Privacy Policy
Effective Date: June 1, 2026 | Last Updated: June 1, 2026
1. Introduction
Field Ledger ("we," "us," or "our") operates the Field Ledger mobile application (the "App") and the website at field-ledger.com (the "Site"). This Privacy Policy explains how we collect, use, and protect your information when you use the App, the Site, or sign up for our newsletter. By using any of these services, you agree to this policy.
2. Information We Collect
2.1 Newsletter & Marketing Information: When you sign up through our Site, we collect your email address, trade type (if provided), and SMS marketing consent preference.
2.2 Account Information: Email address and password (encrypted) when you create an account in the App.
2.3 Job & Business Data: Job records, client names, phone numbers, addresses, materials, notes, and photos that you enter into the App.
2.4 Voice and Microphone Data: The App requests the RECORD_AUDIO permission to enable voice-to-text dictation for job notes. When you tap the microphone button in the notes field, the App uses your device's built-in speech recognition engine to transcribe your voice into text locally on your device. No audio recordings are stored, transmitted, or sent to our servers or any third party. Only the resulting transcribed text (which you can edit or delete) is saved to your job record. The microphone is only active while you are actively holding the dictation button. You can revoke the RECORD_AUDIO permission at any time in your device's system settings; doing so will disable voice dictation but will not affect other App functionality.
2.5 Device & Usage Information: Basic device type, operating system version, App version, and general usage analytics (e.g., which features are used, crash reports) for App compatibility, security monitoring, and product improvement purposes. This is processed via PostHog (see Section 6).
2.6 Advertising Identifier (AAID): The App's Android manifest declares the com.google.android.gms.permission.AD_ID permission, which is standard for apps that use Google Play Services for analytics or crash reporting. Field Ledger does not use the AAID for advertising, audience profiling, or cross-app tracking. We do not transmit the AAID to any advertising network. You can reset or delete your advertising ID at any time via your device's Settings → Privacy → Ads.
2.7 Tracking & Attribution Data: We collect UTM parameters (source, campaign) from URLs to understand which marketing channels bring visitors to our Site. This data is linked to your newsletter signup to measure campaign effectiveness.
2.8 AI-Assisted Features: The App includes optional AI features that operate using two distinct processing pathways. We are transparent about where each pathway runs and what data it sees:
- On-Device Processing — "Field Intelligence" Briefings (Qwen): Field Intelligence briefings, search-assistant queries, and pre-job context generation are powered by a Qwen language model that runs locally on your device. The query, the model, and the inference output never leave your phone. We do not receive, log, or store the contents of your Field Intelligence prompts or their responses on our servers. Inputs may include your job notes, client name, address, and trade-relevant context that you provide.
- Cloud Processing — "Work Description" Generation (Anthropic Claude): When you tap the AI button to generate a professional work description for an invoice, the App transmits your job notes and a structured prompt to Anthropic's Claude API (model family: Haiku) over an encrypted (TLS) connection. Anthropic processes the request and returns generated text. Per our commercial agreement with Anthropic, your inputs and outputs are not used to train Anthropic's models and are not retained beyond the period required to deliver the service and maintain Anthropic's standard abuse-monitoring obligations. We do not log the full prompt content on our own servers; only metadata (timestamp, success/failure, token count) is retained for billing and reliability purposes.
- Verification Reports: A "Verification Report" is a per-job checklist that may include technical readings you enter or measure (e.g., pressure, voltage, temperature, refrigerant levels), equipment nameplate photographs, customer signatures, technician signatures, and other inputs you choose to record. Verification Reports and their associated data become part of your job record and are stored in our standard encrypted backend (Supabase, AWS-hosted) under the same encryption and access controls as the rest of your job data (see Section 5). The contents of the checklist (which items you mark complete, which readings you enter, which photographs you attach) are determined entirely by you.
You can disable cloud-based AI features at any time in App Settings → AI Features. Disabling cloud features does not affect on-device Field Intelligence, which continues to operate locally with no network calls.
