Privacy Policy

1. Scope

This policy covers personal information you provide to us (e.g. through a contact form, reminder signup, or SMS opt-in) and information automatically collected when you browse the Site (e.g. browser type, pages viewed, IP address). It does not cover the privacy practices of third parties whose sites we link to (CARB, individual testers, regulatory references), including the smartctc.com or cleantruckcheckpro.com product sites which have their own privacy policies.

2. Information we collect

We collect three categories of information:

2.1 Information you give us

• Contact form submissions. Email address, any message content, plus any business name or phone number you choose to include.
• Reminder signups (Session 5+). Email address, optional phone number for SMS reminders, vehicle identifiers (VIN or fleet-internal ID) so we can compute the reminder schedule, and your assigned compliance deadline.
• SMS opt-ins (Session 5+). Phone number, explicit opt-in timestamp, and the consent record showing what you agreed to receive. Carrier policies require us to retain this consent record for the duration of the relationship plus a reasonable post-cancellation period.

2.2 Information collected automatically

• Standard server logs. IP address, browser user-agent, requested URLs, timestamps, referrer. Logs are retained for 90 days then deleted.
• Analytics events. Page views, click events on key CTAs, search queries, and similar product-usage telemetry via Google Analytics 4 (GA4). GA4 is configured to anonymize IP addresses.
• Tracking pixels. See §4 for the five-pixel inventory we operate. Pixels collect a small set of browsing events for advertising attribution.

2.3 Information from third parties

• CARB tester listings.Public data from CARB's CTC-VIS tester database. This is business data (business name, address, credentials), not personal data of consumers, but we mention it here for completeness.
• Google Business Profile reviews shown on featured partner pages. Google retrieves these reviews via their Places API; we cache the rating and review count.

3. How we use information

• To respond to inquiries. Email replies to contact-form submissions and customer-support requests.
• To send reminders you signed up for. Email and (if opted in) SMS reminders against your compliance deadlines at 90, 60, and 30 days out.
• To operate and improve the Site. Server logs, analytics, and usage telemetry help us identify broken pages, slow pages, and content gaps.
• For advertising attribution. Tracking pixels (see §4) connect ad-platform visits to on-site conversions so we can measure paid acquisition.
• To comply with legal obligations. Subpoenas, court orders, applicable regulatory requirements.

We do not sell personal information. We do not share personal information with third parties for their own marketing.

4. Tracking pixels and cookies

Pixel installation is gated by an on-site consent banner. Visitors can decline at any time and continue using the Site. The inventory below covers what we operate today plus what we have reserved for future ad campaigns; pixels listed as "reserved" are not loaded by the Site until we activate them.

• Google Analytics 4 (GA4) — active.Page views, event analytics. IP anonymization enabled. Loads only with consent to the "analytics" category.
• Meta (Facebook) Pixel — reserved. For future Meta ad-campaign conversion tracking. Not loaded today.
• Google Ads Pixel — reserved. For future Google Ads conversion tracking. Not loaded today.
• LinkedIn Insight Tag — reserved. For future LinkedIn ad-campaign conversion tracking. Not loaded today.
• X (Twitter) Pixel — reserved. For future X ad-campaign conversion tracking. Not loaded today.

Each pixel that is "active" sets cookies in your browser. You can manage these via the on-site consent banner (footer link "Cookie preferences") or by configuring your browser to block third-party cookies. Blocking pixels does not affect your ability to use the Site. When we activate any of the reserved pixels above we will update this section before they start loading.

5. SMS reminders (A2P 10DLC)

This section applies once the SMS reminder feature launches — currently scheduled for Session 5.

