Effective Date: May 16, 2026
Opsite Solutions LLC("Opsite," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our construction project management platform at useopsite.com and related services (the "Service").
By using our Service, you consent to the data practices described in this Privacy Policy. If you do not agree with the practices described in this Privacy Policy, please do not use the Service.
We collect information you provide directly, including:
When you use the Service, we automatically collect:
We may receive information from third-party services you connect:
If you opt in to SMS or WhatsApp communications, the contractor using Opsite sends messages through our integration with Twilio, Inc. We process the recipient phone number, message body, and delivery status to operate the messaging service and to honor opt-out requests. STOP, UNSUBSCRIBE, QUIT, and END are honored as opt-out keywords; HELP returns a help response identifying the sending contractor and our customer-support contact. To opt out of all Opsite-facilitated messages across every contractor, reply STOP ALL or email privacy@useopsite.com.
When a contractor using Opsite enables the time-clock feature for its employees, Opsite collects the employee's device latitude, longitude, and accuracy at clock-in, at clock-out, and at periodic intervals during the shift while clocked in ("location pings"). This data is collected on behalf of and under the instruction of the contractor (the employer), who is the controller of the data for purposes of GDPR and the business for purposes of CCPA. Opsite acts as a service provider/processor. Contractors are responsible for providing the notices required by applicable law to their employees before enabling this feature, including (where applicable) under Cal. Penal Code § 637.7, Cal. Civ. Code § 1798.100(b), 820 ILCS 55, Conn. Gen. Stat. § 31-48d, and N.Y. Civ. Rights Law § 52-c. A model employee-monitoring notice is available at app.useopsite.com/legal/employee-monitoring-notice.
Opsite's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
Data we access from Google: When you sign in with Google, we receive your name and email address. If you connect Google Calendar, we access your calendar events to display them within Opsite.
How we use Google data: Google user data is used solelyto authenticate your identity and provide Opsite's core functionality (account creation, login, and calendar integration). We do not use Google data for advertising, marketing, analytics, AI model training, or any purpose beyond operating and providing the Service to you.
Sharing: We do not share Google user data with third parties except as necessary to provide the Service (e.g., storing your account in our database). We do not sell Google user data.
Storage and deletion: Google authentication data is stored only for as long as your account is active. You may revoke Opsite's access to your Google data at any time through your Google Account permissions.
We use your information for the following purposes:
Our AI features (including the Lino assistant, document categorization, smart scheduling, and automated recommendations) process your data in real-time to provide personalized assistance. Specifically:
The Service includes scheduled and triggered features that send communications on a contractor's behalf, including overdue-invoice reminders, lead-nurture emails, scheduled social-media posts, and WhatsApp digests. The contractor selects the recipients, the templates, and the schedule; Opsite executes the contractor's instructions. The contractor is responsible for ensuring the recipient has provided any consent required under the Telephone Consumer Protection Act, the CAN-SPAM Act, or analogous law before the automation is enabled.
If you are in the European Economic Area (EEA), UK, or Switzerland, we process your personal data based on:
We do not sell your personal information. We only share your information in the following circumstances:
We share information with third-party vendors who help us operate the Service, including:
When you connect integrations like QuickBooks or Google, we share data necessary to provide those features, as authorized by you.
We may share information with your consent, such as when you share project access with clients or team members.
We may disclose information if required by law, subpoena, court order, or government request, or to protect our rights, safety, or property.
In the event of a merger, acquisition, or sale of assets, your information may be transferred. We will notify you of any such change.
We maintain a current list of subprocessors who process personal data on our behalf. As of 2026-05-16, our subprocessors include:
| Subprocessor | Purpose | Data categories | Region |
|---|---|---|---|
| Vercel | Hosting, CDN, edge runtime, and Vercel Analytics | All Service data; aggregated traffic metrics | US (multi-region) |
| Supabase | Primary application database and authentication | All Service data, account credentials, session tokens | US |
| Stripe | Payment processing and subscription management | Billing identifiers, payment-card tokens, invoice metadata | US |
| Anthropic | AI assistant (Lino), document categorization, and generative features via the Claude API | Project data and prompts submitted by you to AI features; not used to train general-purpose models | US |
| Upstash | Vector embedding storage for retrieval-augmented generation | Anonymized vector representations of your data | US |
| Twilio | SMS and WhatsApp delivery and delivery-status webhooks | Recipient phone numbers, message bodies, delivery status | US |
| Resend | Transactional and outbound email delivery | Recipient email addresses, message bodies, deliverability metadata | US |
| Plausible Analytics | Privacy-preserving website analytics (cookieless, no PII) | Aggregated page-view counts, referrer, country | EU (Germany) |
| Intuit (QuickBooks) | Optional accounting integration for invoice and payment sync | Invoice and customer records you sync; OAuth identifiers | US |
| Google (Maps, Identity, Calendar) | Address autocomplete, map display, optional sign-in, optional calendar sync | Address strings, sign-in identifiers, calendar metadata — only on user authorization | US |
We will provide at least thirty (30) days' advance notice of material changes to this list by updating this page and, where required by law, notifying account administrators by email. Users may object to a new subprocessor by emailing privacy@useopsite.com; if we are unable to accommodate the objection, the user may terminate the affected portion of the Service for a pro-rata refund of prepaid fees.
