Privacy Policy

1. Definitions

For clarity and compliance with laws like the VCDPA:

Personal Data (or "Personal Information"): Any information that identifies, relates to, or could reasonably be linked to an identifiable individual, such as name, email, or payment details. Under the VCDPA, this includes "personal data" but excludes de-identified or publicly available information.
Sensitive Personal Data: Data revealing racial/ethnic origin, religious beliefs, health conditions, sexual orientation, citizenship, genetic/biometric data, precise geolocation, or data of children. We do not intentionally collect this but may process it if included in your uploaded files (e.g., project documents containing health-related specs).
Processing: Any operation on personal data, including collection, use, storage, disclosure, or deletion.
Sale: Under the VCDPA and CCPA, exchanging personal data for monetary consideration—we do not do this.
You or User: Any individual or entity using the Service, including builders, their clients, or Website visitors.

2. Information We Collect

We collect only the personal data adequate, relevant, and reasonably necessary for the purposes disclosed in this Policy, in line with FTC guidelines on data minimization and VCDPA requirements. Categories of data include:

a. Information You Provide Directly:

Account and Profile Data: Full name, email address, phone number, company name, billing address, and password when creating or managing an account.
Payment and Billing Data: Credit/debit card details, bank information, transaction history, and billing records (processed securely via third-party providers like Stripe).
Project and Content Data: Uploaded files, photos, messages, selections, approvals, schedules, and notes related to construction projects. This may include personal data of your clients (e.g., client names, addresses in project plans).
Communication Data: Inquiries, feedback, or support requests you submit.

b. Information Collected Automatically:

Usage and Device Data: IP address, browser type, device ID, operating system, access times, pages viewed, and interactions (e.g., clicks on project features). Collected via cookies, pixels, or similar technologies.
Analytics Data: Aggregated usage patterns to improve the Service (e.g., how often selections are approved).

c. Information from Third Parties:

Payment Processors: Confirmation of transactions from Stripe.
Integrations: If you connect third-party tools (e.g., Google Workspace), we may receive data like calendar events.

We do not collect Sensitive Personal Data intentionally, but if it appears in uploaded content (e.g., health info in building specs), we treat it with heightened protections and require your explicit consent for processing where required by law.

3. How We Collect Your Information

Directly from You: During account signup, project setup, file uploads, messaging, or payments.
Automatically: Through cookies (essential for login, analytics for improvements) and server logs. See our Cookie Policy section below.
From Third Parties: Via secure APIs (e.g., Stripe for payments).

4. How We Use Your Information

We use personal data only for disclosed purposes, as required by the VCDPA and FTC transparency rules:

To provide and maintain the Service (e.g., hosting projects, facilitating approvals, messaging).
To process payments, manage subscriptions, and prevent fraud (e.g., verifying billing data).
To communicate with you (e.g., notifications, support, updates on features like new integrations).
To improve the Service (e.g., analytics on usage to enhance UI for construction workflows).
To comply with legal obligations (e.g., tax reporting, responding to subpoenas).
For security and risk management (e.g., detecting unauthorized access to uploaded files).

We do not use your data for automated decision-making with legal effects or sell it. Any de-identified data may be used for aggregate analytics.

5. Disclosure and Sharing of Your Information

We disclose personal data only as necessary and do not sell it. Categories of recipients under VCDPA:

Service Providers: Third parties like Stripe (payments), cloud hosts (e.g., Google Cloud for file storage), and analytics tools (e.g., Google Analytics). These are bound by contracts ensuring VCDPA-compliant protections.
Business Partners: If you integrate tools, data may be shared (e.g., with calendar apps).
Legal Requirements: To authorities if required by law, subpoena, or to protect rights (e.g., in disputes over project data).
Business Transfers: In mergers/acquisitions, your data may transfer but remains subject to this Policy.
With Consent: For any other purpose, with your explicit approval.

We share categories like account data (with providers), payment data (with Stripe), and content data (with storage vendors).

6. Cookies and Tracking Technologies

We use cookies and similar technologies for essential functions (e.g., session management) and analytics (e.g., tracking demo usage). You can manage preferences via browser settings or our consent banner. We do not use cookies for targeted advertising. For VCDPA compliance, you can opt-out of any non-essential tracking.

7. Data Security

We implement reasonable administrative, technical, and physical safeguards to protect your data, per FTC guidelines and VCDPA requirements:

Encryption (e.g., TLS for transmission, at-rest for files).
Access controls (e.g., Firestore rules ensuring clients see only their projects).
Regular audits, vulnerability scans, and employee training.
Incident response plans for breaches.

While we strive for security, no system is infallible. We notify you and authorities of breaches as required (e.g., under state laws).

8. Data Retention

We retain personal data only as long as necessary: account data until deletion request plus 30 days; payment data for 7 years (tax compliance); project data until project closeout or deletion. De-identified data may be kept indefinitely.

9. International Data Transfers

Data may be stored/processed in the US or other countries (e.g., Stripe servers). We use safeguards like standard contractual clauses for transfers, ensuring equivalent protections.

10. Children's Privacy

We comply with COPPA: The Service is not for children under 13. We do not knowingly collect their data. If discovered, we delete it immediately.

11. Your Privacy Rights

Under VCDPA, CCPA, and other laws, you have rights (without discrimination):

Access/Know: Confirm processing and access your data categories, sources, purposes.
Correction: Rectify inaccuracies.
Deletion: Delete your data (subject to exceptions like legal retention).
Portability: Receive data in a portable format.
Opt-Out: Of sales (not applicable), targeted ads (not applicable), profiling, or sensitive data processing.
Non-Discrimination: No penalties for exercising rights.

To exercise: Email support@jobhubpro.io with "Privacy Request" in the subject, providing verification. We respond within 45 days (extendable). Appeals: Contact us; if unresolved, complain to Virginia AG or FTC.

For California: We disclose metrics annually (e.g., requests received).

12. Changes to This Policy

We may update this Policy; changes posted here with revised date. Significant changes notified via email or Service notice. Continued use constitutes acceptance.

13. State Specific Notes

We do not sell your personal data as defined under Nevada (NRS 603A), California (CCPA), Virginia (VCDPA), or other state laws. We do not engage in targeted advertising or automated profiling with legal effects.

If you reside in a state with specific requirements (e.g., Illinois Biometric Information Privacy Act for biometric data), please contact us at support@jobhubpro.io to discuss applicability. We do not intentionally collect biometric data.

We are not a covered entity under HIPAA; you are responsible for ensuring compliance with health-related laws if uploading protected health information.

14. Contact Us

For questions, rights exercises, or complaints: support@jobhubpro.io or 508 Lee St., Blacksburg, VA 24060.

This Policy ensures full protection, encompassing our construction-focused SaaS activities while abiding by Virginia (VCDPA) and federal laws. Consult legal counsel for specifics.