Privacy Policy

1. Introduction

Hamilton Digital Solutions, doing business as Field Ops Management ("we," "us," or "our"), operates the Field Ops Management platform, including fieldopsmanagement.com, the Field Ops web dashboard, and the Field Ops mobile application for iOS and Android (collectively, the "Service").

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.

This policy applies to all users of the Service, including company administrators who create accounts ("Account Holders"), employees and team members added by Account Holders ("End Users"), and clients who access the client portal ("Portal Users").

2. Information We Collect

2.1 Information You Provide Directly

• Account & Registration Information: Name, email address, phone number, company name, industry type, and password when you register for an account.
• Employee Information: Names, roles, pay rates, contact details, and employment information for employees added to the platform by Account Holders.
• Client & Service Location Information: Client names, addresses, service locations, and contact details entered by Account Holders.
• Payment & Billing Information: Billing details processed through Stripe, our third-party payment processor. We do not store full credit card numbers, bank account numbers, or other sensitive financial data on our servers.
• Communications: Messages sent through the in-app messaging feature between team members within an organization.
• Job Site Photos & Notes: Photos, notes, and checklists uploaded through the mobile application for job documentation purposes.
• Invoicing Data: Invoice details, line items, and payment records created within the Service.

2.2 Information Collected Automatically

• Location Data: GPS coordinates collected during clock-in/clock-out events, route tracking, and geofence verification when the mobile app is in use. Location data is only collected when End Users are actively clocked in or using route navigation features. We do not track location when the app is closed or the user is clocked out.
• Device Information: Device type, model, operating system version, browser type, screen resolution, and unique device identifiers.
• Usage Data: Pages visited, features used, timestamps, click patterns, and interaction data within the Service.
• Log Data: IP addresses, access times, referring URLs, and error logs.
• Cookies & Local Storage: Session tokens, authentication state, and user preferences stored in cookies and browser local storage.

2.3 Information from Third Parties

• Payment Processors: Stripe may provide us with limited transaction information (such as payment status and subscription state) to manage your account.
• Accounting Integrations: If you connect QuickBooks Online, we receive customer and invoice data that you authorize during the OAuth connection process.

3. How We Use Your Information

We use the information we collect for the following purposes:

• Provide, operate, and maintain the Service and its features
• Process employee time tracking, GPS verification, route management, and job documentation
• Generate timecards, payroll reports, exception alerts, and operational analytics
• Create and send invoices and process payments on behalf of Account Holders
• Facilitate crew communication through in-app messaging
• Process billing, manage subscriptions, and handle payment disputes
• Send transactional emails (password resets, account notifications, billing receipts)
• Respond to customer support requests and troubleshoot issues
• Improve, optimize, and develop new features for the Service
• Detect, prevent, and respond to fraud, unauthorized access, or other security incidents
• Comply with legal obligations and enforce our Terms of Service

We do not use your information for third-party advertising, behavioral profiling, or sale to data brokers.

4. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information to third parties. We may share information only in the following limited circumstances:

• Within Your Organization: Account Holders, administrators, and managers can view employee data, timecards, location data, job site photos, and messages as part of normal platform operations. End Users can view information relevant to their role (their route, their hours, etc.).
• Service Providers: We use third-party services strictly to operate the Service, including:
  • Railway (hosting & database)
  • Vercel (web hosting)
  • Stripe (payment processing)
  • Resend (transactional email)
  • Cloudflare (file storage & CDN)
  • Expo / EAS (mobile app distribution & OTA updates)
  These providers process data on our behalf and are contractually obligated to protect your data and use it only for the purposes we specify.
• Accounting Integrations: If you connect QuickBooks Online, data you authorize (customers, invoices, time activities) is synced to your QuickBooks account.
• Client Portal: When Account Holders share invoice or service history with their clients via the client portal, those clients can view the specific data shared.
• Legal Requirements: We may disclose information if required by law, subpoena, court order, governmental authority, or to protect the rights, property, or safety of Field Ops Management, our users, or the public.
• Business Transfers: In the event of a merger, acquisition, bankruptcy, or sale of assets, user data may be transferred to the acquiring entity. We will provide notice before your data is transferred and becomes subject to a different privacy policy.

5. Employer Responsibility

Account Holders who add employees (End Users) to the platform are responsible for:

• Informing their employees that the Service collects GPS location data, time tracking data, and job site photos during work hours
• Obtaining any required consent from employees under applicable state, local, or federal laws before enabling GPS tracking features
• Ensuring their use of the Service complies with all applicable employment, labor, and privacy laws in their jurisdiction
• Providing employees with access to this Privacy Policy

Field Ops Management provides the technology platform. The Account Holder, as the employer, is the data controller for employee data and is responsible for the lawful basis of collection in their jurisdiction.

6. Data Retention

• Active Accounts: We retain your data for as long as your account is active and as needed to provide the Service.
• Account Deletion: Upon account deletion by an Account Holder, we will delete or anonymize all associated company data within 90 days, except as noted below.
• Post-Deletion Export: Account Holders have 30 days after initiating deletion to export their data through the Service's export features.
• Legal Retention: Timecard records and payroll data may be retained for up to 7 years to comply with federal and state labor and tax regulations. Audit logs may be retained for up to 1 year for security purposes.
• Backups: Data may persist in encrypted backups for up to 30 days after deletion.