2.9 Location Data (GPS): The App requests location access (ACCESS_COARSE_LOCATION and, optionally, ACCESS_FINE_LOCATION) to enable performance-optimization features such as geofence-triggered pre-loading of relevant utility briefings, automatic job-site detection (so the timer can prompt you when you arrive), and travel-time logging between jobs. Location data is used only to trigger local utility functions on your device and is not used for surveillance, continuous tracking, advertising, or sharing with third parties. Location coordinates may be stored alongside individual job records (only when you explicitly attach them) so you can later look up where a job was performed. You can revoke location permission at any time in your device settings; doing so disables geofence-triggered features but does not affect the rest of the App.
2.10 User-Uploaded Documents: The App lets you upload your own work order, service agreement, or similar legal/business document for storage in your account and delivery to your clients. Uploaded documents are stored at rest in Supabase Storage (AWS-hosted, encrypted at rest and in transit) under the same access controls as the rest of your data (see Section 5). When you upload a new version of an existing document, prior versions are preserved as an audit trail so you can reference which version was active when a particular job was performed. We process uploaded documents only as needed to deliver them per your instructions (e.g., attaching to an invoice, generating a shareable link). We do not read, analyze, index for search, or use the contents of your uploaded documents for any other purpose. If you delete your Field Ledger account, all uploaded documents — including all preserved version history — are purged from Supabase Storage as part of the account-deletion process described in Section 11. The legal nature of these documents — including ownership, accuracy, enforceability, and state-specific compliance — is governed by Section 11 of our Terms of Service.
2.11 Customer & Technician Signatures: When you use the App's in-app signature pad to collect a customer signature or a technician signature, the signature image (typically a small graphic) and associated metadata (timestamp, the document or job it was attached to) are stored as part of your job record under the same encryption and access controls as the rest of your data (see Section 5). A single signature collected via the in-app signature pad may be applied across the related invoice, Verification Report, and any attached service agreement when those documents are generated in sequence for the same job. Signature reuse, the user's obligation to disclose it to the signer before signing, and compliance with applicable electronic-signature laws are addressed in Section 12 of our Terms of Service.
2.12 Client-Side PDF Generation: When the App generates a PDF document — including invoices, estimates, Verification Reports, job reports, monthly reports, and expense reports — the PDF is produced on your device using on-device rendering. When you share a generated PDF, the App uses your device's native operating-system share sheet to deliver the file to the destination you choose. Field Ledger does not transmit these generated PDFs through our servers when you share them. The data used to generate the PDF (your job record, line items, etc.) is already stored in our standard encrypted backend; the rendered PDF itself is created on-device and shared on-device. Once you share a PDF through your device's native share sheet, the privacy and security of the file are governed by the destination application or service you select (e.g., your email provider, messaging app, cloud storage), not by Field Ledger.
2.13 Subscription and Payment Data: When you subscribe to Field Ledger Pro through our web checkout, payment processing is performed by Stripe (see Section 6). Stripe collects your name, email address, billing address, and payment method tokens directly through their secure checkout interface. Field Ledger does not receive or store raw payment card numbers. We receive only the tokens and metadata Stripe returns to us (card brand, last four digits, expiration date, billing country) so we can identify your subscription, surface upcoming-renewal information in the App, and respond to billing questions. Mobile in-app subscriptions purchased through the Field Ledger Android or iOS app are processed by Google Play or Apple under their respective billing systems; Field Ledger does not receive your payment details from these channels. Subscription status (active, trialing, past-due, canceled) is synced to your account regardless of which billing channel you used, so your Pro features remain consistent across devices.
3. How We Use Your Information
- To provide and operate the App and sync your data across devices.
- To enable voice-to-text dictation via your device's on-device speech engine (no audio is stored or transmitted — see Section 2.4).
- To monitor App stability, diagnose crashes, detect fraud or abuse, and protect the security and integrity of the App and our users' data (processed via PostHog).
- To analyze feature usage in aggregate to improve the App (e.g., which features are most used, where users encounter errors).
- To send you email communications including product updates, new feature announcements, educational content, exclusive promotions, and feedback requests related to Field Ledger.
- To send SMS notifications (appointment reminders, payment follow-ups) to phone numbers you enter in the App, on your behalf.
- To send you promotional text messages if you have opted in via the SMS consent checkbox on our Site.
- To analyze Site traffic and marketing campaign performance using anonymized and aggregated data.
- We do not sell or share your personal information with third parties for their own marketing purposes.
- We do not use your data for third-party advertising or cross-app behavioral tracking.
4. Cookies & Tracking Technologies
Our Site and App use the following tracking technologies:
- Essential cookies: Required for the Site to function.
- Site Analytics: Vercel Analytics may collect anonymized page view data including page URL, referrer, browser type, and device type. No personally identifiable information is collected through Site analytics.
- App Analytics & Security Monitoring: The App uses PostHog to collect event-level usage data (feature interactions, errors, crash reports, and other diagnostic signals) for product improvement, stability monitoring, and security/fraud prevention. PostHog is configured to respect Do Not Track signals and does not use cross-app tracking. This data is never used for advertising.
- UTM parameters: We capture marketing attribution data (utm_source, utm_campaign) from URLs at the time of newsletter signup. This data is stored with your contact record in our email marketing platform.
You can manage your cookie preferences at any time using the cookie consent banner on our Site or by adjusting your browser settings. In the App, you can opt out of non-essential analytics in Settings.
5. Data Storage & Security
Your App data is stored securely using Supabase (PostgreSQL), hosted on AWS infrastructure. All data is encrypted in transit (TLS) and at rest. Access is protected by JWT authentication and Row Level Security — only you can access your data. Your newsletter and marketing data is stored securely by MailerLite, which maintains SOC 2 Type II compliance and encrypts data in transit and at rest.
6. Third-Party Services
We use the following third-party service providers to operate the App and Site:
- Supabase (database and authentication) — supabase.com/privacy
- Twilio (SMS notifications) — twilio.com/legal/privacy
- Stripe (payment processing for web subscriptions) — stripe.com/privacy. Stripe processes your name, email address, billing address, and payment method tokens (we never receive or store raw card numbers) for the purpose of charging your subscription and performing fraud detection. Stripe is a PCI-DSS Level 1 certified processor and acts as an independent data controller for its fraud-prevention purposes. Mobile in-app subscriptions, by contrast, are processed by Google Play or Apple under their respective billing systems.
- RevenueCat (subscription management for Apple and Google in-app purchases) — revenuecat.com/privacy. RevenueCat receives anonymized app user identifiers and Apple App Store / Google Play in-app-purchase receipts to provide cross-platform subscription state to the App (so your Pro features stay consistent across devices). RevenueCat does not receive your job data, client records, photos, signatures, or other content. See Section 6's "Sub-Processor Retention After Account Deletion" subsection below for retention details.
- Cloudflare Turnstile (bot protection) — cloudflare.com/privacypolicy
- MailerLite (email marketing and newsletter management) — mailerlite.com/legal/privacy-policy
- Resend (transactional email delivery) — resend.com/legal/privacy-policy. Resend delivers transactional emails such as account notices, trial expiry warnings, password resets, and account-deletion confirmations. Resend processes the recipient email address and message content solely to deliver the email on our behalf and is contractually prohibited from using this data for its own purposes. Marketing emails and newsletters are handled separately by MailerLite (see above), not by Resend.
- Vercel (website hosting and Web Analytics) — vercel.com/legal/privacy-policy. Vercel Web Analytics collects aggregate, anonymous pageview and visitor information about the field-ledger.com Site (no cookies, no cross-site tracking, no personal identifiers). This data is used solely to understand which content and pages are useful to visitors.
- PostHog (product analytics, security monitoring, and crash diagnostics for the App) — posthog.com/privacy. PostHog is hosted on PostHog Cloud US and acts as a Service Provider under CCPA/CPRA and a Data Processor under GDPR. PostHog processes App usage events on our behalf solely to provide us with product analytics and security monitoring, and is contractually prohibited from selling, sharing, or using this data for its own purposes. PostHog does not receive your Job & Business Data, client records, or voice/audio content.
- Anthropic, PBC (cloud-based AI text generation for "Work Description" feature only) — anthropic.com/legal/privacy. Anthropic acts as a Service Provider under CCPA/CPRA. Per our commercial agreement, customer inputs and outputs sent to the Claude API are not used to train Anthropic's models. Anthropic processes data solely to return the requested completion to the App and does not have rights to use this data for its own purposes. Only data you explicitly trigger by tapping the AI generation button is sent.