If you choose to receive Clean Truck Check reminders by SMS, we use Twilio as our messaging provider under the A2P 10DLC framework. Specifically:

• You explicitly opt in via a checkbox on the reminder signup form. Pre-checked checkboxes are never used.
• By opting in, you consent to receive reminder messages about your CTC compliance deadlines at 90, 60, and 30 days before each deadline, plus optional follow-up reminders for failed/incomplete tests.
• Message frequency depends on how many vehicles you've enrolled and where they sit in their compliance cycles. Typical volume is 2-6 messages per vehicle per year.
• Standard message and data rates may apply from your carrier. We do not charge for the messages themselves.
• You can opt out at any time by replying STOP to any message, or by visiting the unsubscribe link in any reminder email. STOP is processed within 24 hours per carrier policy.
• Reply HELP for support information.
• We retain your opt-in consent record (timestamp, IP, opt-in language) for the duration of the reminder relationship plus 2 years after opt-out, in line with TCPA recordkeeping recommendations.

We do not share your phone number with third parties for marketing. The only third party that sees your phone number is our messaging provider (Twilio), and only for the purpose of delivering the reminder messages you opted in to.

6. Email reminders

We use Resend as our transactional email provider for reminder emails and contact-form responses. Resend processes your email address solely to deliver the email you've requested. You can unsubscribe from reminder emails at any time using the link in any reminder email; no account is required to unsubscribe.

7. Your rights — California (CCPA / CPRA)

If you are a California resident, you have the right to:

• Know what personal information we have collected about you, the sources, and the purposes.
• Access a copy of the personal information we have collected about you.
• Delete personal information we have collected, subject to legal retention requirements (e.g. SMS consent records under TCPA).
• Correct inaccurate personal information.
• Opt out of sale or sharing.We do not sell personal information. Our pixel-based ad attribution may qualify as "sharing" under CPRA; the on-site consent banner (Session 6) lets you opt out of that.
• Non-discrimination. We will not discriminate against you for exercising any of these rights.

To exercise any of these rights, email [email protected] with the right you wish to exercise and enough information for us to verify your identity (typically the email address you used with the Site).

8. Your rights — EU / UK / EEA (GDPR / UK GDPR)

If you are in the EU, UK, or EEA, the General Data Protection Regulation applies. You have the same rights as listed in §7 (access, deletion, correction, opt-out) plus the right to data portability and the right to object to processing based on legitimate interest. Our legal basis for processing is:

• Consent for reminder signups, SMS opt-ins, and non-essential cookies/pixels.
• Legitimate interest for server logs, security monitoring, and aggregate analytics.
• Contract performance if you contract with Smart CTC or CTCP through one of our linked product sites.

To exercise GDPR rights, email [email protected]. We respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.

9. Data retention

• Server logs: 90 days.
• Contact form submissions: 24 months from last contact.
• Reminder data (email, phone, vehicle IDs, deadlines): for the active reminder relationship, plus 24 months after the last reminder or unsubscribe, whichever is later.
• SMS opt-in consent records: for the active reminder relationship plus 24 months after opt-out (TCPA recordkeeping).
• Analytics data: 26 months in GA4 (the GA4 default; configurable).
• Pixel cookie lifetimes: determined by the respective ad platforms.

10. Security

We use industry-standard technical and organizational measures to protect personal information against unauthorized access, alteration, disclosure, and destruction. These include HTTPS-everywhere transport encryption, encrypted at-rest storage for personal information, access controls on production systems, and routine security review of vendor practices. No system is perfectly secure; in the event of a material data breach affecting you, we will notify you in accordance with applicable law.

11. Children

The Site is not directed to children under 16. We do not knowingly collect personal information from children under 16. If you believe a child has provided us personal information, contact us at [email protected] and we will delete it.

12. International transfers

We are based in the United States. If you access the Site from outside the US, your information may be transferred to, stored in, and processed in the US. By using the Site, you consent to this transfer. For EU/UK/EEA visitors, we rely on Standard Contractual Clauses (SCCs) where applicable for international transfers to subprocessors.

13. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we'll update the "Last updated" date at the top of this page. Material changes will be flagged in a visible site notice for a reasonable period.

14. Contact

Questions about this Privacy Policy or your rights? Contact: [email protected]. Mailing address: 12439 Magnolia Blvd PMB 236, Los Angeles, CA 91607.

See also our Terms of Service.