Privacy Policy

The data controller is Andimax Ltd. (UIC: 203076382, VAT: BG203076382), with headquarters at Bulgaria, Sofia 1113, Izgrev district, Iztok residential area, Samokov 1, fl. 8, ap. 37. Website: https://www.andimax.net/

To operate the TOVR AI-powered logistics platform, we collect: • Account & Business Data: Company name, VAT numbers, representative contacts, and official documents (licenses, CMR insurance) verified via our AI OCR engine. • Operational & Telemetry Data: Vehicle GPS locations, availability schedules, and fleet data synced via third-party telematics integrations (e.g., Frotcom, Obs2go) or public radars (e.g., CargoRadar). • Market Integration Data: Platform IDs (Transporeon, TimoCom, LKW Walter), historical freight rates, and transport history. • Financial Data: Billing details for automated commission invoicing via Stripe.

• Freight Matching & Dispatching: Processing fleet locations to provide predictive 'Smart Chain Discovery' and deadhead optimization. • AI Assistance (TOVR fOS): Facilitating natural language dispatching via Web, Telegram, or WhatsApp. Data Privacy Guarantee: Your proprietary freight data, rates, and chat logs processed by our AI models (Google Gemini) are strictly used for your session and are never used to train foundational AI models. • Billing & Administration: Automatically issuing Net 14 invoices for procured loads.

We share necessary data with trusted subprocessors: Google Cloud Platform (hosting & AI routing), Supabase (database & authentication), and Stripe (payment processing). We also transmit relevant matching data back to integrated carrier systems (e.g., OBS2GO).

When you connect to TOVR via our Model Context Protocol (MCP) server or REST API — including through AI assistants such as Claude, ChatGPT, or Cursor — the following applies: • Data Accessed: The integration reads your fleet data (vehicle locations, availability, license plates), freight shipment listings, and company profile information. It does not access data outside your company's scope. • Data Collection: The MCP server does not collect or store conversation history, prompts, or AI assistant context. It processes tool call parameters transiently to return results. • Authentication: API keys and OAuth tokens are used solely to verify your identity and enforce Row Level Security. Keys are stored as irreversible SHA-256 hashes. • Third-Party AI Providers: When using the MCP connector through Claude (Anthropic) or other AI assistants, your tool call inputs and outputs are processed by the respective AI provider under their own privacy policy. TOVR does not send your data to AI providers — the AI assistant calls our API on your behalf. • No Training Use: Data accessed through our API is never used to train AI models. Session data is not retained beyond the active connection.

• Account & Business Data: Retained for the duration of your active account plus 5 years after account closure, as required by Bulgarian commercial record-keeping obligations. • Operational & Telemetry Data: Vehicle location history is retained for 90 days for freight matching optimization, then aggregated and anonymized. • API Usage Logs: Request metadata (timestamp, tool name, response status) is retained for 30 days for rate limiting and abuse prevention. No request payloads are logged. • Financial Data: Invoices and payment records are retained for 10 years per Bulgarian tax law. • Deletion: You may request deletion of your personal data at any time. We will comply within 30 days, except where retention is required by law.

We implement industry-standard security measures including encrypted connections (TLS 1.2+), hashed API credentials, scoped access tokens, and Row Level Security on all database queries. If you discover a security vulnerability in TOVR's platform or API, please report it responsibly to security@tovr.eu. We commit to acknowledging reports within 48 hours and providing a resolution timeline within 5 business days.

Under the GDPR, you have the right to access, rectify, port, or erase your data, and to restrict or object to its processing. To exercise these rights, contact us at inquiry@tovr.eu or via the TOVR dashboard.

Data Controller: Andimax Ltd. (UIC: 203076382) Email: inquiry@tovr.eu Security: security@tovr.eu Address: Bulgaria, Sofia 1113, Izgrev district, Iztok residential area, Samokov 1, fl. 8, ap. 37