Privacy Policy

1. WHO WE ARE AND HOW TO REACH US

Profit Pier ("Company," "we," "us," or "our") operates the Profit Pier platform, a field service management solution available at profit-pier.com and associated mobile or desktop applications (collectively, the "Platform" or "Service"). We are organized under the laws of the State of Idaho.

Data Controller Contact:

• Email: legal@profit-pier.com
• Website: https://profit-pier.com
• Mailing: Profit Pier Legal Department, Idaho, United States

For privacy-related requests, inquiries, or complaints, please contact us at the email above with the subject line "Privacy Request."

2. SCOPE AND APPLICABILITY

This Privacy Policy applies to all information collected through the Platform, including:

• Visitors who browse our marketing website
• Business subscribers and their designated administrator accounts
• End users (employees, technicians, or staff) added by subscriber organizations
• Customers of subscriber organizations whose data is entered into the Platform by subscribers
• Any person who contacts us for support or other inquiries

This Policy does not apply to third-party websites, services, or applications linked from the Platform. We encourage you to review the privacy policies of those third parties independently.

3. INFORMATION WE COLLECT

3.1 Information You Provide Directly

We collect information that you voluntarily provide when you register for, access, or use the Platform, including:

• Account Registration: Full name, business name, business address, email address, phone number, password (hashed and salted, never stored in plain text), and assigned user role.
• Business & Operational Data: Customer names, physical and mailing addresses, phone numbers, email addresses, job site addresses, GPS coordinates of job sites, estimate details, line-item pricing, labor and material costs, work order contents, completion dates, before/after photographs, diagrams, customer signatures (electronic), warranty information, and associated notes.
• Payment and Billing Information: Subscription billing information is processed by our third-party payment processor. We do not store full payment card numbers on our systems; however, we may retain billing name, address, and last four digits of a card for account management purposes.
• Communications: Records of support tickets, emails, or other correspondence you send us.
• User-Generated Content: Photos, PDFs, diagrams, and any documents uploaded to the Platform.

3.2 Information Collected Automatically

When you access or use the Platform, we automatically collect certain technical and behavioral data, including:

• Device and Technical Information: IP address, browser type and version, operating system, device identifiers, screen resolution, and hardware model.
• Usage and Behavioral Data: Pages visited, features used, clickstream data, session duration, actions taken within the Platform (e.g., estimates created, calendar events scheduled, integrations activated), error logs, and crash reports.
• Location Data: Approximate geographic location derived from IP address. If location services are enabled on a mobile device, we may collect precise GPS coordinates to facilitate job scheduling, routing, or technician dispatch. You may disable location permissions through your device settings.
• Cookies and Similar Technologies: We use first-party and third-party cookies, pixel tags, web beacons, local storage, and similar technologies to authenticate users, remember preferences, analyze usage, and support advertising and marketing analytics. See Section 12 for cookie details.
• Log Data: Server-side logs capturing API calls, authentication events, integration activity, and system health metrics.

3.3 Information from Third-Party Integrations

When you authorize integrations with third-party services, we receive data from those services:

• Google Calendar: OAuth token, refresh token, calendar event metadata (event IDs, associated timestamps), and confirmation responses. We do not read your existing calendar events, contacts, emails, or other Google account data beyond what is described in Section 6.
• Intuit QuickBooks Online: OAuth token, refresh token, customer record identifiers, estimate data synced to QuickBooks, and API response metadata.
• Future Integrations: As we add integrations, this Section will be updated to describe the data received from each.

3.4 Inferred and Derived Data

We may derive or infer information about you or your business based on the data we collect. This includes business performance metrics, job completion rates, pricing benchmarks, revenue estimates, customer communication patterns, seasonal trends, and geographic service area profiles. Derived data may be used internally or, in aggregated and de-identified form, commercially as described in Section 7.

4. HOW WE USE YOUR INFORMATION

We use the information we collect for the following purposes:

4.1 Platform Operations

• Providing, maintaining, and improving the Platform and all its features
• Creating, storing, and managing estimates, work orders, customer records, and related documents
• Authenticating users and enforcing role-based access controls
• Processing and displaying data within the Platform interface
• Facilitating integrations with Google Calendar, QuickBooks, and other authorized third-party services
• Sending automated customer-facing email notifications (inspection confirmations, reminders, job completion notices, warranty follow-ups) on behalf of subscribers

4.2 Communications and Support

• Responding to support requests, inquiries, and complaints
• Sending transactional emails related to your account (password reset, billing, service updates)
• Notifying you of material changes to this Policy or our Terms of Service
• Sending product announcements, feature updates, and promotional content (you may opt out at any time)

4.3 Analytics and Platform Improvement

• Analyzing usage patterns to understand how subscribers and end users interact with the Platform
• Identifying bugs, errors, and performance issues
• Conducting internal research and development to build new features
• Generating aggregated, de-identified analytics about Platform usage

4.4 Legal, Safety, and Compliance

• Complying with applicable laws, regulations, court orders, and legal obligations
• Detecting, investigating, and preventing fraud, abuse, unauthorized access, and security incidents
• Enforcing our Terms of Service and other applicable agreements
• Protecting the rights, safety, and property of Profit Pier, our users, and the public

4.5 Commercial Data Use (See Also Section 7)

In addition to the operational uses above, we may process your data and your customers' data (in aggregated, anonymized, or de-identified form) for commercial purposes, including internal monetization, benchmarking, market intelligence, and potential sale to or sharing with third-party commercial partners. This is described in detail in Section 7.

5. LEGAL BASES FOR PROCESSING (GDPR / INTERNATIONAL USERS)

For users located in the European Economic Area, United Kingdom, or other jurisdictions that require a legal basis for processing personal data, we process your information under the following legal bases:

• Contractual Necessity: Processing necessary to provide the Service you have contracted for, including account management, Platform features, and integration functionality.
• Legitimate Interests: Processing for our legitimate business interests, including fraud prevention, security, platform improvement, and analytics, where such interests are not overridden by your rights.
• Consent: Where we rely on your affirmative consent, such as for marketing emails, certain cookies, or the commercial data uses described in Section 7. You may withdraw consent at any time as described in Section 10.
• Legal Obligation: Processing necessary to comply with applicable laws and regulations.

Note: Profit Pier is primarily a United States-based service. If you are accessing the Platform from outside the United States, your data will be transferred to and processed in the United States, which may have different data protection standards than your home jurisdiction. By using the Platform, you consent to this transfer.

6. GOOGLE ACCOUNT AND CALENDAR DATA

Profit Pier's use of Google user data complies with the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

• Scope Requested: We request only the calendar.events scope to create and update calendar events on your behalf. We do not request access to Gmail, Google Drive, Google Contacts, or any other Google services.
• What We Create: When an inspection or job date is saved in Profit Pier, we create a corresponding Google Calendar event containing the customer name, estimate number, address, and scheduled time.
• What We Update: If a date or time is changed in Profit Pier, we update the corresponding calendar event to reflect the change.
• What We Do Not Do: We do not read, scan, or analyze your existing Google Calendar events. We do not use Google user data for serving advertisements. We do not allow humans to read Google user data unless you have given explicit permission, it is necessary for security purposes, or we are required to do so by law.
• Token Storage: OAuth access and refresh tokens are stored encrypted within your organization's Firestore database and are never exposed to client-side applications.
• Revocation: You may revoke our access at any time through myaccount.google.com/permissions or through your Profit Pier account settings.

Profit Pier's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

7. COMMERCIAL DATA RIGHTS, AGGREGATION, AND POTENTIAL DATA SALE

IMPORTANT: THIS SECTION DESCRIBES OUR CURRENT AND POTENTIAL FUTURE USE OF DATA FOR COMMERCIAL PURPOSES. PLEASE READ IT CAREFULLY.

7.1 Aggregated and De-Identified Data

We may create aggregated, anonymized, or de-identified data sets derived from information collected through the Platform. Such data is processed in a manner that does not identify you, your business, or your individual customers. We reserve the right to use this aggregated/de-identified data for any purpose, including:

• Internal business analytics and product development
• Industry benchmarking and market research reports
• Commercial sale to, or sharing with, third-party data analytics companies, market research firms, industry associations, investors, financial institutions, or other commercial partners
• Publication of industry trend reports, whitepapers, or similar materials

By using the Platform, you grant Profit Pier a perpetual, irrevocable, royalty-free, worldwide license to create, use, and commercialize such aggregated and de-identified data.

7.2 What "De-Identified" Means

De-identified data has had direct identifiers (such as name, address, email, phone number, and account IDs) removed or altered so that the data cannot reasonably be used to identify a specific individual or business. We implement technical and organizational safeguards to prevent re-identification and contractually restrict recipients of de-identified data from attempting to re-identify it.

