Skip to content
DutyProof
Legal

Privacy Policy

Last updated: March 2026

This Privacy Policy explains how DutyProof ("we," "us," or "our") collects, uses, and protects information when you use our fire watch compliance platform ("Service"). Please read this policy before using the Service.

1. Information We Collect

Account Information

When you create an account, we collect your email address and password (stored as a secure hash). We use this to authenticate you and communicate with you about your account.

Job Site and Watch Data

You provide job site names, locations, and other descriptive information when setting up fire watches. This information is stored and associated with your account to generate compliance records.

Worker Information

You provide the name of the fire watch worker assigned to each watch. If you choose to enable optional SMS delivery, you also provide the worker's mobile phone number. This information is stored with the watch record and included in compliance reports.

Check-In Data

When a worker completes a check-in via the check-in link (delivered by QR code, copied link, or optional SMS), we capture:

  • A server-side timestamp at the moment the check-in is recorded
  • The worker's GPS coordinates, if location permission is granted by the worker's device
  • SMS delivery status from our SMS provider (if SMS delivery was enabled)

GPS coordinates are used solely to verify the worker's location at the time of check-in and are included in compliance reports. Location is captured only at the moment of check-in — we do not track worker location continuously.

Supervisor / Escalation Contacts

If you choose to configure optional SMS escalation alerts, you provide a supervisor's phone number. This number is used only to send missed check-in alert messages and is not used for any other purpose.

Payment Information

Payment is processed by Stripe. We do not store your full credit card number, CVV, or payment card data on our servers. We store only the billing details Stripe provides for subscription management (last 4 digits, expiry, billing email).

2. How We Use Your Information

  • To operate the Service: authenticate users, generate and deliver check-in links (via QR code, copied link, or optional SMS), record check-in events, and generate compliance reports
  • To send missed check-in escalation alerts to designated supervisors
  • To generate and store PDF compliance reports on your behalf
  • To process billing and manage your subscription
  • To communicate with you about your account, billing, and material service changes
  • To investigate and resolve technical issues

We do not sell your data. We do not use your data for advertising. We do not share personally identifiable information with third parties except as described in this policy.

3. SMS Messaging (Optional)

SMS messaging is an optional delivery channel — it is not required to use DutyProof. Check-in links can also be delivered via QR code or copied link. When a supervisor enables optional SMS delivery, worker phone numbers are used exclusively to deliver fire watch check-in links via text message. Supervisor phone numbers, when provided, are used exclusively to deliver missed check-in alert messages.

SMS is only sent when a supervisor explicitly enables it and the recipient has provided affirmative consent. These are transactional messages directly related to the service the account administrator has configured.

Message and data rates may apply to recipients based on their carrier plan. Recipients may reply STOP at any time to opt out of SMS messages. If a worker or supervisor believes they are receiving messages in error, they should contact the account administrator or contact us.

4. Third-Party Service Providers

We use the following third-party services to operate DutyProof:

Supabase

Our database and authentication provider. All application data — accounts, job sites, watches, check-in records — is stored in Supabase-hosted infrastructure.

Twilio

Our SMS delivery provider. When optional SMS delivery is enabled, worker and supervisor phone numbers are transmitted to Twilio for the purpose of sending check-in and escalation messages.

Stripe

Our payment processor. Stripe handles all payment card data. DutyProof does not store full card numbers or CVVs.

Resend

Our email delivery provider. Used to deliver contact and walkthrough form submissions. No personal data beyond submitted form content is shared.

We do not share your data with any other third parties except as required by law.

5. Data Security

We apply row-level security (RLS) policies at the database level to ensure each account can only access its own data. Check-in records are write-once — once created, they cannot be edited or deleted, ensuring the integrity of compliance records.

All data is transmitted over HTTPS. Passwords are hashed using industry-standard algorithms and are never stored in plaintext. Despite these measures, no system is 100% secure. We encourage you to use a strong, unique password for your account.

6. Data Retention

We retain your data for the life of your account. If you cancel your subscription, your compliance records and PDF reports remain accessible for 12 months from the date of cancellation, after which your data is permanently deleted.

If you request account deletion before the 12-month period, we will delete your data within 30 days of the request, except where retention is required by law.

7. Worker and Third-Party Data

Customers are responsible for ensuring they have the necessary rights and permissions to provide personal data for workers, supervisors, and other recipients entered into DutyProof. If optional SMS delivery is enabled, each SMS recipient must provide their own affirmative consent before messages are sent to their number.

DutyProof does not sell, rent, or share phone numbers collected for SMS messaging with third parties for their own marketing purposes.

8. Your Rights

You may access, export, or request deletion of your data at any time by contacting us. PDF compliance reports can be downloaded directly from the Service at any time while your account is active.

If you are a resident of California, the European Union, or another jurisdiction with applicable privacy rights, you may have additional rights under laws such as the CCPA or GDPR. Contact us to exercise these rights.

9. Cookies

We use only essential session cookies required to keep you authenticated while logged in. We do not use advertising, tracking, or analytics cookies. We do not use third-party tracking pixels.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page and notify active subscribers by email before material changes take effect.

11. Contact

DutyProof is a product of Gurfinkel Ventures LLC. Questions about this policy or requests related to your data? Contact us.