Privacy Policy

Welcome to PoolVerify. We are committed to protecting your personal information and your right to privacy. This Privacy Policy describes how PoolVerify ("we," "us," or "our") collects, uses, and shares your personal information when you use our pool inspection software and services.

PoolVerify operates from Israel and provides services primarily to pool inspectors in California, USA. If you have any questions or concerns about this policy or our practices regarding your personal information, please contact us at support@poolverify.io.

California Residents: This Privacy Policy includes specific provisions for California residents in compliance with the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA). See the "California Privacy Rights" section below.

We collect information that you provide directly to us, information we obtain automatically when you use our services, and information from third-party sources.

1.1 Information You Provide

• Account Information: Name, email address, company name, and payment information when you create an account.
• Inspection Data: Information you enter while conducting inspections, including client names, property addresses, inspection notes, photos, and assessment data.
• Client Data: Information about your clients, such as names, email addresses, phone numbers, and property details.
• Communications: Messages and information you send to us, including support requests and feedback.
• Profile Information: Your company logo, branding preferences, and customized inspection templates.

1.2 Information Collected Automatically

• Usage Data: Information about how you use our services, including pages visited, features used, and time spent.
• Device Information: Browser type, operating system, IP address, and device identifiers.
• Log Data: Server logs that include IP addresses, access times, and pages viewed.
• Cookies: We use essential cookies for authentication and session management. See our "Cookies" section below.

1.3 Information from Third Parties

We receive information from our service providers:

• Clerk (Authentication): Account authentication data and login activity.
• Polar.sh (Payments): Subscription status and billing information (we do not store payment card details).
• Supabase (Database): Hosts our database infrastructure.

We use the information we collect for the following purposes:

• Provide, operate, and maintain our pool inspection software
• Process your inspections and generate PDF reports
• Manage your account and subscription
• Process payments and billing
• Send you service updates, technical notices, and support messages
• Respond to your comments, questions, and customer service requests
• Improve and personalize our services
• Monitor and analyze usage patterns and trends
• Detect, prevent, and address technical issues and security threats
• Comply with legal obligations, including California pool inspection regulations
• Enforce our Terms of Service and protect our rights

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Our retention periods are enforced through automated daily cleanup processes.

• Active Accounts: We retain your data while your account is active.
• Inspection Data: Completed inspections are retained for 7 years for compliance purposes. Cancelled or failed inspections are automatically deleted after 1 year. You can manually delete inspections at any time.
• Financial Records: Retained for 7 years to comply with tax and accounting requirements.
• Activity Logs: Automatically deleted after 90 days for security and troubleshooting purposes.
• Notifications: Automatically deleted after 1 year.
• Privacy Requests: Completed requests are retained for 3 years for audit purposes, then automatically deleted.
• Consent Records: Revoked consent records are retained for 3 years for audit purposes, then automatically deleted.
• Team Invitations: Expired invitations are automatically deleted.
• After Individual Account Deletion: Upon individual account deletion, we permanently delete your personal data immediately, including all your inspections, photos, and activity logs. Financial records are retained for 7 years for legal compliance.
• After Organization Deletion: When an organization owner requests organization deletion, we permanently delete all team member accounts (including their login credentials with our authentication provider), all inspections, photos, client data, subscription data, and all activity logs for all team members. All team members will lose access immediately. Financial records are retained for 7 years for legal compliance.

Automated Data Retention: Our systems automatically enforce these retention periods through daily scheduled cleanup processes. You do not need to manually request deletion of old data.

We do not sell your personal information. We share your information only in the following circumstances:

4.1 Service Providers

We share information with trusted third-party service providers who help us operate our services:

• Clerk: Authentication and user management (Data Processing Agreement in place)
• Supabase: Database hosting and file storage (Data Processing Agreement in place)
• Polar.sh: Payment processing and subscription management (PCI DSS compliant, acts as Merchant of Record)
• Resend: Email delivery for inspection reports and notifications
• Vercel: Application hosting and content delivery

All service providers are contractually obligated to protect your data and use it only for the purposes we specify.

4.2 Legal Requirements

We may disclose your information if required by law or in response to valid legal processes, such as:

• Subpoenas or court orders
• Legal proceedings or investigations
• To protect our rights, property, or safety
• To enforce our Terms of Service
• To comply with California pool inspection regulations (BPC §7195, HSC §115922)

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. We will notify you via email of any such change in ownership.

We implement reasonable security measures to protect your personal information from unauthorized access, disclosure, alteration, and destruction:

• Encryption: Data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption.
• Authentication: Secure authentication via Clerk with password hashing and session management.
• Access Controls: Multi-tenant isolation using Row-Level Security (RLS) policies in our database.
• Secure Storage: Inspection photos are stored in private buckets with access controls.
• Regular Updates: We keep our systems and dependencies up to date with security patches.
• Input Validation: All user inputs are sanitized to prevent injection attacks.
• Monitoring: We monitor for suspicious activity and security threats.