7.3 Potential Future Sale of Personal Data

We do not currently sell personal data to third parties for their direct marketing purposes. However, we reserve the right to do so in the future. If and when we implement a data sale program involving personal data (as defined under applicable law, including the CCPA), we will:

• Update this Privacy Policy to describe the categories of data sold, the categories of third parties purchasing such data, and the business purpose for the sale
• Provide California residents and other users with applicable rights (including opt-out rights) no later than required by applicable law
• Notify current users by email and by posting a prominent notice on the Platform at least thirty (30) days before such practices commence

By continuing to use the Platform after such notice, you will be providing consent to the data sale practices described in the updated policy, subject to applicable law.

7.4 Subscriber Business Data vs. End-Customer Data

We distinguish between (a) data about subscriber businesses and their employees, and (b) data about end customers entered into the Platform by subscribers. Both categories are subject to the protections in this Policy. However, the subscriber (the business using Profit Pier) acts as the data controller for end-customer data in most respects, and Profit Pier acts as a data processor. Commercial data use under this Section 7 applies to aggregated/de-identified forms of such data only, not to raw, identifiable end-customer personal data, except as otherwise authorized by the subscriber or required by law.

8. DATA SHARING AND DISCLOSURE

We do not sell raw, identifiable personal data to unaffiliated third parties for their own marketing purposes at this time (see Section 7.3 for future policy). We share personal data only in the following circumstances:

8.1 With Your Authorization

When you connect Google Calendar or QuickBooks, we share relevant data with those services as described in Sections 6 and 3.3. You authorize this sharing at the time of integration setup.

8.2 Service Providers and Subprocessors

We share data with third-party vendors who assist us in providing the Platform, including:

• Google LLC (Firebase hosting, Firestore database, Firebase Authentication, Cloud Functions, Cloud Storage)
• Google LLC (Gmail/SMTP via Nodemailer for automated customer emails)
• Intuit Inc. (QuickBooks Online integration)
• Payment processors (for subscription billing)
• Analytics providers (for usage analytics)
• Infrastructure and security vendors

These providers are contractually restricted to using data only as necessary to provide services to us and are prohibited from using it for their own independent commercial purposes (except as expressly permitted).

8.3 Business Transfers

If Profit Pier undergoes a merger, acquisition, reorganization, bankruptcy, asset sale, or other business transaction, your data may be transferred to the acquiring or successor entity as part of that transaction. We will provide notice before your data is transferred and becomes subject to a different privacy policy where feasible and as required by law.

8.4 Legal Requirements and Safety

We may disclose your data if required by law, regulation, court order, subpoena, or other legal process; to respond to lawful requests by law enforcement or government authorities; to protect the safety of any person; to prevent fraud or security threats; or to protect our legal rights.

8.5 Aggregate and De-Identified Information

As described in Section 7, we may share aggregated and de-identified data broadly with commercial partners, for publication, or for other purposes without restriction.

8.6 With Your Consent

We may share your data with third parties not described above when you have given us your express consent to do so.

9. DATA RETENTION

We retain personal data for as long as your account is active, as necessary to provide the Service, and as required or permitted by applicable law. Specific retention periods include:

• Active Account Data: Retained for the life of the account.
• Post-Closure: Following account deletion or closure, we retain data for up to ninety (90) days to facilitate account recovery, resolve disputes, and comply with legal obligations, after which it is permanently deleted or anonymized.
• Automated Email Logs: Retained for up to twenty-four (24) months for troubleshooting, audit, and compliance purposes.
• Calendar Event Records: Retained for up to twenty-four (24) months.
• Backup and Disaster Recovery Copies: Retained for up to one hundred eighty (180) days in secure backup archives before being overwritten or deleted.
• Legal Hold: If data is subject to a legal hold, litigation, or regulatory investigation, we will retain it for as long as required regardless of the above timelines.
• Aggregated/De-Identified Data: May be retained indefinitely as it no longer constitutes personal data.

You may request deletion of your data prior to the expiration of these retention periods as described in Section 10, subject to applicable legal exceptions.

10. YOUR PRIVACY RIGHTS AND CHOICES

10.1 Rights for All Users

Regardless of your location, you have the following rights:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request that we correct inaccurate or incomplete data.
• Deletion: Request deletion of your personal data, subject to legal retention obligations.
• Portability: Request an export of your data in a commonly used, machine-readable format.
• Opt-Out of Marketing: Unsubscribe from promotional emails at any time via the unsubscribe link in any such email or by contacting us.
• Integration Disconnection: Disconnect Google Calendar or QuickBooks integrations at any time through your account settings.

10.2 California Residents — CCPA/CPRA Rights

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

• Right to Know: The categories and specific pieces of personal information we have collected about you, the categories of sources, the business or commercial purposes for collection, and the categories of third parties with whom we share information.
• Right to Delete: Request deletion of personal information we have collected, subject to certain exceptions.
• Right to Correct: Request correction of inaccurate personal information.
• Right to Opt-Out of Sale or Sharing: You have the right to opt out of the sale or sharing of your personal information. We do not currently sell personal data. If this changes, we will provide a "Do Not Sell or Share My Personal Information" link on our homepage.
• Right to Limit Use of Sensitive Personal Information: You have the right to limit our use of sensitive personal information to the purposes for which it was disclosed.
• Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.

Categories of personal information we collect include: Identifiers; Customer Records; Commercial Information; Internet/Electronic Activity; Geolocation Data; Professional/Employment Information; and Inferences drawn from the above. To submit a CCPA request, contact us at legal@profit-pier.com with "CCPA Request" in the subject line. We will verify your identity before fulfilling the request.

10.3 EEA, UK, and Swiss Residents — GDPR Rights

If you are located in the European Economic Area, United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR) or equivalent laws:

• Right to Object: Object to processing based on our legitimate interests.
• Right to Restrict Processing: Request that we limit how we process your data.
• Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
• Right to Lodge a Complaint: You may lodge a complaint with your local supervisory authority.

To exercise these rights, contact us at legal@profit-pier.com. We will respond within thirty (30) days where required by applicable law.

10.4 Other State Privacy Laws

Residents of Colorado, Connecticut, Virginia, Utah, Texas, and other states with comprehensive privacy laws may have similar rights under their respective laws. We will honor such rights to the extent required by applicable law. Please contact us to submit a request.

11. DATA SECURITY

We implement industry-standard technical and organizational security measures to protect your data against unauthorized access, disclosure, alteration, and destruction. These include:

• Encryption of data in transit using TLS 1.2 or higher
• Encryption of data at rest within Firebase/Google Cloud infrastructure
• Role-based access controls limiting data access to authorized personnel
• OAuth token storage at the database level, not exposed to client applications
• Firebase Authentication with hashed and salted passwords
• Regular security reviews and vulnerability assessments
• Incident response procedures for detecting and responding to data breaches

IMPORTANT: No security system is impenetrable. We cannot guarantee that unauthorized parties will never be able to defeat our security measures. In the event of a data breach that is reasonably likely to affect your rights and freedoms, we will notify you and applicable regulatory authorities as required by law.

12. COOKIES AND TRACKING TECHNOLOGIES

We use the following categories of cookies and tracking technologies:

• Strictly Necessary Cookies: Required for the Platform to function. These cannot be disabled.
• Functional Cookies: Remember your preferences and settings.
• Analytics Cookies: Collect information about how you use the Platform to help us improve it (e.g., Google Analytics, Firebase Analytics).
• Marketing and Advertising Cookies: May be used to track your activity across websites and deliver targeted advertising. These are subject to consent where required by law.

You can control non-essential cookies through your browser settings or through our cookie preference center (if applicable). Note that disabling certain cookies may affect Platform functionality.

13. CHILDREN'S PRIVACY

The Platform is not directed to individuals under the age of thirteen (13), and we do not knowingly collect personal data from children under 13. If we become aware that we have collected personal data from a child under 13 without verified parental consent, we will take steps to delete it. If you believe we have inadvertently collected data from a child, please contact us at legal@profit-pier.com.

14. THIRD-PARTY LINKS AND SERVICES

The Platform may contain links to third-party websites, integrations, or services not operated by us. This Privacy Policy does not apply to those third parties. We are not responsible for the privacy practices of third-party sites and encourage you to review their policies independently.

15. CHANGES TO THIS PRIVACY POLICY

We reserve the right to modify this Privacy Policy at any time. We will provide notice of material changes by:

• Posting the updated Policy on this page with a new effective date
• Sending an email notification to the primary account email address on file
• Displaying a prominent in-Platform notice for a period of at least thirty (30) days

Your continued use of the Platform after the effective date of any changes constitutes your acceptance of the revised Policy. If you do not agree to the changes, you must stop using the Platform and may request account deletion.

16. CONTACT US

For privacy-related questions, requests, or complaints, contact us:

• Email: legal@profit-pier.com
• Website: https://profit-pier.com
• Subject Line: "Privacy Request" or applicable right (e.g., "CCPA Deletion Request")

We will acknowledge your request within five (5) business days and respond within the timeframe required by applicable law.