Privacy Policy

Effective Date: January 28, 2026

1. Introduction

PhaseContract ("Company," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform, website, and services (collectively, the "Service").

By using the Service, you consent to the collection and use of your information as described in this Privacy Policy. If you do not agree with this policy, please do not use the Service.

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on the Service with a new effective date. Your continued use after changes constitutes acceptance of the modified policy.

2. Information We Collect

2.1 Information You Provide

We collect information you provide directly to us, including:

  • Account Information: Name, email address, phone number, password, and business name
  • Profile Information: Profile photo, business description, and professional credentials
  • Payment Information: Bank account details (for contractors), billing address, and payment card information (processed by Stripe)
  • Job Information: Job descriptions, pricing, timelines, photos, documentation, and communications
  • Client Information: Your clients' names, email addresses, phone numbers, and payment details you enter
  • Communications: Messages, support requests, and feedback you send us
  • Voice Recordings: Audio recordings when you use voice input features (processed for transcription only)

2.2 Information Collected Automatically

When you use the Service, we automatically collect:

  • Device Information: IP address, browser type, operating system, device identifiers
  • Usage Information: Pages viewed, features used, actions taken, time spent on pages
  • Log Data: Access times, error logs, referring URLs
  • Location Information: Approximate location based on IP address
  • Cookies and Similar Technologies: Session cookies, authentication tokens, and analytics identifiers

2.3 Information from Third Parties

We may receive information from:

  • Stripe: Payment verification, transaction status, account verification status
  • Authentication Providers: Information from services you use to log in (if applicable)
  • Analytics Services: Aggregated usage data

3. How We Use Your Information

We use collected information for the following purposes:

3.1 Providing the Service

  • Create and manage your account
  • Process transactions and payments
  • Facilitate communication between contractors and clients
  • Store and display job information and documentation
  • Send transactional notifications (job updates, payment confirmations, verification codes)

3.2 Improving the Service

  • Analyze usage patterns and trends
  • Debug and fix technical issues
  • Develop new features and functionality
  • Train and improve AI features (using anonymized or aggregated data)

3.3 Security and Compliance

  • Detect, prevent, and address fraud and abuse
  • Verify user identity and prevent unauthorized access
  • Comply with legal obligations and respond to legal requests
  • Enforce our Terms of Service

3.4 Communications

  • Respond to your inquiries and support requests
  • Send service announcements and updates
  • Send marketing communications (with your consent, where required)

4. Legal Basis for Processing (EEA/UK Users)

If you are located in the European Economic Area or United Kingdom, our legal basis for processing your information includes:

  • Contract Performance: Processing necessary to provide the Service you requested
  • Legitimate Interests: Processing for fraud prevention, security, service improvement, and marketing (where appropriate)
  • Legal Obligations: Processing required to comply with applicable laws
  • Consent: Processing based on your explicit consent, which you may withdraw at any time

5. Information Sharing and Disclosure

We do not sell your personal information. We may share your information in the following circumstances:

5.1 With Other Users

  • Contractors see client names, contact information, and payment status for their jobs
  • Clients see contractor business names, profile information, and job details
  • Job-related communications and documentation are visible to both parties

5.2 With Service Providers

We share information with third-party service providers who assist us in operating the Service:

  • Stripe: Payment processing and identity verification
  • Supabase: Database hosting and authentication
  • Twilio: SMS notifications and verification
  • Resend: Email delivery
  • OpenAI/Anthropic: AI-powered features (voice transcription, job structuring)
  • Cloudflare: Hosting and content delivery

These providers are contractually obligated to protect your information and may only use it for the specific services they provide to us.

5.3 For Legal Reasons

We may disclose your information if required to do so by law or in response to:

  • Valid legal process (subpoenas, court orders, legal requests)
  • Government or regulatory agency requests
  • Enforcement of our Terms of Service
  • Protection of our rights, property, or safety, or that of our users or the public

5.4 Business Transfers

If PhaseContract is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have.

6. Data Retention

We retain your information for as long as necessary to:

  • Provide the Service and maintain your account
  • Comply with legal obligations (tax records, financial regulations)
  • Resolve disputes and enforce agreements
  • Prevent fraud and abuse

Specific retention periods:

  • Account data: Retained while your account is active, plus 7 years after deletion for legal compliance
  • Transaction records: Retained for 7 years for tax and financial reporting
  • Job documentation and photos: Retained for 3 years after job completion
  • Log data: Retained for 90 days for security and debugging purposes
  • Voice recordings: Deleted immediately after transcription processing

7. Data Security

We implement industry-standard security measures to protect your information:

  • Encryption: All data is encrypted in transit (TLS/HTTPS) and at rest
  • Access Controls: Strict access controls and authentication requirements
  • Secure Infrastructure: Hosted on secure, compliant cloud infrastructure
  • Payment Security: Payment card data is handled directly by Stripe (PCI-DSS compliant) and never stored on our servers
  • Regular Audits: Security practices are regularly reviewed and updated

However, no method of transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security. You are responsible for maintaining the security of your account credentials.

8. Your Rights and Choices

8.1 All Users

You have the right to:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request correction of inaccurate or incomplete information
  • Deletion: Request deletion of your personal information (subject to legal retention requirements)
  • Opt-out: Unsubscribe from marketing communications at any time
  • Account Closure: Close your account by contacting us

8.2 EEA/UK Users (GDPR Rights)

If you are in the European Economic Area or United Kingdom, you also have the right to:

  • Portability: Receive your data in a structured, machine-readable format
  • Restriction: Request restriction of processing in certain circumstances
  • Objection: Object to processing based on legitimate interests
  • Withdraw Consent: Withdraw consent at any time (without affecting prior processing)
  • Complaint: Lodge a complaint with your local data protection authority

8.3 California Users (CCPA Rights)

If you are a California resident, you have the right to:

  • Know: Request information about the categories and specific pieces of personal information we collect
  • Delete: Request deletion of your personal information
  • Non-Discrimination: Not be discriminated against for exercising your privacy rights

We do not sell personal information as defined by the CCPA.

8.4 Exercising Your Rights

To exercise any of these rights, please contact us at privacy@phasecontract.com. We will respond to your request within the timeframe required by applicable law (typically 30 days). We may need to verify your identity before processing your request.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws.

When we transfer data outside the EEA/UK, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses approved by the European Commission
  • Transfers to countries deemed to have adequate data protection
  • Other legally recognized transfer mechanisms

10. Cookies and Tracking Technologies

We use cookies and similar technologies for:

  • Essential Cookies: Required for authentication and basic functionality
  • Preference Cookies: Remember your settings and preferences
  • Analytics Cookies: Understand how users interact with the Service

You can manage cookie preferences through your browser settings. Note that disabling certain cookies may affect Service functionality.

We honor Do Not Track signals where technically feasible.

11. Children's Privacy

The Service is not intended for children under 18 years of age. We do not knowingly collect personal information from children under 18.

If we learn that we have collected information from a child under 18, we will promptly delete that information. If you believe we have information from a child under 18, please contact us immediately.

12. Third-Party Links and Services

The Service may contain links to third-party websites or services that we do not control. This Privacy Policy does not apply to those third parties.

We are not responsible for the privacy practices of third parties. We encourage you to review the privacy policies of any third-party services you access.

13. Automated Decision-Making

We may use automated systems for:

  • Fraud detection and prevention
  • Trust level assessment for payment timing
  • AI-powered job structuring assistance

These systems use algorithms based on user activity and transaction patterns. If you believe an automated decision has adversely affected you, you may contact us to request human review.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

  • Post the updated policy on the Service with a new effective date
  • Notify you by email or through the Service (for significant changes)
  • Obtain your consent where required by applicable law

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

PhaseContract
Privacy Officer
Email: privacy@phasecontract.com

For general inquiries:
Email: hello@phasecontract.com

For EEA/UK users, you also have the right to lodge a complaint with your local supervisory authority if you believe your data protection rights have been violated.