Privacy Policy — FieldShield

1. Introduction

FieldShield ("we", "us", or "our") provides a construction field-management platform composed of a mobile application, a web application, and a back-office. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services (the "Services").

This policy complies with the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and the Google Play Data Safety requirements. By using our Services, you agree to the practices described in this policy.

2. Data we collect

2.1 Information you provide

Account information: name, email address, password (hashed), phone number, profile picture, company, job title.
Project content: projects, plans (PDF/images), tasks, annotations, photos, files, forms, comments, and metadata you create or upload.
Communications: messages and content you send through the in-app messaging features.
Payment information: processed by our payment partners — Apple for in-app purchases on iOS (App Store) and Stripe for Android and web purchases. We do not store full card numbers on our servers. If we enable Google Play Billing in the future, payment data for Android in-app purchases would be handled by Google.

2.2 Information collected automatically

Device information: device model, operating system version, unique device identifiers, mobile network information.
Usage data: features used, pages viewed, actions performed, crash logs, performance diagnostics.
Location data: only when you explicitly enable location-based features (e.g., geotagging photos, signing site attendance). We do not track your background location.
Camera & photo library: only when you choose to capture or upload media within the app. Media stays on your device until you upload it.
Log data: IP address, browser type, access times, referring URLs.

3. How we use your data

We use your information to:

Provide, maintain, and improve the Services.
Authenticate you and secure your account.
Synchronize your projects between your devices and team members.
Send service-related notifications (account activity, security alerts, mentions, task assignments).
Process payments and manage subscriptions.
Respond to support requests.
Detect and prevent fraud, abuse, and security incidents.
Comply with legal obligations.

We do not sell your personal data. We do not use your project content (plans, photos, files) to train artificial-intelligence models, nor share it with advertisers.

4. Legal basis for processing (GDPR)

We process your data on the following legal bases:

Contract: to provide the Services you signed up for.
Legitimate interest: to secure our infrastructure, prevent fraud, and improve our products.
Consent: for optional features such as location, camera access, marketing emails — you can withdraw consent at any time.
Legal obligation: to comply with tax, accounting, and regulatory requirements.

We share your data only with the following categories of recipients:

Project members: data you upload to a project (plans, photos, files, tasks, annotations) is visible to other members of that project, according to their role.
Service providers (data processors) who help us operate the Services under strict contractual obligations:
- Apple Inc. — payment processing for iOS in-app purchases (Apple App Store).
- Stripe — payment processing for Android and web purchases.
- Google LLC (Firebase / Cloud, Google Play) — push notifications, crash reporting, and (where applicable) Google Play Billing for Android in-app purchases.
- Hosting provider — secure VPS infrastructure (EU region).
- Email delivery — transactional emails.
Legal authorities: only when required by law, court order, or to protect our rights, users, or the public.
Business transfers: in case of merger, acquisition, or asset sale, with prior notice and same protection level.

6. Data retention

Account data: kept while your account is active, then deleted within 30 days of account closure.
Project content: kept while the project owner's subscription is active. Archived projects are kept for 12 months then permanently deleted.
Billing records: kept for 10 years for tax/accounting compliance.
Logs: kept for up to 90 days for security and debugging.
Backups: rotated within 35 days.

You may request earlier deletion at any time by contacting us — see Section 8.

7. Security

We implement industry-standard technical and organizational measures to protect your data:

HTTPS/TLS encryption for all data in transit.
Encryption at rest for sensitive fields and uploaded files.
Hashed and salted passwords (bcrypt/PBKDF2).
Role-based access control (RBAC) within projects.
Regular security updates, dependency patching, and infrastructure hardening.
Restricted administrative access with audit logs.

No system is 100% secure. If we detect a personal-data breach affecting your rights, we will notify you and the relevant supervisory authority within 72 hours, as required by GDPR.

8. Your rights

Depending on your jurisdiction, you have the right to:

Access the personal data we hold about you.
Rectify inaccurate or incomplete data.
Erase your account and personal data ("right to be forgotten").
Restrict or object to certain processing activities.
Portability — receive your data in a machine-readable format.
Withdraw consent at any time, where processing relies on consent.
Lodge a complaint with your local data protection authority.

You can exercise these rights directly within the app (Settings → Account) or by contacting us at the email below. We will respond within 30 days.

9. Children's privacy

FieldShield is intended for professional construction-industry use and is not directed to children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal information, please contact us so we can delete it.

10. International data transfers

Our primary infrastructure is hosted in the European Union. Some service providers may be located outside the EU. When personal data is transferred internationally, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses (SCCs) and adequacy decisions, in accordance with Articles 44–49 of the GDPR.

11. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes through the app or by email at least 30 days before they take effect. The "Last updated" date at the top of this page indicates when the policy was last revised.

12. Contact us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our Data Protection team:

Get in touch

We respond to all privacy inquiries within 30 days.

help@fieldshield.app