Skip to main content
CDLRoads

Privacy Policy

Last Updated: April 15, 2026

1. Introduction

CDL Roads ("Company," "we," "us," or "our") respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and ELDT training platform (the "Services").

By using our Services, you consent to the practices described in this Privacy Policy. If you do not agree with this policy, please do not use our Services.

2. Information We Collect

Personal Information You Provide:

  • Account Information: Full legal name, email address, and password when you create an account
  • Driver Credential Information (required before the final exam): Date of birth, phone number, driver's license / CLP / CDL number, license issuing state, and a photo of that credential. This information must match your credential exactly so your state can verify your ELDT completion.
  • Payment Information: Credit card details, billing address (processed securely by Stripe; we do not store full card numbers)
  • Course Progress: Quiz scores, completed units, final exam results, and certificates earned
  • Communications: Information you provide when contacting our support team

Information Collected Automatically:

  • Device Information: Browser type, operating system, device type
  • Usage Data: Pages visited, time spent on pages, course progress, login times
  • Log Data: IP address, access times, referring URLs
  • Cookies: Session cookies for authentication and preferences (see Section 7)

We collect only the minimum information necessary to provide our Services and comply with legal requirements.

3. How We Use Your Information

We use your information for the following purposes:

  • Provide Services: Create and manage your account, deliver course content, track your progress
  • Process Payments: Complete transactions and send receipts
  • Regulatory Compliance: Submit your Training Provider Registry (TPR) record to the FMCSA upon course completion (required by federal law)
  • Issue Certificates: Generate completion certificates with your name and course details
  • Communicate: Send transactional emails (confirmations, receipts, course updates)
  • Improve Services: Analyze usage patterns to enhance our platform and content
  • Security: Detect and prevent fraud, abuse, and unauthorized access
  • Legal Compliance: Comply with applicable laws, regulations, and legal processes

4. How We Share Your Information

WE DO NOT SELL YOUR PERSONAL INFORMATION. We only share your information in the following circumstances:

  • FMCSA / TPR Submission (Required): Upon course completion, we are legally required to submit your training record to the FMCSA Training Provider Registry (TPR). This includes your legal name, date of birth, driver's license / CLP / CDL number and state, course completed, completion date, and exam score. Only registered training providers may submit to the TPR.
  • State Driver Licensing Agencies (SDLAs): Once your record is in the TPR, your home-state SDLA accesses it to verify your ELDT completion before allowing you to take the CDL knowledge or skills test. We do not transmit your record to SDLAs directly — they retrieve it from the TPR.
  • Payment Processor (Stripe): We share payment information with Stripe to process transactions. Stripe's privacy policy governs their use of this data.
  • Authentication Provider (Supabase): We use Supabase for secure authentication and database services. Your account data is stored securely on their platform.
  • Legal Requirements: We may disclose information if required by law, court order, or government request, or to protect our rights, safety, or property.
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

We do NOT share your information with advertisers, data brokers, or third parties for marketing purposes.

5. Data Retention

We retain your information for as long as necessary to:

  • Provide you with lifetime access to your purchased courses
  • Maintain records of your course completions and certificates
  • Comply with legal obligations (tax records, regulatory requirements)
  • Resolve disputes and enforce our agreements

Retention Periods:

  • Account data: Retained while your account is active and for 7 years after deletion
  • Payment records: Retained for 7 years for tax and legal compliance
  • Required ELDT assessment records (quizzes, final exam scores, completion records): Retained for at least three (3) years from the date the assessment was given, as required by 49 CFR § 380.725. We retain TPR-eligible completion records beyond that minimum so the record remains available for SDLA verification.
  • Usage logs: Retained for 90 days

6. Data Security

We implement industry-standard security measures to protect your information:

  • All data transmitted via HTTPS/TLS encryption
  • Passwords are hashed and never stored in plain text
  • Payment information is processed by PCI-compliant payment processor (Stripe)
  • Access to personal data is restricted to authorized personnel only
  • Regular security audits and monitoring

While we strive to protect your information, no method of transmission or storage is 100% secure. You are responsible for maintaining the security of your account credentials.

Breach Notification: In the event of a confirmed data breach that affects your personal information, we will notify affected users and applicable regulators without undue delay and in accordance with applicable state and federal law.

7. Cookies and Tracking Technologies

We use the following types of cookies:

  • Essential Cookies: Required for authentication, security, and basic functionality
  • Preference Cookies: Remember your settings and preferences
  • Analytics Cookies: Help us understand how users interact with our Services (anonymized)

We do NOT use advertising cookies or third-party tracking cookies. You can disable cookies in your browser settings, but this may affect the functionality of our Services.

Do Not Track: Because there is no consistent industry standard for responding to "Do Not Track" (DNT) browser signals, our Services do not currently respond to DNT signals. Regardless of DNT, we do not sell your personal information or permit third-party behavioral advertising on our Services.

8. Your Privacy Rights

Depending on your location, you may have the following rights:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request correction of inaccurate or incomplete information. You can review and edit your driver information at any time from your profile. Per the FMCSA Privacy Impact Assessment for the TPR, drivers who find inaccurate information in their TPR record must contact their training provider (us) to review and correct it; once corrected we will resubmit the updated record to the TPR on your behalf. Email javier.cdlroads@gmail.com for assistance.
  • Deletion: Request deletion of your personal information (subject to legal retention requirements)
  • Portability: Request a copy of your data in a portable format
  • Opt-Out: Opt out of non-essential communications

California Residents (CCPA/CPRA): In addition to the rights above, California residents have the right to (a) know the categories and specific pieces of personal information we have collected, the sources, and the business purposes for collection, including the 12 months preceding your request; (b) correct inaccurate personal information; (c) request deletion, subject to legal retention exceptions; (d) opt out of the sale or sharing of personal information (note: we do not sell or share personal information for cross-context behavioral advertising); and (e) limit the use and disclosure of sensitive personal information. Your date of birth and driver's license / CLP / CDL number qualify as "sensitive personal information" under the CPRA, but we use these data elements only for the purposes disclosed in this Policy (primarily TPR submission and identity verification) and do not use them to infer characteristics about you. We will not discriminate against you for exercising any of these rights.

To exercise any of these rights, contact us at javier.cdlroads@gmail.com. We will respond within 30 days.

9. Children's Privacy

Our Services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately at javier.cdlroads@gmail.com, and we will delete such information.

10. Third-Party Links

Our Services may contain links to third-party websites (such as the FMCSA website). We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies before providing any personal information.

11. International Users

Our Services are operated in the United States. If you access our Services from outside the United States, your information will be transferred to and processed in the United States, where data protection laws may differ from your jurisdiction. By using our Services, you consent to this transfer.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and updating the "Last Updated" date. For significant changes, we may also send you an email notification. Your continued use of the Services after changes are posted constitutes your acceptance of the updated policy.

13. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Email: javier.cdlroads@gmail.com

Phone: +1 (408) 372-8162

Mailing Address: 1055 S 6th St, San Jose, CA 95112

← Back to Home