Privacy Policy
Last updated: May 28, 2026
This policy explains what data Blue Collar Trade Manager ("BCTM") collects, why, and what control you have over it. Plain English, no tricks.
What We Collect
- Your name, email, password hash, and business profile (logo, address, phone).
- Customer details and invoice data you enter.
- Payment metadata from Stripe (amount, status, last 4 digits) — never full card numbers.
- Usage and device data needed to keep the service running (IP, browser, session cookies).
Why We Use It
To provide the service: create and send your invoices, process payments, sync data across devices, send notifications, prevent fraud, and improve the product.
We do not sell your data. We do not run third-party ad tracking.
Third-Party Processors
We share the minimum necessary data with:
- Stripe — payment processing.
- Firebase — file and attachment storage.
- Supabase — database and authentication.
- Hugging Face — AI features (receipt scanning, drafting).
- Twilio — SMS delivery for invoice notifications, when the recipient has opted in.
Each processor has its own privacy practices and contractual data protection obligations.
SMS Notifications
When a contractor sends an invoice via text message, BCTM records the recipient's phone number, consent status, and consent timestamp for compliance with the Telephone Consumer Protection Act (TCPA). See our SMS Terms & Consent page for the full opt-in flow, how to reply STOP to unsubscribe, and what messages contain.
Your Rights (GDPR — EU/UK)
You have the right to:
- Access the personal data we hold about you.
- Correct inaccurate data.
- Delete your data (right to be forgotten).
- Export your data (portability).
- Object to or restrict certain processing.
Email [email protected] with any request. We respond within 30 days.
Your Rights (CCPA — California)
California residents have the right to know what we collect, request deletion, and opt out of any sale of personal information. We don't sell your data, but you can still exercise these rights by emailing [email protected].
Data Retention
We keep your data as long as your account is active. When you delete your account, your data is removed within 30 days, except records we're legally required to retain (e.g., tax and payment records).
Security
Data is encrypted in transit (TLS) and at rest. Payment card data is handled exclusively by Stripe, a PCI-DSS Level 1 processor.
Cookies
We use essential cookies to keep you logged in and to remember your session. We don't use advertising cookies. See our cookie banner for details.
Children
BCTM is not for anyone under 18.
Contact
Privacy questions? Email [email protected].