Privacy Policy

At PaveDesk, Inc. (“PaveDesk”, “we”, “us”, or “our”), we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and protect information about you when you use our software platform, website, and related services (collectively, the “Services”).

1. Information We Collect

Account & Profile Information

When you create an account, we collect your name, email address, phone number, company name, and billing information. You may also provide a company logo, profile photo, and business details such as your license number and service area.

Business Data You Enter

As you use PaveDesk, you enter business data including:

• Client names, addresses, phone numbers, and email addresses
• Proposal content, line items, pricing, and service descriptions
• Site audit photos, GPS coordinates, and pavement condition notes
• Work order details, crew assignments, and job progress
• Invoice amounts, payment records, and financial data
• Lead information and sales pipeline data

This data is yours. We process it on your behalf to provide the Services and do not use it for any purpose other than delivering and improving the Services.

Usage & Technical Data

We automatically collect certain technical information when you use our Services, including:

• IP address, browser type, and operating system
• Pages visited, features used, and time spent in the application
• Device identifiers and mobile device information
• Error logs and crash reports to improve reliability

Communications

If you contact us for support, submit a form, or communicate with our team, we retain those communications to provide assistance and improve our Services.

2. How We Use Your Information

We use the information we collect to:

• Provide and operate the Services — processing proposals, generating PDFs, sending emails on your behalf, syncing data across devices
• Billing and account management — processing payments, managing subscriptions, and sending invoices and receipts
• Customer support — responding to your questions, troubleshooting issues, and onboarding assistance
• Product improvement — analyzing usage patterns (in aggregate, not linked to individual identities) to improve features and performance
• Security and fraud prevention — detecting and preventing unauthorized access and abuse
• Legal compliance — meeting our obligations under applicable law
• Marketing communications — sending product updates, tips, and promotional content if you have opted in (you can opt out at any time)

We do not sell your personal data or your clients' data to third parties. We do not use your business data to train AI models without your explicit consent.

3. Information Sharing

We share information only in the following circumstances:

Service Providers

We use trusted third-party vendors to operate our Services. These vendors have access to your data only as necessary to perform their functions and are bound by confidentiality agreements. Our key sub-processors include:

• Stripe — payment processing (card data is handled entirely by Stripe and never stored on PaveDesk servers)
• Amazon Web Services (AWS) — cloud infrastructure and data storage
• SendGrid / Postmark — transactional email delivery
• Google Maps — GPS mapping and satellite imagery in site audits
• Intercom — in-app support chat (Pro and Enterprise plans)

Business Transfers

If PaveDesk is involved in a merger, acquisition, or asset sale, your information may be transferred as part of that transaction. We will notify you before your data becomes subject to a materially different privacy policy.

Legal Requirements

We may disclose information if required to do so by law, court order, or governmental authority, or if we believe disclosure is necessary to protect the rights, property, or safety of PaveDesk, our users, or others.

With Your Consent

We share information with third parties when you have given us explicit consent to do so.

4. Data Security

We implement industry-standard security measures to protect your information:

• All data is encrypted in transit using TLS 1.2 or higher
• Data at rest is encrypted using AES-256
• Access to production systems is restricted and logged
• We perform regular security audits and penetration testing
• All employees complete security training and sign confidentiality agreements
• We maintain SOC 2 Type II certification

While we take reasonable precautions, no system is completely secure. We encourage you to use a strong, unique password and enable two-factor authentication when available.

5. Data Retention

We retain your data for as long as your account is active or as needed to provide the Services. If you cancel your account:

• You may export all your data at any time before cancellation
• We will retain your data for 90 days after cancellation to allow account reactivation
• After 90 days, your business data will be permanently deleted from our production systems
• Backup copies may persist for up to 30 additional days before being purged
• We retain billing records as required by applicable tax and financial regulations (typically 7 years)

6. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

• Access — request a copy of the personal data we hold about you
• Correction — request correction of inaccurate or incomplete data
• Deletion — request deletion of your personal data (subject to legal retention requirements)
• Portability — receive your data in a structured, machine-readable format
• Objection — object to processing of your data for marketing purposes
• Restriction — request restriction of processing in certain circumstances

California residents have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information is sold or disclosed (we do not sell personal information) and the right to non-discrimination for exercising privacy rights.

To exercise any of these rights, contact us at privacy@pavedesk.com. We will respond within 30 days.

7. Cookies & Tracking

We use cookies and similar tracking technologies to operate and improve our Services.

Essential Cookies

Required for the Services to function — session authentication, security tokens, and user preferences. These cannot be disabled.

Analytics Cookies

We use privacy-respecting analytics (we do not use Google Analytics on authenticated app pages) to understand how features are used in aggregate. You can opt out of analytics tracking in your account settings.

Marketing Cookies

On our public marketing website (pavedesk.com), we may use cookies to measure the effectiveness of advertising campaigns. You can opt out via the cookie consent banner or your browser's privacy settings.

8. Third-Party Services & Integrations

If you connect PaveDesk to third-party services (QuickBooks, Xero, Stripe, Google Calendar), those services have their own privacy policies. We only access the data necessary to provide the integration and do not share your data with those services beyond what is required for the integration to function.

9. Children's Privacy

Our Services are intended for business use by adults. We do not knowingly collect personal information from individuals under the age of 18. If we become aware that we have collected data from a minor, we will delete it promptly. Contact us at privacy@pavedesk.com if you believe we have inadvertently collected information from a minor.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

• Post the updated policy on this page with a new “Last Updated” date
• Send an email notification to all active account holders
• Display an in-app banner for 30 days after significant changes

Your continued use of the Services after changes are posted constitutes your acceptance of the updated policy.

11. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your data, please contact us: