GroundPace Inc. ("GroundPace", "we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains what information we collect, how we use it, and the choices you have. By using GroundPace, you agree to the practices described here.
1. Information We Collect
1.1 Information you provide directly
- Account registration — name, work email address, company name, and password (stored as a bcrypt hash).
- Profile updates — changes to your display name or company information.
- Project & operational data — project details, timesheets, field reports, blueprints, safety records, meeting minutes, invoices, cost entries, and other content you create within the platform.
- Support communications — messages you send to our support team.
1.2 Information collected automatically
- Usage data — pages visited, features used, and session duration.
- Device & technical data — IP address, browser type, operating system, and screen resolution.
- Cookies & local storage — session tokens (required for authentication) and theme preference (stored locally). We do not use advertising or cross-site tracking cookies.
- Log data — server logs for security monitoring and debugging (retained for up to 90 days).
1.3 Information from third-party services
- Stripe Connect — if you enable invoice payments, Stripe provides us with your account connection status and payout information. We never receive or store your clients' full card numbers or bank account details.
- Email providers — if you connect Gmail or Outlook, we receive an OAuth access token to send notifications on your behalf. We do not read, index, or store the contents of your email inbox.
2. How We Use Your Information
- Providing the Service — operating, maintaining, and improving all platform features.
- Account management — authentication, subscription billing, and user support.
- Notifications — sending transactional emails (timesheet approvals, RFI notifications, meeting minutes, invoice emails) based on in-app events.
- Security & fraud prevention — monitoring for suspicious activity and protecting against unauthorised access.
- Analytics & improvement — aggregated, anonymised usage statistics to understand how features are used and improve the product. We do not sell this data.
- Legal compliance — retaining records as required by applicable law.
3. How We Share Your Information
We do not sell your personal data. We share data only in the following circumstances:
- Service providers — trusted vendors who process data on our behalf (cloud infrastructure, email delivery, payment processing). These providers are contractually bound to protect your data and use it only for the specified purpose.
- Stripe — payment-related data is shared with Stripe to facilitate invoice payments you initiate. See Stripe's Privacy Policy.
- Your team members — data you enter is visible to other authorized users within your GroundPace organisation as designed (e.g., team members can see project reports).
- Legal requirements — if required by law, court order, or governmental authority, we may disclose information after making reasonable efforts to notify you unless prohibited.
- Business transfers — in the event of a merger, acquisition, or sale of assets, user data may be transferred as part of that transaction. We will notify you via email and/or in-app notice before your data is transferred to a different privacy policy.
4. Data Retention
- We retain your account data for as long as your account is active or as needed to provide the Service.
- After account cancellation, your data is retained for 30 days to allow export, then permanently deleted from production systems.
- Backup copies may persist for up to 90 days after deletion from production before being purged.
- Aggregated, anonymised analytics data may be retained indefinitely.
- Legal hold obligations may require us to retain certain data longer than these periods.
5. Data Security
- All data in transit is encrypted using TLS 1.2 or higher.
- Passwords are hashed with bcrypt and never stored in plain text.
- Access to production infrastructure is restricted to authorised GroundPace personnel and protected by multi-factor authentication.
- We conduct periodic security reviews. In the event of a confirmed data breach affecting your personal information, we will notify you within 72 hours of discovery as required by applicable law.
- No security system is impenetrable. We cannot guarantee absolute security, but we take commercially reasonable steps to protect your data.
6. Cookies
GroundPace uses only the cookies necessary to operate the platform:
| Cookie | Purpose | Duration |
|---|
| next-auth.session-token | Authentication session | 30 days |
| __Secure-next-auth.* | Secure session variants (HTTPS) | 30 days |
| groundpace-theme | Light / Dark / System preference (localStorage) | Persistent |
We do not use advertising, analytics, or cross-site tracking cookies.
7. Your Rights & Choices
Depending on your location, you may have the following rights regarding your personal data:
- Access — request a copy of the personal data we hold about you.
- Correction — request that inaccurate data be corrected.
- Deletion — request deletion of your personal data (subject to legal retention obligations).
- Portability — request your data in a machine-readable format.
- Objection / Restriction — object to or restrict certain processing of your data.
- Withdraw consent — where processing is based on consent, you may withdraw it at any time without affecting prior processing.
To exercise any of these rights, email us at privacy@groundpace.com. We will respond within 30 days.
8. Children's Privacy
The Service is not directed to individuals under 18 years of age. We do not knowingly collect personal data from children. If we become aware that a child has provided personal data without parental consent, we will delete it promptly. Contact us at privacy@groundpace.com if you believe we have inadvertently collected data from a minor.
9. International Data Transfers
GroundPace is operated from Canada. If you access the Service from outside Canada, your data may be transferred to and processed in Canada or other countries where our service providers operate. We ensure appropriate safeguards are in place for any international transfer of personal data, in compliance with applicable privacy laws.
10. Links to Third-Party Sites
The Service may contain links to third-party websites or services (e.g., Stripe's payment portal). We are not responsible for the privacy practices of those third parties. We encourage you to review their privacy policies before providing any personal information.
11. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated by email or an in-app banner at least 14 days before taking effect. The "Last updated" date at the top of this page reflects the most recent revision. Continued use of the Service after the effective date constitutes acceptance of the updated policy.
12. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, contact us at:
© 2026 GroundPace Inc. All rights reserved.