Privacy Policy

1. Information We Collect

1.1 Information You Provide

Account and Company Information (from Customers and Admin Users):

• Company name, business address, and industry type
• Admin User name, work email address, and phone number
• Billing information (processed and tokenized by Stripe — we do not store full card numbers)
• License key and subscription details

Worker Profile Information (provided by Admin Users or Workers):

• Full name
• Mobile phone number (used for OTP authentication)
• Job role and trade type
• Assigned job sites and crew

Job and Site Data (created by Admin Users):

• Job site name, address, and description
• Geofence radius and boundary polygon
• Job start and end dates, priority, and trade type
• Notes and instructions from supervisors

Time Entry Data (submitted by Field Workers):

• Clock-in and clock-out timestamps
• Break start and end timestamps (including break type: break or lunch)
• Optional worker notes attached to time entries
• Device OS and device identifier (for audit trail purposes)

Messages (sent by any Authorized User):

• Message body, sender identity, and timestamp
• Job-thread association

1.2 Location Data

What we collect: When a Field Worker initiates a clock-in or clock-out event through the Geowork app, we capture the device's GPS coordinates at the moment of that event. This includes latitude, longitude, and GPS accuracy in meters.

When we collect it: GPS coordinates are captured only at the moment of a clock-in or clock-out action. We do not continuously track worker location throughout a shift. We do not collect location data when a worker is clocked out.

How it is used: GPS data is used to:

• Verify that a worker is within the geofenced boundary of an assigned job site
• Generate a verified arrival record (timestamp + GPS coordinates) for payroll and compliance purposes
• Display worker locations on the supervisor map dashboard to Admin Users

Who can see it: GPS data is visible to Admin Users of the Customer account that invited the worker. Geowork personnel may access GPS data for support or debugging purposes under strict internal access controls.

1.3 Automatically Collected Information

When you use the Service or visit geowork.app, we may automatically collect:

• IP address and general geographic region (not precise location)
• Browser type and version
• Device type and operating system
• Pages visited and actions taken within the Service
• Session duration and usage patterns

This information is used for security monitoring, product improvement, and diagnosing technical issues. It is not used to build advertising profiles.

1.4 Information from Third Parties

We receive limited information from third-party services to operate the platform:

• Stripe: Transaction status, subscription status, and payment method type (e.g., Visa ending in 4242). We do not receive full card numbers.
• Twilio: Delivery status of SMS verification messages. We do not receive the content of messages sent by workers through the SMS channel.

2. How We Use Your Information

We use collected information for the following purposes:

2.1 Providing the Service

• Authenticating users via phone OTP
• Recording and displaying time entries and GPS-verified arrivals
• Generating payroll-ready time reports and exports
• Enabling job-scoped messaging between dispatch and field workers
• Powering the Ask AI feature using job and time data as context

2.2 Billing and Account Management

• Processing subscription payments through Stripe
• Sending billing receipts and renewal notices
• Handling subscription upgrades, cancellations, and refund requests

2.3 Security and Fraud Prevention

• Detecting unauthorized access attempts
• Preventing abuse of the demo or invitation system
• Maintaining the integrity of the append-only time entry ledger

2.4 Product Improvement

• Understanding how features are used to prioritize development
• Diagnosing and fixing bugs and performance issues

We do not use your information to:

• Sell advertising or show you targeted ads within the Service
• Sell or rent your data to third parties
• Build behavioral profiles for use outside the Service
• Train AI models on your Customer Data without your explicit consent

3. How We Share Your Information

3.1 Within Your Organization

Customer Data — including worker profiles, time entries, GPS records, and messages — is shared among Authorized Users within your Customer account according to their role. Admin Users have full visibility. Field Workers have visibility limited to their own time records and job-scoped messages.

3.2 Service Providers (Sub-processors)

We share limited data with third-party service providers who process data on our behalf:

All sub-processors are bound by data processing agreements that restrict their use of your data to the purposes specified above.

3.3 Legal Requirements

We may disclose information if required by applicable law, court order, or government authority, or where we believe disclosure is necessary to protect the safety of any person, prevent fraud, or enforce our Terms of Service.

3.4 Business Transfers

If Geowork is acquired by or merged with another company, Customer Data may be transferred as part of that transaction. We will notify affected Customers by email at least 30 days in advance and provide the option to export or delete their data.

3.5 Aggregate and De-identified Data

We may use aggregate, de-identified, or anonymized information (e.g., "construction companies in our platform average X clock-ins per week") for benchmarking, marketing, and product research. Such data cannot reasonably be used to identify any individual or company.

4. GPS and Location Data — Additional Details

Because Geowork handles GPS location data that relates to worker whereabouts, we provide additional transparency about our practices in this area.

4.1 When Location Is Captured

GPS coordinates are captured at discrete clock events only. The sequence is:

1. Worker initiates "Clock In" in the app
2. The browser requests device GPS coordinates via the standard Geolocation API
3. Coordinates are sent to Geowork's servers at the moment of the clock-in request
4. Coordinates are stored with the time entry record
5. No further location data is collected until the next clock event

4.2 When Location Is Not Captured

Geowork does not capture location data:

• When a worker is clocked out
• When a worker is on a break recorded in the system
• When the Geowork app is not actively being used
• Through background location services

4.3 Geofence Processing

Job site geofences are stored as geographic boundaries in our database. When a worker submits a clock-in, we compare their GPS coordinates against the job site boundary using a PostGIS spatial query. No geofence boundary data is sent to or processed by a third party.

