Privacy Policy
FoundersCore · Version 1.1 · Effective July 5, 2026
This policy explains what information FoundersCore (operated by Founders Maintenance and Restoration, LLC — "we," "us") collects, how we use it, and the choices you have. FoundersCore is a business tool: most data in the platform belongs to the company whose workspace you were invited into (your "Workspace Company"), and we process it on their behalf. Because different people use FoundersCore differently, this policy is organized by who you are.
1. What we collect — by who you are
If you're a team member (employee of a Workspace Company)
- Account information: name, email, phone, role, permissions, password (stored only as a secure hash by our authentication provider), optional MFA phone number.
- Location — read this one. If you use the mobile timesheet: your GPS position is captured when you clock in, and while you are clocked in the app periodically reports your location in the background (roughly every few minutes or when you move a significant distance). This powers "you left the job site" reminders and after-hours auto-clock-out. Location reporting stops completely when you clock out — the app does not track you off the clock. Location is visible to your Workspace Company's managers/admins as part of timekeeping. This applies only to team members using the timesheet — never to subcontractors or customers.
- Work records: timesheets (with clock-in coordinates and calculated labor cost), visits, notes, job photos, expense and receipt submissions, mileage/vehicle inspections, messages, education/certification progress.
- Pay data: your pay rate/type, hours (regular, overtime, on-call), PTO, bonuses, reimbursements, and corporate-card spend in your name (imported from the card provider) — used for payroll and cost accounting, visible per your company's permission settings, and exported to your company's payroll provider to pay you.
- Voice dictation: if you dictate notes, speech is converted to text by your device's speech service; we store the resulting text, not the audio.
- Device data: push notification token and platform (iOS/Android), app version; log data (IP, timestamps, actions).
- Activity audit: creates/edits/deletes you make to business records are logged with your identity and what changed — that's the audit trail your company relies on.
If you're a subcontractor
- Business and contact details (name, contact person, email, phone, address, trade).
- Compliance documents you or your insurer provide: W-9 tax forms, general-liability and workers'-comp certificates, insurer contact details, signed agreements (including your signature image).
- Invoices/bills you submit (including scanned documents), visit notes and photos, messages, and your earnings history with the Workspace Company.
- No location tracking. The sub portal does not capture your GPS position.
If you're a customer or customer contact
- Contact details (name, email, phone, position), your properties and service addresses, quotes, invoices, payments, purchase orders, messages, photos you upload, survey answers, and support/help-ticket conversations (including with the AI assistant).
- E-signatures: when you sign a quote or contract we record your name, email, the signature image, the signed document, the timestamp, and your IP address — that's standard evidence that you, not someone else, signed.
- Phone calls: if you call a Workspace Company's AI receptionist line, the call is answered by an automated agent and transcribed (and may be recorded), and details you give (name, callback number, address, what you need) are saved so the company can help you. See Section 4.
- No location tracking. The customer portal does not capture your GPS position.
If you apply for a job with a Workspace Company
- Name, email, phone, resume, source, interview notes, and hiring-stage history, kept as the company's hiring record.
Content that flows through connected accounts
- If a Workspace Company connects its own email mailboxes, we read those mailboxes to auto-import business documents (vendor bills, card receipts, insurance certificates, purchase-order updates). Sender details and document contents become workspace records. Google-user data accessed through Gmail APIs is used only to provide these features, consistent with the Google API Services User Data Policy, including its Limited Use requirements.
- If a Workspace Company connects bank accounts (via Plaid) or a corporate card program, account, transaction, and cardholder data flows in for bookkeeping and reconciliation.
2. How we use information
- To run every feature described above: scheduling, timekeeping, invoicing, payroll prep, messaging, notifications, compliance tracking, support.
- To power AI features: the relevant content (your message plus the records needed to answer) is sent to our AI provider to generate the response you asked for. AI assistants operate under the same permission walls you do.
- To keep the platform safe: authentication, fraud and abuse prevention, audit logs, permission and workspace isolation enforcement.
- To fix problems and improve the product, and to notify you about service issues.
We do not sell personal information, and we do not use your data for third-party advertising.
3. Location data — the full picture
- Captured only from team members using the mobile timesheet, only between clock-in and clock-out.
- Used for: timekeeping accuracy, "left the site with the timer running" nudges, and after-hours auto-clock-out.
- Stored with the timesheet record; visible to the Workspace Company per its permission settings; not sold or shared for advertising.
- Your Workspace Company is responsible for giving you any workplace notice of this monitoring that your state requires; using the timesheet with location on is your acknowledgment of it.
- Property addresses may be converted to map coordinates using Google's geocoding services.
- Photos you upload may contain embedded camera metadata (which can include where the photo was taken); we do not currently strip it. Don't upload photos you wouldn't want tied to a place.
4. Calls, texts, and the AI receptionist
Workspace Companies can use an AI phone receptionist. Calls to that line are handled by an automated agent: audio is processed in real time by our voice-AI providers, a transcript is kept, a recording may be kept, and the details you provide become a service record. The Workspace Company is responsible for complying with call-recording consent laws in its callers' jurisdictions (including any announcement at the start of the call). SMS messages sent through the platform (dispatch updates, codes, notifications) are delivered through our telephony provider and logged.
5. Who we share it with
Only service providers ("subprocessors") that power specific features, under terms restricting their use of the data. We describe most of them by category — our full vendor list is confidential competitive information, and a current list of named subprocessors is available to Workspace Companies on request:
| Provider | What for | What they see |
| Cloud infrastructure providers (U.S.) | Application hosting, database, authentication, file storage | Platform data (encrypted in transit and at rest) |
| AI model providers | AI assistants, document extraction, support triage, receptionist call handling | The content needed for the specific AI task; not used to train their models per their commercial API terms |
| Telephony provider | Phone calls and SMS | Phone numbers, call audio/recordings, message content |
| Plaid | Bank account connections | Bank sign-in happens on Plaid's systems (we never see credentials); account + transaction data |
| Stripe | Customer invoice payments | Payment card details (entered on Stripe's systems, not ours), amounts, invoice references |
| Corporate card program | The card provider the Workspace Company uses — its transaction feed | Cardholder name/email, merchant, amounts, receipts |
| Google | Optional sign-in, connected Gmail import, address geocoding, document OCR | Per feature: sign-in identity, connected mailbox content, addresses, document images |
| Mobile platforms (Apple, Google) + app-services provider | Mobile app delivery and push notifications | Device push tokens, notification content |
| GIF search provider | GIF picker in messaging | Your GIF search terms |
| Payroll processor | The Workspace Company's chosen payroll provider (e.g., Gusto, ADP) | Hours, wages, adjustments needed to run payroll |
We may also disclose information if required by law, to protect rights and safety, or in a business transfer (with notice to affected customers). Within a workspace, the Workspace Company's admins control and can see workspace data per their permission settings — including timekeeping location, audit logs, and support conversations.
6. Data breaches — what we do and what we can't promise
We use industry-standard safeguards (encryption in transit and at rest, role-based access, per-branch walls, workspace isolation — see the Data Handling Policy). No system is 100% secure, and we cannot guarantee against every breach. If a breach affects your personal information, we will notify affected Workspace Companies and users without undue delay, consistent with applicable law, describing what happened, what data was involved, and what we're doing. Our liability is limited as described in the Terms & Conditions; a breach caused by a shared password, a reused compromised credential, or misrepresented identity is the responsible user's liability, not ours.
7. Retention
- Workspace business records (jobs, invoices, financials, timesheets, audit logs, call logs): kept while the Workspace Company's account is active — they're its books.
- Location pings: kept as part of the timesheet record they support.
- Financial and signed documents: kept as long as law and audit obligations require, even after other deletion.
- Applicant records: kept as the company's hiring record; applicants may ask the Workspace Company to delete their file, subject to legal holds.
- Closed workspaces: data deleted or returned within a commercially reasonable period, except legally required retention and encrypted backups that age out on schedule.
8. Your choices and rights
- View and update your profile in the app; request a copy or correction of your personal information.
- Depending on where you live, you may have rights to access, correct, delete, or port personal information. Requests about workspace content go through your Workspace Company (it's their record); requests about your own account can come straight to us.
- Timesheet location: the only way to avoid it is not to use the mobile timesheet — talk to your employer about alternatives; we can't disable a monitoring feature your employer requires.
- Notifications are adjustable in the app. Cookies/local storage: we use only what sign-in and preferences need; no third-party ad cookies.
9. Children
FoundersCore is a workplace tool, not directed at children, and may not be used by anyone under 18.
10. Changes
If we materially change this policy, we'll post the new version here with a new effective date and may ask you to re-acknowledge it.
11. Contact
Privacy questions or requests: Help & support in the app, or info@foundersmaintenance.com.