Privacy Policy

Account info: email, full name, password (hashed by our auth provider, never stored in clear), business name, phone, address, logo, default rates.

Content you create: customers, projects, quotes, invoices, payments, time entries, expenses, photos, change orders, milestones, recurring templates. This is your data — we store and process it on your behalf.

Payment info (subscription):handled by Stripe. We store a Stripe customer ID and subscription metadata; we never see your card number. Your billing address and payment method are managed in Stripe’s billing portal.

Payment info (your customers’ payments to you): processed entirely by Stripe under your connected Stripe account. We store transaction metadata (amount, status, date) but no card details.

Crew data (when you invite team members):email, full name, role, hourly rate (owner-set), time entries, expenses they log, photos they upload.

Logs and basic operational data:request logs, error traces, AI chat history (for debugging and abuse prevention). Server logs include IP addresses but we don’t use them for tracking or marketing.

• No third-party analytics or tracking scripts inside the authenticated app — no Google Analytics, no PostHog, no Facebook Pixel, no click autocapture, no session recording
• No tracking of clicks, form inputs, or page-by-page navigation while you’re in the app
• No tracking of your customers when they view a public quote / invoice / change-order link
• No selling data to advertisers, brokers, or anyone else
• No training AI models on your data (more on this in §5)

One nuance on the marketing side of the site (this page, the landing page, FAQ, signup, free public calculators): we use Vercel Analytics for traffic counts. It’s cookieless, collects no personal data, and only counts pageviews so we can see which channels drive signups. If we ever turn on Facebook Pixel for paid-ad conversion tracking, it’ll only run on those same marketing pages — never inside the authed app. The whitelist that enforces this lives atsrc/components/marketing-analytics.tsx in our public source tree.

• To run the service — store your data, render UIs, send emails, process payments
• To send transactional emails — invoices, reminders, password resets, signup confirmations, notifications you opt into
• To bill your subscription
• To respond when you contact support
• To prevent abuse and fraud
• To debug and improve the product (using anonymous aggregates and our own usage data, not yours)

The only third parties that touch your data are services we use to run the platform:

• Supabase — database, file storage, authentication. Hosted in the US.
• Vercel — application hosting and serverless function execution. Vercel Analytics (cookieless pageview counts) runs on marketing pages only.
• Stripe — subscription billing and customer payments via Stripe Connect.
• Resend — outbound transactional and authentication emails.
• Anthropic — Claude API for the owner-only AI assistant. Anthropic does not train on API data per their commercial terms.
• Google Cloud Vision— receipt OCR when you upload an expense photo. The image is sent for text extraction; Google’s commercial Vision API does not retain or train on the image.
• Web Push providers(Apple, Google, Mozilla) — to deliver browser push notifications to devices you’ve opted in.

We don’t share your data with anyone else. We don’t sell, rent, or trade it.

The AI assistant is owner-only and powered by Anthropic’s Claude API. When you use it, we send:

• The message you typed
• Recent conversation history (last 20 messages)
• Context about your account — current customers, projects, AR aging, recent activity — so the assistant can answer questions like “what’s my AR?”

Anthropic processes this data per their commercial API terms and does not use it to train their models. We store the chat history for debugging and to provide continuity across your sessions; you can request deletion anytime.

The chat is org-scoped; only owners can use it. Crew members and crew leads currently cannot use the AI assistant.

We use only essential cookies, set by our authentication provider (Supabase) to keep you logged in. We don’t use tracking, advertising, or analytics cookies.

You can:

• Access all data we hold about you — Settings → Export will produce a CSV of every entity type.
• Correct any data through the app’s normal editing interfaces.
• Delete your account by emailing us; we’ll permanently delete within 30 days. Some data may be retained where required by law (e.g., payment records for tax purposes).
• Export your data anytime in CSV format, with no restrictions.
• Opt out of push notifications from Settings → Push.
• Cancel your subscription through Stripe’s billing portal; you keep access until the end of your billing period.

California residents have additional rights under CCPA; EU residents under GDPR. Contact us to exercise them.

When an organization owner invites a crew member, the owner sees the crew member’s name, email, hours logged, and expenses logged on assigned projects. Crew members do not see other crew members’ data, owner’s revenue, or customer billing information. Hourly rates are owner-controlled and not visible to the crew member they apply to.

All data is encrypted in transit (TLS) and at rest. Database access is restricted by row-level security policies that enforce organization boundaries. Service role keys and webhook secrets are stored in encrypted environment variables. We don’t store payment card numbers; that’s Stripe’s job.

No system is perfectly secure. If you discover a security issue, please email us at feedback@trademastercalc.com with “security” in the subject. We’ll respond within 48 hours.

• Active accounts: data is retained as long as your subscription is active
• Cancelled accounts: data is retained for 90 days, then permanently deleted (export anytime in this window)
• Email logs: retained for 12 months for deliverability debugging
• AI chat history: retained until you request deletion or your account is deleted
• Payment records: retained as required by law (typically 7 years)

Questions about this policy or your data? Email feedback@trademastercalc.com.

Jbrewer LLC
Hillsdale, Michigan, USA