Back to Dashboard

Privacy Policy

Last updated: December 13, 2025

1. Introduction

Fortifiers ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our construction quoting and project management platform.

2. Information We Collect

2.1 Personal Information

We collect personal information that you provide directly to us, including:

  • Name, email address, and contact information
  • Company information and business details
  • Payment information for billing purposes
  • Project details and construction specifications
  • Communication preferences

2.2 Usage Information

We automatically collect certain information when you use our platform:

  • Device information and browser type
  • IP address and location data
  • Usage patterns and feature interactions
  • Performance metrics and error logs

2.3 Document and Project Data

When you upload documents or create projects, we process:

  • Construction documents and specifications
  • Project plans and drawings
  • Correspondence and communication records
  • Quote and pricing information

3. How We Use Your Information

We use collected information for the following purposes:

  • Provide and maintain our construction quoting services
  • Process payments and manage subscriptions
  • Generate accurate quotes and project estimates
  • Improve our AI and machine learning models
  • Send important service updates and notifications
  • Provide customer support and technical assistance
  • Analyze usage patterns to improve our platform
  • Comply with legal obligations and prevent fraud

4. Information Sharing and Disclosure

We do not sell, trade, or otherwise transfer your personal information to third parties except in the following circumstances:

  • Service Providers: Trusted third-party services that assist in operating our platform
  • Legal Requirements: When required by law or to protect our rights
  • Business Transfers: In connection with a merger, acquisition, or sale of assets
  • Consent: With your explicit permission

5. Data Security

We implement industry-standard security measures to protect your information:

  • Encryption of data in transit using TLS/SSL and at rest using AES-256
  • Regular security audits and vulnerability assessments
  • Role-based access controls and multi-factor authentication
  • Secure cloud infrastructure with SOC 2 compliance
  • Employee training on data protection and GDPR compliance
  • Regular penetration testing and security monitoring
  • Incident response plan and data breach notification procedures

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee absolute security.

6. AI and Machine Learning

Our platform uses artificial intelligence (Freya AI) to analyze documents and generate quotes. Here's how we handle your data:

  • Training Data: We may use anonymized and aggregated data to improve our AI models
  • Processing: Document analysis is performed using secure cloud AI services (OpenAI, Anthropic Claude, Google Gemini)
  • Storage: AI-processed data is stored separately from personally identifiable information
  • Opt-out: You can request that your data not be used for model training
  • Third-party AI: We use third-party AI providers who have their own data processing agreements

7. Data Retention

We retain your information for as long as necessary to provide our services and comply with legal obligations:

  • Active Accounts: Data is retained while your account is active
  • Deleted Accounts: Most data is deleted within 90 days of account closure
  • Project Data: Construction quotes and documents are retained for 7 years to comply with industry regulations and tax law
  • Audit Logs: Security and activity logs are retained for 2 years
  • Backup Data: Backup systems may retain data for up to 90 days after deletion

8. Your Rights and Choices

Depending on your location, you may have the following rights:

8.1 Access and Portability

  • Request a copy of your personal information in a structured, machine-readable format
  • Export your quotes, documents, and project data at any time

8.2 Correction and Updates

  • Update your profile information directly in your account settings
  • Request correction of inaccurate or incomplete data

8.3 Deletion and Erasure

  • Request deletion of your account and associated data (subject to legal retention requirements)
  • Delete individual quotes, documents, or projects at any time

8.4 Marketing Communications

  • Opt-out of marketing emails using the unsubscribe link
  • Manage notification preferences in your account settings
  • Note: You cannot opt-out of essential service communications (e.g., security alerts, billing notifications)

8.5 Do Not Sell My Information

We do not sell your personal information to third parties. If you are a California resident, you have additional rights under CCPA. If you are a Canadian resident, you have rights under PIPEDA (see Section 12).

9. Cookies and Tracking Technologies

We use cookies and similar technologies to improve your experience:

9.1 Types of Cookies

  • Essential Cookies: Required for authentication and security
  • Functional Cookies: Remember your preferences and settings
  • Analytics Cookies: Help us understand usage patterns (Google Analytics, Mixpanel)
  • Advertising Cookies: Used for targeted advertising (if applicable)

9.2 Managing Cookies

You can control cookies through your browser settings. Note that disabling certain cookies may affect platform functionality.

10. Third-Party Services

We use the following third-party services that may collect your information:

  • Authentication: Clerk (user authentication and identity management)
  • Payment Processing: Stripe (payment and billing)
  • AI Services: OpenAI, Anthropic, Google Gemini (document analysis and chat)
  • Email Delivery: SendGrid (transactional emails)
  • Analytics: Google Analytics, Mixpanel (usage tracking)
  • Cloud Hosting: AWS, Docker (infrastructure)
  • Error Tracking: Sentry (application monitoring)

Each third-party service has its own privacy policy governing the use of your information.

11. International Data Transfers

Your information may be transferred to and processed in countries other than your own, including the United States. We ensure appropriate safeguards are in place:

  • Standard Contractual Clauses (SCCs) for EU data transfers
  • Privacy Shield certification (where applicable)
  • Adequacy decisions by relevant data protection authorities
  • Your consent for transfers where required by law

12. Regional Privacy Rights

12.1 California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights:

  • Right to know what personal information is collected
  • Right to delete personal information
  • Right to opt-out of the sale of personal information (we do not sell)
  • Right to non-discrimination for exercising your rights

12.2 European Residents (GDPR)

If you are in the EU/EEA, you have rights under GDPR:

  • Right to access, rectification, erasure, and restriction of processing
  • Right to data portability
  • Right to object to processing
  • Right to withdraw consent at any time
  • Right to lodge a complaint with your supervisory authority

12.3 Canadian Residents (PIPEDA)

As a Prince Edward Island-based company, we comply with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA). Canadian users have the following rights:

  • Right to access your personal information
  • Right to correct inaccurate information
  • Right to withdraw consent (with certain limitations)
  • Right to challenge compliance with PIPEDA principles
  • Right to file complaints with the Privacy Commissioner of Canada

We adhere to PIPEDA's 10 fair information principles, including accountability, consent, limiting collection/use/disclosure, accuracy, safeguards, and individual access to personal information.

13. Children's Privacy

Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we discover that we have collected information from a child, we will delete it immediately.

14. Data Breach Notification

In the event of a data breach affecting your personal information, we will:

  • Notify affected users within 72 hours of discovery
  • Report to relevant data protection authorities as required by law
  • Provide information about the breach and steps we're taking
  • Offer guidance on protecting your information

15. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via:

  • Email notification to your registered address
  • In-app notification banner
  • Update notice on this page

Continued use of the Service after changes constitutes acceptance of the updated policy.

16. Contact Us

If you have questions about this Privacy Policy, wish to exercise your rights, or have privacy concerns, please contact us:

Email: privacy@fortifiers.app

Data Protection Officer: dpo@fortifiers.app

Support: support@fortifiers.app

Address: Fortifiers Privacy Team, Prince Edward Island, Canada

We will respond to your inquiry within 30 days.