Privacy Policy

1. Introduction

Best ROI Media LLC ("we," "our," or "us") operates bestroi.media and provides various contractor SaaS tools, including Best Estimator (available on iPad and web) and Catapult (collectively, the "Services"). This Privacy Policy explains what information we collect, how we use it, how we share it, and what rights you have regarding your personal information.

By using our Services, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our Services.

2. Information We Collect

We collect several types of information from and about users of our Services:

• Account Data: When you create an account, we collect your name, email address, company name, and role. This information is necessary to provide you with access to the Services and to manage your account.
• Billing Data: Payment information is processed securely through Stripe. We do not store full credit card numbers on our servers. Stripe handles all payment processing in accordance with PCI DSS standards. We may store billing addresses and subscription details necessary to manage your account.
• Uploaded Data: We store the data you upload to our Services, including costbooks, company settings, templates, project notes, and other content you create or upload while using the Services. This data is stored securely in our database and is associated with your account.
• Usage Data: We automatically collect information about how you interact with our Services, including device information (device type, operating system, browser type), IP address, approximate geographic location (derived from IP address), access logs, error events, and feature usage patterns. This helps us improve the Services and diagnose technical issues.
• Cookies and Analytics Data: We use cookies and similar tracking technologies to maintain your session, remember your preferences, and analyze how our Services are used. This may include basic analytics to understand user behavior and improve our Services.

3. How We Use Information

We use the information we collect for the following purposes:

• To Operate and Improve the Services: We use your information to provide, maintain, and improve our Services, including developing new features and functionality.
• To Sync Data Across Devices: We use Supabase to securely store and synchronize your contractor data, settings, and content across your devices (e.g., iPad and web), ensuring you have access to your information wherever you use our Services.
• To Process Billing and Subscriptions: We use Stripe to process payments, manage subscriptions, handle billing disputes, and send billing-related communications. Your payment information is handled directly by Stripe and is not stored on our servers.
• To Provide AI Features: We use OpenAI to generate AI-powered suggestions, explanations, and insights. When you use AI features, we may send minimal, necessary context (such as configuration snippets or rule descriptions) to OpenAI to generate relevant responses. We do not send full costbooks or sensitive client data to OpenAI.
• To Send Service Emails: We send transactional emails related to your account, including account notices, billing confirmations, security alerts, and important service updates. You may not opt out of these essential communications.

4. Sharing of Information

We do not sell your personal information. We may share your information in the following circumstances:

• With Service Providers: We share information with trusted third-party service providers who perform services on our behalf:
  • Supabase: We use Supabase for user authentication, database storage, and data synchronization. Supabase processes your data in accordance with their privacy policy and security standards.
  • Stripe: We use Stripe to process payments and manage subscriptions. Stripe handles all payment information in compliance with PCI DSS standards.
  • Email Providers: We use email service providers to send transactional emails and account-related communications.
  • OpenAI: We use OpenAI to provide AI-generated suggestions and explanations. OpenAI does not train on customer data, and we only send minimal, necessary context for generating responses.
• For Legal Reasons: We may disclose your information if required by law, regulation, legal process, or governmental request. We may also disclose information to protect our rights, privacy, safety, or property, or that of our users or others, and to enforce our terms of service and prevent fraud or security threats.

5. AI Usage

Our Services include AI-powered features that use OpenAI's services to generate suggestions, explanations, and insights. When you use these features:

• We may send certain configuration snippets, rule descriptions, or other minimal context to OpenAI to generate relevant suggestions or explanations.
• We do not intentionally send customer personally identifiable information (PII) to OpenAI.
• We do not send full costbooks, sensitive client data, or complete project files to OpenAI.
• OpenAI does not train their models on customer data sent through our Services.
• We take reasonable steps to minimize the amount of data sent to OpenAI and to ensure that only necessary context is transmitted.

6. Cookies and Tracking

We use cookies and similar tracking technologies for the following purposes:

• Authentication and Session Management: Cookies help us maintain your login session and keep you authenticated across page loads.
• Remembering Settings: Cookies allow us to remember your preferences, such as theme settings, language preferences, and other customization options.
• Analytics: We use basic analytics to understand how users interact with our Services, which helps us improve functionality and user experience.

You can control cookies through your browser settings. Most browsers allow you to refuse cookies or alert you when cookies are being sent. However, if you block cookies, some features of our Services may not function properly, including authentication and personalized settings.

7. Data Retention

We retain your personal information and account data for as long as your account is active or as needed to provide you with the Services. We may also retain certain information for longer periods as required by law, to resolve disputes, enforce our agreements, or for legitimate business purposes.

If you wish to delete your account and associated data, you can request deletion by contacting us at support@bestroi.media. Upon receiving a valid deletion request, we will delete or anonymize your personal information, subject to any legal obligations to retain certain data. Please note that some information may remain in backup systems for a limited period after deletion.

8. Security

We take the security of your information seriously and implement reasonable technical and organizational measures to protect your data:

• Encryption in Transit: All data transmitted between your device and our servers is encrypted using HTTPS/TLS protocols.
• Row-Level Security: We use Supabase's Row-Level Security (RLS) policies to ensure that users can only access their own data and data shared with them by their organization.
• Role-Based Access Control: We implement role-based access controls (owner/admin/member) to ensure that users only have access to the data and features appropriate for their role within their organization.
• Secure Authentication: We use secure authentication methods provided by Supabase to protect your account credentials.

Despite our efforts, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials and for all activities that occur under your account.

9. User Rights

Depending on your location, you may have certain rights regarding your personal information, including:

• Right to Access: You have the right to request access to the personal information we hold about you.
• Right to Update: You can update most of your account information directly through your account settings. For other updates, please contact us.
• Right to Delete: You have the right to request deletion of your account and associated personal information, subject to legal obligations.
• Right to Data Portability: You may request a copy of your data in a machine-readable format.
• Right to Object: You may object to certain processing of your personal information, where applicable.

To exercise any of these rights, please contact us at support@bestroi.media. We will respond to your request within a reasonable timeframe and in accordance with applicable law.

10. Children's Privacy

Our Services are not intended for users under the age of 16. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe that your child has provided us with personal information, please contact us at support@bestroi.media, and we will take steps to delete such information from our systems.

11. Changes to this Policy

We reserve the right to update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes, we will update the "Last Updated" date at the top of this page.

We encourage you to review this Privacy Policy periodically to stay informed about how we collect, use, and protect your information. Your continued use of our Services after any changes to this Privacy Policy constitutes your acceptance of the updated policy.

12. Contact

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: