Privacy Policy for ContractorAI

Effective Date: December 2, 2025

Last Updated: December 13, 2025

Quick Summary: ContractorAI is a business management tool for contractors. We collect only the information necessary to provide our mobile app services. We never sell your data to third parties, and we use industry-standard security to protect your information. Your subscription and payment information is handled securely through Apple's App Store.

1. Introduction

Welcome to ContractorAI ("we," "our," or "us"), operated by Elevated Systems LLC. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our iOS mobile application (the "App"). Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access or use the App.

We reserve the right to make changes to this Privacy Policy at any time. We will notify you about material changes by email or through a notice in the App. Your continued use of the App after changes indicates acceptance of those changes.

2. Information We Collect

2.1 Information You Provide Directly

We collect information that you voluntarily provide when using ContractorAI:

Account Information: Email address, name, password (encrypted), company name, business address
Business Data: Projects, job details, client information, invoices, estimates, financial records, labor costs, material costs
Client Records: Client names, contact information, project history, communication logs, job site addresses
Employee Information: Employee names, contact details, work schedules, hourly rates (if you use employee management features)
Photos and Documents: Job site photos, receipts, invoices, contracts, and other documents you upload
Communication Data: Messages sent through the App, support requests, feedback

Apple App Store Subscriptions: Payment information for in-app purchases is processed and stored solely by Apple through the App Store. We do not have access to your credit card numbers, billing addresses, or other payment details. We only receive confirmation that a subscription was purchased and its status (active, expired, canceled).

2.2 Information Collected Automatically

Device Information: Device type, operating system version, iOS version, unique device identifiers (IDFA with your permission), mobile network information
Usage Data: Features used, pages viewed, time spent in app, interaction patterns, button clicks, navigation paths
Location Data: Approximate location (city/state level) or precise location (with explicit permission) to help track job sites, calculate travel distances, and provide location-based features
Calendar Data: Appointments and schedules (only if you explicitly enable calendar sync and grant permission)
Camera and Photos: Access to camera and photo library (only with explicit permission) for uploading job site photos and receipts
Notifications: Device tokens for push notifications (only if you grant permission)
Performance Data: App crashes, errors, diagnostic information to improve app stability

2.3 Information from Third-Party Services

If you connect third-party services, we may receive information from:

Apple Sign-In: Email, name (or anonymous email if you choose privacy mode)
Google Sign-In: Email, name, profile picture (with your permission)
Google Calendar: Calendar events, availability, appointments (only if you enable calendar sync)
Apple App Store: Subscription status, purchase history, transaction IDs (no payment details)

3. How We Use Your Information

We use your information for the following purposes:

3.1 Provide and Improve Services

Deliver the core functionality of ContractorAI including pricing calculators, project management, financial tracking
Provide AI-powered features using OpenAI (pricing recommendations, project insights, chatbot assistance)
Sync your appointments and job schedules with Google Calendar (if enabled)
Generate invoices, estimates, and financial reports
Store and organize your business data, photos, and documents
Analyze usage patterns to improve features, user experience, and app performance
Fix bugs, diagnose technical issues, and prevent crashes

3.2 Account and Subscription Management

Create and manage your account, authenticate users
Verify and process subscriptions purchased through Apple's App Store
Send subscription-related notifications (renewal reminders, expiration alerts)
Provide customer support and respond to your inquiries

3.3 Communications

Send service-related emails and push notifications (appointment reminders, project updates)
Send subscription and billing notifications
Provide important app updates, new feature announcements
Send customer support messages and responses
Send marketing communications (only with your consent - you can opt out anytime)

3.4 Security and Legal Compliance

Detect and prevent fraud, abuse, and security incidents
Comply with legal obligations and enforce our Terms of Service
Protect the rights, property, and safety of ContractorAI, our users, and the public
Respond to legal requests and prevent harm

4. How We Share Your Information

WE NEVER SELL YOUR PERSONAL INFORMATION TO THIRD PARTIES.

