This notice describes how LaneLock Technologies, LLC ("LaneLock") collects, stores, uses, retains, and destroys biometric information collected through the SpotLock driver-verification service. It is issued in compliance with the Illinois Biometric Information Privacy Act, 740 ILCS 14 et seq. ("BIPA"), and is intended to satisfy the parallel notice and consent requirements of the Texas Capture or Use of Biometric Identifier Act, Tex. Bus. & Com. Code § 503.001 ("CUBI"), and other state biometric privacy statutes.

1. What we collect

When a driver completes a SpotLock pre-dispatch verification, LaneLock collects the following items that may, depending on the jurisdiction, constitute "biometric identifiers" or "biometric information" within the meaning of BIPA, CUBI, or a comparable state law:

• A contemporaneous photograph of the driver's face (the selfie).
• Photographs of the front and back of the driver's commercial driver's license.
• Any facial-geometry data or facial templates derived from those images for the purpose of identity comparison.

For clarity: LaneLock does not capture fingerprints, palm scans, iris scans, voiceprints, retina scans, or DNA. The Service does not use real-time face-recognition on bystanders or any third party other than the driver completing the verification.

2. Purpose of collection

LaneLock collects this information solely to verify that the individual identified on a freight broker's dispatched load is the same individual who physically presents at pickup, by comparing the driver's submitted selfie and license images against (a) one another, (b) the dispatcher-supplied identifying information for the load, and (c) prior verifications for the same driver where available. The purpose is fraud prevention and shipment integrity. The information is not used for any other purpose.

3. Storage location

Biometric information is stored in encrypted form on cloud infrastructure operated by DigitalOcean LLC, located in the continental United States. Access is restricted to LaneLock personnel with a business need and to the initiating freight broker for the specific verification case. Access is logged.

4. Retention period

LaneLock retains biometric information for no longer than the earlier of:

1. three (3) years from the date of the driver's last interaction with the Service;
2. satisfaction of the initial verification purpose plus a 90-day operational period (during which the verification record may be relied upon for a follow-on load involving the same driver and equipment); or
3. receipt and verification of a request from the driver to delete the information.

This schedule is published in Section 4 of the Privacy Policy and constitutes LaneLock's written retention policy for purposes of 740 ILCS 14/15(a).

5. Destruction

Upon expiration of the applicable retention period, LaneLock destroys the biometric information using commercially reasonable measures that render the data unreadable and not reasonably recoverable. For digital records this consists of secure deletion from primary storage, secure overwrite of associated backups upon the next backup-rotation cycle, and revocation of any derived templates. LaneLock may retain a record past the schedule above only when reasonably required for an active litigation hold, an active regulatory inquiry, or an unresolved claim, and only for as long as that qualifying need persists.

6. Disclosure

LaneLock discloses biometric information only:

• to the freight broker that initiated the verification case;
• to the shipper or receiver associated with the load, where the initiating broker elects to forward the shipper-facing Driver Verification Form;
• to LaneLock's infrastructure service providers (named in Section 3 of the Privacy Policy) under written contracts that require confidentiality and use consistent with this Notice;
• to comply with a valid subpoena, court order, warrant, or other lawful process;
• in connection with a corporate transaction, subject to confidentiality terms at least as protective as those in this Notice.

LaneLock does not sell, lease, trade, or otherwise profit from biometric identifiers or biometric information, and will not do so in the future.

7. Written informed consent

By checking the biometric-consent box on the SpotLock verification form and submitting the form, the driver acknowledges that:

1. The driver has read this Notice.
2. The driver understands that LaneLock will collect, store, and use the biometric information described in Section 1 for the purpose described in Section 2.
3. The driver understands the retention period described in Section 4 and the destruction practices described in Section 5.
4. The driver consents in writing to LaneLock's collection, storage, use, retention, and destruction of the biometric information on the terms set out in this Notice.

A driver who does not consent should not complete the SpotLock verification, and should contact the broker that dispatched the load to make alternative arrangements.

8. Your rights

At any time, a driver may:

• Request confirmation that LaneLock holds biometric information associated with the driver.
• Request a copy of the biometric information.
• Request correction of inaccurate information.
• Withdraw consent and request deletion, subject to legitimate operational, legal, or compliance retention needs.

Requests should be sent to support@lanelocktech.com. LaneLock will acknowledge a request within seven (7) calendar days and respond substantively within thirty (30) calendar days, or sooner where required by applicable law.

9. Contact

Questions regarding this Notice or LaneLock's biometric practices may be directed to:

LaneLock Technologies, LLC
Attn: Privacy Officer
support@lanelocktech.com