Elevate Maps — Privacy Policy

1) About Us & Scope

This Privacy Policy explains how Elevate Estimator (“Company,” “we,” “us,” “our”) collects, uses, discloses, and safeguards personal information in connection with Elevate Maps (the “Service”).

Roles. We act as a controller for personal information we collect directly from account holders and visitors (e.g., sign‑up, billing, support). For personal information our business customers upload or generate about their own end users (e.g., photos, project locations, map pins), we act as a processor/service provider and process that data under the customer’s instructions. Customers are responsible for providing any required notices and obtaining permissions from their end users.

2) Personal Information We Collect

• Account & Contact Data. Name, email, password hash, company details you choose to provide.
• Customer Content. Photos, descriptions, addresses, coordinates, project/job details, and any other content you upload or create in the Service. If you set content to “public,” it may be visible to anyone with the link.
• Transactional & Billing Data. Subscription plan, invoices, tax country, last 4 digits/expiry via our payment processor (we do not store full card numbers).
• Usage & Device Data. Log data (IP address, timestamps, user agent), pages/actions, approximate location from IP, referrer, and performance telemetry.
• Cookies & Local Storage. Session/auth cookies, CSRF tokens, preferences; see “Cookies & Tracking.”
• Support & Communications. Messages, feedback, and metadata from emails or in‑app support.

Sensitive data. Do not upload sensitive personal information (e.g., health, government IDs) unless our agreement with you specifically allows it.

3) How We Use Personal Information

• Provide, maintain, and improve the Service (including hosting your content and generating QR codes).
• Authenticate users, secure accounts, prevent fraud and abuse.
• Process payments, manage subscriptions, and communicate about billing.
• Provide support, respond to inquiries, and send important notices.
• Analyze usage to improve features and performance.
• Comply with legal obligations and enforce our Terms.

Legal bases (EEA/UK). Contract performance, legitimate interests (e.g., security, improvement), consent (where required), and compliance with legal obligations.

4) How We Share Personal Information

• Vendors/Processors. We share data with service providers who help deliver the Service (e.g., hosting and storage like Supabase/Vercel, payments like Stripe, email delivery, analytics). They are bound by contracts and process data on our behalf.
• Public Sharing You Enable. Content you mark as public (e.g., a public map) will be accessible by anyone with the link or QR code and may be indexed by search engines.
• Legal & Safety. We may disclose information to comply with law, respond to lawful requests, or protect rights, safety, and property.
• Business Transfers. In connection with a merger, financing, or acquisition, your information may be transferred as part of that transaction.

We do not sell personal information and do not share it for cross‑context behavioral advertising as defined by the CPRA. If that changes, we will update this Policy and provide choices where required.

5) Cookies & Tracking

We use strictly necessary cookies (e.g., session, CSRF), functional cookies (preferences), and limited analytics to understand feature usage. You can control cookies via your browser settings. If required by law in your region, we will present a consent banner for non‑essential cookies.

• session — required to keep you signed in.
• csrf — protects against cross‑site request forgery.
• prefs — remembers UI choices.
• analytics — helps us improve the Service.

6) Data Retention

We retain personal information for as long as needed to provide the Service and for legitimate business or legal purposes (e.g., accounting, security, dispute resolution). You may delete content at any time from within the product; residual copies may persist in backups for a limited period.

7) Security

We employ reasonable technical and organizational measures designed to protect personal information. No method of transmission or storage is completely secure. If you believe your account has been compromised, contact us immediately at estimates@elevateestimator.com.

8) Your Privacy Rights

EEA/UK. You may have rights to access, correct, delete, restrict, or object to processing, and to data portability. Where we process data based on consent, you may withdraw consent at any time.

California (CPRA). California residents may have rights to know/access, correct, delete, and limit the use/disclosure of sensitive personal information. We do not sell or share personal information for cross‑context advertising. You may exercise rights via the contact details below. We will not discriminate for exercising your rights.

For requests, email estimates@elevateestimator.com. We may need to verify your identity and, if you are an end user of one of our business customers, we may direct you to that customer (the controller) to fulfill your request.

9) International Data Transfers

We may transfer, store, and process information in countries other than your own (e.g., the United States). When transferring personal data internationally, we rely on appropriate safeguards such as Standard Contractual Clauses where required by law.

10) Children

The Service is not directed to children under 13 (or the age of digital consent in your region). We do not knowingly collect personal information from children. If you believe a child has provided us personal information, contact us to request deletion.

11) Changes to this Policy

We may update this Policy from time to time. We will post the updated version with a new “Effective date” and, if changes are material, provide additional notice.

12) Contact

Questions or requests? Email estimates@elevateestimator.com.