Privacy Policy for SepticScribe

Last Updated: February 13, 2026

1. Introduction

Welcome to SepticScribe. We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how our septic system maintenance service application collects, uses, and protects your data.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

• Username (unique login identifier)
• Full name (display name used on reports)
• Email address
• Organization name and business contact information
• Office/mailing address (used on report headers)
• Phone number
• Password (stored as a bcrypt hash, never in plaintext)

2.2 Maintenance Data

To provide septic system maintenance services, we collect:

• Property addresses and owner contact information
• Septic system specifications, component details, and maintenance records
• Maintenance checklists, measurements, and service observations
• Health score calculations based on maintenance findings

2.3 Photos and Media

Our app requests camera permission to:

• Capture photos of septic systems during maintenance visits
• Document system conditions and maintenance work
• Attach visual records to maintenance service reports

Important: Photos are only taken when you explicitly use the camera feature. We do not access your camera or photos without your permission.

2.4 Device Information

We automatically collect:

• Device type and operating system
• App version and crash reports
• Anonymous usage statistics to improve app performance

2.5 Filing Documents

You may upload regulatory filing documents (PDF format) associated with properties. These documents are stored securely in our database and are accessible only to members of your organization.

3. How We Use Your Information

We use the collected information to:

• Provide septic system maintenance services
• Generate AI-assisted maintenance service reports using your maintenance data (see Section 11 for details on AI processing)
• Match equipment information against our vendor knowledge base to provide manufacturer-specific maintenance recommendations
• Calculate system health scores based on maintenance findings
• Manage customer relationships, team members, and service records
• Improve app functionality and user experience
• Send service notifications and important updates
• Comply with legal and regulatory requirements

4. Data Storage and Security

Your data is stored securely on encrypted servers. We implement industry-standard security measures to protect your information from unauthorized access, disclosure, or destruction.

• Data is encrypted in transit (HTTPS/TLS) and at rest
• Passwords are hashed using bcrypt with salting
• Access to personal information is restricted to authorized personnel only
• Session data and rate limiting are managed using Redis, a secure in-memory data store
• Service photos are stored as base64 data associated with specific maintenance records
• Filing documents (PDFs) are stored as binary data in the database
• Data is hosted on Railway cloud infrastructure (servers located in the United States)
• Regular security audits and updates are performed

5. Data Sharing and Disclosure

We do not sell your personal information. We may share your data only in the following circumstances:

• With your consent: When you explicitly authorize us to share your information
• Service providers: With trusted third-party services that help us operate the app (see Section 8)
• Legal requirements: When required by law or to protect our legal rights
• Business transfers: In connection with a merger, acquisition, or sale of assets

6. Your Rights and Choices

You have the right to:

• Access: Request a copy of your personal data
• Correction: Update or correct inaccurate information
• Deletion: Request deletion of your account and associated data
• Opt-out: Unsubscribe from marketing communications
• Data portability: Request your data in a portable format

To exercise any of these rights, contact us at the address listed in Section 15.

7. Children's Privacy

SepticScribe is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children.

8. Third-Party Services

Our application integrates with the following third-party services:

• Payment processing: Stripe processes subscription payments, stores payment methods, and manages billing. We do not store your full credit card number on our servers.
• AI report generation: OpenAI processes maintenance data to generate professional report narratives. See Section 11 for details.
• Cloud hosting: Railway hosts our application servers, PostgreSQL database, and Redis cache. Servers are located in the United States.
• Error monitoring: Sentry collects error reports and performance data to help us identify and fix issues.
• Email delivery: Resend delivers transactional emails including welcome emails, password resets, and support notifications.
• Push notifications: Expo delivers push notifications to the mobile app for maintenance event updates and correction requests.

These services have their own privacy policies. We encourage you to review them.

9. Camera Permission

Why we request camera access: SepticScribe requests camera permission to allow you to take photos during septic system maintenance visits. This helps document system conditions and create comprehensive maintenance service reports.

When we access the camera: We only access your camera when you actively choose to take a photo within the app. We do not access your camera in the background or without your explicit action.

Photo storage: Photos taken through the app are associated with specific maintenance records and stored securely in your account.

10. Mobile Application

Our mobile app (SepticScribe for Android) provides offline capabilities:

• Maintenance data can be drafted offline and synced when connectivity is restored
• The app uses local database storage on your device for offline functionality
• Sync operations transfer data between your device and our servers when you are online
• Push notification tokens are registered to deliver real-time updates about maintenance events
• Onboarding preferences and session data are stored locally on your device

11. AI-Generated Content

SepticScribe uses artificial intelligence (OpenAI) to generate professional maintenance report narratives based on your maintenance data. When a report is generated:

• Maintenance checklist data, property details, system specifications, and service observations are sent to OpenAI's API
• Equipment information may be matched against our vendor knowledge base to provide manufacturer-specific context
• Photos are not sent to the AI service; only textual and numeric data is transmitted
• The AI-generated narrative is returned to our servers and incorporated into the PDF report
• OpenAI's API data usage policy states that API data is not used for model training

You retain full ownership of all maintenance data and generated reports.

12. Data Retention

We retain your personal information for as long as necessary to provide our services and comply with legal obligations. Maintenance records and photos are retained according to industry standards and regulatory requirements for septic system maintenance records.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any significant changes through the app or via email. Your continued use of SepticScribe after such modifications constitutes your acceptance of the updated Privacy Policy.

14. Jurisdiction and Data Location

SepticScribe is operated from British Columbia, Canada. Our application servers and databases are hosted on Railway infrastructure located in the United States. By using SepticScribe, you consent to the transfer, storage, and processing of your information in both Canada and the United States.

This Privacy Policy is governed by the laws of British Columbia, Canada, including the Personal Information Protection and Electronic Documents Act (PIPEDA) and the British Columbia Personal Information Protection Act (PIPA).

© 2026 SepticScribe. All rights reserved.