OptiBuild — The Contractor's Command Center

1. Introduction

OptiBuild LLC ("we," "us," or "our") respects your privacy. This Privacy Policy explains how we collect, use, store, and protect your information when you use OptiBuild ("the Service").

2. Information We Collect

Information You Provide

Account information: Email address, name, and password when you register
Business data: Contacts, bids, calendar events, follow-ups, and notes you enter into the CRM
Files: Photos and documents you upload (stored securely in encrypted cloud storage)
Payment information: Processed by Stripe — we never see or store your full credit card number

Information Collected Automatically

Usage data: Pages visited, features used, permit lookups performed
Device information: Browser type, operating system, screen resolution
IP address: Used for rate limiting and security (geocode API)
Cookies: Authentication session cookies managed by Supabase Auth

3. How We Use Your Information

To provide and operate the Service
To authenticate your identity and maintain your session
To process payments and manage subscriptions
To enforce free/pro tier limits
To improve the Service and fix bugs
To send important account notifications (e.g., subscription changes)
To comply with legal obligations

We do NOT:

Sell your personal information to third parties
Use your business data for advertising
Share your contacts or bids with other users
Send marketing emails without your consent

4. Data Isolation (Multi-Tenancy)

Your business data is isolated at the database level using Row Level Security (RLS). This means:

Each company's data is completely separate
Other users cannot see, access, or query your data
Even our application code cannot bypass this isolation — it's enforced at the database level

5. Third-Party Services

We use the following third-party services:

Supabase (database, authentication, file storage) — Privacy Policy
Stripe (payment processing) — Privacy Policy
Vercel (hosting) — Privacy Policy
U.S. Census Bureau Geocoder (address lookup) — a free public government API, no data is stored
Sentry (error monitoring, optional) — only receives error reports, no business data

6. Data Storage and Security

Data is stored in Supabase (hosted on AWS) with encryption at rest and in transit
Files are stored in a private Supabase Storage bucket — not publicly accessible
File access requires signed URLs that expire after 1 hour
All connections use HTTPS/TLS encryption
API routes are protected by authentication and input validation
Database backups are maintained by Supabase with 7-day retention

7. Data Retention

Active accounts: Data is retained as long as your account is active
Canceled subscriptions: Your data remains accessible for 30 days, then is archived
Deleted accounts: Data is permanently deleted within 30 days of account deletion
Logs: Server logs are retained for up to 90 days for security and debugging

8. Your Rights

You have the right to:

Access your data at any time through the Service
Export your data (Pro feature, or by request)
Correct inaccurate information in your account
Delete your account and all associated data
Object to specific uses of your data

To exercise any of these rights, contact us at support@optibuild.app

9. Children's Privacy

The Service is not intended for children under 18. We do not knowingly collect information from children under 18. If we learn we have collected such information, we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes via email. The "Last updated" date at the top reflects the most recent revision.

11. Contact

Questions about this Privacy Policy? Contact us at support@optibuild.app