7. Data Security

We implement industry-standard security measures to protect your information, including:

• Encryption of all data in transit using TLS 1.2 or higher
• Encryption of data at rest in our database and file storage
• Secure password hashing using bcrypt with appropriate cost factors
• JWT-based authentication with short-lived access tokens and refresh token rotation
• Role-based access controls enforced at the API level
• Input validation and sanitization to prevent injection attacks
• Automated encrypted database backups
• Infrastructure hosted on SOC 2 compliant providers (Railway, Vercel, Cloudflare)

While we strive to protect your data, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security. If we become aware of a security breach that affects your personal information, we will notify affected users and relevant authorities as required by applicable law.

8. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate or incomplete data
• Deletion: Request deletion of your personal data (subject to legal retention requirements)
• Restriction: Object to or restrict certain processing of your data
• Portability: Request your data in a structured, commonly used, machine-readable format
• Withdraw Consent: Withdraw consent where processing is based on consent
• Non-Discrimination: Exercise your privacy rights without receiving discriminatory treatment

To exercise any of these rights, contact us at support@fieldopsmanagement.com or visit our Account Deletion page. We will respond within 30 days (or 45 days for complex requests, with notice).

End Users (employees): If you are an employee whose employer uses Field Ops Management, please contact your employer first regarding data access, correction, or deletion requests. Your employer is the data controller for your employment data. If your employer is unable to assist, contact us directly.

9. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

9.1 Right to Know

You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purpose for collecting it, and the categories of third parties with whom we share it.

9.2 Right to Delete

You have the right to request deletion of your personal information, subject to certain exceptions (such as legal retention requirements for payroll records).

9.3 Right to Opt-Out of Sale or Sharing

We do not sell or share your personal information as defined under the CCPA/CPRA. We do not engage in cross-context behavioral advertising. Therefore, there is no need to opt out.

9.4 Right to Correct

You have the right to request correction of inaccurate personal information that we maintain about you.

9.5 Right to Limit Use of Sensitive Personal Information

We collect precise geolocation data (a category of sensitive personal information under the CPRA) solely to provide the GPS tracking and route verification features of the Service. We do not use this data for purposes other than providing the Service. You may limit geolocation collection by revoking location permissions on your device, though this may affect the functionality of the Service.

9.6 Categories of Information Collected

In the preceding 12 months, we have collected the following categories of personal information:

• Identifiers: Name, email address, phone number, IP address, device identifiers
• Account Information: Username, password (hashed), company name, role
• Employment Information: Job title/role, pay rate, crew assignments (provided by employer)
• Geolocation Data: Precise GPS coordinates during active work tracking
• Photos: Job site photos uploaded by users
• Communications: In-app messages between team members
• Internet/Network Activity: Browser type, pages visited, usage data, log data
• Commercial Information: Subscription plan, billing history, invoices

9.7 How to Submit a Request

California residents may submit a verifiable consumer request by emailing support@fieldopsmanagement.com with the subject line "CCPA Request" or by visiting our Account Deletion page. We will verify your identity before processing the request. You may also designate an authorized agent to make a request on your behalf.

9.8 Shine the Light

Under California Civil Code Section 1798.83, California residents may request information about our disclosure of personal information to third parties for their direct marketing purposes. We do not disclose personal information to third parties for their direct marketing purposes.

10. Location Data

Our mobile application collects GPS location data to enable core features. This section provides detailed information about our location data practices:

• When collected: Location is collected only when End Users are actively clocked in or using route navigation. We do not track location when the app is in the background, closed, or the user is clocked out.
• What is collected: Latitude, longitude, and timestamp at periodic intervals (approximately every 30 seconds during active tracking, every 5 minutes for background pings while clocked in).
• Who can see it: Account administrators and dispatchers can view employee location data through the GPS tracking dashboard. End Users can view their own location trail.
• How long it's kept: Location data is retained as part of timecard records for up to 90 days in the tracking system, and as part of timecard audit records for up to 7 years.
• How to stop it: End Users can revoke location permissions in their device settings at any time. Account Holders can disable GPS tracking features in their company settings.

11. Cookies and Local Storage

We use essential cookies and browser local storage to operate the Service:

• Authentication Cookies: Session tokens to keep you logged in
• Preference Storage: Theme (light/dark mode), language preference, and dashboard settings stored in local storage
• Security: CSRF protection tokens

We do not use third-party advertising cookies, tracking pixels, or behavioral analytics cookies. We do not participate in ad networks or retargeting programs.

12. Children's Privacy

The Service is designed for business use and is not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected data from a child under 16, we will delete it promptly. If you believe a child has provided us with personal information, please contact us immediately.

13. International Data

The Service is operated from the United States. If you access the Service from outside the United States, your information will be transferred to, stored, and processed in the United States. By using the Service, you consent to this transfer. We do not currently offer data residency in other regions.

14. Third-Party Links

The Service may contain links to third-party websites or services (such as Stripe's payment portal or QuickBooks Online). We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.

15. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Posting the updated policy on this page with a new "Last updated" date
• Sending an email notification to Account Holders for significant changes
• Displaying a notice within the Service dashboard

Your continued use of the Service after changes are posted constitutes your acceptance of the revised policy. If you do not agree with a change, you may delete your account.

16. Contact Us

If you have questions about this Privacy Policy, our data practices, or wish to exercise your privacy rights, please contact us:

• Email: support@fieldopsmanagement.com
• Subject Line: Use "Privacy Inquiry" or "CCPA Request" as appropriate
• Website: Account Deletion & Data Requests

We will acknowledge your request within 5 business days and provide a substantive response within 30 days.