We implement industry-standard security measures to protect your data:
While we strive to protect your data, no method of transmission over the Internet or electronic storage is 100% secure. See our Security page for more details.
Breach Notification
In the event of a data breach affecting your personal information, we will notify affected users via email and in-app notification without undue delay and no later than seventy-two (72) hours after confirmation. Where required by law, we will also notify relevant supervisory authorities. Breach notifications will include the nature of the breach, categories of data affected, our contact information, and steps taken to address the breach.
We retain your information for as long as necessary to provide the Service and fulfill the purposes described in this Privacy Policy:
You have the right to:
If you are in the EEA, UK, or Switzerland, you also have the right to:
If you are a California resident, you have the right to:
To exercise your rights, contact us:
Email: privacy@useopsite.com
We will respond within 30 days (or 45 days for complex requests).
We are based in the United States and process data in the U.S. If you are accessing the Service from outside the U.S., your information will be transferred to, stored, and processed in the U.S.
For transfers from the EEA, UK, or Switzerland, we rely on Standard Contractual Clauses approved by the European Commission and implement additional safeguards as necessary.
The Service is not intended for persons under 18 years of age. We do not knowingly collect personal information from anyone under 18. If we learn we have collected information from a person under 18, we will delete it within thirty (30) days of confirmation. If you believe we have collected information from a person under 18, please contact us at privacy@useopsite.com.
The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal information.
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the revised policy on this page and updating the "Last Updated" date. For significant changes, we may also send you a notification via email or through the Service. Your continued use of the Service after changes become effective constitutes acceptance of the revised policy.
If you have questions about this Privacy Policy or our data practices, please contact us:
Opsite Solutions LLC
Privacy Inquiries: privacy@useopsite.com
General Support: support@useopsite.com
Website: https://useopsite.com
In the past 12 months, we have collected the following categories of personal information:
| Category | Examples | Collected |
|---|---|---|
| Identifiers | Name, email, IP address, device identifier | Yes |
| Commercial Information | Transaction history, invoices, subscription records | Yes |
| Internet Activity | Pages viewed, features used, referrer URLs | Yes |
| Geolocation Data | General IP-based location; precise location for map and employee time-clock features | Yes |
| Professional Information | Company name, contractor license info, tax ID/EIN | Yes |
| Sensitive Personal Information | Precise geolocation (employee time-clock); biometric authentication tokens (device-local only) | Yes |
| Inferences | Usage-based feature recommendations | Yes |
We do not respond to legacy "Do Not Track" (DNT) browser signals, which have been deprecated by most major browsers. However, we honor the Global Privacy Control (GPC) browser signal as a valid opt-out of any sale or sharing of personal information under the California Consumer Privacy Act, consistent with the California Attorney General's enforcement position in People v. Sephora USA (2022). When we detect a GPC signal, we automatically apply your opt-out preference for the current and future visits from the same browser.
We use AI and automated systems to provide features such as: document categorization, project recommendations, financial forecasting, automated communications, and the Lino AI assistant. These systems assist your decision-making but do not make legally significant decisions about you without human oversight.
You have the right to:
While we strive for accuracy, AI-generated outputs (including financial calculations, scheduling recommendations, and document analysis) may contain errors. You are responsible for reviewing and verifying all AI-generated outputs before acting on them. Opsite is not liable for decisions made based on AI-generated content.
Where the Service is used to deploy AI features in a jurisdiction with applicable AI-specific consumer disclosure laws (including the Colorado AI Act, Texas HB 149, California AB 2013, and New York City Local Law 144 for automated employment tools), the contractor using Opsite is responsible for providing the required consumer disclosures. Opsite provides configurable AI-disclosure banners and document watermarks in Settings, with defaults aligned to the strictest applicable state for accounts in Colorado, Texas, and California.