Privacy Policy

Effective Date: March 2, 2026

Last Updated: March 2, 2026

Company: SetJoist, Inc.

Website: https://www.setjoist.com

Contact: support@setjoist.com

This Privacy Policy describes how SetJoist, Inc. (“SetJoist,” “we,” “us,” or “our”) collects, uses, discloses, and protects your information when you use our construction management platform, including the SetJoist web application, field app (PWA), client portal, website, and related services (collectively, the “Service”).

By accessing or using the Service, you agree to the terms of this Privacy Policy. If you do not agree, please do not use the Service.

1. Information We Collect

We collect information in several ways depending on how you interact with SetJoist. The type and amount of information varies based on your role: Account Holder (the contractor or company that subscribes to SetJoist), Team Member (crew members, foremen, or office staff invited to the account), or Client (homeowners or customers who access the Client Portal).

1.1 Information You Provide Directly

Account Registration

  • Account Holders: Name, email address, phone number, company name, business address, logo, and brand preferences.
  • Team Members: Name and phone number (provided during the invite process). Team members authenticate via a passwordless invite link—no passwords or email addresses are required.
  • Clients (Portal Users): Name, email address, phone number, and property address as entered by the Account Holder in the CRM. Clients do not create accounts independently.

Business and Project Data

  • Estimates, proposals, invoices, and change orders
  • Project details including descriptions, scope of work, timelines, and budgets
  • Contact records (leads, customers, subcontractors, vendors)
  • CRM pipeline data, notes, tags, and follow-up schedules
  • Daily field logs, job site notes, and uploaded photos
  • Crew schedules, time entries, and approval records

Payment Information

When Account Holders subscribe to a paid plan, payment is processed through Stripe, Inc. We do not store credit card numbers, CVVs, or full bank account details on our servers. We retain only a Stripe customer ID, payment method type (e.g., “Visa ending in 4242”), and transaction history (dates and amounts). When Clients make payments through the Client Portal, those transactions are also processed by Stripe under the Account Holder’s connected Stripe account.

Communications

  • Messages sent through the Client Portal messaging feature
  • Support requests, emails, and feedback submitted to our team
  • Survey or feedback responses

1.2 Information Collected Automatically

Location Data (GPS)

The SetJoist Field App records GPS coordinates at two specific moments: clock-in and clock-out. This location data is used solely to verify that crew members are on or near the assigned job site. We do not continuously track or monitor location between clock-in and clock-out events. If a crew member clocks in from a location outside the configured geofence radius, the entry is flagged but not blocked—it remains visible to the Account Holder for review.

  • What we collect: Latitude, longitude, accuracy radius, and timestamp at clock-in and clock-out only.
  • What we do not collect: Continuous location tracking, movement paths, speed, or location data outside of clock-in/out events.
  • Who can see it: GPS data is visible to Account Holders and designated crew leaders within the same account. It is not shared with third parties.

Device and Usage Information

  • Device type, operating system, browser type, and version
  • IP address and approximate geographic region (city/state level)
  • Pages visited, features used, actions taken, and session duration
  • Referring URL and search terms used to find our website
  • Crash logs and performance data for the Field App

Cookies and Similar Technologies

We use cookies, local storage, and similar technologies to maintain your session, remember preferences, and understand how the Service is used. See Section 7 (Cookies) for details.

1.3 Information from Third Parties

  • QuickBooks / Accounting Software: If you connect your QuickBooks account, we import contacts, invoices, and chart-of-accounts data as directed by you. We access only the data scopes you explicitly authorize.
  • Stripe: We receive payment confirmations, payout statuses, and dispute notifications from Stripe related to your connected account.
  • CSV / Spreadsheet Imports: If you upload contact data from a CSV or spreadsheet, we process that data to populate your CRM.

2. How We Use Your Information

We use the information we collect for the following purposes:

Providing and Operating the Service

  • Creating and managing accounts, projects, and subscriptions
  • Processing estimates, invoices, and payments
  • Facilitating crew scheduling, time tracking, and GPS clock-in verification
  • Operating the Client Portal and messaging features
  • Sending transactional notifications (estimate approvals, payment receipts, schedule changes)

Improving the Service

  • Analyzing usage patterns to improve features and user experience
  • Identifying and resolving bugs, performance issues, and errors
  • Conducting internal research and analytics (aggregated and de-identified)

Communication

  • Responding to support requests and inquiries
  • Sending product updates, feature announcements, and tips (you may opt out)
  • Providing onboarding guidance and training materials

Safety and Compliance

  • Detecting and preventing fraud, abuse, or unauthorized access
  • Enforcing our Terms of Service and other agreements
  • Complying with legal obligations, subpoenas, or regulatory requirements

3. How We Share Your Information

We do not sell your personal information. We share information only in the following circumstances:

Within Your Account

Information entered into SetJoist is shared among authorized users within the same account. For example, an Account Holder can view crew time entries, and crew leaders can see schedules for their assigned team members. Client Portal users can see only their own project data.

Service Providers

We use third-party service providers to operate the Service. These providers process data on our behalf under contractual obligations to protect your information:

Provider

Purpose

Data Shared

Stripe, Inc.

Payment processing

Name, email, payment method, transaction amounts

Amazon Web Services

Cloud hosting & storage

All Service data (encrypted at rest and in transit)

SendGrid / Postmark

Transactional email

Recipient email, name, notification content

Twilio

SMS notifications & invites

Phone number, message content

Analytics provider

Usage analytics

De-identified usage events, device info, IP address

Legal and Safety

We may disclose information if required to do so by law or if we believe in good faith that such disclosure is necessary to: (a) comply with a legal obligation, court order, or subpoena; (b) protect the safety of any person; (c) prevent fraud or abuse of the Service; or (d) protect SetJoist’s legal rights.