We share your information only in the following limited circumstances:

4.1 Third-Party Service Providers

We use trusted third-party services to operate our App. These providers have access to your information only to perform specific tasks on our behalf and are obligated to protect it:

Supabase: Secure database hosting, authentication, and data storage (SOC 2 compliant, GDPR compliant, encrypted at rest)
OpenAI: AI-powered features including chatbots, pricing analysis, and business insights (data is not used to train AI models)
Google Calendar API: Calendar synchronization (only if you enable this feature and grant permission)
Apple App Store: In-app purchase processing, subscription management (Apple's privacy policy applies)
Cloud Storage: Secure storage of photos and documents you upload

Apple's Role: Apple Inc. processes all in-app purchase payments and manages subscription billing. Apple collects payment information directly and does not share it with us. Apple's Privacy Policy governs their collection and use of your payment information. View Apple's Privacy Policy at apple.com/legal/privacy

4.2 Legal Requirements and Protection

We may disclose your information if required to do so by law or if we believe such action is necessary to:

Comply with legal obligations, court orders, or government requests
Enforce our Terms of Service and other agreements
Protect the security and integrity of the App
Protect the rights, property, or safety of ContractorAI, our users, or the public
Investigate or prevent fraud, security breaches, or illegal activities

4.3 Business Transfers

If ContractorAI is involved in a merger, acquisition, sale of assets, bankruptcy, or similar business transaction, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice in the App before your information is transferred and becomes subject to a different privacy policy.

4.4 With Your Consent

We may share your information with other parties when you explicitly consent to such sharing.

5. Data Security

We implement industry-standard security measures to protect your information from unauthorized access, use, disclosure, alteration, or destruction:

Encryption in Transit: All data transmitted between your device and our servers is encrypted using SSL/TLS (Transport Layer Security)
Encryption at Rest: All data stored in our Supabase database is encrypted at rest using AES-256 encryption
Access Controls: Strict authentication mechanisms and Row Level Security (RLS) ensure users can only access their own data
Password Protection: User passwords are hashed using bcrypt (never stored in plain text)
Secure Authentication: OAuth 2.0 and JWT tokens for secure session management
Regular Security Audits: We regularly update our security practices and conduct security assessments
Secure Cloud Infrastructure: Our service providers (Supabase) maintain SOC 2 Type II compliance and GDPR compliance
Payment Security: Payment processing is handled entirely by Apple's App Store (PCI DSS compliant) - we never see or store payment information

Important: While we strive to protect your information using commercially acceptable means, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security. Please use strong passwords and keep your login credentials confidential.

6. Your Privacy Rights and Choices

6.1 Access and Control Your Data

You have the right to:

Access: View all your personal information stored in the App at any time through your account settings
Update: Edit your account information, business data, and preferences directly in the App
Export: Download your business records and data in a portable format (CSV, PDF)
Delete: Request deletion of your account and all associated data by contacting support@contractorai.work or through the App settings

6.2 Control App Permissions

You can control what data the App can access on your iOS device:

Location Services: Go to Settings > Privacy & Security > Location Services > ContractorAI (choose Never, Ask Next Time, or While Using the App)
Camera: Go to Settings > ContractorAI > Camera (toggle on/off)
Photo Library: Go to Settings > ContractorAI > Photos (toggle on/off)
Calendar: Go to Settings > ContractorAI > Calendars (toggle on/off)
Notifications: Go to Settings > Notifications > ContractorAI (customize or disable)

6.3 Manage Subscriptions and Purchases

View Subscription: Go to Settings > [Your Name] > Subscriptions > ContractorAI
Cancel Auto-Renewal: Turn off auto-renewal in Subscription settings (access continues until period ends)
Request Refund: Visit reportaproblem.apple.com to request a refund from Apple
View Purchase History: View your Apple ID purchase history in Settings > [Your Name] > Media & Purchases

6.4 Marketing Communications

Opt-Out of Marketing Emails: Click "unsubscribe" at the bottom of any marketing email or adjust preferences in App settings
Essential Communications: You cannot opt out of service-related emails (subscription confirmations, security alerts, legal notices)

6.5 California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act:

Right to Know: Request disclosure of personal information we collect, use, and share
Right to Delete: Request deletion of personal information (subject to certain exceptions)
Right to Opt-Out: Opt-out of the sale of personal information (we do not sell personal information)
Right to Non-Discrimination: You will not receive discriminatory treatment for exercising your privacy rights

To exercise these rights, contact us at support@contractorai.work with "California Privacy Request" in the subject line. We will respond within 45 days.

6.6 European Privacy Rights (GDPR)

If you are in the European Economic Area (EEA), you have rights under the General Data Protection Regulation:

Right to Access: Obtain confirmation of whether we process your data and access to your data
Right to Rectification: Correct inaccurate or incomplete data
Right to Erasure: Request deletion of your data ("right to be forgotten")
Right to Restriction: Request restriction of processing in certain circumstances
Right to Data Portability: Receive your data in a machine-readable format
Right to Object: Object to processing based on legitimate interests
Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent
Right to Lodge a Complaint: File a complaint with your local data protection authority

To exercise these rights, contact us at support@contractorai.work. We will respond within 30 days.

7. Data Retention

We retain your information for as long as necessary to provide our services and fulfill the purposes described in this Privacy Policy:

Active Accounts: Data is retained while your account is active and your subscription is valid
Account Deletion: When you delete your account, your personal information is deleted within 30 days
Backup Retention: Backup copies are removed from our systems within 90 days of account deletion
Legal Obligations: We may retain certain information if required by law (tax records, transaction history) or for legitimate business purposes (fraud prevention, dispute resolution)
Anonymized Data: We may retain anonymized, aggregated data indefinitely for analytics and improvement purposes

8. Children's Privacy

ContractorAI is intended for business use by adults aged 18 and over. We do not knowingly collect personal information from children under 13 (or under 16 in the EEA). If we learn that we have collected information from a child under the applicable age, we will delete it immediately. If you believe we have collected information from a child, please contact us at support@contractorai.work.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your own, including the United States, where data protection laws may differ from those in your country. We ensure appropriate safeguards are in place to protect your information in accordance with this Privacy Policy and applicable laws.

For EEA users: We use Standard Contractual Clauses approved by the European Commission to transfer data outside the EEA.

10. Google User Data Policy Disclosure

ContractorAI uses Google APIs to provide calendar synchronization features. This section specifically addresses how we handle Google user data in compliance with the Google API Services User Data Policy.

Google Data Summary: ContractorAI accesses your Google Calendar data ONLY to sync your job appointments and schedules. We do not share this data with third parties (except as required by law), we do not use it for advertising, and we do not sell it. You can revoke access at any time.

10.1 Google User Data Accessed

When you choose to connect your Google account to ContractorAI, we access the following Google user data:

Google Calendar Events: We read your calendar events to display your schedule within the app, and we create/update calendar events when you schedule jobs or appointments through ContractorAI.
Basic Profile Information: If you use Google Sign-In, we access your email address, name, and profile picture to authenticate your account.

Scopes Requested:

https://www.googleapis.com/auth/calendar - Read and write access to your Google Calendar (only when you enable calendar sync)
https://www.googleapis.com/auth/userinfo.email - Access to your email address for authentication
https://www.googleapis.com/auth/userinfo.profile - Access to basic profile info for authentication

10.2 How We Use Google User Data

ContractorAI uses your Google user data exclusively for the following purposes:

Calendar Synchronization: Display your Google Calendar appointments within ContractorAI so you can see your full schedule alongside your jobs.
Job Scheduling: Create new calendar events in your Google Calendar when you schedule jobs, appointments, or crew assignments in ContractorAI.
Appointment Updates: Update or delete calendar events when you modify or cancel jobs in ContractorAI.
Conflict Detection: Check your calendar availability to help prevent double-booking.
User Authentication: Verify your identity when you sign in with Google.

We DO NOT use your Google user data to:

Serve advertisements or marketing
Build user profiles for advertising purposes
Train AI or machine learning models
Any purpose other than providing the calendar sync and authentication features you requested

10.3 Google User Data Sharing

We do not share your Google user data with any third parties, except in the following limited circumstances:

Service Providers: We use Supabase for secure data storage. Your calendar data may be stored in our secure database to enable sync functionality. Supabase is bound by data protection agreements and cannot use your data for any other purpose.
Legal Requirements: We may disclose Google user data if required by law, court order, or government request, or to protect our legal rights.

We DO NOT:

Sell your Google user data to any third party
Share your Google user data with data brokers
Use your Google user data for advertising or marketing purposes
Share your Google user data with any entity for purposes unrelated to providing the ContractorAI service

10.4 Google User Data Storage and Protection

We implement robust security measures to protect your Google user data:

Encryption in Transit: All Google user data is transmitted using HTTPS/TLS encryption.
Encryption at Rest: Google user data stored in our database is encrypted using AES-256 encryption.
Access Controls: Row Level Security (RLS) ensures you can only access your own data. Administrative access is strictly limited and logged.
Token Security: Google OAuth tokens are stored securely and are never exposed to client-side code or logs.
Regular Security Reviews: We conduct regular security assessments of our Google integration.
SOC 2 Compliant Infrastructure: Our database provider (Supabase) maintains SOC 2 Type II compliance.

