1. Introduction

CleanerHQ (“we,” “us,” or “our”) operates the business management platform at app.cleanerhq.com and the marketing website at cleanerhq.com. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our Service.

We serve two types of users:

• Workspace Owners & Staff — cleaning business operators who manage their business through CleanerHQ
• Clients — end customers of cleaning businesses who interact with CleanerHQ through the client portal, payment pages, or SMS notifications

2. Information We Collect

2.1 Account Information

When you register or are added as a contact, we collect:

• Full name
• Email address
• Phone number
• Business name and address (Workspace Owners)
• Role within the workspace (Owner, Staff)

2.2 Business Operations Data

Workspace Owners and Staff input the following data into the platform:

• Customer/client records (names, addresses, phone numbers, emails)
• Job details (service type, scheduling, checklists, completion status)
• Quotes and proposals
• Invoices and payment records
• Equipment and inventory records
• Team member information, timesheets, and payroll data
• Internal chat messages

2.3 Location Data

With consent, the mobile app and field crew features collect:

• GPS coordinates — used for geofence-based clock-in/out validation, route optimization, and “On My Way” notifications
• Background location — used for real-time crew tracking during active jobs (field crew app only)

2.4 Files and Photos

Users may upload:

• Job site photos (before/after)
• Documents and attachments
• Profile photos

Files are stored securely via Vercel Blob Storage.

2.5 Communication Data

• SMS messages sent through the platform (appointment reminders, job updates, invoice notifications)
• In-app chat messages between team members
• Email notifications sent through the platform
• Translated messages (for multilingual team communication)

2.6 Payment Information

• CleanerHQ subscriptions: Billing is handled by Polar. We store your Polar customer ID but do not store payment card details.
• Client payments: Processed through the Workspace Owner’s connected Stripe account (“Bring Your Own Stripe”). Stripe credentials are encrypted with AES-256-GCM. We do not access, store, or process your Clients’ credit card numbers.

2.7 Automatically Collected Information

• IP address (used for rate limiting and security)
• Browser type and device information
• Pages visited and actions taken within the app (via Vercel Analytics)
• Authentication session data (stored in secure, HTTP-only cookies)

3. How We Use Your Information

We use collected information to:

• Provide the Service — manage jobs, scheduling, invoicing, payments, and customer communications
• Send transactional SMS/text messages — appointment reminders, on-my-way alerts, job completion notices, invoice reminders, and review requests (see Section 6 for SMS-specific terms)
• Process payments — facilitate subscription billing and customer-facing invoice payments
• Optimize operations — route optimization, scheduling conflict detection, crew load balancing, and profitability tracking
• AI-powered features — generate proposals and process natural language commands via the copilot assistant
• Translate messages — provide real-time translation for multilingual team communication
• Ensure security — detect unauthorized access, enforce multi-tenant data isolation, and prevent abuse
• Send service communications — account notifications, system updates, and security alerts via email

4. How We Share Your Information

We share data only with the following categories of service providers, solely to operate the platform:

AI Processing

• Proposals use OpenAI (GPT-4o-mini) via Vercel AI Gateway to generate service proposals from quote data.
• Copilot uses Anthropic (Claude) to process natural language commands for job/schedule management.

AI-processed data is sent only to fulfill the specific request and is not used to train third-party AI models.

We may also disclose information if required by law, to protect our rights, or to prevent fraud or security threats.

5. Data Isolation and Security

5.1 Multi-Tenant Isolation

CleanerHQ is a multi-tenant platform. Every database query is scoped to your workspace. Row-Level Security (RLS) policies enforce that no workspace can access another workspace’s data.

5.2 Security Measures

• All data is encrypted in transit (TLS/HTTPS) and at rest
• Stripe credentials are encrypted with AES-256-GCM with PBKDF2 key derivation
• Authentication sessions use secure, HTTP-only cookies
• Rate limiting is applied to login, API endpoints, and SMS sending
• Security headers enforced: X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Strict-Transport-Security (HSTS), and Permissions-Policy
• Mobile API uses Bearer token authentication
• Deactivated users are automatically blocked at the middleware level

5.3 Public Token-Based Pages

Certain pages (payment tracking, job tracking, review submission, public proposals) are accessible via unique, unguessable URL tokens without authentication. These tokens do not expose data beyond the specific record they reference.

6. SMS/Text Messaging Privacy

6.1 What We Collect

When you receive SMS messages from CleanerHQ, we collect and store:

• Your phone number
• SMS consent status and timestamp
• Opt-out status
• Message delivery status (queued, sent, delivered, failed)
• SMS usage logs (message SID, direction, cost)

6.2 SMS Consent

SMS consent is collected through:

• The CleanerHQ client portal (web form)
• Embedded booking widgets on cleaning provider websites
• Service agreements managed by your cleaning provider

You may opt out at any time by replying STOP to any message. See our Terms and Conditions for full SMS terms.

6.3 TCPA Compliance

• We only send SMS to recipients who have provided consent
• We honor all opt-out requests immediately
• We restrict sending to 8:00 AM – 9:00 PM in the recipient’s local time zone
• We check opt-out status before every message
• Emergency safety alerts (SOS) may be sent outside normal hours

6.4 SMS Data Sharing

Phone numbers and message content are shared only with Twilio for the sole purpose of delivering messages. We do not share your phone number with any other third party for marketing purposes.

7. Cookies

CleanerHQ uses cookies strictly for:

• Authentication — Supabase session cookies to maintain your login
• Analytics — Vercel Analytics for anonymous page view tracking

8. Data Retention

9. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access — request a copy of the personal data we hold about you
• Correction — request correction of inaccurate data
• Deletion — request deletion of your data (subject to legal retention requirements)
• Data portability — request your data in a machine-readable format
• Opt out of SMS — reply STOP or update preferences in the client portal
• Withdraw consent — for location tracking or other consent-based processing

To exercise any of these rights, contact us at support@cleanerhq.com. We will respond within 30 days.

10. Children’s Privacy

CleanerHQ is a business management platform and is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children.

11. International Data

CleanerHQ is hosted in the United States. If you access the Service from outside the US, your data will be transferred to and processed in the US. By using the Service, you consent to this transfer.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or in-app notification at least 30 days before taking effect. The “Last Updated” date at the top reflects the most recent revision.

13. Contact Us

For privacy inquiries, data requests, or concerns:

• Email: support@cleanerhq.com
• Website: cleanerhq.com