This Privacy Policy explains how Industry Software (“Industry Software,” “we,” “us,” or “our”) collects, uses, discloses, and safeguards personal information when you visit our websites, use our software and services, contact us, or otherwise interact with us (collectively, the “Service”). It also describes the choices and rights you have over your information and how you can reach us. This policy works alongside our Terms of Service, and where we process information on behalf of a business customer, it works alongside that customer’s agreement with us. Please read it carefully so that you understand how we treat your information.
1. Introduction & Scope
Industry Software provides software for industrial and manufacturing operations. We respect your privacy and are committed to handling personal information responsibly and transparently. This policy describes the personal information we process, why we process it, who we share it with, how long we keep it, how we protect it, and the rights and choices available to you.
Who and what this policy covers
This policy applies to personal information we process about visitors to our websites, prospective customers, customers, and the Authorized Users of customer accounts, as well as people who contact us or attend our events. It covers our websites, the hosted Service, our applications, and our sales, marketing, and support activities.
What this policy does not cover
This policy does not govern the data that our business customers submit to or generate within the Service in the course of their own operations. For that Customer Data, the customer is the controller and the customer’s own privacy notice applies, while Industry Software acts as a processor under the customer agreement and any Data Processing Addendum, as described in Section 3. This policy also does not cover third party websites or services that we do not control, which are addressed in Section 21.
How this policy fits with our other terms
This policy works alongside our Terms of Service. If you access the Service through an organization, your use is also subject to that organization’s policies. Capitalized terms used but not defined here have the meaning given in Section 2 or in the Terms of Service.
2. Definitions
To make this policy easier to follow, the key terms below have the following meanings.
- “Personal Information” or “Personal Data” means information that identifies, relates to, or could reasonably be linked to an identified or identifiable individual.
- “Processing” means any operation performed on personal information, such as collection, use, storage, disclosure, or deletion.
- “Controller” means the party that decides why and how personal information is processed.
- “Processor” means a party that processes personal information on behalf of and under the instructions of a controller.
- “Customer Data” means the data that a business customer or its Authorized Users submit to or generate within the Service, which may contain personal information about the customer’s own staff or contacts.
- “Authorized User” means an individual a customer permits to use the Service under its account.
- “Subprocessor” means a third party we engage to process personal information in order to provide the Service.
- “Sensitive Personal Information” means categories of personal information that receive special protection under applicable law, such as government identifiers, precise geolocation, or account credentials.
- “Deidentified Data” means data that can no longer reasonably be used to identify an individual.
- “Cookies” means small files and similar technologies placed on your device that let a website recognize your browser. See Section 7.
3. Our Roles: Controller and Processor
The way data protection law applies to us depends on the role we play for a given set of information.
When we are a controller
We act as a controller for the personal information we decide how to use, including information about website visitors, prospective customers, the account and billing contacts of our customers, support communications, and recipients of our marketing. This policy describes that processing.
When we are a processor
When a business customer uses the Service, the customer controls the Customer Data it puts into the system, and we act as a processor that handles that data only on the customer’s documented instructions. That processing is governed by the customer agreement and, where applicable, a Data Processing Addendum, rather than by this policy. If you are an Authorized User of a customer and have questions about how your employer uses the Service, please contact that organization, since it is the controller of that data.
4. Information We Collect
We collect personal information in three main ways: information you give us, information we collect automatically when you use the Service, and information we receive from third parties. The table below summarizes the categories, with detail in the subsections that follow.
| Category | Examples | Source |
|---|---|---|
| Identity and contact | Name, email address, phone number, password | You |
| Professional | Job title, company name, business address, role | You, your organization |
| Communications | Support requests, survey responses, feedback, sales inquiries | You |
| Usage and device | Pages viewed, features used, IP address, browser and device type, timestamps, logs | Automatic |
| Cookies and similar | Identifiers, preferences, analytics and marketing signals | Automatic (see Section 7) |
| Billing | Billing contact, purchase records, payment status (card data is handled by our payment processor) | You, payment processor |
| Third party records | Business contact details and account information | Partners, resellers, public or commercial sources |
Information you provide
- Account information such as your name, email address, and password.
- Professional details such as job title, company name, and business contact information.
- Communications such as support requests, survey responses, sales inquiries, and feedback.
- Billing contact and purchase information when your organization buys a Subscription.
Information collected automatically
- Usage and device data such as pages viewed, features used, IP address, browser and device type, language, and timestamps.
- Log and diagnostic data used to operate, secure, and troubleshoot the Service.
- Cookies and similar technologies, as described in Section 7.
Information from third parties
- Information from partners, resellers, and publicly or commercially available sources used to keep our business records accurate and to support sales and marketing.
