Privacy Policy

1. Introduction

Fieldmatic ("we", "us", "our") is committed to protecting the personal data of our users. This Privacy Policy explains how we collect, use, store and protect your personal data when using the Fieldmatic software service ("Service").

By using our Service, you accept the practices described in this Privacy Policy.

2. Data Controller Identification

3. Legal Basis and GDPR Compliance

Our data processing complies with the European Union's General Data Protection Regulation (GDPR - Regulation 2016/679). The legal basis for data processing is:

• Contract Performance: Data processing necessary to provide the Service (GDPR Article 6(1)(b))
• Consent: For marketing communications and non-essential features (GDPR Article 6(1)(a))
• Legal Obligation: Fulfillment of accounting and tax requirements (GDPR Article 6(1)(c))
• Legitimate Interest: Service quality improvement, security maintenance (GDPR Article 6(1)(f))

4. What Data Do We Collect?

4.1 Registration Data

• Name: Full name (first name, last name)
• Email Address: For contact and login purposes
• Company Name: Business identification
• Phone Number: Optional, for support and notifications
• Password: Stored encrypted (bcrypt hash)

4.2 Billing Information

• Billing Name and Address
• Tax ID / Company Registration Number
• Payment Information: Payment data is handled by third party (Stripe). We do not store credit card numbers.

4.3 Usage Data

• IP Address: Security, abuse prevention
• Device Information: Browser type, operating system, screen size
• Login Times: Last login, sessions
• Usage Statistics: Which features you use, how often
• GPS Data: In mobile app, if permitted (timestamps, work tracking)

4.4 Content Data

Data uploaded by you while using the Service:

• Customer Data: Name, address, phone, email (your customers)
• Work Orders: Job descriptions, photos, signatures
• Scheduling: Appointments, job roles, employee schedules
• Files: Uploaded documents, images

5. How Do We Use Your Data?

We use collected data for the following purposes:

• Service Provision: Account creation, login, functionality provision
• Customer Support: Technical support, answering questions
• Billing: Subscription fee management, invoice generation
• Communication: Product updates, new feature notifications (if subscribed)
• Security: Abuse prevention, account protection
• Performance Improvement: Service optimization, bug fixing
• Legal Obligations: Fulfilling accounting and tax requirements

6. Data Storage and Processors

6.1 Data Storage Location

We store your data on servers located within the European Union:

• Primary Server: Frankfurt, Germany (AWS eu-central-1)
• Backup Server: Dublin, Ireland (AWS eu-west-1)

Your data does not leave the European Union.

6.2 Data Processors (Third Parties)

We use data processors (third-party service providers) to provide certain services:

We have concluded a Data Processing Agreement (DPA) with all processors, ensuring GDPR compliance.

7. Data Retention Period

We retain data only for as long as necessary:

• Active Account Data: While account is active (lifetime subscription)
• After Account Deletion: Permanently deleted within 30 days
• Billing Data: 8 years (mandatory retention under accounting law)
• Marketing Consent: Until withdrawal, or automatic deletion after 3 years of inactivity
• Logs, Security Data: Maximum 90 days

8. Data Security

We take serious efforts to protect your data:

• Encryption: AES-256 encryption for data at rest
• HTTPS / TLS: SSL/TLS 1.3 encryption for data in transit
• Passwords: Encrypted using bcrypt hash algorithm
• Two-Factor Authentication (2FA): Available for extra security
• Regular Security Audits: Penetration testing, vulnerability scanning
• Access Restriction: Principle of least privilege
• Logging: All data access is logged (audit logs)
• Backup: Daily automated backups, encrypted

9. Cookie Usage

9.1 What is a Cookie?

Cookies are small text files stored by your browser on your computer. Their purpose is to improve user experience and ensure website functionality.

9.2 What Cookies Do We Use?

9.3 Cookie Management

You can delete or disable cookies at any time in your browser settings. However, without certain cookies, the Service may not function properly (e.g., login).

10. Your Rights (GDPR)

Under the European Union's General Data Protection Regulation (GDPR), you have the right to:

10.1 How to Exercise Your Rights?

To exercise your rights, contact us:

10.2 Filing a Complaint

If you believe your data has been mishandled, you can file a complaint with your local data protection authority.

11. Data Sharing with Third Parties

WE DO NOT sell or share your data for marketing purposes with third parties.

We only share your data in the following cases:

• Data Processors: See Section 6.2 (Hosting, payment, email sending, etc.)
• Legal Obligation: When required by law, court order, or regulatory request
• Corporate Sale/Merger: If our company ownership changes, data may transfer to new owner (we will notify you)
• Explicit Consent: If you explicitly consent to specific data sharing

12. Children's Privacy

Our Service is not intended for children. We do not knowingly collect personal data from persons under 16 years of age.

If we learn that we have collected data from a person under 16, we will delete it immediately.

13. Marketing Communications

If you have subscribed to our newsletter or marketing communications:

• We will send notifications about product updates and new features
• You can unsubscribe at any time by clicking the "Unsubscribe" link in emails
• We will stop sending marketing emails within 48 hours of unsubscribing
• Important: We will continue to send transactional emails (invoices, password reset, etc.), which are necessary for Service operation

14. Data Breach Handling

In case of a data breach:

• We will notify the relevant authority within 72 hours (if required)
• We will notify affected users by email
• We will take necessary steps to resolve the incident
• We will provide transparent communication about incident handling

15. Changes to this Privacy Policy

We reserve the right to modify this Privacy Policy from time to time. For any changes:

• We will notify you by email (for significant changes)
• We will update the "Last Updated" date at the top of this page
• We will publish the new version 30 days before changes take effect

We recommend checking this page regularly to stay informed of changes.

16. Contact

If you have questions about this Privacy Policy or wish to exercise your GDPR rights, contact us:

Response Time: 30 days (as per GDPR)

17. Applicable Laws

This Privacy Policy was prepared in accordance with the following legislation:

• European Union General Data Protection Regulation (GDPR - Regulation 2016/679)
• National data protection laws of EU member states
• ePrivacy Directive (2002/58/EC)