Last updated: June 30, 2026

Privacy Policy

HopStop (“we,” “us,” or “our”) operates https://hopstop.app and provides browser extensions and a web dashboard that help freight dispatchers work faster on DAT One. This Privacy Policy applies to hopstop.app, our API at https://hopstop.app/api, and the HopStop browser extension (Chrome, Edge, and Firefox). It describes what information we collect, how we use and store it, who we share it with, and your choices. We do not sell personal data and we do not perform broad web scraping.

Data collection

We collect information you provide when you create and use a HopStop account (email, name, optional phone, password hash), dashboard settings (MC numbers, email templates, broker filters, call/Cisco phone settings), and support or billing requests. When you are signed in, the extension and dashboard send API traffic including settings sync, extension heartbeat (version, optional hostname, last-seen time), activity events you trigger (sign-in, sign-out, phone-call actions), broker inquiry payloads when you click Email on a DAT One row, and payment order metadata for subscriptions. On DAT One pages the extension reads visible load-board row fields (broker, phone, email, lane, rate, dates, equipment) locally in your browser; this is not uploaded in bulk. Standard web server logs (IP, user agent, timestamps) may be recorded for security. We do not collect general browsing history, do not scrape arbitrary websites, and do not read your Gmail or Outlook inbox except to send an email you explicitly initiate.

Data handling

We use collected information only to operate, secure, and improve HopStop: authenticating accounts, syncing settings to the extension, sending broker emails you request, placing calls via your configured phone, processing subscriptions, monitoring extension health, providing support, complying with law, and preventing abuse. DAT One row data is processed on your device to show Call, Email, Maps, and RPM tools. Broker inquiry emails are rendered from your template and sent through your authorized mailbox. Cisco click-to-call commands go directly from your browser to the phone IP you configured on your LAN — not through HopStop servers. We do not use your data for advertising, interest-based profiling, or training machine-learning models.

Data storage

Data is stored in: (1) your browser — chrome.storage / extension local storage for session tokens and cached settings; (2) hopstop.app cookies and local storage for web sessions; (3) HopStop backend servers (PostgreSQL and application storage) hosted to operate https://hopstop.app; (4) your email provider’s servers when we send on your behalf. OAuth and SMTP credentials are encrypted at rest on our servers and are never stored in the extension. Passwords are stored only as secure hashes. We retain account data while your account is active; you may request deletion at https://hopstop.app/delete-account.

Data sharing

We do not sell personal data. We share data only as needed to provide the service: our own API servers; Google or Microsoft when you connect Gmail or Outlook to send broker emails you initiate; your SMTP provider for custom mailboxes; Idram for subscription payments; Google Maps when you open a route (your browser contacts Google directly); your Cisco desk phone on your local network for click-to-call; and infrastructure providers that process data solely on our behalf under confidentiality obligations. We may disclose information if required by law or to protect rights, safety, or security.

What we do not collect or do

To be clear upfront: HopStop does not sell, rent, or trade your personal information. We do not collect or store your general browsing history across the web. We do not scrape arbitrary websites. We do not read, monitor, or analyze your Gmail inbox or other mailboxes except to send an email you explicitly initiate. We do not use your data for advertising, interest-based profiling, or training machine-learning models. The extension runs only on DAT One load-board pages (https://*.dat.com) and on hopstop.app for sign-in — not on unrelated sites.

Account and profile data

When you create a HopStop account we collect information you provide: email address, name, optional phone number, and a password (stored only as a secure hash, never in plain text). In your dashboard you may also configure MC numbers (carrier MC ID and company name), email templates, broker filters, search lines, phone/call settings (call protocol, Cisco desk-phone IP or host, SIP domain, custom dial prefix, optional Cisco HTTP template), and display preferences. This profile data is stored on HopStop servers and synced to the extension when you are signed in.

Authentication and session data

When you sign in on hopstop.app, we issue JWT access and refresh tokens. The website stores session data in secure cookies and local storage. The browser extension receives these tokens through a content script on hopstop.app only and caches them in chrome.storage (or the equivalent storage API in Edge/Firefox) so the extension can call https://hopstop.app/api on your behalf. Cached extension keys include: accessToken, refreshToken, hopstopApiBase, hopstopSiteUrl, emailTemplates, defaultEmailTemplate, mcNumbers, activeMcNumber, agentProfile, callSettings, subscriptionStatus, extensionRowActionMode, lastSyncAt, and lastSyncError. Google OAuth tokens for Gmail are never stored in the extension.

DAT One load board data (processed locally)

On DAT One pages the extension reads load-board row content from the page you are viewing — such as broker/company name, phone number, email address, origin, destination, rate, pickup date, and equipment — solely to show Call, Email, Maps, and RPM tools on that row. This data is processed in your browser on the device. It is not uploaded to HopStop servers in bulk and is not stored on our servers except when you take a specific action described below (for example, sending a broker inquiry email). We are not affiliated with DAT Solutions.

Data sent to HopStop servers

When you are signed in, the extension and dashboard communicate with our API over HTTPS. Data transmitted includes: (1) periodic sync of your email templates, MC numbers, profile, call settings, and subscription status; (2) extension heartbeat every few minutes while signed in — extension version, optional load-board platform label, optional hostname, and last-seen timestamp; (3) extension activity events you trigger, such as sign-in, sign-out, and phone-call actions (which may include the dialed digits and phone line used); (4) broker inquiry emails when you click Email on a row — recipient email, broker name, lane details (origin, destination, rate, pickup date, equipment), selected template ID, and MC number ID; (5) support messages and account-management requests you submit on hopstop.app; (6) payment order metadata when you subscribe (see Payments below). Standard web server logs (IP address, user agent, request timestamps) may also be recorded for security and operations.

