Privacy Policy

FieldBolt ("we," "our," or "us") operates the FieldBolt software platform available at fieldbolt.io (the "Service"). This Privacy Policy explains how we collect, use, disclose, and protect information about you when you use our Service.

We are committed to protecting your privacy. We do not sell your personal data to third parties. We process your data only as necessary to provide and improve the Service, as described in this policy.

By using the Service, you consent to the practices described in this Privacy Policy. If you do not agree, please discontinue use of the Service.

2.1 Information You Provide

Account Information: When you register, we collect your name, email address, business name, trade type, and state. We store a hashed version of your password — we never store your password in plain text.

Business Data: As you use the Service, you enter data about your business including customer names, contact information, addresses, job details, bid estimates, invoices, expenses, and crew member information. This data belongs to you.

Payment Information: Payment card details are collected directly by Stripe, our payment processor, and are never stored on FieldBolt servers. We receive a payment token and limited card metadata (last 4 digits, expiration) from Stripe.

Communications: If you contact us by email or through our support channels, we keep records of that correspondence.

2.2 Information Collected Automatically

Usage Data: We collect information about how you use the Service, including pages visited, features used, actions taken, timestamps, and session duration.

Device and Connection Information: We collect IP address, browser type, operating system, and device identifiers to secure your account and improve the Service.

Cookies: We use a single session cookie (fieldbolt_session) to maintain your authenticated session. We do not use third-party advertising cookies or tracking pixels.

We use the information we collect to:

• Provide, operate, and maintain the Service • Process transactions and send related information (receipts, invoices) • Send transactional emails such as account confirmations, password resets, and subscription updates • Respond to your comments, questions, and support requests • Monitor and analyze usage patterns to improve the Service • Detect, investigate, and prevent fraudulent or abusive activity • Comply with legal obligations • Enforce our Terms of Service

We do not use your business data (customer information, bids, invoices) for any purpose other than providing the Service to you.

We do not use your data to train AI models. When you use AI features, your inputs are processed by Anthropic's API under a data processing agreement that prohibits training on user inputs.

FieldBolt's AI features (bid estimation, negotiation coaching, bid auditing, crew scheduling, and route optimization) are powered by Anthropic's Claude API.

When you use an AI feature, relevant context (such as job description, trade type, location, and existing bid data) is sent to Anthropic's API to generate a response. This data is processed in real time and is subject to Anthropic's data processing agreement with FieldBolt, which prohibits:

• Using your inputs to train Anthropic's models • Retaining your inputs beyond the processing window required to complete the request

We recommend not including sensitive personal information (such as Social Security numbers or financial account numbers) in AI feature inputs.

We do not sell, rent, or trade your personal information. We share information only in the following circumstances:

5.1 Service Providers. We share data with trusted vendors who process data on our behalf under written data processing agreements:

• Neon (database infrastructure) — stores all application data encrypted at rest • Stripe, Inc. — processes subscription payments • Anthropic, PBC — processes AI feature requests • Resend / Nodemailer / Migadu — delivers transactional emails • Intuit QuickBooks — when you explicitly connect your QuickBooks account, we exchange invoice, customer, and expense data between your FieldBolt and QuickBooks accounts

5.2 Legal Requirements. We may disclose information if required by law, court order, or government authority, or to protect the rights, property, or safety of FieldBolt, our users, or others.

5.3 Business Transfers. If FieldBolt is acquired or merges with another company, your information may be transferred as part of that transaction. We will notify you via email before your data becomes subject to a different privacy policy.

5.4 With Your Consent. We may share information for other purposes with your explicit consent.

If you choose to connect your QuickBooks Online account, FieldBolt will:

• Request OAuth 2.0 authorization from Intuit on your behalf • Store your QuickBooks access token and refresh token securely in our encrypted database • Use those tokens to push customers, invoices, and expenses from FieldBolt to your QuickBooks account, only when you initiate a sync • Never read data from QuickBooks into FieldBolt without your explicit action

You can disconnect QuickBooks at any time from Settings → Integrations. Upon disconnection, we immediately delete your OAuth tokens. Data already synced to QuickBooks remains in QuickBooks under your control.

We retain your account data for as long as your account is active or as needed to provide the Service. If you cancel your subscription and do not request deletion, we retain your data for 30 days to allow for account recovery, then delete it.

You can request deletion of your account and all associated data at any time by emailing privacy@fieldbolt.io. We will complete the deletion within 30 days, except where retention is required by law.

Aggregated, anonymized analytics data from which no individual can be identified may be retained indefinitely.

We implement industry-standard technical and organizational measures to protect your data:

• All data is encrypted in transit using TLS 1.2 or higher • Database data is encrypted at rest (AES-256) by our infrastructure provider • Passwords are stored using bcrypt hashing — never in plain text • OAuth tokens for third-party integrations are stored encrypted • Access to production systems is restricted to authorized personnel • We conduct regular security reviews of our codebase and infrastructure

No method of transmission or storage is 100% secure. While we take commercially reasonable steps to protect your data, we cannot guarantee absolute security. If you believe your account has been compromised, contact us immediately at support@fieldbolt.io.

Depending on your location, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you • Correction: Request correction of inaccurate or incomplete data • Deletion: Request deletion of your personal data • Portability: Request your data in a machine-readable format • Objection: Object to certain processing activities • Restriction: Request that we limit how we use your data

To exercise any of these rights, email privacy@fieldbolt.io with "Privacy Request" in the subject line. We will respond within 30 days.

California Residents: Under the California Consumer Privacy Act (CCPA), you have additional rights including the right to know, the right to delete, and the right to opt out of sale (note: we do not sell personal data).

EEA/UK Residents: If you are in the European Economic Area or United Kingdom, you have rights under the GDPR or UK GDPR. Our lawful basis for processing is contract performance (to provide the Service) and legitimate interests. You may lodge a complaint with your local supervisory authority.

We use one essential cookie:

• fieldbolt_session — an HTTP-only, secure, same-site session cookie that keeps you logged in. It contains only a session identifier and expires after 7 days of inactivity.

We do not use analytics cookies, advertising cookies, or third-party tracking cookies. We do not use Google Analytics, Facebook Pixel, or any similar tracking tools.

You can delete this cookie by logging out, clearing your browser cookies, or letting your session expire.

The Service is intended for use by businesses and is not directed at children under the age of 18. We do not knowingly collect personal information from children under 18. If you believe we have inadvertently collected information from a child, please contact us at privacy@fieldbolt.io and we will delete it promptly.

FieldBolt is based in the United States. If you access the Service from outside the United States, your information will be transferred to and processed in the United States, where data protection laws may differ from those in your country.

For transfers from the EEA or UK, we rely on Standard Contractual Clauses approved by the European Commission to ensure adequate protection for your data.

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email (to the address on your account) and post the updated policy with a revised effective date at least 14 days before the changes take effect. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.

For privacy-related questions, requests, or concerns:

Email: privacy@fieldbolt.io Website: https://fieldbolt.io/privacy

For general support: support@fieldbolt.io

We aim to respond to all privacy requests within 30 days.