Privacy Policy

Effective Date: May 16, 2026

Opsite Solutions LLC ("Opsite," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our construction project management platform at useopsite.com and related services (the "Service").

1. Information We Collect

1.1 Information You Provide to Us

We collect information you provide directly, including:

• Account Information: Name, email address, phone number, password, and profile information
• Business Information: Company name, business address, contractor license numbers, tax ID/EIN
• Financial Information: Bank account details for payment processing, credit card information (processed by our payment providers)
• Project Data: Job details, client information, contracts, invoices, purchase orders, change orders, and financial records
• Documents: Files you upload including photos, permits, contracts, plans, and other construction documents
• Communications: Messages you send through the Service, support requests, and feedback
• Biometric Information: If you use facial recognition or fingerprint authentication features on your device to access the Service, we may process biometric identifiers solely for authentication purposes. We do not store raw biometric data.
• Audio/Visual Data: Voice recordings if you interact with voice-enabled features, and photographs or video you upload as project documentation
• Referral Data: If you refer another contractor to Opsite, we collect the name and contact information you provide for the purpose of sending the referral invitation only

1.2 Information Collected Automatically

When you use the Service, we automatically collect:

• Usage Data: Features used, pages viewed, actions taken, time spent on pages
• Device Information: IP address, browser type and version, operating system, device identifiers
• Location Data: General location based on IP address; precise location with your permission for map and address-autocomplete features; continuous precise location ("location pings") collected from employees while clocked in through the time-clock feature, when enabled by their employer — see § 1.5
• Log Data: Access times, error logs, referring URLs
• Cookies and Tracking Technologies: See our Cookie Policy for details

1.3 Information from Third Parties

We may receive information from third-party services you connect:

• QuickBooks: Customer information, invoice status, payment information
• Google: Calendar events, contacts (with your permission), authentication data
• Identity Providers: Authentication information when you sign in with Google or other providers

1.4 SMS and Messaging Data

If you opt in to SMS notifications from Opsite via our public opt-in form at useopsite.com/sms-opt-in, we process your phone number, message body, and delivery status solely to operate the messaging service and to honor opt-out requests. All SMS messages are sent from the Opsite brand and identify Opsite as the sender. STOP, UNSUBSCRIBE, QUIT, and END are honored as opt-out keywords; HELP returns a help response. Mobile information will not be shared with third parties or affiliates for marketing or promotional purposes. SMS consent is voluntary, is not required to create or use an Opsite account, and can be revoked at any time by replying STOP or emailing privacy@useopsite.com. See Section 15 below for the full SMS communications and consent disclosure.

1.5 Employee Time-Clock and Location Data

When a contractor using Opsite enables the time-clock feature for its employees, Opsite collects the employee's device latitude, longitude, and accuracy at clock-in, at clock-out, and at periodic intervals during the shift while clocked in ("location pings"). This data is collected on behalf of and under the instruction of the contractor (the employer), who is the controller of the data for purposes of GDPR and the business for purposes of CCPA. Opsite acts as a service provider/processor. Contractors are responsible for providing the notices required by applicable law to their employees before enabling this feature, including (where applicable) under Cal. Penal Code § 637.7, Cal. Civ. Code § 1798.100(b), 820 ILCS 55, Conn. Gen. Stat. § 31-48d, and N.Y. Civ. Rights Law § 52-c. A model employee-monitoring notice is available at app.useopsite.com/legal/employee-monitoring-notice.

