This Privacy Policy describes how Clean Scheduler("we," "us," or "our") collects, uses, and shares information when you use our websites, tenant workspaces, customer portals, and related services (collectively, the "Service"). By using the Service, you agree to this Policy. If you do not agree, do not use the Service.
1. Who this policy covers
This policy applies to visitors of our marketing site, business owners and staff who create or use a Clean Schedulerworkspace ("Tenant Users"), and end customers who access a branded customer portal ("Customer Users"). Tenants are generally responsible for the customer data they load into their workspace; we process that data on their behalf to provide the Service.
2. Information we collect
Information you provide
- Account and profile: name, email address, phone number, password (stored via our authentication provider), job title, and avatar.
- Business workspace: company name, slug, service area, team size, branding, operational settings, and billing plan selection.
- Customer and operations data: customer profiles, properties, schedules, quotes, invoices, messages, campaigns, and files you upload (such as logos or job photos).
- Support and sales inquiries: messages submitted through our contact form or email.
Information collected automatically
- Usage and device data: IP address, browser type, pages viewed, referring URLs, and timestamps stored in server logs and session cookies.
- Payment metadata: subscription status, invoice IDs, and transaction amounts from Stripe (we do not store full payment card numbers).
- Email engagement: delivery, open, click, and bounce events for campaign emails processed through Resend webhooks.
Information from third parties
- Google sign-in: if you choose OAuth, we receive basic profile information from Google via Supabase Auth.
- Stripe: Connect account status, charges, refunds, disputes, and payouts related to your workspace.
- Plaid (optional): when a tenant admin connects a business bank account for reconciliation, Plaid provides institution name, account mask, and transaction history. We store Plaid access tokens server-side only (never in the browser) and use them to sync deposits for invoice matching. See Section 5 and our Information Security Policy.
Bank connection data (Plaid)
If you connect a business checking account through Plaid, we receive account metadata (institution, account name, last four digits) and transaction details needed to identify incoming Zelle, ACH, and similar deposits. We use this data only to suggest matches against open invoices in your workspace. We do not sell this data. You can disconnect your bank at any time from Billing → Bank connection; we call Plaid to revoke the connection and stop syncing. Plaid's handling of data you share during Link is described in the Plaid End User Privacy Policy.
3. How we use information
We use information to:
- Provide, maintain, and secure the Service;
- Authenticate users and enforce role-based access within each workspace;
- Process platform subscriptions and, when enabled, tenant payment flows;
- Send transactional email and, when configured by a tenant, marketing campaigns;
- Generate reports, exports, and operational notifications;
- Match bank deposits to open invoices when a tenant connects an account through Plaid;
- Respond to support requests and improve the product;
- Comply with law and protect against fraud or abuse.
4. Legal bases (where applicable)
If you are in a jurisdiction that requires a legal basis for processing (such as the EEA or UK), we rely on: performance of a contract (providing the Service you signed up for); legitimate interests (security, product improvement, and B2B communications); and consent where required (for example, optional marketing email to addresses a tenant supplies).
5. Third-party service providers
We use trusted vendors to run the Service. They process data only on our instructions and for the purposes described below. Each provider maintains its own privacy policy:
| Provider | Role | Data involved | Their policy |
|---|---|---|---|
| Supabase | Database, authentication (email/password and OAuth), file storage (logos, avatars, report exports), and scheduled database jobs. | Account credentials and profile data; workspace and business records; customer, schedule, quote, invoice, and billing data; uploaded files; session tokens. | Supabase privacy policy |
| Stripe | Platform subscriptions (Starter, Business, Pro), Stripe Connect Express onboarding and payouts for tenants, customer invoice and subscription checkout, refunds, disputes, and payout reconciliation. | Names, emails, business identifiers; payment method and transaction metadata; subscription and invoice amounts; Connect account status; webhook event payloads. | Stripe privacy policy |
| Resend | Transactional email (quotes, invoices, trial reminders, employee invites, dispute alerts) and tenant email campaigns with delivery analytics webhooks. | Recipient email addresses and display names; message subject and body; tenant branding; campaign tags; open/click/bounce events. | Resend privacy policy |
| Optional “Sign in with Google” through Supabase Auth (OAuth). Google does not receive your Clean Scheduler workspace data directly. | OAuth profile information (such as name and email) handled by Supabase Auth during sign-in. | Google privacy policy | |
| Vercel | Application hosting, preview deployments, and scheduled cron jobs that invoke internal maintenance routes. | HTTP request metadata (IP address, user agent, URLs); application logs; environment configuration secrets (not exposed to end users). | Vercel privacy policy |
| Sent (sent.dm) | Pro plan transactional SMS — quote notifications, visit reminders, and invoice reminders via sent.dm when configured. Optional WhatsApp and RCS per tenant settings. | Phone numbers and message template parameters for outbound messages. | Sent (sent.dm) privacy policy |
| Plaid | Bank account linking and transaction import for Business+ bank reconciliation (Plaid Link on tenant billing). | Bank connection tokens, institution metadata, account masks, and transaction data when a tenant admin connects a business checking account. | Plaid privacy policy |
We may enable additional providers as features ship. The following are configured in our environment but not yet called from production application code; we will update this page before they process your data:
| Provider | Intended role | Data involved | Their policy |
|---|---|---|---|
| Sentry | Error and performance monitoring when enabled. | Error stack traces, request context, and performance spans (configured to minimize personal data). | Sentry privacy policy |
Tenant payment processing.When a cleaning business connects Stripe Connect, card and bank payments for that business's customers are processed by Stripe under that business's Stripe account. Clean Scheduler receives payment status, amounts, and dispute notifications to operate invoicing and reporting; Stripe's handling of cardholder data is governed by Stripe's policies and the tenant's agreement with Stripe.
Authentication email. Depending on workspace settings, account confirmation or password-reset messages may be sent by Supabase Auth rather than Resend. Those messages are limited to account verification flows.
6. How we share information
We do not sell your personal information. No mobile information will be sold or shared with third parties for promotional or marketing purposes.
We may share information:
- With service providers listed in Section 5, under contracts that limit their use of the data;
- With your organization: Tenant Users within the same workspace can access data according to their role; Customer Users see only data their service provider chooses to expose in the portal;
- For legal reasons: when required by law, subpoena, or to protect rights, safety, and security;
- In a business transfer: in connection with a merger, acquisition, or asset sale, with notice where required by law.
7. Data retention
We retain information for as long as your workspace is active and as needed to provide the Service, resolve disputes, enforce agreements, and meet legal obligations. When you close an account, we delete or anonymize data within a reasonable period unless retention is required by law or legitimate business needs (such as billing records). Category-specific periods, disposal methods, backup handling, and subprocessor retention are described in our Data Retention & Disposal Policy.
8. Security
We use industry-standard measures including encrypted connections (HTTPS), hosted infrastructure with access controls, row-level security in our database, and separation of production and development environments. No method of transmission or storage is completely secure; we cannot guarantee absolute security.
9. Your choices and rights
Depending on where you live, you may have the right to:
- Access, correct, or delete personal information we hold about you;
- Export data you provided through workspace tools or by contacting us;
- Object to or restrict certain processing;
- Withdraw consent where processing is consent-based.
Tenant Users can update profile and business settings in the workspace. Customer Users should contact their cleaning service provider for portal-specific requests; we will assist the provider when they ask us to act on a verified request. To reach us directly, email legal@712int.com or use our contact form.
10. SMS and text messaging
When you opt in through our customer account signup or account settings, we may send transactional text messages about bookings, quotes, invoices, and account updates. Message frequency varies based on your activity. Message and data rates may apply. Reply STOP to opt out and HELP for help. See our SMS Terms for program details.
No mobile information will be sold or shared with third parties for promotional or marketing purposes.
11. Cookies and similar technologies
We use essential cookies and local storage to keep you signed in and remember preferences (such as theme). We do not use third-party advertising cookies on the Service today. You can control cookies through your browser settings; disabling essential cookies may prevent you from using authenticated areas.
12. Children
The Service is intended for businesses and is not directed to children under 16. We do not knowingly collect personal information from children.
13. International transfers
We and our providers may process data in the United States and other countries. Where required, we rely on appropriate safeguards such as standard contractual clauses offered by our vendors.
14. Changes to this policy
We may update this Privacy Policy from time to time. We will post the revised version on this page and update the "Last updated" date. Material changes may be communicated by email or in-product notice where appropriate.
15. Contact us
Questions about this Privacy Policy: legal@712int.com. You may also contact us through the website.