This Privacy Policy describes how cleanScheduler ("we," "us," or "our") collects, uses, and shares information when you use our websites, tenant workspaces, customer portals, and related services (collectively, the "Service"). By using the Service, you agree to this Policy. If you do not agree, do not use the Service.
1. Who this policy covers
This policy applies to visitors of our marketing site, business owners and staff who create or use a cleanScheduler workspace ("Tenant Users"), and end customers who access a branded customer portal ("Customer Users"). Tenants are generally responsible for the customer data they load into their workspace; we process that data on their behalf to provide the Service.
2. Information we collect
Information you provide
- Account and profile: name, email address, phone number, password (stored via our authentication provider), job title, and avatar.
- Business workspace: company name, slug, service area, team size, branding, operational settings, and billing plan selection.
- Customer and operations data: customer profiles, properties, schedules, quotes, invoices, messages, campaigns, and files you upload (such as logos or job photos).
- Support and sales inquiries: messages submitted through our contact form or email.
Information collected automatically
- Usage and device data: IP address, browser type, pages viewed, referring URLs, and timestamps stored in server logs and session cookies.
- Payment metadata: subscription status, invoice IDs, and transaction amounts from Stripe (we do not store full payment card numbers).
- Email engagement: delivery, open, click, and bounce events for campaign emails processed through Resend webhooks.
Information from third parties
- Google sign-in: if you choose OAuth, we receive basic profile information from Google via Supabase Auth.
- Stripe: Connect account status, charges, refunds, disputes, and payouts related to your workspace.
3. How we use information
We use information to:
- Provide, maintain, and secure the Service;
- Authenticate users and enforce role-based access within each workspace;
- Process platform subscriptions and, when enabled, tenant payment flows;
- Send transactional email and, when configured by a tenant, marketing campaigns;
- Generate reports, exports, and operational notifications;
- Respond to support requests and improve the product;
- Comply with law and protect against fraud or abuse.
4. Legal bases (where applicable)
If you are in a jurisdiction that requires a legal basis for processing (such as the EEA or UK), we rely on: performance of a contract (providing the Service you signed up for); legitimate interests (security, product improvement, and B2B communications); and consent where required (for example, optional marketing email to addresses a tenant supplies).
5. Third-party service providers
We use trusted vendors to run the Service. They process data only on our instructions and for the purposes described below. Each provider maintains its own privacy policy:
| Provider | Role | Data involved | Their policy |
|---|---|---|---|
| Supabase | Database, authentication (email/password and OAuth), file storage (logos, avatars, report exports), and scheduled database jobs. | Account credentials and profile data; workspace and business records; customer, schedule, quote, invoice, and billing data; uploaded files; session tokens. | Supabase privacy policy |
| Stripe | Platform subscriptions (Starter, Business, Pro), Stripe Connect Express onboarding and payouts for tenants, customer invoice and subscription checkout, refunds, disputes, and payout reconciliation. | Names, emails, business identifiers; payment method and transaction metadata; subscription and invoice amounts; Connect account status; webhook event payloads. | Stripe privacy policy |
| Resend | Transactional email (quotes, invoices, trial reminders, employee invites, dispute alerts) and tenant email campaigns with delivery analytics webhooks. | Recipient email addresses and display names; message subject and body; tenant branding; campaign tags; open/click/bounce events. | Resend privacy policy |
| Optional “Sign in with Google” through Supabase Auth (OAuth). Google does not receive your cleanScheduler workspace data directly. | OAuth profile information (such as name and email) handled by Supabase Auth during sign-in. | Google privacy policy | |
| Vercel | Application hosting, preview deployments, and scheduled cron jobs that invoke internal maintenance routes. | HTTP request metadata (IP address, user agent, URLs); application logs; environment configuration secrets (not exposed to end users). | Vercel privacy policy |
| Twilio | Pro plan transactional SMS — quote notifications, visit reminders, and team alerts via Twilio when configured. | Phone numbers and message content for outbound SMS. | Twilio privacy policy |
We may enable additional providers as features ship. The following are configured in our environment but not yet called from production application code; we will update this page before they process your data:
| Provider | Intended role | Data involved | Their policy |
|---|---|---|---|
| Sentry | Error and performance monitoring when enabled. | Error stack traces, request context, and performance spans (configured to minimize personal data). | Sentry privacy policy |
| Plaid | Bank account linking and transaction import for reconciliation features. | Bank connection tokens, account and transaction metadata (when a tenant or user connects a bank). | Plaid privacy policy |
Tenant payment processing. When a cleaning business connects Stripe Connect, card and bank payments for that business's customers are processed by Stripe under that business's Stripe account. cleanScheduler receives payment status, amounts, and dispute notifications to operate invoicing and reporting; Stripe's handling of cardholder data is governed by Stripe's policies and the tenant's agreement with Stripe.
Authentication email. Depending on workspace settings, account confirmation or password-reset messages may be sent by Supabase Auth rather than Resend. Those messages are limited to account verification flows.
6. How we share information
We do not sell your personal information. We may share information:
- With service providers listed in Section 5, under contracts that limit their use of the data;
- With your organization: Tenant Users within the same workspace can access data according to their role; Customer Users see only data their service provider chooses to expose in the portal;
- For legal reasons: when required by law, subpoena, or to protect rights, safety, and security;
- In a business transfer: in connection with a merger, acquisition, or asset sale, with notice where required by law.
7. Data retention
We retain information for as long as your workspace is active and as needed to provide the Service, resolve disputes, enforce agreements, and meet legal obligations. When you close an account, we delete or anonymize data within a reasonable period unless retention is required by law or legitimate business needs (such as billing records). Category-specific periods, disposal methods, backup handling, and subprocessor retention are described in our Data Retention & Disposal Policy.
8. Security
We use industry-standard measures including encrypted connections (HTTPS), hosted infrastructure with access controls, row-level security in our database, and separation of production and development environments. No method of transmission or storage is completely secure; we cannot guarantee absolute security.
9. Your choices and rights
Depending on where you live, you may have the right to:
- Access, correct, or delete personal information we hold about you;
- Export data you provided through workspace tools or by contacting us;
- Object to or restrict certain processing;
- Withdraw consent where processing is consent-based.
Tenant Users can update profile and business settings in the workspace. Customer Users should contact their cleaning service provider for portal-specific requests; we will assist the provider when they ask us to act on a verified request. To reach us directly, email legal@712int.com or use our contact form.
10. Cookies and similar technologies
We use essential cookies and local storage to keep you signed in and remember preferences (such as theme). We do not use third-party advertising cookies on the Service today. You can control cookies through your browser settings; disabling essential cookies may prevent you from using authenticated areas.
11. Children
The Service is intended for businesses and is not directed to children under 16. We do not knowingly collect personal information from children.
12. International transfers
We and our providers may process data in the United States and other countries. Where required, we rely on appropriate safeguards such as standard contractual clauses offered by our vendors.
13. Changes to this policy
We may update this Privacy Policy from time to time. We will post the revised version on this page and update the "Last updated" date. Material changes may be communicated by email or in-product notice where appropriate.
14. Contact us
Questions about this Privacy Policy: legal@712int.com. You may also contact us through the website.