Legal
Privacy Policy
Effective date: July 6, 2026
This Privacy Policy explains how FieldOps (“we”, “us”) collects, uses, and shares personal data when you use our websites and the FieldOps service (the “Service”). It applies to visitors to our site, people who create FieldOps accounts, and — in a more limited way described below — the customers of the businesses that use FieldOps.
1. Two roles we play
- Controller — for data about you as our user or site visitor (your account, billing, usage, support emails), we decide how the data is used, as described in this policy.
- Processor — for the records a business stores in FieldOps about its customers (names, addresses, phone numbers, job history, invoices, photos, messages), that business is the controller and we process the data only on its behalf, per our Data Processing Addendum. If you are a customer of a business that uses FieldOps, contact that business directly about your data; we will support their response.
2. Data we collect
- Account data: name, email, password (hashed), role, organization/company details, logo.
- Billing data: plan, seat count, subscription status. Card details are collected and stored by Stripe, not by us.
- Customer Data you store in the Service (as processor): your customers’ contact details, service addresses, jobs, quotes, invoices, payment records, photos, and SMS/email message threads.
- Usage and technical data: log data, IP address, browser type, pages viewed, and cookies needed to keep you signed in and secure the Service (including bot-protection tokens on public forms).
- Communications: emails you send us and messages sent through in-app support or contact forms.
3. How we use data
- To provide, secure, and improve the Service (authentication, multi-tenant isolation, backups, fraud and abuse prevention).
- To process subscription payments and, via Stripe Connect, to enable the payments you collect from your own customers.
- To send transactional messages (receipts, invites, password resets, notifications you configure) and, for account owners, occasional product updates you can opt out of.
- To respond to support requests and legal obligations.
We do not sell personal data, and we do not use your Customer Data to train AI models or for advertising.
4. Who we share data with (subprocessors)
We share data only with service providers that help us run FieldOps:
| Provider | Purpose |
|---|---|
| Supabase | Database, authentication, and file storage hosting |
| Vercel | Application hosting and content delivery |
| Stripe | Subscription billing and payment processing (Stripe Connect) |
| Resend | Transactional email delivery |
| Twilio | SMS sending and receiving |
| Cloudflare | Bot protection (Turnstile) on public forms |
We may also disclose data if required by law, to protect rights and safety, or as part of a business transaction (merger, acquisition) — with notice where required.
5. Cookies
We use strictly necessary cookies for sign-in sessions and security. We do not use third-party advertising cookies.
6. Data retention
We keep account and Customer Data for as long as the account is active. After account termination, data is retained for a short wind-down period (see the Terms of Service) and then deleted in the ordinary course, except where we must keep records for legal, tax, billing, or security reasons. You can export your data (CSV) from the app at any time.
7. Security
Data is encrypted in transit (TLS) and at rest by our hosting providers. Access to production data is limited, and the application enforces per-organization isolation at the database layer (row-level security). No system is perfectly secure; if we learn of a breach affecting your personal data we will notify you as required by law. Report vulnerabilities to runfieldops@gmail.com.
8. Your rights
Depending on where you live (e.g., GDPR in the EU/UK, CCPA/CPRA in California), you may have rights to access, correct, delete, or export your personal data, to object to or restrict certain processing, and to complain to a supervisory authority. To exercise these rights, email runfieldops@gmail.com. If your data is held in FieldOps by a business you hired, we will refer your request to that business (the controller) and assist them.
9. International transfers
We are US-based and our providers store data primarily in the United States. Where data is transferred from other regions, we rely on appropriate safeguards such as our providers’ standard contractual clauses.
10. Children
The Service is for businesses and is not directed to children under 16; we do not knowingly collect their data.
11. Changes
We may update this policy; material changes will be announced by email or in-app before they take effect. The effective date above always reflects the current version.
12. Contact
Privacy questions or requests: runfieldops@gmail.com.