Privacy Policy

[LAWYER REVIEW REQUIRED] — This is placeholder content. All sections below must be reviewed and approved by legal counsel before launch.

1. Introduction

Fieldr, Inc. ("Fieldr," "we," "us") operates the Fieldr environmental compliance platform at fieldr.org. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our Service.

2. Information We Collect

Account Information

When you create an account, we collect:

• Name and email address
• Organization name
• Password (stored securely using bcrypt hashing)
• Role and permissions within your organization

Compliance Data

You upload or create environmental compliance data including:

• Inspection records, photos, and field notes
• Permit information and conditions
• Corrective action details
• Environmental monitoring data (stormwater, air, waste)
• Site information and geographic coordinates
• Documents and file attachments

Usage Data

We automatically collect technical information including browser type, device information, IP address, pages visited, and feature usage patterns. This data helps us improve the Service.

3. How We Use Your Information

• Provide, maintain, and improve the Fieldr platform
• Process your compliance data and generate reports
• Power AI features (Sprig AI) for compliance analysis
• Send transactional emails (invitations, alerts, reports)
• Process payments and manage subscriptions
• Monitor and improve security and performance
• Comply with legal obligations

4. Third-Party Services

We use the following third-party services to operate Fieldr:

Each provider operates under their own privacy policy. We share only the minimum data necessary for each service to function.

5. AI Data Processing

When you use Sprig AI features, your compliance data may be sent to Anthropic's Claude API for processing. This data is used solely to generate your requested analysis and is not used to train AI models. AI conversations are retained for 90 days, then permanently deleted. You can delete AI conversation history at any time through Settings > Privacy.

6. Cookies

We use the following types of cookies:

• Essential cookies — Required for authentication and session management. Cannot be disabled.
• Analytics cookies — Help us understand usage patterns. You can opt out in Settings > Privacy.

7. Data Retention

8. Your Rights

Under GDPR, CCPA, and other applicable privacy regulations, you have the right to:

• Access — Download all your data as JSON via Settings > Privacy > Export Data
• Rectification — Update your personal information in Settings > Profile
• Erasure — Request account deletion via Settings > Privacy > Delete Account (30-day grace period)
• Portability — Export your data in a machine-readable format
• Restriction — Request that we limit processing of your data
• Objection — Object to processing of your data for certain purposes

To exercise any of these rights, use the built-in tools in Settings > Privacy or contact us at privacy@fieldr.org.

9. Data Security

We implement industry-standard security measures including: encryption in transit (TLS 1.3) and at rest, bcrypt password hashing, JWT-based session management with 24-hour expiry, role-based access control (RBAC), rate limiting on authentication endpoints, Content Security Policy headers, and continuous error monitoring via Sentry. Despite these measures, no method of transmission or storage is 100% secure.

10. Children's Privacy

Fieldr is designed for professional use by environmental compliance personnel. We do not knowingly collect personal information from children under 16. If you believe we have collected such information, contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes by email or through a notice in the Service. Continued use after changes become effective constitutes acceptance.

12. Contact

For privacy-related questions or to exercise your data rights, contact us at privacy@fieldr.org.