- Single sign on or directory information when your organization connects its identity provider.
Mobile app permissions
Location information. With your permission, the App collects your device’s location when you clock in or out of a shift, in order to record the jobsite associated with your work. Location is only captured during clock in and clock out actions and is used solely for this operational purpose. You can disable location access in your device settings, though clock in location features will not function without it.
Camera and photos. With your permission, the App accesses your camera and photo library so you can capture or attach jobsite photos to work orders. These images are stored as part of your business data and are not used for any other purpose.
This data is collected only to provide core app functionality, is linked to your account, is not used for advertising or tracking, and is not sold or shared with third parties for advertising. It is transmitted securely over HTTPS and TLS.
You can choose not to provide some information, but certain features or the Service as a whole may not be available without it.
5. How We Use Your Information
We use personal information for the purposes below. Section 6 explains the legal basis we rely on for each type of use where the law requires one.
To provide and operate the Service
- Create and administer accounts, authenticate users, and deliver the features you request.
- Provide customer support and respond to your questions and requests.
- Process orders, billing, and payments, and send related transactional messages.
To secure and improve the Service
- Monitor for, prevent, and investigate security incidents, fraud, abuse, and violations of our terms.
- Maintain, debug, and improve the Service and develop new features.
- Perform analytics and research, generally using aggregated or deidentified data.
To communicate with you
- Send account, security, and service notices, which are not marketing and which you cannot opt out of while you use the Service.
- Send marketing communications where permitted, which you can opt out of at any time, as described in Section 19.
To meet legal and compliance obligations
- Comply with applicable laws, respond to lawful requests, and establish, exercise, or defend legal claims.
- Operate optional AI assisted features, as described in Section 18.
6. Legal Bases for Processing
Where data protection law requires a legal basis (for example, under the GDPR and UK GDPR), we rely on the following bases, depending on the context.
- Performance of a contract. To provide the Service and support to you or the organization you represent and to administer the relationship.
- Legitimate interests. To secure, operate, improve, and promote the Service in ways that are not overridden by your interests or rights, such as fraud prevention, network and information security, product analytics, and direct business marketing.
- Consent. For certain marketing and for non essential cookies, where consent is required. You can withdraw consent at any time without affecting processing already carried out.
- Compliance with a legal obligation. To meet tax, accounting, and other legal requirements and to respond to lawful requests.
- Vital or public interest. In rare cases, to protect someone’s safety or where processing is necessary in the public interest.
If you would like more information about the balancing we carry out for our legitimate interests, you can contact us using Section 23.
7. Cookies & Tracking Technologies
We and our providers use cookies, local storage, pixels, and similar technologies to operate the website, remember your preferences, understand how the Service is used, and measure the effectiveness of our content and campaigns.
Categories we use
- Strictly necessary. Required to run the website and the Service, for example to keep you signed in and to protect security. These cannot be switched off in our systems.
- Functional. Remember your preferences and choices to improve your experience.
- Analytics. Help us understand usage so we can improve performance and features.
- Marketing. Help us deliver and measure relevant communications and campaigns.
Your choices
You can control or disable cookies through your browser settings and, where offered, through our cookie preferences tool. If you disable some cookies, parts of the Service may not function properly. We honor recognized opt out browser signals such as Global Privacy Control where required by law. Because there is no common standard for Do Not Track, we respond to it only as the law requires.
8. How We Share Information
We do not sell your personal information, and we do not share it for cross context behavioral advertising as those terms are defined under U.S. state privacy laws. We disclose personal information only in the circumstances below.
- Service providers and Subprocessors. Vendors who process data on our behalf under written contracts with confidentiality and security obligations, as described in Section 9.
- Affiliates. Companies under common control with Industry Software, for the purposes described in this policy.
- At your direction. When you enable an integration or otherwise ask us to share information with a third party.
- Legal and safety. When required by law, regulation, or legal process, or to protect the rights, property, safety, and security of Industry Software, our users, or the public.
- Business transfers. In connection with a merger, acquisition, financing, reorganization, or sale of assets, subject to this policy continuing to govern the affected information.
9. Subprocessors & Service Providers
We rely on trusted third parties to help us deliver the Service. These include providers of cloud hosting and infrastructure, customer support tooling, product analytics, communications and email delivery, and payment processing.
We engage these providers under written contracts that require them to protect personal information, to use it only to provide services to us, and to apply security measures consistent with this policy. We carry out due diligence before engaging a provider that will process personal information.
For Customer Data that we process as a processor, we maintain a current list of Subprocessors and provide customers with a way to be informed of intended changes so that they have a reasonable opportunity to object on legitimate data protection grounds, consistent with the Data Processing Addendum and Section 11 of the Terms of Service.
10. International Data Transfers
We operate globally and may process and store information in countries other than the one where it was collected, including the United States, where our facilities or those of our providers are located. Data protection laws in those countries may differ from those in your country.
Where we transfer personal information across borders in a way that requires a safeguard, we use a lawful transfer mechanism appropriate to the data and the jurisdictions involved. These include the European Commission Standard Contractual Clauses, the UK International Data Transfer Addendum, and reliance on adequacy decisions where they apply. We also apply supplementary technical and organizational measures where appropriate.
You may request more information about the transfer mechanisms we use by contacting us as described in Section 23.
11. Data Retention
We keep personal information only for as long as it is needed for the purposes described in this policy. The period depends on the type of information and the context.
- Account and relationship information is kept for the life of the account and for a reasonable period afterward to meet legal, tax, and recordkeeping requirements and to resolve disputes.
- Usage, log, and security data is kept for a shorter period appropriate to operating and securing the Service.
- Marketing data is kept until you opt out or it is no longer needed for that purpose.
For Customer Data that we process on behalf of a customer, retention and deletion follow the customer agreement. After the Service ends, we make Customer Data available for export and then delete it, consistent with the thirty (30) day window described in Section 20 of the Terms of Service, except where the law requires longer retention. When information is no longer required, we delete it or convert it into deidentified data, including in routine backups over their normal cycle.
12. Data Security
We maintain an information security program with administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, use, alteration, disclosure, and loss.
- Encryption of data in transit and at rest where appropriate.
- Access controls based on least privilege, with authentication and monitoring.
- Logging, monitoring, and regular security reviews and testing.
- Vendor security diligence and contractual safeguards.
Security is a shared responsibility. You also play an important part by using strong and unique credentials, enabling multi factor authentication where available, and keeping your account details confidential. No method of transmission or storage is completely secure, so while we work hard to protect your information, we cannot guarantee absolute security. If a security incident occurs, we respond as described in Section 13.
13. Security Incident Notification
We maintain procedures to detect, investigate, and respond to security incidents. If we confirm a breach of security leading to the unauthorized access to or acquisition, disclosure, or loss of personal information that we control, we will notify affected customers, and individuals where required, without undue delay and consistent with applicable law.
Our notice will describe, to the extent known and permitted, the nature of the incident, the information involved, the steps we are taking, and recommended actions. Where we act as a processor of Customer Data, we will notify the affected customer without undue delay and provide the information reasonably available to help the customer meet its own obligations, consistent with Section 10 and Section 11 of the Terms of Service.
14. Your Privacy Rights
Depending on where you live, you may have some or all of the following rights regarding your personal information.
- Access a copy of the personal information we hold about you.
- Correct information that is inaccurate or incomplete.
- Delete personal information, subject to legal exceptions.
- Restrict or object to certain processing, including direct marketing.
- Receive your information in a portable format and ask us to transfer it where feasible.
- Withdraw consent where processing is based on consent.
How to exercise your rights
You can submit a request by contacting us as described in Section 23, or through your Industry Software representative, who will route it to the right team. To protect your information, we will take reasonable steps to verify your identity before acting, and we may ask for additional information for that purpose. An authorized agent may submit a request on your behalf with proof of authorization.
Timing, fees, and appeals
We will respond within the timeframes required by applicable law. Requests are normally free, although we may charge a reasonable fee or decline a request that is excessive or unfounded, as the law allows. We will not discriminate or retaliate against you for exercising your rights. If we decline a request, we will explain why, and where the law provides an appeal or complaint route, we will tell you how to use it. If you are an Authorized User of a customer, please direct requests about Customer Data to that organization, since it is the controller.
15. California Privacy Rights (CCPA/CPRA)
If you are a California resident, the California Consumer Privacy Act, as amended, gives you specific rights regarding your personal information.
- Right to know. The categories and specific pieces of personal information we have collected, the sources, the business purposes, and the categories of recipients.
- Right to delete personal information we collected from you, subject to exceptions.
- Right to correct inaccurate personal information.
- Right to opt out of the sale or sharing of personal information, and to limit the use of sensitive personal information.
- Right to non discrimination for exercising your rights.
In the prior twelve (12) months we have collected the categories of personal information described in Section 4 (identity and contact, professional, commercial and billing, internet and device activity, and inferences drawn from these), from the sources in Section 4, for the business purposes in Section 5, and we have disclosed them to the categories of recipients in Section 8. We do not sell or share personal information, and we do not use or disclose sensitive personal information for purposes that require a right to limit, as those terms are defined under California law. We retain personal information as described in Section 11. California residents may also use the “Shine the Light” law to request information about disclosures for third party direct marketing; we do not make such disclosures. You can exercise your rights as described in Section 23 or through your Industry Software representative, and you may use an authorized agent.
