Flow Web Platform, Chrome Extension & Flow Tracking Mobile App
Effective Date: March 16, 2026 · Last Updated: July 13, 2026
Flow ("we," "us," or "our") operates the Flow web platform at main-flow.com ("the Platform") and the Flow Sync Chrome extension ("the Extension"). This Privacy Policy describes how we collect, use, store, and protect information when you use the Platform and/or the Extension. By using our services, you agree to the practices described in this Privacy Policy.
When you sign in to the Platform or Extension, we collect:
The Extension allows you to create field-mapping templates and extract logistics and shipping data from websites you visit. Depending on how you configure your templates, the data you extract may include:
Important: The Extension only extracts data from fields you explicitly configure in your templates or from supported integrations (such as ITS Dispatch) that you initiate. It does not passively collect data from websites you visit.
The Extension stores the following data locally in your browser using Chrome's storage API:
We use the information described above for the following purposes:
Extracted data and templates are transmitted to our servers at api.main-flow.com for storage and use within the Flow platform. This data is associated with your user account.
We use Google Firebase for authentication services. When you sign in, your credentials are processed through Google's Identity Toolkit and Secure Token services. Google's use of this data is governed by Google's Privacy Policy.
We do not sell, rent, or trade your personal information or extracted data to third parties.
We may disclose your information if required to do so by law, court order, or governmental regulation, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
This section describes how Flow accesses, uses, stores, and shares Google user data, in compliance with the Google API Services User Data Policy, including the Limited Use requirements.
Flow uses Google Firebase Authentication to allow users to sign in with their Google account. During sign-in, we receive your name, email address, and profile picture from Google. This information is used solely to create and maintain your Flow account. We do not request any additional Google data during the sign-in process.
Flow offers an optional Gmail integration that users may connect through the Settings page. This integration is entirely separate from sign-in and requires explicit user action to enable. When you connect your Gmail account, we request the following OAuth scopes:
Gmail data accessed through the integration is used exclusively to:
We do not use Gmail data for advertising, market research, or any purpose unrelated to the core freight brokerage functionality of Flow.
We do notshare, sell, or transfer your Gmail data to any third parties. Gmail data is only transmitted between your browser, our backend servers, and Google's Gmail API. No other services or parties have access to your Gmail data.
You may disconnect your Gmail account at any time through the Flow Settings page. When you disconnect, we delete your stored Gmail OAuth tokens from our servers. You may also revoke Flow's access to your Google account at any time by visiting Google Account Permissions.
Flow's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
This section describes how Flow accesses, uses, stores, and shares Microsoft user data when you connect your Outlook/Microsoft 365 email account.
Flow allows users to sign in with their Microsoft account via Firebase Authentication. During sign-in, we receive your name, email address, and profile picture. This information is used solely to create and maintain your Flow account.
Flow offers an optional Outlook/Microsoft 365 email integration that users may connect through the Settings page. This integration is entirely separate from sign-in and requires explicit user action to enable. When you connect your Outlook account, we request the following Microsoft Graph API permissions:
Outlook data accessed through the integration is used exclusively to:
We do not use Outlook data for advertising, market research, or any purpose unrelated to the core freight brokerage functionality of Flow.
We do notshare, sell, or transfer your Outlook data to any third parties. Outlook data is only transmitted between your browser, our backend servers, and Microsoft's Graph API. No other services or parties have access to your Outlook data.
You may disconnect your Outlook account at any time through the Flow Settings page. When you disconnect, we delete your stored Outlook OAuth tokens from our servers. You may also revoke Flow's access to your Microsoft account at any time by visiting Microsoft Account App Access.
This section describes how Flow accesses, uses, stores, and shares Truckstop data when you connect your Truckstop Load Post account through the Flow Live Loads page.
The Truckstop integration is entirely optional and requires explicit user action to enable. Each broker connects their own Truckstop account via Truckstop's OAuth 2.0 authorization flow; there are no shared logins or pooled credentials. When you authorize the connection, Flow is granted the following permissions on your behalf:
Truckstop data accessed through the integration is used exclusively to:
We do not use Truckstop data for advertising, market research, competitive analysis, or any purpose unrelated to the core load-posting functionality of Flow.
We do notshare, sell, or transfer your Truckstop data to any third parties. Truckstop data flows only between your browser, our backend servers, and Truckstop's API. No other services or parties have access to your Truckstop credentials or load-posting records.
You may disconnect your Truckstop account at any time from the Live Loads page in Flow. When you disconnect, we delete your stored Truckstop OAuth tokens from our servers. Loads you have already posted to Truckstop remain live on the Truckstop load board until they expire or are removed; however, Flow will no longer be able to update or delete those postings on your behalf. To remove already-posted loads after disconnecting, contact Truckstop directly or reconnect your Truckstop account in Flow.
This section describes how Flow accesses, uses, stores, and shares QuickBooks Online data when you connect your QuickBooks Online company through the Flow Billing page. Flow's use of Intuit data is subject to and complies with the Intuit Developer Data Protection Policy and the Intuit Data Security Standards.
The QuickBooks Online integration is entirely optional and requires explicit user action to enable. Each broker connects their own QuickBooks Online company via Intuit's OAuth 2.0 authorization flow. Flow requests only the following Intuit OAuth scope:
Within the connected QuickBooks Online company, Flow accesses only the following entities and only for the purposes described:
Flow does not read or write the following QuickBooks data: bills, payments, journal entries, payroll data, sales receipts, estimates, purchase orders, vendor records, bank transactions, employee records, or any other entities not listed above. Flow never deletes any QuickBooks data; if you need to remove a Flow-created invoice or customer from QuickBooks, you must do so directly in QuickBooks.
Intuit data accessed through the integration is used exclusively to:
We do not use Intuit data for advertising, profiling, benchmarking across other Flow customers, training machine learning models, market research, or any purpose unrelated to the core freight-to-invoice functionality of Flow.
We do notshare, sell, transfer, or sublicense your QuickBooks data to any third parties. Intuit data flows only between your browser, our backend servers, and Intuit's QuickBooks Online API endpoints. No other services or parties — including other Flow customers — have access to your QuickBooks company data, tokens, or realm id. Flow's data isolation is enforced at the database layer: every row in our QuickBooks-related tables is keyed by your Flow user id, and every API call is scoped to your realm id.
You may disconnect your QuickBooks Online account at any time from the Flow Billing page. When you disconnect, we delete your stored QuickBooks OAuth tokens and realm id from our servers. You may also revoke Flow's access from inside QuickBooks Online at any time via QuickBooks Online Settings → My Apps. Invoices, customers, and items that Flow created in your QuickBooks company are not removed by a disconnect; they remain yours to manage directly inside QuickBooks.
Flow's integration with QuickBooks Online has been built to comply with Intuit's published Developer Code of Conduct, Data Protection Policy, and Data Security Standards. Specifically: we encrypt OAuth tokens at rest, we use HTTPS for all API calls, we capture Intuit's per-request trace id (intuit_tid) in our logs to assist Intuit Support during any future troubleshooting, we use Intuit's OpenID discovery document to resolve OAuth endpoints at runtime, and we do not store or expose client credentials in the browser. Our use of Intuit data is limited to the scopes and purposes disclosed above.
Flow offers a free companion mobile application, Flow Tracking(available for iOS and Android, published by Flow Automation LLC), that a truck driver may install to share their location for a specific freight shipment they are hauling on behalf of a Flow broker. This section describes how the Flow Tracking app collects, uses, stores, and shares data. It applies specifically to the mobile app; the web-platform sections above continue to apply to the broker's Flow account.
The driver does not create an account or sign in to use the app. The driver opens a one-time tracking link that the broker provides for a specific load; the link identifies which shipment the location updates belong to. The app does not collect the driver's name, email address, phone number, contacts, photos, calendar, microphone, or any profile information. It contains no third-party advertising or analytics SDKs.
After the driver taps "Start Tracking" for a load and grants the operating system's location permission, the app collects only:
The app collects location in the background— including while the app is not open and the phone is locked — so that the shipment can be tracked continuously while the driver is en route to and between the pickup and delivery. This requires the device's "Always Allow" location permission, which the operating system asks the driver to grant explicitly and which the driver can change at any time in device Settings. No location is collected before the driver taps Start Tracking and grants permission.
Location data is used for a single purpose: to display the near-real-time position, speed, and estimated arrival of the freight shipment to the Flow broker who dispatched the load and to that broker's authorized customer (the shipper or receiver) on Flow's shipment-tracking pages. We do not use location data for advertising, marketing, profiling, resale, or any purpose unrelated to tracking the specific shipment, and we do not build long-term movement histories or profiles of drivers.
Location updates are transmitted over HTTPS/TLS to our backend servers (api.main-flow.com) and associated with the specific load. Each shipment's location is visible only to the Flow broker who created the tracking link and to that broker's authorized customer for that shipment. We do not sell, rent, or trade location data, and we do not share it with advertising networks, data brokers, or any third party unrelated to fulfilling the shipment. Location data may be disclosed only where required by law (see Section 3.4).
Location updates are retained only as long as needed to provide tracking for the associated shipment and to support the broker's operational record for that load, after which they are deleted or de-identified. Because the app creates no driver account, uninstalling the app removes all app data from the device. To request deletion of location records already stored on our servers for a shipment, contact us at the email address in Section 11.
Location sharing is entirely voluntary and driver-initiated. Tracking does not begin until the driver opens the link and taps Start Tracking, and the operating system separately requires the driver to grant location permission. The driver may withdraw consent and stop alllocation collection at any time by tapping Stop in the app, revoking the location permission in the device's Settings, or uninstalling the app — any of which immediately ends collection.
The Flow Tracking app is a business tool intended for professional commercial drivers and is not directed to, or intended for use by, anyone under 18. We do not knowingly collect data from minors through the app.
The Extension requests the following browser permissions:
| Permission | Purpose |
|---|---|
| storage | Store your templates, extracted data, and session information locally |
| tabs | Identify the active tab to apply the correct template |
| activeTab | Access the content of the page you are actively working on |
| scripting | Execute extraction scripts on the current page to capture configured fields |
| cookies | Manage authentication session cookies |
| alarms | Schedule background tasks such as session timeout checks |
| idle | Detect inactivity to enforce automatic logout for security |
| Host permissions (all URLs) | Enable field extraction on any website where you configure templates |
The "all URLs" host permission is required because the Extension is a universal field scraper — you may need to extract data from any logistics website or carrier portal. The Extension does not passively monitor or collect data from all websites; it only activates when you explicitly use it on a page.
The Extension is not intended for use by individuals under the age of 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected information from a child under 13, we will take steps to delete that information promptly.
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by updating the "Last Updated" date at the top of this policy and, where appropriate, notifying you within the Platform. Your continued use of our services after any changes constitutes your acceptance of the updated policy.
If you have questions about this Privacy Policy, wish to exercise your data rights, or want to request deletion of your data, please contact us at:
Email: flowbros@main-flow.com
Website: https://main-flow.com
This privacy policy applies to the Flow web platform (main-flow.com), the Flow Sync Chrome extension, and the Flow Tracking mobile app (iOS and Android).