Skip to main content
PL
Project Log

Privacy Policy

Last updated: February 25, 2026

Project Log LLC ("Project Log," "we," "us," or "our") operates the Project Log platform, including the website at projlog.app, the Project Log mobile applications for iOS and Android, and related services (collectively, the "Service"). This Privacy Policy describes how we collect, use, disclose, and protect your information when you use our Service.

By using the Service, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

1.1 Account Information

When you create an account or are invited to the Service by a company administrator, we collect:

  • Name
  • Email address
  • Phone number (optional)
  • Password (stored in hashed form)
  • Role within your organization (e.g., admin, crew member, customer)

1.2 Company Information

When a company subscribes to the Service, we collect:

  • Company name, address, phone number, and website
  • Company logo and brand colors
  • Billing contact information
  • Tax identification information (if provided for invoicing)

1.3 Project and Business Data

Through normal use of the Service, the following data is created and stored:

  • Project details (descriptions, addresses, timelines, status)
  • Estimates and invoices (line items, amounts, payment status)
  • Work orders and task assignments
  • Customer and contact records (names, addresses, phone numbers, emails)
  • Messages between users (text content)
  • Documents and files uploaded to the Service
  • Notes, comments, and activity logs

1.4 Photos and Media

  • Photos captured through the mobile app's camera feature (used for daily work logs, project documentation, and inspections)
  • Photos and images uploaded through the web interface
  • Profile photos

1.5 Device and Usage Data

  • Device type, operating system, and version
  • Browser type and version
  • IP address
  • Pages visited and features used within the Service
  • Timestamps of access and actions
  • Push notification device tokens (for delivering notifications to mobile devices)
  • Crash reports and performance data (if error monitoring is enabled)

1.6 Payment Data

Payment processing is handled entirely by Stripe, Inc. We do not store credit card numbers, bank account numbers, or other payment instrument details on our servers. We store references to Stripe customer and transaction identifiers to associate payments with the correct accounts and invoices.

1.7 Location Data

  • We do not collect precise GPS location data unless a specific feature requires it and you grant permission
  • We may use IP-based approximate location for weather-related features (weather alerts, weather-aware scheduling)
  • Project addresses provided by users are stored as part of project records

1.8 Information from Third-Party Integrations

When a company connects third-party services through the Service, we may receive data from those services:

  • QuickBooks: Financial and accounting data synced for invoicing purposes
  • EagleView: Property measurement data
  • Google Calendar: Calendar event data for scheduling
  • Stripe Connect: Payment processing status and transaction references

2. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Service
  • Process transactions and send related information (invoices, payment confirmations, receipts)
  • Send notifications about project updates, task assignments, messages, and other Service activity (via push notifications, email, or SMS)
  • Provide customer support and respond to inquiries
  • Monitor and analyze usage patterns to improve the Service
  • Detect, prevent, and address technical issues, fraud, and security concerns
  • Send administrative communications about the Service (maintenance notices, security alerts, policy changes)
  • Comply with legal obligations

We do not use your information for:

  • Selling personal data to third parties
  • Targeted advertising
  • Profiling for purposes unrelated to the Service

3. How We Share Your Information

3.1 Within Your Organization

The Service is designed for use by companies and their teams. Information you create within the Service (projects, messages, photos, documents) is visible to other members of your organization according to their role and permissions. For example:

  • Company administrators can view all data within their company's account
  • Crew members can view their assigned projects and schedules
  • Customers can view their own projects, invoices, and messages with the company

3.2 Service Providers

We use third-party services to operate the Service. These providers process data on our behalf and are contractually obligated to protect it:

ProviderPurposeData Shared
Supabase (Supabase Inc.)Database hosting, authentication, file storageAll Service data
Vercel (Vercel Inc.)Application hosting and deliveryRequest/response data, IP addresses
Stripe (Stripe Inc.)Payment processingPayment-related data, billing information
Resend (Resend Inc.)Email deliveryEmail addresses, email content
Twilio (Twilio Inc.)SMS deliveryPhone numbers, SMS content
Firebase (Google LLC)Push notification deliveryDevice tokens, notification content
Tomorrow.ioWeather dataApproximate location (project addresses)

3.3 Between Companies (Multi-Tenant)

Project Log is a multi-tenant platform. Each company's data is isolated in a separate database schema. A company cannot access another company's data.