Important: While we strive to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

You have the following rights regarding your personal information:

• Access: You can access your personal information through your account dashboard or request a complete data export.
• Correction: You can update your account information and inspection data at any time through your account settings.
• Deletion: You can delete your individual account through the Privacy Dashboard. Organization owners can delete the entire organization, which will permanently delete all team member accounts (including login credentials) and all associated data. Deletion is permanent and immediate.
• Export: You can download a complete copy of all your data in machine-readable JSON format through the Privacy Dashboard.
• Opt-Out: You can opt out of marketing communications (though we rarely send them) and manage cookie preferences through our cookie consent banner.

Alternatively, you can contact us at support@poolverify.io. We will respond to your request within 45 days.

For California Residents: This section provides additional information about the personal information we collect from California residents and their privacy rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA).

7.1 Categories of Personal Information

We collect the following categories of personal information as defined by the CCPA:

• Identifiers: Name, email address, IP address, account username
• Commercial Information: Subscription records, payment history, purchase history
• Internet Activity: Browsing history, usage data, log files
• Professional Information: Company name, inspector license number (if provided)
• Geolocation Data: General location (city/state) derived from IP address
• Inferences: Usage patterns and preferences derived from your activity

7.2 Your California Privacy Rights

California residents have the right to:

1. Right to Know: Request disclosure of the personal information we collect, use, and share about you.
2. Right to Delete: Request deletion of your personal information, subject to certain exceptions.
3. Right to Correct: Request correction of inaccurate personal information.
4. Right to Opt-Out: We do not sell or share your personal information, so no opt-out is necessary.
5. Right to Limit: Request limits on the use of sensitive personal information (not applicable to our services).
6. Right to Non-Discrimination: You will not receive discriminatory treatment for exercising your privacy rights.

7.3 We Do Not Sell Your Personal Information

Important: We do not sell or share your personal information with third parties for monetary or other valuable consideration. We have not sold personal information in the past 12 months.

7.4 How to Exercise Your Rights

California residents can exercise their privacy rights in two ways:

7.5 Verification Process

To protect your privacy, we must verify your identity before fulfilling your request. We will ask you to:

• Provide your email address associated with your account
• Confirm account details (such as company name or recent inspection information)
• If requesting deletion, confirm via email that you want to proceed with account deletion

We will respond to verified requests within 45 days.

7.6 Authorized Agents

California residents may designate an authorized agent to make privacy requests on their behalf. Authorized agents must provide written authorization signed by you, and we may require you to verify your identity directly with us.

We use cookies and similar technologies to provide and improve our services. When you first visit our website, you will see a cookie consent banner that allows you to customize your preferences.

8.1 Cookie Categories

We use the following categories of cookies:

8.2 Cookie Consent Banner

When you first visit our website, you will see a cookie consent banner that allows you to:

• Accept all cookies
• Accept only necessary cookies
• Customize your cookie preferences by category
• Learn more about each cookie category

Your consent preferences are saved locally in your browser and in your account (if you're logged in). You can change your preferences at any time by clearing your browser's local storage or through the Privacy Dashboard in your account settings.

8.3 Managing Cookies

You can manage cookies in several ways:

• Cookie Consent Banner: Clear your browser's local storage to see the banner again and update preferences.
• Privacy Dashboard: Access Settings → Privacy & Data to manage your preferences (for logged-in users).
• Browser Settings: Configure cookie settings in your browser preferences. Note that disabling necessary cookies may prevent you from using our service.

Our services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately at support@poolverify.io, and we will delete it promptly.

PoolVerify operates from Israel and provides services to customers in California, USA. Your information is processed and stored in the United States through our service providers (Supabase, Vercel). By using our services, you consent to the transfer of your information to the United States.

Our U.S.-based service providers maintain appropriate security measures and data protection standards. All data is encrypted in transit and at rest.

Our services may contain links to third-party websites or services that we do not control. This Privacy Policy does not apply to third-party websites. We encourage you to review the privacy policies of any third-party services you visit.

In the unlikely event of a data breach that affects your personal information, we will notify you in accordance with applicable law:

• Timing: We will notify affected users within 72 hours of discovering the breach.
• Method: Notification will be sent via email to the address associated with your account.
• California Compliance: We comply with California Civil Code §1798.82 regarding data breach notifications.
• Content: Notification will include the nature of the breach, types of information affected, and steps we're taking to address it.

We may update this Privacy Policy from time to time. When we make changes, we will:

• Update the "Last Updated" date at the top of this page
• Notify you via email if changes are material
• Post a notice on our website dashboard
• For California residents: provide 30 days' advance notice for material changes

Your continued use of our services after changes to this Privacy Policy constitutes your acceptance of the updated policy.

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: