Privacy Policy

Version 2026-05-17 · Last updated 2026-05-17

Important: This is starter wording — replace with text reviewed by your legal counsel before launch.

1. What we collect

Account data: company name, owner name, email, phone, timezone.
Customer data: the jobs, quotes, invoices, contacts, inventory, and crew records you create in the Service.
Usage data: login times, IP addresses (for security), error events.
Billing data: handled by Stripe — we store only a customer reference, never card numbers.

2. How we use it

To operate and improve the Service.
To send transactional email (invoices, password resets, billing notices). We do not send marketing email without opt-in.
To enforce these Terms and detect abuse.

3. Sharing

We share Customer Data only with the sub-processors needed to run the Service:

Supabase — authentication.
Stripe — billing.
Anthropic — optional AI features (only if enabled).
QuickBooks Online (Intuit) — optional, only data you explicitly sync.
Your configured SMTP provider — outgoing email.

We do not sell Customer Data. Ever.

4. Where data lives

Customer Data is hosted in the United States. If your jurisdiction requires regional residency, contact [email protected].

5. Security

Multi-tenant data is isolated by Postgres schemas. Sensitive credentials (SMTP password, third-party tokens) are encrypted at rest using AES-256-GCM with keys held in our hosting provider's secrets manager. We support TOTP-based multi-factor authentication and recommend you enable it.

6. Your rights (GDPR / CCPA)

You can request access to, correction of, export of, or deletion of your personal data at any time. Self-serve export and deletion are available from Settings → Account. Or email [email protected].

7. Retention

We retain Customer Data for the duration of your subscription plus a 30-day grace period after cancellation or deletion request. Backups are retained for up to 90 days.

8. Cookies

We use only essential cookies (session storage for the auth token). No advertising or third-party tracking cookies.

9. Children

The Service is not directed at children under 16 and we do not knowingly collect their data.

10. Contact

Privacy questions: [email protected].

Questions? Contact [email protected].