1. Scope and Roles

This Privacy Policy applies when we act as a controller or business for personal information related to website visitors, prospective customers, account administrators and users, billing contacts, and support contacts.

If your personal information appears inside a customer workspace, we generally process that information on the customer's behalf as a service provider or processor. In those cases, please contact the customer that controls the workspace first.

2. Information We Collect

• Account and profile information such as name, business email, phone number, company name, title, role, and account preferences.
• Authentication and identity information from our login and identity providers.
• Billing and transaction information, including subscription plan, invoice status, and limited payment metadata from our payment processor.
• Customer workspace content, including project documents, drawings, specifications, spreadsheets, contact records, bid materials, and personal information embedded in those materials.
• Communications and support information such as emails, tickets, chat messages, call notes, and pilot feedback.
• Usage, device, diagnostics, and security log information such as IP address, browser type, operating system, timestamps, and feature usage events.

3. How We Use Information

• Provide, host, secure, and maintain the Services.
• Authenticate users and manage accounts.
• Process subscriptions, invoices, and payments.
• Provide onboarding, support, and pilot operations.
• Analyze usage, troubleshoot issues, and improve the Services.
• Operate analytics, logging, and monitoring tools.
• Process and route customer workspace content through configured AI workflows.
• Detect, prevent, and respond to fraud, abuse, security incidents, and other harmful activity.
• Comply with law, enforce agreements, and protect our rights.

We do not use customer workspace content to train OmniTakeoff models for general use unless the customer has expressly opted in.

4. How We Disclose Information

We do not sell personal information. We do not share personal information for cross-context behavioral advertising.

• Service providers and subprocessors that help us host, secure, authenticate, monitor, bill, support, analyze, or operate the Services.
• AI providers used to process extracted text and structured data from customer content when enabled by the customer.
• Customer-directed integrations and recipients when a customer connects a third-party integration or sends communications through the Service.
• Professional advisors, authorities, or transaction counterparties where necessary for legal, business, or safety reasons.

5. AI Providers and Integrations

OmniTakeoff uses AI-assisted workflows to analyze project documents, draft takeoffs, support estimation, and identify bid-compliance items. Depending on customer configuration, extracted text and structured project data may be routed to supported AI providers such as Anthropic, OpenAI, Google Gemini, or xAI. Some lightweight tasks may also be run locally using an on-host model.

If a customer enables third-party integrations, we may receive or send the information needed to operate those integrations, such as authentication tokens, accounting data mappings, identity provider metadata, or email-routing details.

6. Cookies and Analytics

• Essential cookies are used for authentication, security, session continuity, and core site functionality.
• Functional cookies may be used to remember settings and improve usability.
• Analytics and monitoring tools may be used to understand product usage, performance, and error conditions when permitted by your settings or applicable law.

Our current product experience is designed so non-essential analytics load only after the relevant consent signal is present. We do not use advertising cookies or ad-targeting trackers.

7. Retention, Security, and Transfers

We retain personal information for as long as needed to provide the Services, comply with legal obligations, resolve disputes, and enforce agreements. In general, customer workspace data remains available for export for about 30 days after termination unless a signed agreement says otherwise, and backup copies may persist until overwritten in the normal backup cycle.

We use reasonable administrative, technical, and organizational safeguards designed to protect personal information, including access controls, encryption in transit, audit logging, tenant-isolation controls, rate limiting, input validation, and incident-response procedures.

We are based in the United States and may process personal information in the United States and other countries where we or our service providers operate. Where required, we use an appropriate legal transfer mechanism for international transfers.

8. Your Rights and Choices

Depending on where you live and subject to applicable law, you may have rights to know whether we process your personal information, access it, correct it, delete it, obtain a portable copy, restrict or object to certain processing, withdraw consent, or appeal a denied request.

If your information is contained in a customer workspace, contact the customer that controls the workspace first. We will assist customers with applicable requests where required by law or contract.

9. Supplemental U.S. State Privacy Notice

During the 12 months before the effective date of this Privacy Policy, we may have collected and disclosed the following categories of personal information for business purposes:

We do not sell personal information, and we do not share personal information for cross-context behavioral advertising.

10. Contact and Updates

We may update this Privacy Policy from time to time. If we make a material change, we will post the updated version and revise the date above.

Questions, requests, or complaints about this Privacy Policy may be sent to privacy@omnitakeoff.com.