Privacy Policy

1. Introduction

SiteProc ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our construction management platform ("Service").

By using the Service, you consent to the data practices described in this policy. If you do not agree with this policy, please do not use the Service.

2. Information We Collect

2.1 Information You Provide

We collect information you provide directly to us, including:

• Account Information: Name, email address, company name, phone number
• Profile Data: Job title, role, avatar/photo
• Project Data: Project details, budgets, timelines, locations
• Order Data: Purchase orders, vendor information, delivery details
• Financial Data: Expense records, payment information, invoices
• Communications: Messages, notes, comments within the platform
• Files: Documents, images, PDFs you upload (e.g., proof of delivery)

2.2 Information We Collect Automatically

When you use the Service, we automatically collect:

• Usage Data: Pages viewed, features used, actions taken, time spent
• Device Information: IP address, browser type, operating system, device type
• Log Data: Access times, error logs, performance metrics
• Cookies: Authentication tokens, preferences, session data
• Location Data: General location based on IP address (not precise GPS)

2.3 Information from Third Parties

We may receive information from:

• Authentication Providers: Google, Microsoft (if you use SSO)
• Payment Processors: Stripe, PayPal (transaction data only)
• Analytics Services: Google Analytics, Vercel Analytics

3. How We Use Your Information

We use the information we collect to:

3.1 Provide and Improve the Service

• Create and manage your account
• Process transactions and send transaction notifications
• Provide customer support
• Analyze usage patterns to improve features
• Detect and prevent fraud and abuse
• Ensure technical functionality and security

3.2 Communicate with You

• Send important updates about your account or the Service
• Respond to your inquiries and support requests
• Send newsletters and marketing communications (with your consent)
• Notify you about new features and updates

3.3 Legal and Compliance

• Comply with legal obligations and respond to legal requests
• Enforce our Terms of Service
• Protect our rights, property, and safety

4. How We Share Your Information

We may share your information in the following circumstances:

4.1 With Your Consent

We will share your information when you explicitly consent (e.g., integrating with third-party tools).

4.2 Within Your Company

Your data is shared with other users in your company account based on their role and permissions. Admins and managers may have access to more data than regular users.

4.3 Service Providers

We share data with trusted third-party service providers who help us operate the Service:

• Hosting: Vercel (infrastructure)
• Database: Supabase (data storage)
• Email: SendGrid, AWS SES (transactional emails)
• Analytics: Google Analytics, Vercel Analytics
• Payments: Stripe (payment processing)
• File Storage: AWS S3, Supabase Storage (file uploads)

4.4 Legal Requirements

We may disclose your information if required by law, court order, or governmental authority, or to protect our rights or the safety of others.

4.5 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

5. Data Security

5.1 Security Measures

We implement industry-standard security measures to protect your data:

• Encryption: Data is encrypted in transit (TLS/SSL) and at rest (AES-256)
• Authentication: Secure password hashing (bcrypt) and optional 2FA
• Access Control: Role-based permissions and Row-Level Security (RLS)
• Monitoring: Continuous security monitoring and audit logs
• Backups: Regular automated backups with encryption
• Infrastructure: SOC 2 compliant hosting providers (Vercel, Supabase)

5.2 Your Responsibility

You are responsible for:

• Keeping your password secure and confidential
• Logging out of shared devices
• Reporting suspicious activity immediately
• Ensuring your team members follow security best practices

6. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. When you delete your account:

• Immediate: Your account is deactivated and no longer accessible
• 30 days: Grace period to allow for data export or account recovery
• After 30 days: Your data is permanently deleted from active systems
• Backups: Data in backups may persist for up to 90 days

We may retain certain information longer if required by law (e.g., financial records for 7 years).

7. Your Rights and Choices

7.1 Access and Portability

You have the right to access your data and export it in a machine-readable format (CSV, JSON). Use the Settings > Export Data feature or contact support.

7.2 Correction and Update

You can update your account information at any time through Settings > Profile.

7.3 Deletion

You can request deletion of your account and data by contacting support@siteproc.com or using Settings > Delete Account.

7.4 Marketing Communications

You can opt out of marketing emails by clicking "Unsubscribe" in any marketing email or updating your preferences in Settings > Notifications.

7.5 Do Not Track

We currently do not respond to Do Not Track (DNT) browser signals. However, you can disable cookies in your browser settings.

8. International Data Transfers

Your data may be transferred to and stored on servers located outside your country. We ensure appropriate safeguards are in place for international transfers, including:

• Standard Contractual Clauses (SCCs) with service providers
• Hosting in regions with strong data protection laws (US, EU)
• Compliance with GDPR for EU users

9. Children's Privacy

The Service is not intended for children under 13 years of age (or 16 in the EU). We do not knowingly collect personal information from children. If we learn we have collected data from a child, we will delete it promptly.

10. Third-Party Links

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. Please review their privacy policies.

11. GDPR Compliance (EU Users)

If you are in the European Economic Area (EEA), you have additional rights under GDPR:

• Right to Access: Request a copy of your data
• Right to Rectification: Correct inaccurate data
• Right to Erasure: Request deletion ("right to be forgotten")
• Right to Restriction: Limit how we use your data
• Right to Data Portability: Export your data
• Right to Object: Object to processing for marketing or legitimate interests
• Right to Withdraw Consent: Withdraw consent at any time

To exercise these rights, contact privacy@siteproc.com. We will respond within 30 days.

12. CCPA Compliance (California Users)

If you are a California resident, you have rights under the CCPA:

• Right to Know: Know what data we collect, use, and share
• Right to Delete: Request deletion of your data
• Right to Opt-Out: Opt out of "sale" of personal information (we do not sell data)
• Right to Non-Discrimination: Not be discriminated against for exercising rights

To exercise these rights, contact privacy@siteproc.com or call 1-800-SITEPROC.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via:

• Email notification to your registered email address
• Prominent notice on the Service
• Update to the "Last updated" date at the top

Your continued use of the Service after changes constitutes acceptance of the updated policy.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your data, please contact us: