Privacy Policy

Who We Are

Sergio is a field service management platform designed to help businesses manage their operations efficiently and securely. We take your privacy seriously.

What Information We Collect

We only collect information necessary to provide our services. Here's what we gather:

Information You Provide

For Customers:

• Name, email, phone number, and service address
• Photos of your property for quoting and service reference purposes
• Window count, special access requirements, and service preferences
• Service notes and special instructions

For Internal Users (Business staff and contractors):

• Work email and password credentials (verified via email confirmation)
• Role and access permissions
• Account activity and usage logs
• Team assignment and scheduling information

Through Communication:

• Messages sent via email, SMS, phone, or support chat
• Service requests, feedback, and support inquiries
• Email marketing preferences and opt-in/opt-out status
• Communication delivery status (opened, clicked, bounced)

Information Collected Automatically

Platform Usage:

• IP address, browser type, and device information
• Pages visited, features used, and time spent in the app
• Error logs and performance metrics

Security Monitoring:

• Login attempts and authentication events
• Suspicious activity or potential security threats
• CAPTCHA verification data (via Cloudflare Turnstile) for bot protection

Public Portal Submissions:

• Information submitted through customer intake forms
• Quote acceptance and customer portal interactions
• Customer update requests and preferences

We do not collect information from individuals under 18. If we discover we've collected data from a minor without appropriate consent, we will delete it immediately.

How We Use Your Information

We use your information to:

1. Deliver Services

• Schedule and complete service jobs
• Reference property information for accurate quoting and service planning
• Send appointment reminders and service updates
• Generate and send invoices and quotes
• Manage your account and service history

2. Improve Operations

• Optimize routes for efficient service delivery
• Train staff and ensure quality control
• Debug technical issues and improve the Sergio platform

3. Communicate About Service

• Respond to your inquiries and support requests
• Send service-related announcements (scheduling changes, weather-based delays)
• Send appointment reminders via SMS and email (24-hour and day-of notices)
• Request feedback on completed jobs
• Send invoices, quotes, and payment reminders via email and SMS
• Deliver email marketing campaigns (only to customers who have opted in)

4. Security & Compliance

• Prevent fraud, abuse, and unauthorized access
• Maintain business records as required by law
• Respond to legal requests from authorities

Your Consent

By using our services, submitting forms, or communicating with us, you consent to the collection and use of information as described in this policy.

Express Consent: For sensitive information or new purposes not covered here, we'll ask for your explicit permission first.

Who We Share Information With

We do not sell, rent, or trade your personal information. Period.

We share information only when necessary:

Service Providers

These companies help us operate Sergio and are contractually required to protect your data:

• Supabase - Database hosting and user authentication (stores data in Canadian data centers)
• Cloudflare - Website security, DDoS protection, content delivery, and bot prevention (Turnstile CAPTCHA)
• Mapbox - Mapping, routing, and geolocation services
• Stripe - Payment processing, subscription billing, and Stripe Connect for business payment accounts
• Resend - Transactional email delivery and marketing campaign distribution
• Weather API providers - Weather data for scheduling and service notifications

These providers access your data only to perform their specific functions and cannot use it for their own purposes.

Third-Party Integrations (Optional)

If you choose to enable integrations, we may share data with:

• QuickBooks - Accounting software integration for invoicing and financial records (only if you connect your QuickBooks account)

You control these integrations and can disconnect them at any time through your settings. Data shared with third-party integrations is governed by their respective privacy policies.

Legal Requirements

We may disclose information when required by law, such as:

• Court orders or subpoenas
• Regulatory investigations
• Protecting our rights or the safety of others

How Long We Keep Your Information

We retain information only as long as necessary:

Customer Records:

• Active customers: Duration of service relationship plus 7 years (for accounting, tax, and legal compliance)
• Property photos: Retained with customer records for service reference and quality control
• Leads/inquiries with no service: Up to 24 months, then deleted
• Marketing opt-in preferences: Retained until customer opts out or account is deleted
• Email campaign engagement data: Retained for 2 years for analytics purposes

Security Logs:

• Audit logs and security events: 2 years

Staff Accounts:

• Active employment/contract plus 1 year after separation

When retention periods expire, we securely delete or anonymize your information using industry-standard procedures.

How We Protect Your Information

We take security seriously and protect your data through:

Technical Safeguards:

• Encryption in transit (HTTPS/TLS) and at rest
• Role-based access controls (staff only see what they need)
• Secure authentication via Supabase
• Network firewalls and intrusion detection
• Regular security monitoring and updates

Organizational Measures:

• Staff training on privacy and data handling
• Confidentiality agreements with employees and contractors
• Regular access reviews and permission audits
• Incident response procedures

Physical Security:

• Secure facilities for any paper records
• Device encryption on staff computers and phones
• Hardware security for servers and network equipment

Our service providers are contractually required to maintain equivalent protections.

Cookies and Local Storage

Sergio works without cookies or local storage.

Your login and core functionality are managed by Supabase (our authentication provider) and don't require us to store anything in your browser.

However, with your permission, we can improve your experience by storing:

• Theme preference (light/dark mode)
• Dashboard view settings (week/month)
• Recently viewed data for faster loading

Your Choice

• Accept: We'll remember your preferences and cache data locally for better performance.
• Decline: Sergio works perfectly. Your preferences will reset each session, and some data may load slightly slower, but all features remain fully functional.

You can change this anytime in Settings.

What We Store (Only With Permission)

Preferences (localStorage):

• Theme selection
• Dashboard view mode
• Table column visibility
• Notification settings

Performance Cache (IndexedDB):

• Recently viewed jobs
• Customer data cache for offline capability
• Route optimization results

Analytics (Optional):

• Pages visited and features used
• Error reports for debugging
• Performance metrics

What We Never Do

• Use cookies for advertising or cross-site tracking
• Sell or share your data with third parties
• Require cookies for core functionality

If you decline cookies, we will not write anything to your browser storage. Your choice is respected and stored only in the current session.

Your Rights

You have the right to:

Access Your Information

Request a copy of the personal information we hold about you. We'll provide it in an understandable format within 30 days.

Correct Your Information

Ask us to correct inaccurate or incomplete records. We'll update your information promptly.

Delete Your Information

Request deletion of your personal information. We will comply unless we're legally required to retain it for:

• Tax and accounting purposes (up to 7 years per CRA requirements)
• Active legal disputes or unpaid invoices
• Regulatory investigations or court orders
• Warranty or liability claims related to completed services

Export Your Data

Request a copy of your data in a portable format (CSV, JSON) so you can transfer it elsewhere.

Object to Processing

Ask us to stop processing your information for specific purposes. However, note that we do not process your information for marketing or promotional purposes - we only use it to deliver services as described in this policy.

Revoke Consent

Withdraw your consent for cookie storage or other optional data collection at any time via Settings.

To exercise these rights, contact us at [email protected]. We'll respond within 30 days, or explain any lawful extension if more time is needed.

Data Accuracy

We rely on you to provide accurate information and notify us of changes. You can update your account details anytime in Sergio, or contact us at [email protected].

We take reasonable steps to ensure records are current when used to make decisions or disclosed to third parties.

Data Breaches

In the event of a data breach that poses a real risk of significant harm, we will:

• Notify affected individuals immediately upon detection and no later than required by law
• Report the breach to the Privacy Commissioner of Canada as required
• Take immediate steps to contain and remediate the breach
• Conduct a full investigation and implement additional safeguards

We maintain an incident response plan and conduct regular security audits to prevent breaches.

Mobile Applications

Sergio is available as mobile applications for iOS and Android devices. When you use our mobile apps, we may collect additional information:

• Device Information: Device model, operating system version, unique device identifiers
• Location Data: GPS location data when you use location-based features (with your permission)
• App Usage: Features used, crash reports, and performance metrics
• Push Notifications: Device tokens for sending service notifications and reminders

You can control location permissions, push notifications, and other app permissions through your device settings at any time.

Our mobile apps follow the privacy practices outlined in this policy and comply with Apple App Store and Google Play Store privacy requirements.

Children's Privacy

Sergio is designed for business use by adults. We do not knowingly collect information from individuals under 18. If you believe we've collected data from a minor, please contact us immediately at [email protected], and we will delete it.

Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. When we make material changes:

• The "Last Updated" date at the top will change
• We'll highlight significant updates on our website
• We may notify you directly via email for substantial changes

We encourage you to review this policy periodically.

Questions and Complaints

If you have questions about this Privacy Policy or believe we haven't followed it:

Contact Us:

We investigate all complaints and will respond with the outcome and any corrective measures taken.

If you remain unsatisfied, you may contact the Office of the Privacy Commissioner of Canada:

International Data Transfers

Your data is primarily stored in Canadian data centers (via Supabase). However, some of our service providers operate globally and may process data outside of Canada:

• Stripe: May process payment data in the United States with appropriate safeguards
• Cloudflare: Operates a global content delivery network
• Resend: May process email data in the United States

All international transfers are protected by standard contractual clauses, data processing agreements, and security measures equivalent to Canadian privacy standards.

GDPR Rights (For European Users)

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR):

• Right to Access: Request confirmation of whether we process your data and obtain a copy
• Right to Rectification: Request correction of inaccurate personal data
• Right to Erasure: Request deletion of your data (subject to legal retention requirements)
• Right to Restriction: Request limitation on how we process your data
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests or direct marketing
• Right to Withdraw Consent: Withdraw consent for marketing or optional data processing
• Right to Lodge a Complaint: File a complaint with your local data protection authority

Legal Basis for Processing: We process your data based on:

• Contract Performance: Processing necessary to deliver services you've requested
• Consent: For marketing emails, optional cookies, and non-essential processing
• Legitimate Interests: For fraud prevention, security, and service improvement
• Legal Obligations: For tax, accounting, and regulatory compliance

Marketing and Communication Preferences

Opt-In for Marketing: We only send marketing emails to customers who have explicitly opted in. You can manage your preferences at any time.

How to Opt Out:

• Click the "Unsubscribe" link at the bottom of any marketing email
• Update your preferences in your customer portal or account settings
• Contact us at [email protected]

Transactional Communications: Even if you opt out of marketing, you will still receive essential service communications such as:

• Appointment confirmations and reminders
• Invoice and payment notifications
• Quote delivery and acceptance
• Service updates and account notifications
• Security alerts and policy updates

These messages are necessary for service delivery and cannot be opted out of while maintaining an active service relationship.

Legal Compliance

This Privacy Policy complies with:

• Personal Information Protection and Electronic Documents Act (PIPEDA)
• Applicable provincial privacy legislation in Canada
• General Data Protection Regulation (GDPR) for European users
• Canada's Anti-Spam Legislation (CASL) for electronic communications
• Industry best practices for data protection

We regularly review and update our privacy practices to ensure ongoing compliance with evolving privacy regulations worldwide.

Acknowledgment

By using our website, services, or the Sergio platform, you acknowledge that you have read and understood this Privacy Policy.