16. Other U.S. State Privacy Rights
Several other U.S. states, including Virginia, Colorado, Connecticut, Utah, Texas, and Oregon, have comprehensive privacy laws. If you are a resident of a state with such a law, you generally have rights to confirm whether we process your personal information, to access, correct, and delete it, to obtain a portable copy, and to opt out of targeted advertising, the sale of personal information, and certain profiling. As noted above, we do not sell personal information or use it for targeted advertising in the manner those laws restrict.
You can exercise these rights as described in Section 23. Where the law provides a right to appeal a decision on your request, we will explain how to appeal and respond within the period the law requires.
17. European, UK & Swiss Privacy Rights (GDPR)
If you are in the European Economic Area, the United Kingdom, or Switzerland, the GDPR and equivalent laws give you the rights described in Section 14, including access, rectification, erasure, restriction, objection, and portability, and the right to withdraw consent.
For processing where we are the controller, Industry Software is the controller of your personal information. We rely on the legal bases in Section 6 and use the transfer safeguards in Section 10. You have the right to lodge a complaint with your local or lead supervisory authority, although we encourage you to contact us first so we can try to resolve your concern.
Where we process Customer Data on behalf of a business customer, that customer is the controller and we act as a processor under the customer agreement and any Data Processing Addendum, consistent with Section 3 and Section 11 of the Terms of Service. If you are an Authorized User, please direct your request to that organization.
18. Automated Decision Making & AI Features
Parts of the Service include analytics and optional artificial intelligence features, such as document analysis and assisted estimating, that help users work more efficiently.
We do not make decisions that produce legal or similarly significant effects about you based solely on automated processing without human involvement. AI assisted features are designed to support people, not to replace human judgment, and outputs are intended to be reviewed by a person before they are acted on. Where a customer uses AI features to process Customer Data, that processing is carried out on the customer’s instructions and is governed by the customer agreement rather than by this policy. If we introduce automated processing that requires additional disclosures, we will update this policy and provide the information the law requires.
19. Marketing Communications & Your Choices
We may send you information about products, features, events, and offers that we think may interest you, where permitted by law and your preferences.
- You can opt out of marketing emails at any time using the unsubscribe link in the message or by contacting us as described in Section 23.
- Opting out of marketing does not stop transactional or service messages, such as security alerts, billing notices, and important changes to the Service, which are necessary to provide the Service.
- You can manage cookie and advertising choices as described in Section 7.
We aim to action opt out requests promptly, and within the time required by law.
20. Children’s Privacy
The Service is intended for businesses and their authorized personnel. It is not directed to children, and we do not knowingly collect personal information from children under the age of 16, or a higher age where required by local law. The Service is not designed for, and should not be used by, individuals who are not authorized adult users of a customer account.
If you believe that a child has provided us with personal information, please contact us as described in Section 23 so that we can investigate and delete the information where appropriate. If we learn that we have collected personal information from a child without the required consent, we will delete it promptly.
21. Third Party Links & Services
The Service may contain links to, or interoperate with, third party websites, applications, and services that we do not own or control, including integrations that you or your organization choose to enable.
This Privacy Policy does not apply to those third parties, and we are not responsible for their content or privacy practices. When you enable an integration, information may be exchanged with the third party at your direction, and that information is then handled under the third party’s own terms and privacy notice. We encourage you to review the privacy notice of any third party before you use it or share information with it.
22. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes to our practices, the Service, or legal, operational, or regulatory requirements. When we do, we will post the updated policy on this page and revise the “Last Updated” date shown above.
If the changes are material, we will provide additional notice as appropriate, for example by email or through a notice in the Service before the changes take effect. Minor changes, such as clarifications, are effective when posted. We encourage you to review this policy periodically. Your continued use of the Service after the effective date of an update means you accept the updated policy, and prior versions are available on request.
23. How to Contact Us
If you have questions about this Privacy Policy, want to exercise your privacy rights, or wish to raise a concern, please contact us. We will acknowledge your message within a reasonable time and route it to the appropriate team.
For privacy questions, rights requests, and formal privacy notices, contact us at the address below marked for the attention of Privacy, or reach out to your Industry Software representative, who will forward your request.
Privacy and Rights Requests: support@industrysoftware.com (attention: Privacy)
General and Support Questions: support@industrysoftware.com
Official Website: www.industrysoftware.com
Effective Date: January 1, 2023
Last Updated: January 1, 2023