Welcome to the privacy policy of arborbuddy.com. This policy explains what data we collect, why we collect it, and what your rights are, specifically tailored for our B2B SaaS operations.
Owner and Data Controller
Types of Data Collected
- Account Data: Name, email, password hash, and company name.
- Business & Operational Data: Crew names, equipment, job schedules, client info, photos.
- Technical & Usage Data: IP addresses, browser types, interaction logs.
- Payment Data: Billing info processed via Stripe. We never store full card numbers.
Data Processing
ArborBuddy acts as a Data Processor for your business data. You remain the Data Controller for your client information. We do not sell or share your clients' personal data.
Authorized sub-processors: Supabase (database), Cloudflare (hosting, edge), Stripe (payments), Fireworks AI / OpenAI (AI features), Mapbox (mapping).
Data Security
All data encrypted in transit (TLS/SSL) and at rest. We will notify you of any breach per California Civil Code Section 1798.82.
Account Deletion
Delete your account anytime from Company Settings, or email [email protected]. Data permanently purged within 30 days.
Cookies
Strictly necessary cookies for authentication only. No advertising trackers. We use Cloudflare Turnstile (privacy-first CAPTCHA) without tracking cookies.
EU Users (GDPR)
You have the right to withdraw consent, object to processing, access your data, request rectification, restrict processing, request deletion, and data portability. Lodge complaints with your local data protection authority.
US State Privacy Rights
California (CCPA/CPRA), Virginia, Colorado, Connecticut, Utah, and others — you have the right to know, delete, and correct your personal information. ArborBuddy does not sell or share your data.