Google API Services User Data Policy

2. How We Use Your Information

We use your information for the following purposes:

2.1 Provide and Operate the Service

• Create and manage your account
• Process transactions and send related information
• Enable project management, invoicing, and financial tracking features
• Facilitate integrations with third-party services
• Generate reports and analytics for your business

2.2 Improve and Develop the Service

• Analyze usage patterns to improve functionality
• Develop new features and services
• Train and improve our AI features (using anonymized/aggregated data)
• Conduct research and analytics

2.3 Communicate with You

• Send service-related notices and updates
• Respond to your inquiries and support requests
• Send marketing communications (with your consent)
• Notify you of changes to our policies

2.4 Security and Legal Compliance

• Detect and prevent fraud, abuse, and security incidents
• Enforce our Terms of Service
• Comply with legal obligations
• Protect our rights and the rights of others

2.5 AI-Specific Processing

Our AI features (including the Lino assistant, document categorization, smart scheduling, and automated recommendations) process your data in real-time to provide personalized assistance. Specifically:

• Your project data, communications, and documents may be sent to our AI service provider (currently Anthropic) for real-time processing via API
• We implement retrieval-augmented generation (RAG) using vector embeddings of your data to provide contextually relevant responses
• AI-generated outputs (proposals, summaries, recommendations) are based on your data and our proprietary prompt engineering
• We do not use your individual data to train or fine-tune general-purpose AI models
• You may opt out of AI features at any time through your account settings, though this may limit certain Service functionality

2.6 Automated Communications

The Service includes scheduled and triggered features that send communications on a contractor's behalf, including overdue-invoice reminders, lead-nurture emails, scheduled social-media posts, and WhatsApp digests. The contractor selects the recipients, the templates, and the schedule; Opsite executes the contractor's instructions. The contractor is responsible for ensuring the recipient has provided any consent required under the Telephone Consumer Protection Act, the CAN-SPAM Act, or analogous law before the automation is enabled.

3. Legal Basis for Processing (GDPR)

If you are in the European Economic Area (EEA), UK, or Switzerland, we process your personal data based on:

• Contract Performance: Processing necessary to provide the Service you requested
• Legitimate Interests: Processing for our legitimate business interests (improving the Service, security, fraud prevention) where not overridden by your rights
• Legal Obligation: Processing required to comply with applicable laws
• Consent: Processing based on your explicit consent (e.g., marketing communications)

4. How We Share Your Information

4.1 Service Providers

We share information with third-party vendors who help us operate the Service, including:

• Cloud infrastructure: Vercel (hosting, CDN, Vercel Analytics), Supabase (database, authentication, file storage)
• Payment processing: Stripe
• AI services: Anthropic (Claude API)
• SMS and messaging: Twilio
• Email: Resend
• Vector storage and caching: Upstash
• Analytics: Plausible (cookieless, EU-hosted)
• Maps and address autocomplete: Google Maps Platform

4.2 Third-Party Integrations

When you connect integrations like QuickBooks or Google, we share data necessary to provide those features, as authorized by you.

4.3 With Your Consent

We may share information with your consent, such as when you share project access with clients or team members.

4.4 Legal Requirements

We may disclose information if required by law, subpoena, court order, or government request, or to protect our rights, safety, or property.

4.5 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred. We will notify you of any such change.

4.6 Subprocessor List

We maintain a current list of subprocessors who process personal data on our behalf. As of 2026-05-16, our subprocessors include:

Subprocessor	Purpose	Data categories	Region
Vercel	Hosting, CDN, edge runtime, and Vercel Analytics	All Service data; aggregated traffic metrics	US (multi-region)
Supabase	Primary application database and authentication	All Service data, account credentials, session tokens	US
Stripe	Payment processing and subscription management	Billing identifiers, payment-card tokens, invoice metadata	US
Anthropic	AI assistant (Lino), document categorization, and generative features via the Claude API	Project data and prompts submitted by you to AI features; not used to train general-purpose models	US
Upstash	Vector embedding storage for retrieval-augmented generation	Anonymized vector representations of your data	US
Twilio	SMS and WhatsApp delivery and delivery-status webhooks	Recipient phone numbers, message bodies, delivery status	US
Resend	Transactional and outbound email delivery	Recipient email addresses, message bodies, deliverability metadata	US
Plausible Analytics	Privacy-preserving website analytics (cookieless, no PII)	Aggregated page-view counts, referrer, country	EU (Germany)
Intuit (QuickBooks)	Optional accounting integration for invoice and payment sync	Invoice and customer records you sync; OAuth identifiers	US
Google (Maps, Identity, Calendar)	Address autocomplete, map display, optional sign-in, optional calendar sync	Address strings, sign-in identifiers, calendar metadata — only on user authorization	US

We will provide at least thirty (30) days' advance notice of material changes to this list by updating this page and, where required by law, notifying account administrators by email. Users may object to a new subprocessor by emailing privacy@useopsite.com; if we are unable to accommodate the objection, the user may terminate the affected portion of the Service for a pro-rata refund of prepaid fees.

5. Data Security

We implement industry-standard security measures to protect your data:

• Encryption: Data is encrypted in transit (TLS 1.2+) and at rest
• Access Controls: Role-based access with multi-factor authentication
• Regular Audits: Security assessments and vulnerability testing
• Employee Training: Security awareness training for all employees
• Incident Response: Procedures for detecting and responding to security incidents

While we strive to protect your data, no method of transmission over the Internet or electronic storage is 100% secure. See our Security page for more details.

6. Data Retention

We retain your information for as long as necessary to provide the Service and fulfill the purposes described in this Privacy Policy:

• Active Accounts: Data is retained while your account is active
• After Termination: We retain data for 30 days to allow data export, then delete it
• Legal Requirements: We may retain certain data longer if required by law (e.g., tax records for 7 years)
• Anonymized Data: Aggregated, anonymized data may be retained indefinitely for analytics

7. Your Privacy Rights

7.1 All Users

You have the right to:

• Access your personal data
• Correct inaccurate data
• Export your data
• Delete your account and data
• Opt out of marketing communications

7.2 European Users (GDPR)

If you are in the EEA, UK, or Switzerland, you also have the right to:

• Data portability (receive your data in a structured format)
• Restrict processing in certain circumstances
• Object to processing based on legitimate interests
• Withdraw consent at any time
• Lodge a complaint with a supervisory authority

7.3 California Residents (CCPA/CPRA)

If you are a California resident, you have the right to:

• Know what personal information we collect and how it's used
• Request deletion of your personal information
• Opt out of the sale or sharing of personal information (we do not sell your data)
• Non-discrimination for exercising your rights
• Correct inaccurate personal information
• Limit use of sensitive personal information

8. International Data Transfers

We are based in the United States and process data in the U.S. If you are accessing the Service from outside the U.S., your information will be transferred to, stored, and processed in the U.S.

For transfers from the EEA, UK, or Switzerland, we rely on Standard Contractual Clauses approved by the European Commission and implement additional safeguards as necessary.

9. Children's Privacy

The Service is not intended for persons under 18 years of age. We do not knowingly collect personal information from anyone under 18. If we learn we have collected information from a person under 18, we will delete it within thirty (30) days of confirmation. If you believe we have collected information from a person under 18, please contact us at privacy@useopsite.com.

10. Third-Party Links

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal information.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the revised policy on this page and updating the "Last Updated" date. For significant changes, we may also send you a notification via email or through the Service. Your continued use of the Service after changes become effective constitutes acceptance of the revised policy.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

13. Additional Disclosures

13.1 Categories of Personal Information (CCPA)

In the past 12 months, we have collected the following categories of personal information:

Category	Examples	Collected
Identifiers	Name, email, IP address, device identifier	Yes
Commercial Information	Transaction history, invoices, subscription records	Yes
Internet Activity	Pages viewed, features used, referrer URLs	Yes
Geolocation Data	General IP-based location; precise location for map and employee time-clock features	Yes
Professional Information	Company name, contractor license info, tax ID/EIN	Yes
Sensitive Personal Information	Precise geolocation (employee time-clock); biometric authentication tokens (device-local only)	Yes
Inferences	Usage-based feature recommendations	Yes

13.2 Do Not Track and Global Privacy Control

We do not respond to legacy "Do Not Track" (DNT) browser signals, which have been deprecated by most major browsers. However, we honor the Global Privacy Control (GPC) browser signal as a valid opt-out of any sale or sharing of personal information under the California Consumer Privacy Act, consistent with the California Attorney General's enforcement position in People v. Sephora USA (2022). When we detect a GPC signal, we automatically apply your opt-out preference for the current and future visits from the same browser.

14. AI Transparency and Automated Decision-Making

14.1 Automated Processing

We use AI and automated systems to provide features such as: document categorization, project recommendations, financial forecasting, automated communications, and the Lino AI assistant. These systems assist your decision-making but do not make legally significant decisions about you without human oversight.

14.2 Your Rights Regarding AI

You have the right to:

• Know when you are interacting with an AI system
• Request human review of any AI-generated recommendation or output
• Opt out of AI-powered features through your account settings
• Request an explanation of how AI features process your data

14.3 AI Accuracy

14.4 State-Specific AI Disclosure Obligations

Where the Service is used to deploy AI features in a jurisdiction with applicable AI-specific consumer disclosure laws (including the Colorado AI Act, Texas HB 149, California AB 2013, and New York City Local Law 144 for automated employment tools), the contractor using Opsite is responsible for providing the required consumer disclosures. Opsite provides configurable AI-disclosure banners and document watermarks in Settings, with defaults aligned to the strictest applicable state for accounts in Colorado, Texas, and California.

15. SMS Communications and Consent

Opsite sends transactional SMS notifications to users who have voluntarily opted in. SMS opt-in is not required to use Opsite, is not a condition of purchase or of accessing any part of the Service, and is never bundled with account creation or any other agreement.

Types of Messages You May Receive

• Appointment and meeting reminders
• Invoice and payment notifications
• Inspection and permit reminders
• Project status and progress updates

All SMS messages sent through Opsite are transactional and are sent from the Opsite brand. Opsite identifies itself as the sender in every message. We do not send marketing or promotional SMS.

How You Opt In

The sole method of opting in to receive SMS from Opsite is by submitting your phone number through the public opt-in form at useopsite.com/sms-opt-in. The form:

• Displays the header: "This is an optional SMS sign-up form. SMS opt-in is not required to use Opsite."
• Requires you to check a separate, unchecked-by-default consent checkbox before the submit button is enabled.
• Discloses on the checkbox label: "Optional. By checking this box, I agree to receive SMS messages from Opsite Solutions LLC about my construction project, including appointment reminders, invoice notifications, payment confirmations, inspection reminders, and project updates. Message frequency varies. Msg & data rates may apply. Reply STOP to opt out, HELP for help. Consent is not a condition of purchase or of using the Opsite service. Mobile information will not be shared with third parties or affiliates for marketing or promotional purposes."
• Displays visible links to this Privacy Policy and the Terms of Service.

SMS consent is never collected during account registration, never collected during client-portal invitation, and never collected as part of any other workflow. Phone numbers entered elsewhere in the Opsite product are used only for the specific operational purpose disclosed at the point of collection (for example, an account contact number for support) and are not used for SMS notifications unless the same individual has also separately and explicitly opted in through the public opt-in form above.

Message frequency varies based on project activity. Standard message and data rates may apply.

How You Opt Out

You can stop receiving SMS at any time by replying STOP to any message. You will receive a single confirmation message and no further SMS will be sent to that number from Opsite. To resume messages, reply START. For help, reply HELP or contact support@useopsite.com.

SMS Data Sharing

Mobile information will not be shared with third parties or affiliates for marketing or promotional purposes. Phone numbers and SMS opt-in data are used solely to deliver the messages described above. We share phone numbers only with our SMS service provider (Twilio) for the sole purpose of message delivery, and Twilio is contractually prohibited from using this data for any other purpose.

Carriers and Liability

Carriers are not liable for delayed or undelivered messages. If you have any questions about your text plan or data plan, contact your wireless provider.