Privacy Policy

1. Introduction

ReportVertex ("we," "us," or "our") operates a cloud-based inspection reporting platform for businesses. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our service.

This policy applies to all users of the ReportVertex platform, including organization administrators, team members, and visitors to our website. By using ReportVertex, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Account Information

When you register for an account, we collect your name, email address, company name, and other registration details you provide. If you are invited to an organization by an administrator, we collect the information necessary to create your user account.

2.2 Inspection and Business Data

The core of ReportVertex is the data you create and manage: inspections, reports, templates, deficiency records, asset information, site details, customer records, and work orders. This data is entered and managed by you and your team.

2.3 Usage Data

We collect information about how you interact with the service, including pages visited, features used, actions taken, timestamps, and general usage patterns. This helps us understand how the platform is used and where we can improve.

2.4 Device and Browser Information

We automatically collect technical information such as your IP address, browser type and version, operating system, device type, and screen resolution. This information is used for security monitoring, troubleshooting, and optimizing the user experience.

2.5 Cookies and Tracking

We use cookies and similar technologies for authentication, session management, and preference storage. For more details, please see our Cookie Policy.

3. How We Use Your Information

We use the information we collect to:

• Provide and maintain the service — including authentication, data storage, report generation, and team collaboration features.
• Process payments — subscription billing and invoicing through our payment processor, Stripe.
• Send service communications — account notifications, security alerts, billing updates, and product announcements relevant to your use of the service.
• Improve the platform — analyzing usage patterns to identify bugs, prioritize features, and enhance the user experience.
• Ensure security — detecting and preventing unauthorized access, fraud, and abuse.
• Comply with legal obligations — responding to lawful requests from government authorities or fulfilling regulatory requirements.

4. Data Storage and Security

4.1 Infrastructure

Your data is stored in a PostgreSQL database managed by Supabase, a trusted cloud infrastructure provider. Our application is hosted on Vercel. Both providers maintain industry-standard security certifications and practices.

4.2 Encryption

All data transmitted between your browser and our servers is encrypted using TLS (Transport Layer Security). Data stored in our database is encrypted at rest using AES-256 encryption.

4.3 Access Controls

We implement row-level security (RLS) policies at the database level to ensure that each organization can only access its own data. Role-based access controls within the application further restrict what each user can see and do based on their assigned role.

4.4 Security Practices

We use secure authentication through Supabase Auth, enforce strong session management, and regularly review our security posture. While we take reasonable measures to protect your data, no method of transmission or storage is 100% secure.

5. Third-Party Services

We use the following third-party services to operate ReportVertex. Each has its own privacy policy governing how they handle data:

• Supabase — database hosting, authentication, and real-time data services.
• Stripe — payment processing and subscription management. Stripe handles all credit card information directly; we never store your card details on our servers.
• Vercel — application hosting and content delivery.
• Zoho Books — optional accounting integration. This connection is initiated by you and only shares the data necessary for invoicing and bookkeeping.

We select our service providers carefully and require them to handle data in accordance with applicable data protection standards.

6. Data Sharing

We do not sell, rent, or trade your personal information or Customer Data to third parties. We share data only in the following circumstances:

• Service providers — with third-party vendors who help us operate the service (as described above), under strict contractual obligations.
• Legal requirements — when required by law, court order, or governmental regulation.
• Business transfers — in connection with a merger, acquisition, or sale of assets, in which case your data would remain subject to this Privacy Policy.
• With your consent — when you explicitly authorize us to share specific data.

7. Your Rights

You have the following rights regarding your data:

• Access your data — you can view all data associated with your account through the platform at any time.
• Export your data — you can export your inspection data, reports, and other records in standard formats.
• Delete your account — you may request deletion of your account and all associated data by contacting us. Organization administrators can also delete their organization account.
• Opt out of marketing — you can unsubscribe from marketing communications at any time using the unsubscribe link in our emails or by updating your notification preferences.
• Correct your data — you can update your personal information through your account settings at any time.

To exercise any of these rights, contact us at privacy@reportvertex.com. We will respond to your request within 30 days.

8. Data Retention

We retain your data for as long as your account is active and as needed to provide you with the service. When you close your account or request data deletion:

• We will delete your personal data and Customer Data within 30 days of your request.
• Some data may be retained for a limited period as required by law or for legitimate business purposes (such as resolving disputes or enforcing our agreements).
• Backups containing your data will be purged within 90 days of deletion.

9. Children's Privacy

ReportVertex is a business-to-business service and is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 18, we will take steps to delete that information promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will notify you by email or through an in-app notice at least 30 days before the changes take effect.

We encourage you to review this policy periodically. Your continued use of the service after changes are posted constitutes your acceptance of the revised policy.

11. Contact

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at privacy@reportvertex.com.