Privacy Policy

What Data We Collect

When you use Own Your Tools, we collect and store the following information to provide you with a fully functional business management experience:

• Account information — your name, email address, and phone number, provided during registration
• Business data — customer records, job details, invoices, proposals, expenses, mileage logs, inventory, and scheduling data you enter into the app
• Customer data you enter — when you add your customers' information (their names, phone numbers, email addresses, service addresses) to the platform, you are responsible for having appropriate consent from those customers under applicable law
• Google® Calendar tokens — OAuth 2.0 access and refresh tokens when you connect your Google Calendar for job scheduling sync
• Device information — basic browser fingerprint data (user agent, screen size) used for session management
• Location data — GPS coordinates when you use the route planner or mileage tracker, only while the feature is actively in use

How We Use Your Data

Your data is used exclusively to operate the Own Your Tools platform and provide the features you use:

• Running the application — storing and syncing your business data (clients, jobs, invoices, expenses) across devices
• SMS notifications — sending appointment reminders and job updates to your customers via Twilio® when you enable this feature, and receiving incoming SMS messages from those customers (including opt-out replies) so we can honor unsubscribe requests
• Email notifications — sending account-related emails (trial reminders, account updates, password resets) and product communications via Resend (built on AWS SES)
• Calendar synchronization — reading and writing Google® Calendar events to keep your job schedule in sync when you connect your calendar
• Route optimization — calculating efficient driving routes between job sites using Google Maps
• Payment processing — handling one-time purchase payments and contractor payouts through Stripe®

We do not sell, rent, or share your personal data with third parties for marketing or advertising purposes.

Third-Party Services

Own Your Tools integrates with the following third-party services (our sub-processors) to deliver and operate its features. Each receives only the data necessary to perform its specific function:

• Supabase™ — cloud database and authentication. Stores your account credentials and business data with database-level access controls applied per user. Supabase Privacy Policy
• Netlify® — web hosting, content delivery, and serverless functions. As our hosting provider, Netlify processes all traffic to the site (including IP addresses and request metadata) and runs the server-side functions that power features such as payments, messaging, and lead capture. Netlify Privacy Policy
• Twilio® — SMS delivery and inbound message handling. Receives customer phone numbers and message content when you send an SMS from the app, and receives inbound replies (including STOP messages) sent to our number. Twilio Privacy Policy
• Resend (Plus Five Five, Inc.) — email delivery, built on AWS SES. Receives email addresses and message content when we send you account-related or product emails. Resend Privacy Policy
• Amazon Web Services, Inc. (AWS) — cloud email infrastructure (Amazon SES) that Resend uses to deliver our email. Receives email addresses and message content downstream when we send you account-related or product emails. AWS Privacy Notice
• Stripe® — payment processing. Handles credit card data during purchase; we never store card numbers. Stripe Privacy Policy
• Google® — Calendar API, Maps API, and Geocoding API. Used for calendar sync, route planning, and address lookup. Google Privacy Policy
• Cloudflare® Turnstile™ — bot and abuse prevention on our public lead-capture form. Receives the submitting visitor's IP address and a challenge token to distinguish real visitors from automated bots. Cloudflare Privacy Policy
• Sentry® — application error monitoring. Receives diagnostic information about errors that occur in your browser (such as error messages, stack traces, browser type, and IP address), which may incidentally include limited personal data present when an error occurs. Sentry Privacy Policy
• GitHub® — content storage for our published "Intel" articles. Used only to store and serve our own blog and resource content; it does not receive your account, business, or customer data. GitHub Privacy Statement

Google® Calendar Access

Own Your Tools requests access to your Google Calendar to provide two-way job scheduling synchronization. Specifically, the app:

• Reads your calendar events to check for scheduling conflicts when creating or moving jobs
• Creates and updates calendar events when you schedule, reschedule, or complete jobs in the app
• Deletes calendar events only when you delete the corresponding job in Own Your Tools

Calendar access is entirely optional. You can connect or disconnect your Google Calendar at any time from the Settings page. Your Google OAuth tokens are stored securely in our database with database-level access controls — only your authenticated account can access them. We do not access any Google data beyond Calendar events, and we do not share your calendar data with any third party.

Own Your Tools' use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Data Storage and Security

Your data is stored in a Supabase™-hosted PostgreSQL database with the following security measures:

• Database-level access controls — applied to user-scoped business data (customers, jobs, invoices, proposals, expenses, mileage, inventory) so that users can only access their own records
• Encryption in transit — all data is transmitted over HTTPS/TLS
• Encryption at rest — Supabase encrypts stored data using AES-256
• Offline-first architecture — your data is cached locally in your browser for fast access and offline use, and most of it is synced to the cloud when connectivity is available. Some features (such as service plans, saved forms, and direct or job-thread messages) are currently stored only on the device where you create them and are not synced to our servers.
• No plaintext passwords — authentication is handled by Supabase Auth with bcrypt hashing

We retain your data for as long as your account is active. If you request account deletion, we will permanently remove your account and associated data from our systems within 30 days. Some information may be retained longer where required by law (for example, transaction records for tax purposes) or in encrypted backups that are overwritten on a rolling basis.

Cookies and Tracking Technologies

Own Your Tools uses only a small set of cookies and browser storage technologies, all of which are necessary to run and secure the service. We do not use advertising, analytics, or cross-site tracking cookies, and we do not load any third-party advertising trackers.

• Browser local storage (essential) — we store your authentication session and cache your business data in your browser's local storage so the app loads quickly and works offline. This data stays on your device and is removed when you log out or clear your browser storage.
• Cloudflare® Turnstile cookies (essential / security) — on our public lead-capture form only, Cloudflare Turnstile may set cookies (such as Cloudflare's "_cf" cookies) to tell real visitors apart from automated bots and prevent spam submissions.

Because we use only these essential cookies and storage technologies, Own Your Tools does not display a cookie consent banner. You can block or delete cookies and clear local storage at any time through your browser settings, though doing so may affect functionality — for example, you may be signed out or lose offline access.

SMS Communications and Opt-Out

If you provide your phone number, you may receive transactional SMS messages from Own Your Tools (such as trial activation confirmations and account notifications). To stop receiving SMS messages from us at any time, reply STOP to any message. We will honor your opt-out request, and you will no longer receive SMS communications from Own Your Tools at that number.

If you use Own Your Tools to send SMS messages to your own customers, you are responsible for obtaining prior consent from those customers under applicable law (including the Telephone Consumer Protection Act in the United States) and for honoring opt-out requests they make to you.

Your Rights

You have the right to access, correct, or delete your personal data at any time. You can export your business data directly from the app, or contact us at the email address below to request a full data export or account deletion. Shared team-chat messages are retained with your organization and are not included in the export.

Depending on where you live, you may have additional rights under applicable privacy laws (such as the California Consumer Privacy Act). To exercise any of these rights, contact us at the email address below.

Changes to This Policy

We may update this privacy policy from time to time. When we do, we will revise the "Last updated" date at the top of this page. For material changes, we will provide notice via email to your registered address or via an in-app notification before the changes take effect.

Contact Us

If you have questions about this privacy policy or how your data is handled, reach out to us: