Privacy Policy

Last updated: 9 June 2026

Cargoson OÜ ("Cargoson", "we", "us", or "our") operates the https://www.loadingcalendar.com website and the LoadingCalendar dock-scheduling platform (together, the "Service"). We take the privacy of everyone who visits our website or uses our platform seriously, and we have written this Privacy Policy to explain in plain language how we handle personal data.

This Privacy Policy describes what personal data we collect, the reasons and legal grounds we rely on to use it, who we share it with and why, how long we keep it, how we keep it secure, and the rights you have under the EU General Data Protection Regulation (Regulation (EU) 2016/679, the "GDPR") and other applicable data protection laws. It applies to personal data we process as a controller in connection with the Service. We are committed to processing personal data lawfully, fairly and transparently, and we review this Policy regularly to keep it accurate and up to date. By using the Service, you confirm that you have read and understood this Policy.

1. Who We Are (Data Controller)

Cargoson OÜ is the company behind LoadingCalendar. For the personal data we process about your use of our website and your LoadingCalendar account, Cargoson OÜ is the "data controller", which means that we determine why and how that personal data is processed and are responsible for it under the GDPR. We are a private limited company established under the laws of the Republic of Estonia, and our contact details are:

  • Cargoson OÜ
  • Registry code: 14545832
  • Address: Pärnu mnt 141, Tallinn 11314, Estonia
  • Email: [email protected]

If you have any questions about this Policy, would like to exercise any of your rights, or wish to raise a concern about how we handle your personal data, you can reach us at the email address above. We will review every request carefully and respond as soon as we reasonably can, and in any event within the timeframes required by applicable law.

2. Controller and Processor Roles

Because LoadingCalendar is a tool that our customers use to run their own operations, Cargoson acts in two distinct roles depending on whose data is involved and who decides how it is used. It is important to understand the difference, because it determines who is responsible for the data and who you should contact about it.

  • As a controller — for personal data about your account, your use of the website and our direct relationship with you, such as your registration details, billing information, support communications and the usage and technical data generated when you use the Service. In this role we decide the purposes and means of processing, and this Privacy Policy governs how we handle that data.
  • As a processor — for personal data that our customers enter into the platform as part of their own logistics operations, such as the carrier, contact and booking details they add to manage loadings. In this role the customer is the controller, decides how the data is used, and we process it only on the customer's documented instructions under our Terms and Conditions and applicable data processing terms.

If your personal data was added to the platform by one of our customers (for example because you are a carrier or contact they work with) and you would like to access, correct or delete it, please contact that customer directly, as they control that data. We will support our customers in responding to such requests as required by the GDPR.

3. Personal Data We Collect

We collect personal data in two ways. First, we collect information that you provide to us directly — for example when you register for an account, set up your warehouses and docks, schedule loadings, subscribe to a paid plan, or contact our support team. Second, we collect certain information automatically through your device and browser when you visit the website or use the platform. The categories of personal data we collect are:

  • Account and profile data — your first and last name, email address, phone number, company name, and address details (street, city, state or province, ZIP/postal code), together with the login credentials and settings associated with your account.
  • Operational and booking data — the information you enter to schedule and manage loadings, including warehouse, dock and loading details, time slots, and the carrier or contact email addresses involved in a booking.
  • Usage and technical data — information your browser and device send automatically, such as your IP address, browser type and version, operating system, device identifiers, the pages and features of the Service you use, the dates and times of your visits, and other diagnostic and log data we use to keep the Service reliable and secure.
  • Communications — the content of the messages, support requests and other correspondence you send to us, and our replies, which we keep so that we can assist you and improve our support.
  • Billing data — the subscription, invoicing and payment details associated with your plan. Card payments are processed securely by our third-party payment provider; we receive confirmation of payment and limited transaction details, but we do not collect or store full payment card numbers.

4. How We Use Your Data and Our Legal Bases

We only process personal data where we have a valid legal basis to do so under Article 6 of the GDPR, and we limit our processing to what is necessary for the purpose concerned. The table below sets out the main purposes for which we use personal data and the legal basis we rely on for each.

Purpose Legal basis
Create and manage your account and provide the Service Performance of a contract (Art. 6(1)(b))
Authenticate users and keep the platform and your data secure Legitimate interests (Art. 6(1)(f)) and legal obligation (Art. 6(1)(c))
Process payments and manage subscriptions Performance of a contract (Art. 6(1)(b))
Send service, transactional and account notifications Performance of a contract (Art. 6(1)(b)) and legitimate interests (Art. 6(1)(f))
Provide customer support Performance of a contract (Art. 6(1)(b)) and legitimate interests (Art. 6(1)(f))
Maintain, monitor and improve the Service and prevent fraud, abuse and technical issues Legitimate interests (Art. 6(1)(f))
Comply with legal, accounting and tax obligations Legal obligation (Art. 6(1)(c))
Send optional marketing communications, where applicable Consent (Art. 6(1)(a)), which you can withdraw at any time

Where we rely on our legitimate interests, we have considered those interests against your rights and freedoms and only proceed where we believe the processing is fair, proportionate and would not be unduly intrusive — for example, our interest in keeping the platform secure, preventing misuse, and improving the Service for all users. We will not use your personal data for a new purpose that is incompatible with the purposes described in this Policy without first informing you and, where required, obtaining your consent.

