Privacy Policy

Last updated: February 19, 2026

1. Introduction

FieldLedgr ("we," "our," or "us") is operated by OneNomad LLC. This Privacy Policy describes how we collect, use, store, share, and protect your personal information when you access or use our platform at fieldledgr.com, our mobile applications, APIs, and any related services (collectively, the "Service"). By using the Service, you consent to the practices described in this Privacy Policy. If you do not agree, you must not use the Service.

2. Information We Collect

2.1 Information You Provide

  • Account information: Name, email address, phone number, password, and business information (company name, address, trade type, service area).
  • Business data: Customer records, job details, estimates, invoices, payment records, products, templates, notes, photos, and other data you enter into the Service. This data belongs to you.
  • Communication data: Messages, support requests, and feedback you send to us.
  • Media uploads: Photos, logos, documents, and other files you upload to the Service.

2.2 Information Collected Automatically

  • Usage data: Pages visited, features used, actions taken, timestamps, referral URLs, and interaction patterns.
  • Device information: Device type, operating system, browser type and version, screen resolution, app version, and unique device identifiers.
  • Network information: IP address, internet service provider, and general geographic location inferred from IP address.
  • Location data: With your explicit consent and device-level permission, we may collect precise GPS location data for features such as clock-in/ clock-out verification and job site tracking. See Section 6 for details.
  • Push notification tokens: If you enable push notifications, we collect device tokens to deliver notifications.

2.3 Information from Third Parties

  • Payment processors: Stripe provides us with limited transaction data (payment status, last four digits of card, transaction amounts) but we never receive or store full payment card numbers, CVVs, or bank account details.
  • Authentication providers: If you sign in through a third-party service, we may receive your name and email address from that service.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • To provide, operate, maintain, and improve the Service
  • To create and manage your account
  • To process transactions and send related information (receipts, confirmations, invoices)
  • To send transactional communications (account verification, password resets, security alerts, invoice and estimate notifications)
  • To provide customer support and respond to your requests
  • To send service-related announcements (maintenance notices, feature updates, policy changes)
  • To personalize and optimize your experience with the Service
  • To generate aggregated, anonymized analytics to improve the Service
  • To detect, investigate, and prevent fraud, abuse, security incidents, and other harmful activity
  • To enforce our Terms of Service and other policies
  • To comply with legal obligations, respond to legal process, and protect our rights

4. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information. We may share your information in the following limited circumstances:

  • Service providers: We share data with trusted third-party providers who perform services on our behalf, including hosting (Vercel), database management (Neon), payment processing (Stripe), email delivery, push notification services, and analytics. These providers are contractually obligated to use your data only as necessary to provide their services to us and to maintain appropriate security measures.
  • Your customers: When you send estimates, invoices, or review requests through the Service, certain business information (your company name, logo, contact details, and document contents) is shared with the recipients.
  • Legal requirements: We may disclose your information if required to do so by law, court order, subpoena, or other legal process, or if we reasonably believe that disclosure is necessary to protect our rights, property, or safety, or that of our users or the public.
  • Business transfers: In connection with a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your information may be transferred to the acquiring entity. We will notify you of any such change.
  • With your consent: We may share information with third parties when you have given us explicit consent to do so.

5. Data Security

We implement industry-standard technical and organizational security measures to protect your personal information, including:

  • Encryption of data in transit using TLS/SSL
  • Encrypted database connections
  • Secure authentication with hashed passwords and JWT tokens
  • Role-based access controls and tenant isolation
  • Regular security reviews and monitoring
  • Hosting on enterprise-grade infrastructure (Vercel, Neon) with SOC 2 compliance

While we take reasonable precautions, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security and are not responsible for unauthorized access resulting from factors outside our reasonable control.

6. GPS and Location Data

Our mobile application may request access to your device's location services for features such as GPS clock-in/clock-out and job site tracking. Location data is collected only when:

  • The feature is enabled by the account owner in business settings
  • You have granted location permission on your device
  • You are actively using the relevant feature (we do not track location in the background without explicit consent)

Location data is stored securely and is accessible only to authorized users within your business (typically the account owner and admins). You can revoke location permissions at any time through your device settings or by contacting your account owner to disable the feature.

7. Data Retention

We retain your personal information and business data for as long as your account is active and as needed to provide the Service. Upon account deletion or termination:

  • You may request an export of your data within 30 days
  • We will delete or anonymize your personal data within 30 days, except where retention is required by law or legitimate business interests (e.g., fraud prevention, dispute resolution)
  • Anonymized, aggregated data that cannot identify you may be retained indefinitely for analytics and service improvement
  • Backup copies may persist for up to 90 days before being purged from our systems

8. Your Rights and Choices

Depending on your jurisdiction, you may have the following rights regarding your personal information:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request correction of inaccurate or incomplete personal information
  • Deletion: Request deletion of your personal information, subject to legal retention requirements
  • Export: Request a portable copy of your data in a machine-readable format
  • Restriction: Request that we restrict processing of your personal information in certain circumstances
  • Objection: Object to our processing of your personal information for certain purposes
  • Withdraw consent: Where processing is based on consent, withdraw that consent at any time

You can manage most of these through your account settings. For requests that cannot be handled through the interface, contact us at the email below. We will respond to verifiable requests within 30 days (or as required by applicable law).

9. Cookies and Tracking Technologies

We use essential cookies for authentication (session tokens stored in the "payload-token" cookie). These are strictly necessary for the Service to function and cannot be disabled. We do not use third-party tracking cookies, advertising cookies, or behavioral tracking pixels. We do not participate in ad networks or sell data to advertisers.

10. Children's Privacy

The Service is not intended for use by children under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16 without verification of parental consent, we will take steps to delete that information promptly. If you believe a child under 16 has provided us with personal information, please contact us immediately.

11. International Data Transfers

The Service is operated from the United States. If you access the Service from outside the United States, your information may be transferred to, stored, and processed in the United States or other jurisdictions where our service providers operate. By using the Service, you consent to the transfer of your information to the United States and other jurisdictions that may have different data protection laws than your country of residence.

12. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, the right to request deletion, and the right to opt out of the sale of personal information. We do not sell personal information. To exercise your rights, contact us at the email below.

13. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you may have additional rights under the General Data Protection Regulation (GDPR) or equivalent legislation. Our legal basis for processing your personal information includes: performance of a contract (providing the Service), legitimate interests (improving the Service, preventing fraud), compliance with legal obligations, and consent (where applicable). You have the right to lodge a complaint with your local data protection authority.

14. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email to the address associated with your account or through an in-app notification at least 15 days before they take effect. Non-material changes will be reflected by updating the "Last updated" date at the top of this page. Your continued use of the Service after the effective date of any changes constitutes acceptance of the revised Privacy Policy.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, contact us at:

Email: privacy@fieldledgr.com
Company: OneNomad LLC
Website: fieldledgr.com

For data protection inquiries, you may also reach our designated data protection contact at the email address above.