provider is Zoho Corporation Pvt. Ltd., operating the Zoho SalesIQ chat platform, which hosts chat transcripts, visitor identifiers (including the name and email address you provide), and associated session metadata, as described under Chat support communications in the Information We Collect section.
• Analytics and advertising providers as described in the previous section.
• Error monitoring, support, and security tools that help us detect and respond to outages, bugs, and abuse.

A current list of our subprocessors, including processing purposes and locations, is available on request and through our subprocessor documentation.

4. White-label and reseller partners

Some service providers and customs brokers resell BorderConnect under their own brand. If you registered through a white-labelled portal, your account information is shared with that partner so they can provide you with sales, billing, and support services.

5. Business transfers

If BorderConnect is involved in a merger, acquisition, financing, or sale of assets, customer information may be transferred as part of that transaction. We will require the acquiring party to honour the commitments in this policy or notify you of any material changes.

6. Legal and safety reasons

We may disclose information if we believe in good faith that doing so is necessary to comply with the law, enforce our terms, protect the rights or safety of BorderConnect, our customers, or the public, or investigate fraud or abuse.

BorderConnect is headquartered in Ontario, Canada. Because we serve cross-border carriers operating between Canada, the United States, and Mexico, and rely on service providers in multiple jurisdictions, information may be processed and stored in Canada, the United States, Mexico, and other jurisdictions where BorderConnect or its service providers operate. Examples of cross-border processing include:

• Manifest data destined for CBP is transmitted to U.S. government systems.
• Manifest data destined for CBSA is transmitted to Canadian government systems.
• AI, OCR, hosting, and other service providers may operate in the United States or other countries.

Personal information processed outside your province, state, or country may be subject to the laws of that jurisdiction, including lawful access by courts, law enforcement, regulators, or national security authorities. BorderConnect remains responsible for personal information under its control and uses contractual and other safeguards to require comparable protection from its service providers.

We retain Customer Data and other information for as long as needed to provide the services, comply with customer instructions, maintain business records, resolve disputes, enforce agreements, meet legal or regulatory obligations, and maintain security and audit logs. In practice:

• Account and operational Customer Data is retained while the account is active and for a period after closure to satisfy customs recordkeeping, tax, and audit requirements. Cross-border records are subject to multi-year retention requirements under U.S. and Canadian customs law.
• Billing records are retained for as long as required by tax and accounting laws in our jurisdiction.
• Diagnostic and security logs are retained for a limited period (typically days to months) to support security and troubleshooting.
• Phone support call recordings and associated metadata are stored by RingCentral on our behalf and retained for as long as needed for the quality-assurance, training, analytics, dispute-resolution, and recordkeeping purposes described in the Information We Collect section, after which they are deleted or anonymized in accordance with our retention schedule and applicable law.
• Chat support transcripts, visitor identifiers, and associated metadata are stored by Zoho on our behalf and retained for as long as needed for the quality-assurance, training, analytics, dispute-resolution, and recordkeeping purposes described in the Information We Collect section, after which they are deleted or anonymized in accordance with our retention schedule and applicable law.
• Mail Client — OAuth tokens are retained only while the integration is enabled or as otherwise needed to administer or secure the account.
• Mail Client — cached email content is retained only as needed to serve the feature you are using.
• Mail Client — derived data — including OCR text, extracted fields, labels, annotations, message-to-shipment links, comments, assignments, workflow status, and audit logs — may be retained with the customer's BorderConnect account unless deleted under account settings, agreement terms, or applicable law.

When information is no longer needed, we delete it or render it irreversibly anonymized.

Depending on where you live, you may have specific rights over your personal information under laws such as Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) and substantially similar provincial laws (including Quebec’s Law 25), U.S. state privacy laws, and Mexico’s Federal Law on the Protection of Personal Data Held by Private Parties (LFPDPPP). These rights generally include:

• Access. Request a copy of the personal information we hold about you.
• Correction. Ask us to fix inaccurate or incomplete information.
• Deletion. Ask us to delete personal information, subject to legal and contractual retention obligations.
• Withdraw consent for processing that relies on consent, including marketing communications.
• Object to processing of your information for direct marketing.
• File a complaint with your local data protection authority (for example, the Office of the Privacy Commissioner of Canada or your provincial regulator).

Quebec residents

Under Quebec’s private-sector privacy law (commonly referred to as Law 25), you have the rights described above as well as the right to receive certain personal information in a structured, commonly used technological format and to file a complaint with the Commission d’accès à l’information du Québec. BorderConnect’s privacy officer is identified at the bottom of this page.

Mexican residents

Under the LFPDPPP, you may exercise your ARCO rights — access, rectification, cancellation, and opposition — and withdraw consent for the processing of your personal data. To exercise these rights, contact our privacy team using the details at the bottom of this page.

U.S. residents

Where U.S. state privacy laws apply to our processing, we will respond to requests in accordance with those laws. BorderConnect does not sell personal information and does not use Customer Data for cross-context behavioural advertising.

Routing of individual requests

Where BorderConnect processes personal information on behalf of a customer — for example, information about drivers, brokers, consignees, or coworkers within the customer’s account — the customer is the party responsible for the data, and we act on their instructions. If you are an employee, driver, contractor, or other individual whose information was provided by a BorderConnect customer, please direct your request to the customer first. We will assist them in responding.

To exercise any of your rights, contact us using the details at the bottom of this page. We will respond within the timeframes required by applicable law. To protect your information, we may need to verify your identity before acting on a request.

We use a layered set of administrative, technical, and physical safeguards to protect personal information, including:

• Encryption of data in transit (HTTPS / TLS) and encryption of sensitive credentials at rest.
• Role-based access control, least-privilege administration, and audit logging of significant actions.
• Regular software updates, vulnerability monitoring, and infrastructure hardening.
• Background screening, confidentiality agreements, and ongoing privacy and security training for personnel.
• Backups and disaster-recovery procedures so that your data is recoverable in the event of an incident.

No method of transmission or storage is 100% secure. If we become aware of a security incident that affects your personal information, we will notify you and the appropriate regulators in accordance with applicable breach-notification laws.

BorderConnect is a business-to-business platform for licensed carriers and customs professionals and is not directed to children. We do not knowingly collect personal information from individuals under the age of 16. If you believe a child has provided us with personal information, please contact us and we will delete it.

Our website and application contain links to third-party sites, including government portals (CBP, CBSA), partner sites, and reference material. BorderConnect is not responsible for the privacy practices of those sites. We encourage you to read the privacy statements of every site you visit that collects personal information.

Transactional and administrative messages. We send messages necessary to operate the service — including billing notices, security alerts, manifest-status notifications, regulatory updates affecting ACE/ACI programs, and important account changes. Because these are required to provide the service, you cannot unsubscribe from them while your account is active.

Marketing communications. Product newsletters, promotional announcements, and similar messages are separate. You may opt out at any time using the unsubscribe link in the email or by contacting us. In Canada, we handle commercial electronic messages in accordance with Canada’s Anti-Spam Legislation (CASL).

This privacy policy is governed by the laws of the Province of Ontario and the federal laws of Canada applicable in Ontario, without regard to conflict-of-laws principles. Nothing in this policy limits any non-waivable rights you have under the privacy laws of your own jurisdiction.

We may update this privacy policy from time to time. When we do, we will revise the “Last updated” date at the top of the page and, for material changes, notify account administrators by email or through an in-app notice. If a change materially expands how we use personal information beyond what was disclosed when it was collected, we will obtain your consent where required by law.