5. Cookies and Similar Technologies

Cookies are small text files that a website stores on your device to make the site work or to remember information about your visit. We use only strictly necessary cookies — the cookies that are required for the Service to function and to keep it secure. We do not use analytics, advertising or tracking cookies. Because strictly necessary cookies are essential to deliver the Service you have requested, they do not require your consent under applicable law, but we describe each of them below so that you can see exactly what we use and why.

Cookie Purpose Category Retention
Session cookie Keeps you signed in and maintains your session as you move between pages Strictly necessary Session
CSRF token Protects forms and requests against cross-site request forgery Strictly necessary Session
cookie_consent Remembers that you have seen and acknowledged our cookie notice Strictly necessary 12 months
portal_session_email Maintains booking portal sessions for guest users Strictly necessary 120 days
Cloudflare (e.g. __cf_bm, cf_clearance) Bot detection, security and CAPTCHA protection on sign-in and booking pages Strictly necessary Up to 12 months
Stripe (e.g. __stripe_mid, __stripe_sid) Fraud prevention during payment; set only on billing and checkout pages Strictly necessary Up to 12 months
Google Maps Set by Google when you use address autocomplete during onboarding Functional (third party) Set and managed by Google

You can set your browser to refuse some or all cookies, to delete cookies that have already been set, or to alert you when a cookie is being placed. Please bear in mind that if you block strictly necessary cookies, some parts of the Service may stop working correctly — for example you may be unable to sign in or to complete a booking. Because we do not track your activity across other websites and do not use analytics or advertising cookies, there is no cross-site tracking to disable. Some browsers can send a "Do Not Track" (DNT) or Global Privacy Control signal; as we do not carry out the kind of tracking those signals are designed to stop, they do not change how the Service works.

6. How We Share Your Data

We do not sell your personal data, and we never share it for the purpose of third-party advertising. We share personal data only where it is necessary to operate the Service, and only with trusted service providers that process it on our behalf and under our instructions. Each of these providers is bound by a contract — including a data processing agreement where required — that obliges them to protect your data, to use it solely for the purposes we specify, and to apply appropriate security measures. We also limit the data each provider can access to what they need to perform their function.

The service providers we work with fall into categories such as payment and subscription processing, cloud hosting and file storage, security and content delivery, error and performance monitoring, and email delivery. We keep the specific list of our sub-processors available to customers in our Data Processing Agreement, which we update as our suppliers change.

In addition to our service providers, we may disclose personal data where we believe in good faith that doing so is necessary to comply with a legal obligation, court order or lawful request from a public authority; to establish, exercise or defend our legal rights; to enforce our terms and policies; to protect the rights, property or safety of Cargoson, our users or the public; or in connection with a corporate transaction such as a merger, acquisition, financing or sale of assets, in which case we will require the recipient to continue to protect your personal data in line with this Policy.

7. International Data Transfers

Although Cargoson is established in Estonia, within the European Economic Area (EEA), the cloud infrastructure that powers the Service — including our application servers and the database in which personal data is stored — is hosted in the United States. As a result, when you use the Service your personal data is transferred to, stored in and processed in the United States, and some of the other service providers we rely on may also process personal data outside the EEA.

Transfers of personal data outside the EEA are protected by appropriate safeguards recognised under the GDPR, so that your data continues to receive a level of protection essentially equivalent to that guaranteed within the EEA. Depending on the recipient, these safeguards include the EU Standard Contractual Clauses and, where the recipient is certified, the EU–US Data Privacy Framework, together with any additional technical and organisational measures needed to protect the transfer. You can ask us for more information about the safeguards that apply to a particular transfer by contacting us at the email address in this Policy.

8. Data Retention

We keep personal data only for as long as we need it for the purposes set out in this Policy, after which we securely delete it or irreversibly anonymise it. When deciding how long to keep data, we consider the amount, nature and sensitivity of the data, the purposes for which we process it, whether we can achieve those purposes by other means, and the legal, accounting or reporting requirements that apply. In practice, this means:

  • Account data — kept for the duration of your subscription and for a reasonable period afterwards, so that we can wind down the relationship, deal with any follow-up queries, and meet our legal obligations.
  • Free trial accounts that are not converted to a paid plan are deleted in line with the timeframe set out in our Terms and Conditions.
  • Billing and accounting records — retained for the period required by the applicable accounting and tax legislation, which is typically several years.
  • Usage and log data — retained for a limited period and used for security, troubleshooting and maintaining the reliability of the Service.

9. Automated Decision-Making and Profiling

We do not make decisions that produce legal effects concerning you, or that similarly significantly affect you, based solely on automated processing of your personal data, and we do not use your personal data for that kind of profiling. The Service is operated and overseen by people, and any meaningful decisions about you involve human judgement. If we ever introduce processing of this kind in the future, we will update this Policy in advance, explain the logic involved and the consequences for you, and, where the law requires it, obtain your consent or provide you with appropriate additional safeguards and rights.

10. Your Rights

The GDPR gives you a number of rights over your personal data, and we want to make it easy for you to exercise them. Subject to the conditions and exceptions set out in applicable law, you have the right to:

  • Access — obtain confirmation that we process your personal data and a copy of the data we hold about you, along with information about how we use it.
  • Rectification — have inaccurate personal data corrected and incomplete data completed.
  • Erasure — ask us to delete your personal data where there is no good reason for us to continue processing it.
  • Restriction — ask us to suspend the processing of your personal data in certain circumstances, for example while its accuracy is being verified.
  • Portability — receive the personal data you have provided to us in a structured, commonly used, machine-readable format, or have it transmitted to another controller where technically feasible.
  • Objection — object to processing that is based on our legitimate interests, and object at any time to the use of your data for direct marketing.
  • Withdraw consent — where our processing is based on your consent, withdraw that consent at any time, without affecting the lawfulness of processing carried out before you withdrew it.

To exercise any of these rights, please contact us at [email protected]. We will respond to your request without undue delay and within the time limits set by the GDPR, and you will not normally have to pay a fee. We may need to verify your identity before acting on a request, in order to protect your data. If you are not satisfied with how we have handled your personal data, you have the right to lodge a complaint with a data protection supervisory authority — in particular in the EU or EEA country where you live, where you work, or where you believe the issue occurred. We would, however, appreciate the chance to address your concerns directly before you approach a regulator, so please consider contacting us first.

11. Security of Your Data

We take the security of personal data seriously and implement appropriate technical and organisational measures designed to protect it against unauthorised or unlawful access, alteration, disclosure, loss or destruction. These measures include encryption of data in transit and, where appropriate, at rest, access controls that limit who can see personal data on a need-to-know basis, secure hosting infrastructure, and ongoing monitoring of our systems. We also require our service providers to maintain comparable safeguards.

Despite our efforts, no method of transmission over the Internet or method of electronic storage is completely secure, so we cannot guarantee the absolute security of your data. If we become aware of a personal data breach that is likely to affect you, we will act promptly to investigate and contain it and will notify you and the relevant supervisory authority where we are required to do so by law.

12. Third-Party Links

The Service may contain links to websites, applications or services that are operated by third parties and that we do not control. If you follow a link to a third-party site, you will be leaving our Service, and that third party's own privacy policy and terms will apply to any information you provide there. We are not responsible for the content, privacy practices or security of those third-party sites, and the inclusion of a link does not imply our endorsement. We encourage you to read the privacy policy of every website or service you visit before providing them with any personal data.

13. Children's Privacy

LoadingCalendar is a business tool intended for use by organisations and their staff, and it is not directed at children. We do not knowingly collect or solicit personal data from children, and the Service is not intended for anyone who is not authorised to act on behalf of a business. If you believe that a child has provided us with personal data, please contact us and we will take steps to delete that information without undue delay.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, the Service, or legal and regulatory requirements. When we make changes, we will post the updated Policy on this page and revise the "Last updated" date shown at the top. Where the changes are material, we will provide a more prominent notice or notify you directly by email before the changes take effect. We encourage you to review this Policy periodically so that you stay informed about how we protect your personal data.

15. Contact Us

If you have any questions, comments or requests regarding this Privacy Policy or the way we handle your personal data, we are happy to help. You can contact us using the details below, and we will respond as soon as we reasonably can:

  • By email: [email protected]
  • By post: Cargoson OÜ, Pärnu mnt 141, Tallinn 11314, Estonia
Product
Time Slot Management
TMS Integration
API Integration
Pricing
Free Trial
Industries
Manufacturing
Wholesale & Distribution
Logistics & 3PL
Food & Beverage
Compare
LoadingCalendar vs GoRamp
LoadingCalendar vs Opendock
LoadingCalendar vs DataDocks
LoadingCalendar vs Arrivy
Resources
Warehouse Scheduling Guide
Setup Guide
Case Study
Blog
Is Dock Scheduling Software For Me?
TMS Integration Guide
Best Dock Scheduling Software
Dock Scheduling vs Yard Management
Company
Contact Us
Cargoson TMS
LoadingCalendar logo
© 2026 Loadingcalendar.com. All Rights Reserved.
Capterra - LoadingCalendar
GetApp - LoadingCalendar
Software Advice - LoadingCalendar
Terms and Conditions Privacy Policy
🍪 We use only essential cookies

We use only the cookies necessary to keep LoadingCalendar secure and working — for login, security and your preferences. We do not use tracking, analytics or advertising cookies. More details.