SiteProof
Sign inGet started
← All legal documents

v1.0.0

Privacy Policy

Last updated: 2026-05-29

1. Scope.

This Privacy Policy describes how SiteProof, Inc. ("SiteProof") collects,
uses, and shares personal information of Site Managers, Contractors, and
Operators ("Users") who use the SiteProof platform.

2. What we collect.

Account information: name, email (or username for username-only
operators), phone (optional), role, organization affiliation.

Operational data: job records, geofence coordinates, GPS pings during
active jobs, photo captures (with embedded timestamp, lat/lng, and
accuracy), service event status changes.

Device/session data: IP address, user agent, sign-in events.

Billing data (Contractors only): processed by Stripe under Stripe's
privacy policy; SiteProof stores only payment-method metadata (brand,
last 4) plus invoice references.

3. How we use it.

Service delivery: render the app, generate service event records, send
invitation + notification emails.

Compliance + safety: detect and prevent fraud, abuse, security
incidents; produce audit logs for the actor of every write.

Product improvement: aggregate behavioral analytics through the Hofund
Mirror SDK under the product_analytics consent layer.

4. Who we share with.

Site Managers receive full operational data on jobs run by their
contracted Contractors at their sites — including operator identity,
GPS, and photos. Operators consent to this share on signup via the
"Share with Owner" agreement.

Hofund Labs (Mirror data platform) receives event-level operational
data under the consent layers each user accepts at signup.

Service providers (Stripe, Supabase, Mapbox, Resend, Vercel) receive
data necessary to operate the platform.

We do not sell personal information.

5. Retention.

Account + operational data: retained for the lifetime of the account
plus 7 years for audit / accounting / regulatory purposes.

Audit logs: retained 3 years.

You may request export or deletion at privacy@siteproof.co.

6. Security.

Row-Level Security enforced at the database layer; per-tenant isolation
verified by automated probe tests. Service role keys are kept server-
side only. We use industry-standard encryption in transit and at rest
via Supabase and Vercel infrastructure.

7. Contact.

privacy@siteproof.co.