ScanIt Parts Delivery — Phone App Privacy

How we handle driver data in the ScanIt Parts Delivery mobile app

Who this policy applies to

The ScanIt Parts Delivery phone app ("the App") is provided by Innovative Programming Systems, Inc. ("IPS", "we", "us") of Grand Blanc, Michigan, USA. The App is a business tool used by delivery drivers and warehouse staff at automotive dealerships ("Dealers") that subscribe to ScanIt Parts.

This policy describes what the App collects when used by drivers, what we do with it, who we share it with, and what rights drivers have over their data. Drivers do not contract with IPS directly. The Dealer who employs the driver activates the driver's account and is responsible for ensuring the driver has been informed of, and agreed to, this policy as a condition of employment.

What the App collects

Driver identity (provided by the Dealer at activation)

  • Full name
  • Mobile phone number (for SMS activation links and dispatch contact)
  • Email address (optional, for password recovery)

Device information (automatic)

  • Device model, OS version, app version
  • A 9-digit install identifier generated by the App on first launch (does not contain any personal information)
  • Push notification token, for dispatch notifications
  • Crash reports — model, OS, stack trace, and app state at the time of crash, sent to our error-tracking provider

Location data (foreground only, during active shift)

  • The App collects location only while it is open in the foreground AND the driver is clocked in to an active delivery shift
  • Updates every 15 to 60 seconds depending on accuracy and movement
  • Stored for 90 days, then automatically deleted
  • No background location is collected. If the driver locks the phone or switches to another app, location collection pauses.

We collect location only during a shift, only while the App is in the foreground. The App does not track drivers off-shift, on personal time, when the phone is locked, or when the App is backgrounded.

Delivery work product (created during normal use)

  • Barcodes scanned for items loaded onto the truck
  • Delivery stop completions (timestamp, location at delivery)
  • Recipient signature image — captured on the phone touchscreen at each stop
  • Proof-of-delivery photos — optional camera photos taken by the driver at each stop
  • Notes typed by the driver about a delivery
  • Damage reports

What we do NOT collect

  • Contact list
  • Phone call logs or SMS message contents
  • Calendar
  • Photos or media from the device gallery (only photos taken in-app for proof of delivery)
  • Microphone audio
  • Information about other apps installed on the device
  • Browsing history

How we use this information

We use the information we collect to:

  • Authenticate the driver to a specific Dealer
  • Route the driver through their delivery stops
  • Show the Dealer's dispatcher where the truck is in real time
  • Send the Dealer a delivery confirmation when each stop completes
  • Provide the Dealer with accurate billing data for the driver
  • Troubleshoot crashes and improve the App
  • Recover the driver's account if their phone is lost or replaced

We do not use driver data for advertising. We do not sell driver data. We do not profile drivers across Dealers — each Dealer sees only their own drivers' data.

Who we share data with

We share data with the following categories of recipients, and only for the purposes listed:

  • The Dealer who employs the driver — driver identity, location, delivery records, signatures, and proof-of-delivery photos. Operating the delivery business is the entire purpose.
  • Google Firebase Cloud Messaging — push notification token and notification payload, for dispatch notifications to the driver.
  • Our error-tracking provider (Sentry) — crash reports and device information, with personally-identifying fields scrubbed before sending.
  • Amazon Web Services (US data centers) — for storage. We are the data controller; AWS is the data processor.
  • Law enforcement or courts — only when compelled by valid legal process. We require valid process and notify the affected Dealer where law allows.

We do not share driver data with advertising networks, data brokers, other dealers, or anyone outside the United States without a formal data-transfer agreement.

How long we keep data

  • Driver identity (name, phone, email) — until the Dealer deactivates the driver, plus 90 days
  • Install identifier — until the App is uninstalled, plus 90 days
  • Location records — 90 days
  • Scan records — 7 years (matches the broader ScanIt Parts retention period)
  • Delivery stop completions, signatures, and proof-of-delivery photos — 7 years (legal record of delivery)
  • Crash reports — 90 days
  • Push notification tokens — refreshed continuously; old tokens expire automatically

Backups may retain data for an additional 30 days after the live retention period.

Driver rights

Drivers can:

  • See their data — request a copy via Account → Export My Data, or email privacy@ipsdev.com
  • Correct their data — update name, phone, and email in Account → Profile
  • Delete their data — Account → Delete My Data (which also deactivates the App on the device), or email privacy@ipsdev.com. We complete deletion within 30 days. Note: certain records required by law or contract (for example, signed delivery confirmations) are retained for the 7-year period regardless of a deletion request.
  • Object to specific processing — email privacy@ipsdev.com

Drivers in California (CCPA), Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), and Utah (UCPA) have additional state-law rights, including the right to opt out of certain processing. Email privacy@ipsdev.com to exercise these rights.

We do not sell or "share" (as those terms are defined under CCPA) driver data.

Security

  • TLS 1.2 or higher for all communication between the App and our servers
  • At-rest encryption on all production databases
  • Role-based access controls for IPS staff; staff access is logged and audited
  • The App requires re-authentication after 30 days of inactivity OR after a Dealer-initiated deactivation
  • Push notification payloads contain only metadata (for example, "New delivery assigned"), not delivery details
  • Crash reports scrub names, phone numbers, signatures, and proof-of-delivery photos before sending

We commit to notifying affected Dealers within 72 hours of confirming any unauthorized access to driver data.

Children

The App is a business tool used by employed drivers. It is not directed at children, and we do not knowingly collect information from anyone under 18. If a child somehow registers, contact privacy@ipsdev.com and we will delete the account.

Changes to this policy

Material changes are announced via in-app notification at least 14 days before taking effect. Non-material clarifications (such as typo fixes or contact-info updates) may be made without notice. The "Effective Date" at the bottom of this page is updated on every change.

Contact

Effective Date: Initial publication.