Privacy Policy

Groundworks Command — Effective Date: May 12, 2026 — Last Updated: May 12, 2026

1. Introduction

This Privacy Policy describes how Groundworks Command (“Groundworks Command,” “we,” “our,” or “us”) collects, uses, stores, and protects information when our internal business operations platform (the “Platform”) is used by our employees, contractors, and authorized agents in the course of running our business.

The Platform is an internal tool. It is not offered as a public product or service. References below to “you” mean an authorized user of the Platform, or a customer whose data flows through it because we provide services to them.

2. Information We Collect

2.1 Information you provide directly

• Account credentials (name, email, role) for Platform users.
• Customer records: name, billing address, service address, contact phone, email, and account preferences entered by office staff.
• Job, dispatch, invoice, payment, equipment, and inspection records created in the course of performing service work for our customers.

2.2 Information we collect from connected services

• QuickBooks Online — We connect to QuickBooks Online via Intuit’s OAuth 2.0 API. We retrieve and synchronize customer records, invoices, payments, credit memos, items, and inventory between the Platform and QuickBooks. Access tokens are stored encrypted at rest. We do not store QuickBooks Payments card data.
• ServiceTitan — Historical customer, job, invoice, equipment, and membership data is imported from ServiceTitan during a one-time migration.
• Stripe — Payment processing is performed by Stripe. The Platform stores Stripe customer ids and payment method tokens; full card numbers and security codes are never seen, stored, or transmitted by the Platform.
• Twilio — SMS messages sent to customers (e.g., appointment reminders) flow through Twilio. Phone numbers and message content are logged.

2.3 Information we collect automatically

• Server logs (request URLs, timestamps, IP addresses, response codes) for security and reliability purposes.
• Audit records of changes to records (who edited what, when) for compliance and accountability.
• Approximate location of authorized users for dispatch and routing features only (not stored long-term).

3. How We Use Information

• Operate the Platform and provide the field-service operations it supports.
• Generate, send, and reconcile invoices and payments for our customers.
• Dispatch technicians, route service vehicles, and track job progress.
• Comply with regulatory reporting requirements (e.g., backflow assembly testing reports filed with water authorities under TCEQ rule 30 TAC §290.44).
• Detect, prevent, and respond to security incidents.
• Improve the Platform’s reliability, performance, and usability for our internal users.

4. How We Share Information

We do not sell information. We share only as follows:

• Service providers acting on our behalf — QuickBooks Online (Intuit, Inc.), Stripe, Twilio, our cloud hosting provider (Render), our error tracking provider (Sentry), and similar vendors. Each receives only the information needed to perform its specific function and is contractually bound to protect it.
• Regulators — Backflow inspection reports are submitted to applicable water authorities as required by state and local rules. Tax-related records are submitted to taxing authorities through QuickBooks Online and our accountant.
• Legal compliance — We may disclose information when required by law, subpoena, court order, or other valid legal process.
• Business transfers — If Groundworks Command undergoes a merger, acquisition, or sale, customer and business records may transfer with the rest of the business assets.

5. Data Retention

Business records (customers, jobs, invoices, payments, inspections) are retained as long as required for tax, accounting, and regulatory purposes — typically seven (7) years after a record is closed, or longer if a state or federal rule mandates it. Server access logs are retained for ninety (90) days unless they relate to an open security incident.

6. Security

We protect information using industry-standard practices including TLS-encrypted transport, encrypted credentials at rest, role-based access control, audit logging, and regular off-platform backups. No system is perfectly secure, and we cannot guarantee that information will never be accessed without authorization. If we become aware of a security incident affecting your information, we will notify the relevant individuals and authorities as required by applicable law.

7. Your Choices

If you are a customer whose data is in the Platform, you may:

• Request a copy of the records we hold about you.
• Request that we correct inaccurate records.
• Request deletion of records we are not required by law to retain.

Send requests to the contact below. We may need to verify your identity before fulfilling the request.

8. Children

The Platform is not directed at children under 13 and we do not knowingly collect information from them.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be reflected by updating the “Last Updated” date at the top of this page. If changes are significant, we will provide additional notice as appropriate.

10. Contact

Questions about this policy or about how we handle information:

Groundworks Command
Email: support@groundworkcommand.com