If you are a user who has accounts with multiple companies on the platform (for example, a homeowner who is a customer of two different service companies), each company can only see the data related to their own projects and interactions with you. Your account credentials are shared (one login), but your data is separated by company.

3.4 Legal Requirements

We may disclose your information if required to do so by law, or in the good-faith belief that such action is necessary to:

  • Comply with a legal obligation, subpoena, or court order
  • Protect and defend our rights or property
  • Prevent fraud or address security issues
  • Protect the personal safety of users or the public

3.5 Business Transfers

If Project Log is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify affected users before their information becomes subject to a different privacy policy.

4. Data Storage and Security

4.1 Data Isolation

Each company's business data (projects, invoices, contacts, messages, documents, photos) is stored in a dedicated, isolated database schema. This means company data is physically separated at the database level, not just filtered by access rules.

4.2 Encryption

  • All data transmitted between your device and our servers is encrypted using TLS (HTTPS)
  • Database connections use encrypted transport
  • Integration credentials (API keys, OAuth tokens) are encrypted at rest
  • Passwords are hashed using industry-standard algorithms (bcrypt via Supabase Auth)

4.3 Access Controls

  • Role-based access controls restrict what each user can see and do within their organization
  • Platform administrators (Project Log staff) can access tenant data for support purposes but do not routinely access it
  • Authentication is managed by Supabase Auth with session-based security

4.4 Infrastructure

The Service is hosted on infrastructure provided by Supabase (database and storage) and Vercel (application hosting). Both providers maintain SOC 2 compliance and implement industry-standard security practices. We do not operate our own data centers.

5. Data Retention

  • Active accounts: Your data is retained as long as your account and your company's subscription are active.
  • Deleted accounts: When you request account deletion, your personal data is removed within 30 days. Data you created within a company context (projects, invoices, messages) may be retained by that company as part of their business records.
  • Churned companies: When a company's subscription ends and the account is churned, all company data (including all users' data within that company) is retained for 90 days, then permanently deleted.
  • Backups: Deleted data may persist in encrypted backups for up to 30 additional days before being purged.

6. Your Rights

6.1 Access

You can view your personal information through the Service at any time (profile, account settings).

6.2 Correction

You can update your personal information (name, email, phone, password) through your account settings.

6.3 Deletion

You can request deletion of your account through the Service (Settings → Account → Delete Account). This will:

  • Remove your profile information
  • Remove your login credentials
  • Remove your association with all companies
  • Not remove business records you created on behalf of a company (these belong to the company)

6.4 Data Export

You can request an export of your personal data by contacting us at the email address below.

6.5 Opt-Out of Communications

You can manage your notification preferences (push notifications, email, SMS) through the Service settings. You cannot opt out of essential Service communications (security alerts, billing notices, legal updates).

7. Children's Privacy

The Service is not intended for use by individuals under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete that information.

8. Third-Party AI Services

Certain features of the Service may use artificial intelligence provided by third-party services to generate content such as daily recap summaries, sentiment analysis, or communication suggestions. When these features are used:

  • Only the minimum data necessary is sent to the AI provider
  • Data is sent via encrypted connections
  • We do not send personally identifiable information to AI providers unless required for the feature and disclosed at the point of use
  • You may be asked to consent before features that send personal data to third-party AI services are activated

9. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act:

  • Right to Know: You can request that we disclose what personal information we collect, use, and share.
  • Right to Delete: You can request deletion of your personal information, subject to certain exceptions.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.
  • Right to Opt-Out of Sale: We do not sell personal information.

To exercise these rights, contact us at the email address below.

10. International Users

The Service is hosted in the United States. If you access the Service from outside the United States, your information will be transferred to and processed in the United States. By using the Service, you consent to this transfer.

If you are located in the European Economic Area (EEA) or United Kingdom, you may have additional rights under the General Data Protection Regulation (GDPR). Contact us to exercise these rights.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a revised "Last Updated" date and, where appropriate, by sending a notification through the Service.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at:

Project Log LLC

Email: privacy@projlog.app