Privacy Policy

Last updated: [DATE TO FILL]

Who we are

Trade Management LLC ("we," "us") operates Trade Management, a software-as-a-service product for small field-service trades. We are organized under the laws of the Commonwealth of Massachusetts.

Contact for privacy questions: privacy@yourdomain.com

What we collect

When you sign up and use the service, we collect:

  • Account info: name, email, password (hashed by Supabase Auth), phone number, role in your shop.
  • Business info you enter: company name, location, technicians, trucks, customers, sites, equipment, catalog items, vendors, inventory levels, jobs, invoices, service agreements, route plans.
  • Customer-of-customer info entered on behalf of your customers: their names, contact info, service addresses, equipment.
  • Job execution data: photos taken on-site, customer signatures, technician locations during a job (when granted), notes.
  • Communications: SMS messages sent through the system (via Twilio); receipts of transactional emails (via Resend).
  • Payment info: handled entirely by Stripe; we never see card numbers. We see the existence of charges, invoice IDs, and statuses.
  • Technical data: IP address, user agent, error reports (via Sentry), audit log entries describing your actions.

Why we collect it

  • To run the application you signed up for.
  • To send you transactional email and SMS that you've configured.
  • To bill you and facilitate billing your customers via Stripe.
  • To debug, prevent fraud, and respond to security incidents.
  • To meet legal obligations including Massachusetts 201 CMR 17.00 and M.G.L. c. 93H.

Sub-processors

We use the following companies to operate the service. A current list is at our sub-processors page.

  • Vercel — application hosting (US)
  • Supabase — database, auth, file storage (US East)
  • Cloudflare — CDN + DDoS protection (global)
  • Stripe — payments (US)
  • Twilio — SMS delivery (US)
  • Resend — transactional email (US)
  • Mapbox — driving directions + ETAs (US)
  • Sentry — error tracking (US)

What we don't do

  • We do not sell or rent your data.
  • We do not use your data to train external AI models.
  • We do not show ads in the product.
  • We do not track you across other websites.

How long we keep it

Default retention while your account is active. After deletion:

  • Audit logs and billing records: 7 years (business records + tax norms).
  • All other data: purged within 30 days, except where law or active legal hold requires longer retention.

Request deletion any time via Settings → Data → Delete account or email privacy@yourdomain.com.

Your rights

  • Access: download a copy of your tenant's data via Settings → Data → Export.
  • Correct: edit anything in your account directly.
  • Delete: via Settings → Data → Delete account (7-day grace period; reversible until then).
  • Object: email privacy@yourdomain.com.

Massachusetts residents have additional rights under M.G.L. c. 93H if their personal information is involved in a breach. California residents have rights under the CCPA.

Security

We follow Massachusetts 201 CMR 17.00 safeguards:

  • TLS in transit, AES-256 at rest (via Supabase).
  • Row-level security isolating every tenant.
  • MFA required for owner and dispatcher accounts.
  • Audit logs for significant actions.
  • Annual WISP review.
  • Vendor DPAs on file.

If you believe your data has been exposed, email security@yourdomain.com. Our response follows M.G.L. c. 93H notification timelines.

Cookies

Authentication cookies (Supabase) only — required to keep you signed in. We do not use third-party advertising cookies.

Changes

Material changes will be posted here and account owners notified at least 14 days before they take effect.

Contact

Email: privacy@yourdomain.com
Mail: Trade Management LLC, [STREET], [CITY], MA [ZIP]