10.5 Google User Data Retention and Deletion

We retain your Google user data only as long as necessary to provide the calendar sync service:

Active Accounts: Google Calendar data is cached and synchronized while your account is active and calendar sync is enabled.
Disconnect Google: If you disconnect your Google account from ContractorAI (via app settings or Google's security settings), we delete your cached Google Calendar data within 24 hours.
Account Deletion: When you delete your ContractorAI account, all Google user data associated with your account is permanently deleted within 30 days.
Backup Removal: Backups containing Google user data are purged within 90 days of deletion.

How to Request Deletion of Your Google User Data:

Open ContractorAI and go to Settings > Connected Accounts > Google
Tap "Disconnect Google Account" to immediately stop data sync and trigger deletion
Alternatively, email privacy@contractorai.work with subject "Google Data Deletion Request"
You can also revoke access directly at Google Account Permissions

We will confirm deletion within 7 business days of your request.

10.6 Revoking Google Access

You can revoke ContractorAI's access to your Google data at any time:

Within the App: Go to Settings > Connected Accounts > Google > Disconnect
Via Google: Visit https://myaccount.google.com/permissions, find ContractorAI, and click "Remove Access"

Revoking access will stop all calendar synchronization. Jobs already created in ContractorAI will remain, but they will no longer sync with Google Calendar.

Limited Use Disclosure: ContractorAI's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

11. Third-Party Links and Services

The App may contain links to third-party websites, services, or integrations not operated by us (e.g., Apple App Store, Google Calendar, social media). We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal information.

Third-party services used in the App:

Apple App Store: Privacy Policy
Google Services: Privacy Policy
OpenAI: Privacy Policy

12. Push Notifications

With your permission, we may send push notifications to your device for:

Appointment and calendar reminders
Project updates and deadlines
Subscription renewal and payment notifications
Important account notifications and security alerts
New feature announcements and tips

You can disable push notifications at any time in your device settings (Settings > Notifications > ContractorAI) or within the App settings.

13. Cookies and Tracking Technologies

The App uses minimal tracking technologies for essential functionality:

Authentication Tokens: Securely store your login session
Preferences: Remember your app settings and preferences
Analytics: Understand usage patterns to improve the App (anonymized data)
Performance Monitoring: Track crashes and errors to fix bugs

We do not use third-party advertising or tracking cookies. You can manage tracking preferences in iOS Settings > Privacy & Security > Tracking.

14. Do Not Track

Some web browsers and devices permit you to broadcast a "Do Not Track" (DNT) signal. Our App does not currently respond to DNT signals because there is no industry standard for how to interpret them. We do not track users across third-party websites.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of significant changes by:

Posting the updated Privacy Policy in the App with a new "Last Updated" date
Sending you an email notification to your registered email address
Displaying a prominent notice or alert in the App

Your continued use of ContractorAI after changes are posted constitutes acceptance of the updated Privacy Policy. We encourage you to review this Privacy Policy periodically.

16. Data Breach Notification

In the unlikely event of a data breach that affects your personal information, we will:

Notify you via email within 72 hours of discovering the breach
Provide details about what information was affected
Explain the steps we are taking to address the breach
Recommend actions you can take to protect yourself
Notify relevant authorities as required by law

17. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal information, please contact us:

Company: Elevated Systems LLC
App Name: ContractorAI
Email: support@contractorai.work
Privacy Requests: privacy@contractorai.work
Data Protection Officer: dpo@contractorai.work

Response Time: We will respond to privacy requests within 30 days (45 days for California residents, as permitted by law).

For EU Residents: If you are not satisfied with our response, you have the right to lodge a complaint with your local supervisory authority.

18. Consent

By downloading, installing, and using ContractorAI, you consent to this Privacy Policy and agree to its terms. If you do not agree with this Privacy Policy, please do not use the App.

For certain data processing activities (such as marketing communications, calendar sync, precise location tracking), we will obtain your explicit opt-in consent.

ContractorAI - Business Management for Contractors
© 2025 Elevated Systems LLC. All rights reserved.
This Privacy Policy was last updated on December 13, 2025

Terms of Service (EULA) | Privacy Policy | Contact Support