Broker inquiry emails

When you click Email on a DAT One row, the extension sends the inquiry details to POST /api/agents/me/send-inquiry. Our servers fill your chosen template, queue the outbound message, and deliver it through your authorized mailbox (Google OAuth SMTP, Microsoft OAuth SMTP, or your configured SMTP provider). We store a record of sent inquiries (recipient, subject, rendered body, sender address, status, and timestamps) in our database to process delivery, handle errors, and support your account. We do not use inquiry content for marketing or resale.

Click-to-call and Cisco desk phones

When you click Call, the extension builds a dial request from the phone number visible on the row and your call settings. For tel:, sip:, callto:, or custom protocols, the extension opens the appropriate URI locally. For Cisco desk phones (cisco-ip, cisco-cti, cisco-http), the extension sends HTTP requests directly from your browser to the Cisco phone IP or URL you configured in your HopStop dashboard — on your local network. Those dial commands do not route through HopStop servers. The phone IP/host is stored in your HopStop profile and cached in extension storage. After a successful call action, the extension may log a PhoneCall event to our API with the phone line and dialed digits for service diagnostics.

Connected email accounts (Google and Microsoft)

Connecting an email account is optional and initiated only by you from Email settings in the dashboard. For Google (Gmail), we use OAuth 2.0 and request only https://www.googleapis.com/auth/gmail.send plus basic profile/email scopes needed to identify the mailbox. For Microsoft (Outlook), we use OAuth 2.0 with send-mail permissions. OAuth access and refresh tokens are stored only on HopStop backend servers, encrypted at rest — never in the extension or chrome.storage. Tokens are used solely to send emails you explicitly trigger and to refresh authorization.

What we do not do with your email

HopStop does not read, search, analyze, sell, or share the contents of your inbox, sent mail, or drafts. We do not access messages you did not send through HopStop. System transactional emails (password reset, support replies) are sent through our own SMTP configuration and are separate from your connected mailbox.

Payments

Subscriptions are processed through Idram (https://banking.idram.am). When you pay, Idram handles payment credentials; HopStop receives payment status, order reference, amount, and plan metadata — not your full card or banking details. Payment records are stored on our servers for billing history and fraud prevention.

How we use your data

We use collected information only to operate, secure, and improve HopStop: authenticating accounts, syncing settings to the extension, sending broker emails you request, placing calls via your configured phone, processing subscriptions, monitoring extension health, providing support, complying with law, and preventing abuse. Aggregated, non-identifying statistics may be used internally to improve reliability.

Where data is stored

Data is stored in: (1) your browser — chrome.storage / extension local storage for session tokens and cached settings; (2) hopstop.app cookies and local storage for web sessions; (3) HopStop backend servers (PostgreSQL database and application storage) hosted to operate https://hopstop.app; (4) your email provider’s servers when we send on your behalf. OAuth credentials and SMTP secrets are encrypted on our servers.

Data retention

We retain account and profile data while your account is active. OAuth tokens are deleted when you disconnect the mailbox or delete your account. Sent inquiry records, extension activity logs, heartbeat sessions, and payment orders may be archived or deleted after extended periods of inactivity (administrative retention defaults are configurable; contact us for details). Billing and tax records may be kept longer where required by law. You may request deletion at https://hopstop.app/delete-account or by emailing app.hopstop@gmail.com.

Third parties we share data with

We do not sell personal data. We share data only as needed to provide the service:

Legal disclosures

We may disclose information if required by law, court order, or governmental request, or when we reasonably believe disclosure is necessary to protect the rights, safety, or security of HopStop, our users, or the public.

Cookies and similar technologies

hopstop.app uses cookies and local storage for sign-in sessions, language preference, and dashboard state. The extension uses chrome.storage (not third-party cookies) for tokens and cached settings. We do not use third-party advertising cookies.

Browser extension permissions

The extension requests permissions solely for its dispatch features:

Your rights and choices

You may access and update profile data in the dashboard. You may disconnect Google or Microsoft mailboxes in Email settings or revoke access at https://myaccount.google.com/permissions. You may sign out of the extension to clear cached tokens (Logout in the extension popup). You may request a copy of your data or full account deletion at https://hopstop.app/delete-account or app.hopstop@gmail.com. If you are in a jurisdiction with additional privacy rights (such as access, correction, or objection), contact us and we will respond as required by applicable law.

Security

We use HTTPS for all API traffic, hashed passwords, encrypted storage for OAuth and SMTP credentials, access controls on servers, and JWT-based authentication. No method of transmission or storage is 100% secure; please use a strong password and keep your devices secure.

Children

HopStop is a business tool for freight dispatch professionals. We do not knowingly collect personal information from children under 16.

Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be posted on this page with an updated date. Continued use of HopStop after changes take effect constitutes acceptance of the revised policy.

Google API Services User Data Policy Compliance

HopStop’s use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We request only https://www.googleapis.com/auth/gmail.send (plus openid/email/profile to identify the connected account). We do not request mailbox read, search, or manage scopes. Google user data is used only to send emails you explicitly initiate. If you disconnect Google in HopStop or revoke access in Google Account settings, we stop calling Google APIs and delete stored tokens for that connection.

Contact us

Privacy questions, data access requests, or account deletion: app.hopstop@gmail.com or https://hopstop.app/support. Mailing address available on request.