Supervisr

EARLY ACCESS BETA — Draft, pending legal review

Supervisr is currently in early access with a small Founding Contractor cohort. This Privacy Policy is placeholder structural copy. Final version reviewed by counsel before public launch.

Privacy Policy

Last updated: May 18, 2026

1. Information We Collect

We collect: (a) account information (email, password hash, company name) you provide at signup; (b) payment information processed by Stripe (we never see full card numbers); (c) project data you create (photos, documents, scope, customer information you enter); (d) usage analytics on how you interact with the service.

2. How We Use Your Information

We use your information to: provide the AI photo analysis service, process payments, send transactional emails (account verification, billing, support), improve our product, and comply with legal obligations.

3. AI Analysis and Your Content

Your photos and documents are analyzed via the Anthropic Claude API under their no-training data policy for paid API customers. Your content is NOT used to train AI models. We retain the analysis context for audit purposes — so you can see exactly what the AI saw on any flag — but this stays private to your account.

4. Third Parties

We share data with: Stripe (payment processing), Resend (transactional email), Supabase (database/auth hosting), Anthropic (AI inference). Each is bound by their own privacy policy and contractual data-handling commitments. [FILL IN — full third-party list pre-launch.]

5. CompanyCam Integration

If you connect a CompanyCam account, photos from mapped projects sync into Supervisr. You can disconnect at any time via Account & Settings. Disconnecting stops the sync; existing synced photos remain in your Supervisr account.

6. Data Retention

We retain your data for the lifetime of your account. On account deletion, all project data, photos, and documents are removed within 30 days. Backups are retained for 90 days then permanently deleted.

7. Your Rights

You have the right to: access your data, correct inaccuracies, delete your account (which deletes all your data), and export your data. [FILL IN — CCPA/GDPR specifics if applicable.]

8. Security

All data is encrypted in transit (TLS) and at rest. CompanyCam OAuth tokens are encrypted at the database layer with a key stored in Supabase Vault. We follow industry-standard security practices but no system is 100% secure.

9. Changes to This Policy

Material changes communicated via email at least 30 days before taking effect.

10. Contact

Privacy questions? Email privacy@supervisrapp.com.