Data Handling Policy

FoundersCore · Version 1.1 · Effective July 5, 2026

This policy describes, in plain language, how FoundersCore (operated by Founders Maintenance and Restoration, LLC) stores, protects, and processes the data inside the platform — and what we expect from you and from each Workspace Company. It supplements the Privacy Policy, which lists exactly what is collected about whom.

1. Where your data lives

Data is stored with professionally managed cloud infrastructure providers in the United States. Data is encrypted in transit (TLS) and at rest. Uploaded files are private and served through expiring signed links, not public URLs.

2. Workspace isolation

Every company's workspace is logically separated. Users reach only the workspace(s) they were invited into; inside a workspace, role- and permission-based controls (including per-branch/location walls) govern what each person can see and change. AI features run under the SAME permission walls — an assistant acting for you can only touch what you yourself are allowed to touch, and financial/wage details are redacted from AI context for people without those permissions.

3. Sensitive categories and how they're treated

4. How AI features handle data

5. Access controls and auditability

6. Backups and continuity

The database is backed up on our provider's automated schedule; backups are encrypted. In an outage we restore from the most recent healthy state — because backups are periodic, a restore can lose the most recent minutes of changes. That's an honest limit of any cloud software.

7. Incident response — if something goes wrong

  1. Detect & contain: revoke affected credentials/sessions, isolate the issue, stop ongoing exposure.
  2. Assess: determine what data and which workspaces were affected.
  3. Notify: affected Workspace Companies and users, without undue delay, consistent with applicable law.
  4. Fix & learn: patch the root cause; adjust safeguards.

8. Retention, export, and deletion

9. Workspace Company responsibilities

Each Workspace Company — not FoundersCore — is the employer, service provider, and data controller for its own people and customers. The Workspace Company is responsible for: (a) giving its employees any legally required notice of workplace monitoring (including timesheet location tracking) and obtaining any required consents; (b) complying with call-recording and consent laws for its AI receptionist callers; (c) lawful use of applicant, employee, subcontractor, and customer data it puts into the platform; and (d) configuring permissions so only the right people see sensitive records.

10. Your responsibilities — this part matters

Security is shared. You agree to: use a strong, unique password and never share your account; enable MFA if your company requires it; sign out on shared devices; only access data you're authorized to access; and report suspected compromise immediately. If a breach or loss results from your negligence with credentials, from account sharing, or from misrepresenting your identity or affiliation, that responsibility — and liability — is yours, as set out in the Terms & Conditions.

11. Subprocessors

The categories of subprocessors (what they power and what they see) are in the Privacy Policy. Our full vendor list is confidential competitive information; a current named list is available to Workspace Companies on request.

12. Questions

Help & support in the app, or info@foundersmaintenance.com.