Summit One Privacy Policy

Effective Date: August 07, 2025

Introduction

Summit One (We, us, or our) is a cloud-based enterprise software platform designed to automate back-office functions for blue-collar industries, such as construction, plumbing, electrical, and paving. This Privacy Policy describes how we collect, use, disclose, and protect your personal information when you interact with our websites, mobile/desktop apps, smart watch integrations, and related services (collectively, the Services). We are committed to protecting your privacy and handling your personal information in a transparent, lawful, and secure manner.

This Policy applies to all users, including business owners/admins, field workers/crews, clients, and other stakeholders. Where we process data on behalf of our customers (e.g., Account Owners in blue-collar businesses), we act as a data processor, and our customers are the data controllers responsible for obtaining necessary consents. For such data (e.g., End User or employee information), please contact the relevant Account Owner for privacy inquiries. We comply with applicable data protection laws, including the General Data Protection Regulation (GDPR) for EU/UK residents and the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) for California residents.

By using our Services, you acknowledge that you have read and understood this Policy. Users must be at least 18 years old or the age of majority in their jurisdiction.

Information We Collect

We collect personal information to provide, improve, and secure our Services. This includes data you provide directly, data collected automatically, and data from third-party sources.

Directly Provided Information:

  • Account registration and profile data (e.g., name, email, phone number, job title, company details).
  • Business and operational data (e.g., employee info, payroll, fleet tracking).
  • Client and financial data (e.g., client details, invoices, contracts).
  • Uploaded/generated content (e.g., job photos, time logs, geolocation).
  • Communications (e.g., support requests, feedback, surveys).

Automatically Collected Information:

  • Device and usage data (e.g., IP, browser, system, timestamps).
  • Location data (e.g., GPS, IP inference).
  • Analytics data via cookies (e.g., session stats, error logs).

Information from Third Parties:

  • Integrations (e.g., Stripe, DocuSign, Google Maps).
  • Partner and vendor data (e.g., job boards, supplier records).

We generally do not collect sensitive data unless necessary and only with consent. Examples include location or financial data needed for operations.

How We Use Your Information

  • Service Operations: Account management, workflows, support, transactions.
  • Improvement & Analytics: AI features, trend reports, usage metrics.
  • Security: Fraud prevention, regulatory compliance, integrity checks.
  • Communications: Alerts, marketing (with opt-out options).
  • Personalization: Role-based experiences.
  • Aggregated Insights: Industry trends (non-identifiable).

We retain data only as long as necessary or legally required.

Sharing Your Information

  • Service Providers: Hosting, payments, integrations, analytics.
  • Affiliates: Internal use across our companies.
  • Business Transfers: Mergers, acquisitions.
  • Legal: Compliance, safety, fraud prevention.
  • With Your Consent: For integrations or marketing.

We do not sell your data. International transfers comply with regulations like GDPR SCCs.

Data Security

We implement strong measures including:

  • Encryption (AES-256 at rest, TLS 1.3 in transit)
  • Role-based access control and RLS for tenant isolation
  • Penetration testing, audits, and monitoring
  • Regulatory compliance with GDPR, CCPA, HIPAA (as needed)

No system is 100% secure. In case of a breach, we will notify users and authorities promptly.

Your Rights

You have the right to:

  • Access and receive your data (portability)
  • Correct or delete information
  • Object or restrict processing
  • Opt-out of targeted ads or automated decision-making
  • Withdraw consent where applicable

For GDPR/CCPA requests, contact us below. We may verify your identity and respond within legal timelines.

Cookies and Tracking Technologies

  • Essential Cookies: Authentication/session management
  • Analytics Cookies: Usage insights
  • Advertising Cookies: Targeted ads (with opt-out)

We dont auto-respect Do Not Track, but provide opt-outs via browser or tools like Google Analytics Opt-out.

Childrens Privacy

Our Services are not intended for users under 13 (or 16 in some areas). We delete any known data collected from children.

Changes to This Policy

We may update this Policy over time. Material changes will be communicated via email or in-app notifications.

Contact Us

For any privacy-related questions, requests, or complaints, contact our Privacy Officer:

Email: privacy@summit-one.app

Company: Summit One, Inc.