PRIVACY POLICY

Last updated: June 21, 2026

MyForeman is built for small contractors and field-service businesses. We collect the minimum data we need to make the product work, store it securely, and never sell it. This page explains what we collect, why we collect it, who we share it with, and the rights you have over your data.

1. WHAT WE COLLECT

Account information. When you sign up we collect your name, email, and an encrypted password. If you sign up through an invite, we also link you to the inviting organization.

Business profile. Your business name, phone, business email, address, optional logo and license number, default tax rates. These appear on the quotes and invoices you send.

Operational records you enter. Customers, leads, quotes, jobs, invoices, expenses, mileage, crew memberships, time logs, notifications, and feedback submissions. We collect this because it's the thing you're trying to manage.

Files you upload. Logos, expense receipts, and invoice import attachments are stored in our managed file storage so we can render them back to you and (for receipts) attach them to expense records.

Usage and technical data. IP address on API requests (used for rate limiting), browser type, and basic error logs. We do not use Google Analytics, Facebook Pixel, or any third-party advertising trackers.

Payment information. If you start a paid trial or subscription, your card details are handled directly by a PCI-compliant payment processor. We never see, store, or transmit your full card number ourselves, only a tokenized customer reference returned to us.

2. HOW WE USE DATA

  • To run the product: displaying your data back to you, sending the emails you trigger (quotes, invoices, feedback requests, crew invites), generating tax estimates and reports.
  • To power AI features: invoice extraction from receipts/PDFs and the monthly AI business coach. Inputs to those features are sent to our AI provider only at the moment you use the feature.
  • To secure the service: rate-limiting abuse, detecting fraudulent sign-ups, troubleshooting bugs you report.
  • To communicate with you: account confirmations, password resets, important service notices, and (only if you opt in) occasional product updates.

We do not use your data to train AI models, sell it to advertisers, or share it with third parties beyond the service providers below.

3. SERVICE PROVIDERS WE USE

To deliver MyForeman, we rely on a small set of vetted infrastructure providers. They process data on our behalf under their own privacy and security commitments. We don't publish the specific vendor names here to reduce the surface for targeted social-engineering or supply-chain attacks; if you have a regulatory or due-diligence need to know who they are, contact privacy@myforemanhq.com and we'll share details under NDA.

The categories of providers we use:

  • Application hosting + database + file storage. Stores your account, business data, uploaded logos, and expense receipts. Encrypted at rest and in transit.
  • Payment processor. PCI-compliant; handles all subscription billing and card processing. We only see a tokenized customer reference, never your card number.
  • AI provider. Powers the AI invoice extraction and AI Coach features. Only the inputs to those specific features (the invoice photo, your business snapshot) are sent, only at the moment you invoke them. We've contractually disallowed the provider from training models on your data.
  • Transactional email delivery. Sends the quotes, invoices, feedback requests, and crew invites you trigger, under your business name as the display sender.

Each provider is contractually required to handle data according to enterprise-grade privacy and security standards.

4. YOUR RIGHTS

You always have the right to:

  • Access your data. View it directly in MyForeman, or request an export.
  • Correct inaccurate information. Edit it in MyForeman, or contact us if you can't.
  • Export your data. Accountant-ready CSV exports are available for tax records today; broader exports on request.
  • Delete your account and all associated data. Use the "Delete Account" control under Settings, or email privacy@myforemanhq.com. Account deletion is permanent.
  • Object or restrict certain processing. For example, opt out of non-essential email communications.

5. GDPR (EU/UK RESIDENTS)

If you're in the European Union or United Kingdom, the General Data Protection Regulation gives you additional protections. We process your personal data on the legal bases of contract (to provide the service you signed up for) and legitimate interest (to secure the service and prevent abuse). You can exercise the rights in Section 4 at any time. To file a complaint, you may contact your local data protection authority.

MyForeman is operated from the United States. By using the service, you consent to your data being transferred to and processed in the U.S. We use providers that offer EU Standard Contractual Clauses or equivalent safeguards for international transfers.

6. CCPA (CALIFORNIA RESIDENTS)

If you're a California resident, the California Consumer Privacy Act gives you specific rights. You can request to know what personal information we have collected, to delete it, and to opt out of any "sale" of personal information. We do not sell personal information, so the opt-out is automatic for everyone.

We will not discriminate against you for exercising your CCPA rights. To make a request, email privacy@myforemanhq.com.

7. COOKIES AND LOCAL STORAGE

MyForeman uses cookies and browser local storage only for things essential to running the app:

  • Keeping you signed in (an authentication session token).
  • Remembering your role and most recent organization on the dashboard.
  • Remembering whether you've seen the first-time tour.

We do not use advertising cookies, tracking pixels, or cross-site cookies. You can clear your browser's storage at any time, which will sign you out.

8. DATA RETENTION

We keep your data for as long as your account is active. After you delete your account, we remove your data from active systems within 30 days. Backups are retained for an additional 30 days and then expire. Some records (billing receipts, fraud-prevention logs) may be retained longer where required by law.

9. CHILDREN

MyForeman is not directed to children under 16, and we do not knowingly collect personal information from them. If you believe a child has signed up, contact privacy@myforemanhq.com and we'll delete the account.

10. SECURITY

We use industry-standard practices: encrypted connections (HTTPS) everywhere, encrypted-at-rest storage, row-level security policies in the database, rate limiting on sensitive endpoints, and access controls limiting who on our team can view production data. No system is ever fully secure, but we work hard to keep yours safe.

11. CHANGES TO THIS POLICY

We may update this policy from time to time. If we make material changes, we'll notify you in advance by email or by an in-app notice. Continued use after the effective date constitutes acceptance.

12. CONTACT

Privacy questions or requests? Email privacy@myforemanhq.com.