4.4 Accuracy Limitations

Device GPS accuracy varies based on hardware, signal conditions, and environment (e.g., accuracy is typically lower indoors or in dense urban areas). Geowork records the GPS accuracy value (in meters) reported by the device alongside each location capture so that supervisors and workers can assess reliability.

4.5 Retention of Location Data

GPS coordinates associated with time entries are retained for the life of the Customer account plus 30 days after account termination. Workers may request a copy of their own location records by contacting their employer (the Customer) or emailing us at privacy@geowork.app.

4.6 State-Specific GPS Tracking Notice

GPS tracking laws vary by state. In states including California, employers may be required to obtain affirmative employee consent before using GPS tracking tools in the workplace. Customers are solely responsible for compliance with applicable state and local laws governing employee monitoring and GPS tracking. Geowork recommends providing written disclosure to workers prior to onboarding them to the platform.

5. Data Retention

When a Customer cancels their subscription, all Customer Data is accessible for export for 30 days following cancellation, after which it is permanently deleted from active systems. Backup systems purge the data within 90 days.

Billing records are retained for 7 years as required for tax compliance regardless of account status.

6. Data Security

Geowork implements technical and organizational measures to protect Customer Data, including:

• Encryption in transit: All data transmitted between your device and Geowork servers is encrypted using TLS 1.2 or higher.
• Encryption at rest: Customer Data stored in our database is encrypted at rest.
• Multi-tenant isolation: Each Customer account is isolated by a company identifier enforced at the database query level and through row-level security policies.
• Access controls: Geowork personnel access to Customer Data is restricted by role and logged. Production database access requires multi-factor authentication.
• Append-only ledger: Time entries cannot be deleted or modified, providing tamper resistance for payroll records.
• OTP authentication: Field Workers authenticate via one-time passcode delivered by SMS, reducing risk from credential theft.

No security system is perfect. We cannot guarantee absolute security, and we encourage Customers to use strong passwords, monitor account activity, and promptly report any suspected security incidents to security@geowork.app.

In the event of a data breach that affects your Customer Data, we will notify affected Customers as required by applicable law, and no later than 72 hours after we become aware of the breach.

7. Your Rights

7.1 Customer Rights

As a Customer (company account holder), you have the right to:

• Access: Request a copy of all Customer Data associated with your account
• Export: Export time records, GPS logs, and worker data in CSV format at any time
• Correction: Update company and admin user information within Account settings
• Deletion: Request deletion of your account and all associated Customer Data
• Portability: Receive Customer Data in a structured, machine-readable format

7.2 Field Worker Rights

If you are a Field Worker, your employer (the Customer) controls your data within the Geowork platform. You have the right to:

• Request a copy of your own time entries and GPS records from your employer
• Request correction of inaccurate records through your employer
• Contact us directly at privacy@geowork.app if you believe your data has been misused or if you have concerns about how your location data is being handled

7.3 California Residents (CCPA)

California residents have additional rights under the California Consumer Privacy Act (CCPA), as amended by the CPRA:

• Know: What personal information we collect and how it is used
• Delete: Request deletion of personal information we hold about you
• Opt-out: We do not sell personal information, so no opt-out is required for sales
• Non-discrimination: We will not discriminate against you for exercising your rights

California residents may submit rights requests to privacy@geowork.app. We will respond within 45 days.

7.4 How to Submit Requests

To exercise any of the rights above, contact us at:

• Email: privacy@geowork.app
• Subject line: "Privacy Rights Request — [Your Name or Company]"

We will verify your identity before processing requests that involve accessing or deleting data. For Field Worker requests, we may require employer verification.

8. Cookies and Tracking

Geowork uses cookies and similar technologies on geowork.app for the following purposes:

Geowork does not use advertising or tracking cookies. We do not integrate with Facebook Pixel, Google Ads, or other advertising networks.

You can control cookie preferences through your browser settings. Disabling strictly necessary cookies will prevent the Service from functioning correctly.

9. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from anyone under 18. If you believe a minor has provided personal information through the Service, contact us at privacy@geowork.app and we will promptly delete that information.

10. International Users

Geowork is operated from the United States. Customer Data is stored on servers located in the United States. If you access the Service from outside the United States, you consent to the transfer and processing of your information in the United States.

For Customers in the European Economic Area (EEA) or United Kingdom, we rely on the following legal bases for processing personal data:

• Contract: Processing necessary to provide the Service under our Terms of Service
• Legitimate interests: Security monitoring, fraud prevention, and product improvement
• Consent: Where required by applicable law (e.g., certain cookie uses)

EEA and UK users may contact us at privacy@geowork.app regarding GDPR rights, including the right to lodge a complaint with a supervisory authority.

11. Third-Party Links

The Service may contain links to third-party websites or services (such as payroll integrations, help documentation hosts, or partner tools). We are not responsible for the privacy practices of third-party sites. We encourage you to review the privacy policies of any third-party services you use in connection with Geowork.

12. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify Admin Users by email at least 30 days before the changes take effect. The "Last Updated" date at the top of this Policy reflects the most recent revision.

Your continued use of the Service after the effective date of changes constitutes acceptance of the updated Policy. If you do not agree to material changes, you may cancel your Subscription before the changes take effect.

13. Contact Us

For privacy questions, rights requests, or data concerns:

GKTech Solutions, LLC
Privacy Officer
Email: privacy@geowork.app
Support: support@geowork.app
Website: geowork.app

For urgent security concerns:
Email: security@geowork.app