- Qwen (on-device only) — The Qwen language model used for "Field Intelligence" briefings runs locally on your device. No prompt data, no inference output, and no model weights are transmitted to Alibaba Cloud, Anthropic, Google, or any other external server during normal use of this feature.
These service providers process your data solely on our behalf and are contractually prohibited from using it for their own purposes.
Sub-Processor Retention After Account Deletion
When you delete your Field Ledger account, we cascade deletion across our sub-processors. Most vendors purge your data within 30 days. Two sub-processors retain a limited set of metadata after deletion, governed by their own privacy policies and our Data Processing Addendums with them:
- RevenueCat (in-app purchase management) retains the linkage between your app user ID and your Apple App Store or Google Play in-app-purchase receipt. This linkage is required to honor refund and re-entitlement requests under Apple and Google policies. RevenueCat's privacy policy: https://www.revenuecat.com/privacy
- Resend (transactional email) retains email-delivery metadata — your email address and message logs for receipts and account notifications previously sent — for the period required by Resend's standard data-retention schedule. Resend's privacy policy: https://resend.com/legal/privacy-policy
To request access to or deletion of the data these sub-processors retain about you, contact each vendor directly using the process listed in their privacy policy.
7. California Privacy Rights (CCPA/CPRA)
Categories of Personal Information Collected: In the last 12 months, Field Ledger has collected the following categories of personal information from California residents:
- Identifiers: email address, account login, device identifiers including Android Advertising ID (AAID, not used for advertising — see Section 2.6)
- Customer Records: your self-entered client names, addresses, and phone numbers stored in the App
- Commercial Information: job records, invoice history, materials costs, payment records, Verification Report checklists you complete, and work orders or service agreements you upload
- Internet or Network Activity: App usage events, feature interactions, crash diagnostics (processed by PostHog)
- Geolocation Data: coarse and (if you grant permission) precise location data, used to trigger geofence-based App features such as job-site detection and pre-loading of relevant briefings (see Section 2.9). Geolocation is processed for utility-function triggers, not for tracking, profiling, or surveillance.
- Audio/Visual Information: photos you attach to jobs, including equipment nameplate photographs captured as part of Verification Reports, and signature images captured via the in-app signature pad (customer signatures and technician signatures). Voice data from the dictation feature is processed on-device only and is never collected, stored, or transmitted by Field Ledger (see Section 2.4).
- AI Inputs and Outputs: when you use the cloud-based "Work Description" feature, the job notes you choose to send and the AI-generated description returned are processed by Anthropic as our Service Provider (see Section 2.8 and Section 6). On-device "Field Intelligence" inputs and outputs are not collected by Field Ledger.
- Inferences: none. We do not build consumer profiles or infer characteristics.
App Store Privacy Disclosure Mapping
For audit-readiness, the table below maps each Field Ledger data category above to the corresponding Apple App Privacy Details category and Google Play Data Safety category. Categories not declared in either store are not collected by Field Ledger (e.g., voice/audio is processed on-device only — see Section 2.4 — and is therefore not declared).
| Field Ledger Data | Apple App Privacy Details | Google Play Data Safety |
|---|---|---|
| Email, account login | Contact Info: Email Address | Personal info: Email address |
| Android Advertising ID (AAID) | Identifiers: Device ID | Device or other IDs |
| Customer records (names, addresses, phone numbers you enter) | Contact Info: Name, Phone Number, Physical Address | Personal info: Name, Phone number, Address |
| Job records, invoices, materials, Verification Reports, uploaded documents | User Content: Other User Content | Files and docs |
| Photos (job photos, nameplate photos) | User Content: Photos or Videos | Photos and videos |
| Signature images (in-app signature pad) | User Content: Other User Content | Photos and videos |
| Location (coarse + optional precise) | Location: Coarse Location, Precise Location | Location: Approximate location, Precise location |
| App usage events, crash diagnostics (PostHog) | Diagnostics: Crash Data, Performance Data; Usage Data: Product Interaction | App info and performance: Crash logs, Diagnostics; App activity: App interactions |
| AI inputs/outputs (Anthropic Claude — Work Description feature) | User Content: Other User Content | Files and docs |
| Subscription / payment metadata (Stripe tokens, IAP receipts via RevenueCat) | Purchases; Financial Info: Payment Info | Financial info: Purchase history, Other financial info |
If you are a California resident, you have the right to:
- Know what personal data we collect, the purposes for which it is used, and which third parties receive it.
- Request access to your personal data in a portable format.
- Request correction of inaccurate personal data.
- Request deletion of your personal data, subject to certain legal exceptions.
- Limit the use and disclosure of Sensitive Personal Information.
- Opt out of the sale or sharing of personal data. We do not sell or share your personal information.
- Not be discriminated against for exercising any of these rights.
To exercise any of these rights, contact us at hello@field-ledger.com. We will respond to verifiable requests within 45 days.
8. Do Not Sell or Share My Personal Information
Field Ledger does not sell your personal information to third parties, nor do we share your personal information with third parties for cross-context behavioral advertising. Because we do not engage in these activities, no opt-out mechanism is required. However, if you have concerns about your data, you may contact us at hello@field-ledger.com at any time.
9. Email & SMS Marketing
When you sign up through our Site, you will receive email communications from Field Ledger including product updates, feature announcements, educational content, exclusive promotions, and feedback requests. You may unsubscribe from marketing emails at any time by clicking the "unsubscribe" link in any email.
If you opted in to receive SMS marketing messages, you may revoke consent at any time by replying STOP to any message, or by contacting us at hello@field-ledger.com.
10. SMS Messaging Data
This section applies when you, as a Field Ledger user, use the App's SMS notification feature to send messages to your own clients (e.g., appointment reminders, payment follow-ups, on-the-way notifications). This data flow is distinct from the SMS marketing messages Field Ledger sends to you, which are covered in Section 9.
Data Processed. When you use Field Ledger to send SMS to your clients, the following data is processed:
- Your business name (from your Field Ledger account settings)
- Your client's phone number (which you provide)
- Your client's name (which you provide)
- The message content (templated by Field Ledger or composed by you)
Sub-Processor. We use Twilio Inc. (twilio.com/legal/privacy) as our SMS delivery provider. Your clients' phone numbers and message contents are transmitted to Twilio for the sole purpose of message delivery. Twilio processes this data as a sub-processor under its own privacy policy and under our contractual agreement with Twilio, and is contractually prohibited from using your clients' data for its own purposes.
Retention. We retain consent records (including phone numbers, timestamps, and consent state transitions) and message delivery logs (including message IDs and recipient phone numbers) for as long as your Field Ledger account is active, and for a reasonable period thereafter as required for legal compliance with applicable telecommunications regulations including the Telephone Consumer Protection Act (TCPA, US) and, for messages sent to Canadian recipients, Canada's Anti-Spam Legislation (CASL).
Recipient Opt-Out. Your clients may opt out of SMS messages at any time by replying STOP to any message they receive. We honor opt-out requests immediately and permanently across all message types from your account to that recipient. As the sender, you remain responsible for compliance with the TCPA, CASL (for Canadian recipients), and other applicable telecommunications laws (see Section 6 of our Terms of Service).
11. Data Retention & Deletion
We retain your newsletter and marketing data for as long as necessary to fulfill the purposes described in this policy, or until you request deletion. You may delete your account at any time by contacting us. We will process deletion requests within 30 days; we will delete the personal data we hold about you, subject to the limited sub-processor retentions described in the Sub-Processor Retention After Account Deletion section above.
12. Children's Privacy
Field Ledger is intended for use by adults (18+) and business professionals. We do not knowingly collect data from children under 13. If we learn that we have collected information from a child under 13, we will delete it promptly.
13. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify users of material changes via the App, email, or by posting a notice on our Site. Your continued use of our services after changes are posted constitutes acceptance of the updated policy.
14. Contact
Field Ledger (DBA)
1575 Westwood Blvd. Suite 302
Los Angeles, CA 90024
Email: hello@field-ledger.com