Privacy Policy

Account and Profile Information

• • User Accounts: Name, email address, phone number, job title, department affiliation
• • Organization Data: Company name, facility locations, organizational structure
• • Authentication Information: Login credentials, two-factor authentication settings
• • Profile Preferences: Notification settings, language preferences, timezone

Operational Data

• • Work Orders: Issue descriptions, locations, priority levels, assignments, status updates
• • Asset Information: Equipment details, maintenance schedules, warranties, service history
• • Communications: Messages, comments, notes, and attachments within the platform
• • Reports and Analytics: Performance metrics, usage statistics, custom reports

Technical Information

• • Usage Data: Login times, feature usage, navigation patterns, session duration
• • Device Information: IP addresses, browser type, operating system, mobile device identifiers
• • Integration Data: Information exchanged with connected third-party systems
• • Security Logs: Access attempts, permission changes, security events

Public Portal Submissions

• • Issue Reports: Problem descriptions, locations, contact information (when provided)
• • Media Files: Photos, videos, and documents uploaded to support requests
• • Feedback: Satisfaction ratings, comments, and suggestions

Service Provision

• • Facilitate work order creation, assignment, and tracking
• • Enable communication and collaboration between team members
• • Generate reports and analytics for facility management insights
• • Automate workflows and maintenance scheduling
• • Provide mobile access and offline synchronization

Platform Improvement

• • Analyze usage patterns to enhance user experience and interface design
• • Develop new features based on aggregated usage data and feedback
• • Optimize system performance and reliability
• • Conduct security monitoring and threat detection

Communication and Support

• • Send system notifications, updates, and maintenance announcements
• • Provide customer support and technical assistance
• • Deliver training materials and best practice guidance
• • Respond to inquiries and resolve platform issues

Compliance and Legal Requirements

• • Maintain audit trails for regulatory compliance
• • Comply with legal obligations and court orders
• • Protect against fraud, security threats, and abuse
• • Enforce our Terms of Service and platform policies

Limited Data Sharing

We may share information only in the following circumstances:

• • Service Providers: Trusted third-party vendors who assist in platform operations (cloud hosting, security monitoring, customer support)
• • Integrations: Connected systems that you authorize, such as building automation systems or accounting software
• • Legal Requirements: When required by law, court order, or regulatory mandate
• • Business Transfers: In the event of a merger, acquisition, or sale of business assets (with prior notice)
• • Emergency Situations: To protect health, safety, or prevent fraud when legally permitted

Data Processing Agreements

All service providers and integration partners are bound by comprehensive data processing agreements that ensure the same level of privacy protection as outlined in this policy. We conduct regular security assessments of all partners with access to customer data.

Technical Safeguards

• • Encryption: 256-bit SSL/TLS encryption for data in transit and AES-256 encryption for data at rest
• • Access Controls: Role-based permissions, multi-factor authentication, and regular access reviews
• • Infrastructure Security: SOC 2 Type II certified data centers with redundant security measures
• • Network Protection: Firewalls, intrusion detection systems, and DDoS protection
• • Vulnerability Management: Regular security scans, penetration testing, and patch management

Operational Security

• • Employee Training: Regular security awareness training for all staff with data access
• • Background Checks: Comprehensive screening for employees with access to customer data
• • Incident Response: 24/7 security monitoring with documented incident response procedures
• • Audit Trails: Comprehensive logging of all data access and system changes

Data Backup and Recovery

• • Automated daily backups with 99.9% recovery guarantee
• • Geographically distributed backup storage
• • Regular disaster recovery testing and business continuity planning
• • Point-in-time recovery capabilities for data restoration

Retention Periods

• • Active Accounts: Data retained for the duration of your subscription
• • Work Order History: Maintained for 7 years for compliance and historical analysis
• • User Activity Logs: Retained for 2 years for security and audit purposes
• • Financial Records: Billing and payment data retained for 7 years as required by law
• • Deleted Accounts: 30-day grace period before permanent deletion

Data Deletion Rights

You have the right to request deletion of your personal data, subject to legal and contractual obligations. Enterprise customers can configure automated data retention policies aligned with their organizational requirements.

• • Self-service data export tools available in your account settings
• • Complete data package provided upon account termination
• • Secure data destruction using industry-standard methods
• • Certificate of destruction provided upon request

Individual Rights

• • Access: Request a copy of personal data we process about you
• • Correction: Update or correct inaccurate personal information
• • Deletion: Request deletion of personal data (subject to retention requirements)
• • Portability: Receive your data in a machine-readable format
• • Objection: Object to certain types of data processing
• • Restriction: Request limitation of data processing activities

How to Exercise Your Rights

We will respond to all requests within 30 days. For complex requests, we may extend this period by an additional 60 days with notification.

Policy Changes

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or business operations. Material changes will be communicated through:

• • Email notification to account administrators at least 30 days before changes take effect
• • In-platform notifications and announcements
• • Updated policy posted on our website with revision date
• • For enterprise customers: Direct communication through your account manager

Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Regulatory Compliance

Our privacy practices are designed to comply with applicable data protection regulations including GDPR (EU), CCPA (California), PIPEDA (Canada), and other regional privacy laws. For specific compliance questions or to report a privacy concern, please contact our Data Protection Officer at dpo@facilitymanagement.com.