Privacy Policy

1. Who We Are

Techadvisor LLC is a Texas limited liability company doing business as RoofDesk.Techadvisor LLC owns, develops, and operates the RoofDesk software-as-a-service CRM platform. Throughout this Privacy Policy, "RoofDesk" and "Company" refer to Techadvisor LLC as the legal entity responsible for the processing of your personal data. For the purposes of applicable privacy law, Techadvisor LLC acts as a data controller with respect to information you provide about yourself and your account ("Account Data"), and as a data processor with respect to information you enter about your clients and prospects ("Client Data").

Contact for privacy matters: legal@roofdesk.app

2. Information We Collect

A. Account Data (information you provide about yourself):

• Name, email address, and password (or third-party authentication credentials via Google OAuth)
• Company name, phone number, business address, and website
• Company logo and brand colors (uploaded by you)
• Billing information (processed by Stripe — we do not store card numbers)
• Subscription plan and payment history
• IP address and device information
• Geographic coordinates derived from your business address (used for weather/storm event matching)
• Terms of Service acceptance record (date and version accepted)

B. Client Data (information you enter about your clients and prospects):

• Client names, phone numbers, email addresses, and home addresses
• Insurance policy numbers, claim numbers, claim amounts, and deductible amounts
• Roof inspection photographs and property documents you upload
• Lead notes, task records, and communication history
• Pipeline stage and deal status information
• Proposal and invoice data you generate within the Service

C. Usage Data (collected automatically):

• Pages and features accessed within the Service
• Login timestamps and session duration
• Browser type, operating system, and device identifiers
• Referring URLs

D. Data from Third-Party Integrations:

• Lead data received via webhook integrations (e.g., GoHighLevel)
• Satellite imagery and measurement data from Google Maps / Google Solar API
• Weather and storm event data from third-party meteorological data providers

3. How We Use Your Information

RoofDesk uses Account Data to:

• Provide, operate, and maintain the Service
• Process subscription payments and manage billing
• Send transactional emails (account creation, password reset, billing notifications)
• Provide customer support
• Notify you of changes to the Service or these Terms
• Analyze aggregate usage patterns to improve the Service (no individual profiling)
• Detect fraud, abuse, and violations of our Terms of Service
• Comply with legal obligations

RoofDesk processes Client Data exclusively to provide the Service functionality you request, in accordance with your instructions as described in our Terms of Service. We do not use Client Data to market to your clients.

4. Your Client Data — You Are the Controller

The personal data you enter about your clients and prospects belongs to you. You determine the purposes and means by which your client data is processed. RoofDesk is your data processor and acts only on your instructions.

You are responsible for: (a) having a legal basis to collect and process your clients' personal data; (b) providing required privacy notices to your clients; (c) honoring any requests from your clients to access, correct, or delete their data; and (d) maintaining the accuracy of data you store in the Service.

If your clients contact RoofDesk with data requests, we will refer them to you as the data controller.

5. Sharing Your Information

RoofDesk does not sell your personal data. We share information only in the following circumstances:

• Service Providers (Subprocessors): We share data with the following third-party service providers who process data on our behalf: Supabase (database and authentication hosting), Vercel (application hosting), Stripe (payment processing), Twilio (SMS and voice services), and Google (maps, satellite imagery, and measurement data). Each subprocessor is bound by appropriate data protection agreements.
• Legal Compliance: We may disclose information to law enforcement, government agencies, or courts when required by applicable law, legal process, or governmental request.
• Protection of Rights: We may disclose information to protect the rights, property, or safety of RoofDesk, our users, or the public.
• Business Transfers: In connection with a merger, acquisition, asset sale, or bankruptcy, your information may be transferred to a successor entity, subject to the same privacy protections.
• With Your Consent: We may share information for any other purpose with your explicit consent.
• SMS Opt-In Data: Phone numbers collected for SMS communications and the corresponding consent records are never sold, shared, or transferred to any third party or affiliate for any purpose. Each contractor's customer contact data — including SMS opt-in records — is strictly isolated to that contractor's account and is not accessible to other RoofDesk users, partners, or third parties. RoofDesk does not buy, sell, or share end-user phone numbers or SMS opt-in data with any third party or affiliate, ever.

6. Administrative Access — Transparency Notice

RoofDesk maintains an internal administrative system through which authorized RoofDesk personnel (with "superadmin" or "staff" roles) may access your account data for the following limited purposes: customer support and troubleshooting, fraud investigation, compliance verification, and technical maintenance.

Administrative access is logged and is restricted to authorized RoofDesk employees who have agreed to confidentiality obligations. RoofDesk employees will not access your account or Client Data except as necessary to provide support or to fulfill legal obligations.

If you believe your account has been accessed without authorization, contact legal@roofdesk.app immediately.

7. Data Retention

We retain your Account Data for as long as your account is active or as needed to provide the Service, comply with legal obligations, resolve disputes, and enforce our agreements. Following account termination, data is retained for thirty (30) days before deletion, as described in Section 19 of the Terms of Service.

Certain data may be retained longer for legitimate business purposes, including: billing records (7 years, as required for tax compliance), Terms acceptance records (duration of statute of limitations), and security logs (90 days).

8. Security Measures

RoofDesk implements the following security measures to protect your data:

• Encryption of data in transit (TLS/HTTPS)
• Encryption of data at rest within our database infrastructure (Supabase)
• Row-level security (RLS) policies ensuring multi-tenant data isolation: your data is accessible only to users within your account
• Authentication via Supabase Auth with support for Google OAuth
• Access controls limiting RoofDesk employee access to account data
• Payment card data is never stored by RoofDesk (handled exclusively by Stripe PCI-DSS compliant infrastructure)

Despite these measures, no internet transmission or data storage system is completely secure. We cannot guarantee absolute security of your data.

9. Your Privacy Rights

Depending on your location, you may have certain rights regarding your personal data, including:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate or incomplete data.
• Deletion: Request deletion of your account and personal data, subject to legal retention requirements.
• Data Portability: Request an export of your data in a machine-readable format.
• Objection: Object to certain processing activities.

To exercise these rights, contact legal@roofdesk.app. We will respond within the timeframe required by applicable law (typically 45 days). Note that these rights apply to your Account Data. For rights regarding Client Data, contact the relevant contractor (the data controller).

10. California Privacy Rights (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) provide you with additional rights:

• Right to Know: You may request disclosure of the categories and specific pieces of personal information we have collected about you.
• Right to Delete: You may request deletion of your personal information, subject to certain exceptions.
• Right to Opt-Out of Sale: RoofDesk does not sell personal information. You have the right to opt-out of any future sale.
• Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.
• Right to Correct: You may request correction of inaccurate personal information.
• Right to Limit Use of Sensitive Personal Information: Where we process sensitive personal information (such as insurance policy data), you may request limitations on its use.

To submit a CCPA request, contact legal@roofdesk.app. We will verify your identity before processing your request. We do not discriminate in service provision based on exercise of privacy rights.

11. Cookies and Tracking Technologies

The Service uses essential cookies and session tokens necessary for authentication, security, and core functionality. These cookies are required for the Service to function and cannot be disabled without breaking core features.

We do not use advertising tracking cookies, behavioral profiling cookies, or third-party advertising networks. We may use analytics to understand aggregate usage patterns; any such analytics are configured to minimize personal data collection.

12. Children's Privacy

The Service is intended solely for use by business professionals who are at least 18 years of age. RoofDesk does not knowingly collect personal information from individuals under 18. If we become aware that we have inadvertently collected information from a minor, we will promptly delete it. If you believe we have collected information from a minor, contact legal@roofdesk.app.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email and/or in-app notification. The updated Policy will be posted with a revised effective date. Continued use of the Service after the effective date constitutes acceptance of the updated Policy. For significant changes affecting your rights, we may require re-acceptance.

14. Contact Us

For questions, concerns, or requests related to this Privacy Policy or your personal data, contact: