Privacy Policy

Effective Date: February 20, 2026

PoolRoute Ops ("Company", "we", "us", or "our") operates the PoolRoute Ops platform ("Service"). This Privacy Policy explains how we collect, use, share, and protect information when you use our Service.

1. Information We Collect

Information You Provide

• Account information: Name, email address, phone number, company name, and role when you create an account.
• Business data: Customer records, property details, job information, invoices, quotes, purchase orders, inventory, and other operational data you enter into the Service.
• Payment information: When you or your customers make payments, payment details are processed by our third-party payment processor (CardConnect). We do not store raw credit card numbers.
• Communications: Messages you send through the Service (e.g., customer emails, SMS via Twilio).

Information Collected Automatically

• Usage data: Pages visited, features used, timestamps, and device/browser information.
• Log data: IP addresses, request IDs, and error logs for security and troubleshooting.

Information from Third-Party Integrations

• When you connect QuickBooks Online, we access customer records, invoices, and related financial data via the QuickBooks API to enable two-way sync.
• We only access data within the scopes you explicitly authorize.

2. How We Use Your Information

• To provide, operate, and improve the Service.
• To process payments and sync financial data with connected integrations.
• To send transactional communications (e.g., login links, invoice emails, daily summaries).
• To monitor system health, detect errors, and prevent fraud.
• To provide customer support.
• To comply with legal obligations.

3. How We Share Your Information

We do not sell your personal information. We share data only in the following circumstances:

• Service providers: We use third-party services to operate the platform, including MongoDB (database hosting), SendGrid (email), Twilio (SMS), CardConnect (payment processing), and Intuit QuickBooks (accounting sync). These providers access data only as needed to perform their services.
• With your authorization: When you connect a third-party integration (e.g., QuickBooks), data is shared per your authorization and the integration's scope.
• Legal requirements: We may disclose data if required by law, regulation, legal process, or governmental request.
• Business transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of the transaction.

4. Data Security

• Sensitive credentials (API tokens, OAuth refresh tokens) are encrypted at rest using AES-256-GCM.
• All data is transmitted over HTTPS/TLS.
• Access to production systems is restricted to authorized personnel.
• Audit logs track financial actions, login events, and administrative changes.
• Secrets and credentials are never written to application logs.

5. Data Retention

• Your business data is retained for as long as your account is active.
• After account termination, data is retained for a reasonable period to allow export, then deleted.
• Integration event logs (webhook payloads, sync records) are retained for 90 days and then automatically purged.
• Audit logs are retained for the life of the account.

6. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access, correct, or delete your personal information.
• Export your data in a machine-readable format.
• Withdraw consent for optional data processing.
• Object to or restrict certain processing activities.

To exercise these rights, contact us at privacy@poolrouteops.com.

7. QuickBooks Integration

When you connect your QuickBooks Online account:

• We access data only within the authorized scopes (accounting data for customer and invoice sync).
• OAuth tokens are encrypted at rest and refreshed automatically.
• You can disconnect QuickBooks at any time from Settings, which revokes our access and deletes stored tokens.
• We do not use QuickBooks data for any purpose other than providing the sync features you have enabled.

8. Customer Portal

Your customers may access a portal to view invoices and manage payment methods. Portal access uses time-limited, single-use authentication tokens. We collect minimal data from portal users (email for authentication, invoice viewing activity).

9. Cookies and Tracking

We use session cookies to maintain authentication state. We do not use third-party advertising trackers. Analytics, if enabled, are used solely to improve the Service.

10. Children's Privacy

The Service is not directed to children under 13. We do not knowingly collect information from children.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or in-app notification. The "Effective Date" at the top indicates the latest revision.

12. Contact Us

For questions about this Privacy Policy:

• Email: privacy@poolrouteops.com
• Web: poolrouteops.com