Business Transfers

If SetJoist is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email or prominent notice within the Service before your information becomes subject to a different privacy policy.

4. Data Retention

We retain your information for as long as your account is active or as needed to provide the Service. Specific retention periods:

  • Active account data: Retained for the life of the subscription plus 90 days after cancellation to allow for reactivation.
  • GPS clock-in/out records: Retained for 24 months from the date of recording, then automatically deleted.
  • Daily logs and photos: Retained for the life of the account. Photos are permanently deleted within 30 days of account deletion.
  • Payment records: Transaction history is retained for 7 years to comply with tax and accounting regulations.
  • Server logs: Retained for 90 days for security and debugging purposes.
  • Deleted accounts: Upon account deletion request, we remove or de-identify personal data within 30 days, except where retention is required by law.

5. Data Security

We take the security of your data seriously and implement industry-standard measures to protect it:

  • Encryption in transit: All data transmitted between your device and our servers is encrypted using TLS 1.2 or higher.
  • Encryption at rest: All data stored on our servers is encrypted using AES-256 encryption.
  • Access controls: Access to production systems is restricted to authorized personnel using multi-factor authentication and role-based access controls.
  • Infrastructure: Our Service is hosted on Amazon Web Services (AWS) infrastructure that maintains SOC 2 Type II and ISO 27001 certifications.
  • Monitoring: We use intrusion detection systems, automated vulnerability scanning, and 24/7 infrastructure monitoring.
  • Incident response: We maintain a documented incident response plan. In the event of a data breach that affects your personal information, we will notify affected users and relevant authorities as required by applicable law, typically within 72 hours of discovery.

No method of transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

6. Your Rights and Choices

6.1 All Users

  • Access: You may request a copy of the personal information we hold about you.
  • Correction: You may update or correct inaccurate information through your account settings or by contacting us.
  • Deletion: You may request deletion of your personal information, subject to our retention obligations.
  • Data portability: You may request an export of your data in a machine-readable format (CSV or JSON).
  • Marketing opt-out: You may unsubscribe from marketing emails at any time via the link in any email. Transactional emails (payment receipts, schedule notifications) are not affected.

6.2 Crew Members (Team Members)

Crew members have the right to:

  • Know what GPS data has been collected about them and view their own clock-in/out records
  • Request correction of inaccurate time entries through their crew leader or Account Holder
  • Request deletion of their personal information if they are no longer part of the team

Note: Crew data is managed by the Account Holder (your employer). Requests for modification or deletion of work-related records may be subject to the Account Holder’s policies and applicable employment laws.

6.3 Client Portal Users

Clients who access the portal may:

  • View the project data, estimates, and invoices shared with them
  • Request that the contractor (Account Holder) correct inaccurate personal information
  • Contact us directly at [email protected] for data access or deletion requests

6.4 California Residents (CCPA)

If you are a California resident, you have the right to: (a) know what personal information we collect, use, and disclose; (b) request deletion of your personal information; (c) opt out of the sale of personal information (we do not sell personal information); and (d) not be discriminated against for exercising your rights. To submit a request, email [email protected] with the subject line “CCPA Request.”

6.5 European Users (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR), including the right to lodge a complaint with your local data protection authority. Our legal basis for processing your data includes: performance of a contract (providing the Service), legitimate interests (improving the Service, preventing fraud), consent (marketing communications), and legal obligations (tax records, compliance).

7. Cookies and Tracking Technologies

We use the following types of cookies and similar technologies:

Type

Purpose

Examples

Duration

Essential

Required for the Service to function (login, session)

Session token, CSRF token

Session / 30 days

Functional

Remember your preferences and settings

Theme preference, timezone, language

1 year

Analytics

Understand usage patterns and improve the Service

Page views, feature usage, session duration

2 years

We do not use advertising cookies or participate in third-party ad networks. You can manage cookie preferences through your browser settings. Disabling essential cookies may prevent the Service from functioning properly.

8. Children’s Privacy

SetJoist is designed for use by businesses and their adult employees. We do not knowingly collect personal information from children under the age of 16. If we learn that we have collected information from a child under 16, we will delete it promptly. If you believe a child has provided us with personal information, please contact us at [email protected].

9. Third-Party Links and Integrations

The Service may contain links to third-party websites or integrate with third-party services (e.g., QuickBooks, Stripe). This Privacy Policy applies only to SetJoist. We are not responsible for the privacy practices of third-party services. We encourage you to review the privacy policies of any third-party services you connect to your SetJoist account.

10. Data Processing and Account Holder Responsibilities

SetJoist operates as a “data processor” on behalf of Account Holders (who are “data controllers”) for the business data they store in the Service. This means:

  • Account Holders are responsible for obtaining appropriate consent from their clients and crew members for the collection and use of personal information through SetJoist.
  • Account Holders determine what data is entered into the system and how it is used within their organization.
  • SetJoist processes this data according to the Account Holder’s instructions and this Privacy Policy.
  • Account Holders should inform their crew members about GPS clock-in functionality before enabling it.

If you are a crew member or client with questions about how your data is used, we recommend first contacting the contractor (Account Holder) who manages the SetJoist account. You may also contact us directly at [email protected].

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will: (a) update the “Last Updated” date at the top of this policy; (b) notify active Account Holders via email; and (c) display a prominent notice within the Service. Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: support@setjoist.com

Mail: SetJoist, Inc., Attn: Privacy, 6612 NW 38th Street, Unit 1734, Bethany, OK  73008

Response time: We will respond to all privacy-related inquiries within 30 days.

© 2026 SetJoist, Inc. All rights reserved.

This document is for informational purposes and does not constitute legal advice. We recommend consulting with a licensed attorney to ensure compliance with applicable laws.