Privacy Policy for Subtrade Software Ltd
Effective Date: July 22, 2025 / Last Updated: July 22, 2025
Welcome to Subtrade, a construction project management platform developed and operated by Subtrade Software Ltd ("Company", "we", "us", or "our").
This Privacy Policy explains how Subtrade Software Ltd collects, uses, maintains, and discloses information from individuals who interact with our web and mobile applications (collectively, the "Platform" or "Services"), websites, and any other communication channels. We are committed to protecting your privacy and ensuring the security of your personal information.
1. Purpose and Scope of This Policy
This Privacy Policy serves as your guide to understanding our data handling practices. It applies to all users of our Website and all products and services offered by Subtrade Software Ltd. By accessing or using our Platform, you signify your acceptance of this Privacy Policy and consent to the collection, use, sharing, and disclosure of your personal information as described herein. If you do not agree with any term in this Privacy Policy, please do not use our Services or provide any personal information.
2. Policy Updates and Notification Procedures
We reserve the right to update this Privacy Policy at any time to reflect changes in our practices, technology, or legal requirements. Any revisions will become effective immediately upon their publication on this page, with the "Last Updated" date at the top of the policy being revised accordingly.
We encourage you to regularly review this Privacy Policy for any modifications. Your continued use of the Services subsequent to the posting of changes constitutes your acceptance of the revised terms. For significant alterations that materially change our data collection methodologies, usage purposes, or sharing practices, we may provide more prominent notification, such as through direct email notifications or conspicuous in-app alerts, where required by applicable law.
Important Note on Data Delineation: This Privacy Policy primarily addresses "personal information" as defined by applicable privacy laws. Operational data, such as material quantities, equipment usage, and daily reports, which may not directly identify an individual, is also handled by our Platform. The ownership, usage rights, and intellectual property related to such broader "customer data" or "project data" are governed by our Terms & Conditions and any specific Data Processing Addendums, which should be reviewed in conjunction with this Privacy Policy.
4. License to Use the Software
Subject to your compliance with these Terms, Subtrade Software Ltd grants you a limited, non-exclusive, non-transferable, revocable license to access and use the SaaS Services solely for your internal business operations as permitted by the SaaS Licence.
3. Information We Collect
We collect various types of information to provide and improve our Services, facilitate communication, and ensure the security of our Platform.
3.1 Information You Provide Directly
When you create an account, register, or interact directly with our Services, you may provide us with:
- Account and Contact Information: Your name, email address, phone number, company name, job title, and login credentials. This is essential for account creation, user identification, and secure communication.
-Financial Information: Billing addresses and payment details necessary for subscription services or purchases. While often processed by third-party payment gateways, we acknowledge its collection for transaction purposes.
-Views and Opinions: Information derived from your feedback, survey responses, and direct support inquiries.
-Communications Information: Records of your interactions with us, including chat transcripts, call recordings, and email correspondence, for customer support and quality assurance.
3.2 Information Collected Automatically
As you use our Platform, we automatically collect certain information through various technologies:
-Device Information: This includes cookie IDs, IP addresses, operating system details, browser type, and unique device identifiers. This data helps ensure service compatibility, security, and optimized performance.
-Website/App Usage and Analytics Information: Data on your browsing actions, traffic data, server logs, pages viewed, features utilized within the application, time spent on various sections, and crash reports. This information is aggregated to understand user behavior, identify trends, and improve service functionality and user experience.
-Cookies and Tracking Technologies: We use cookies and similar tracking technologies to enhance your user experience, recognize returning visitors, tailor content, and compile statistics on website interaction. These include:
--Required Cookies: Essential for the operation and security of our Platform.
--Functionality and Analytics Cookies: Remember your choices and collect usage data to improve our Services.
--Advertising Cookies: Deliver relevant advertisements.
---You can manage cookie settings in your browser, but disabling certain cookies may affect Platform functionality. For comprehensive details on our use of cookies and your options, please refer to our separate Cookie Policy (if applicable) or manage settings via your browser.
--Precise Geolocation Data: For certain functionalities within our mobile application, such as time tracking, site monitoring, and geofencing, precise geolocation data may be collected in real-time. This data is considered sensitive and is collected only with your explicit consent and for the stated purposes of operational efficiency and safety management.
--Biometric Information: For specific opt-in functionalities within the Subtrade time tracking app, such as facial recognition for employee identity verification and time entry recording, biometric data may be collected. This highly sensitive data is stored by our service providers on our behalf and may be disclosed to our customers (your employer) for verification or to vendors/licensors for troubleshooting. Subtrade Software Ltd will not sell, lease, trade, or profit from your biometric information. We implement specific retention policies for biometric data, typically destroying it within 30 days after 366 days of inactivity. You can opt-out of facial recognition by contacting your employer.
While not all this data may be directly "personal information," we acknowledge its collection, especially if it can be linked or reasonably linkable to an identified or identifiable individual (e.g., labor productivity linked to an employee, vital signs from a specific worker).
3.3 Information We Collect From Other Sources
Marketing partners, social media platforms (if you interact with our company pages), identity providers (for single sign-on services), publicly available sources (e.g., business directories), and other business partners.
3.4 Handling of Sensitive Personal Information
While sensitive personal information (e.g., biometric data, precise geolocation, health data) is generally not required for general website or application use, when such data is collected for specific functionalities (like recruiting, time tracking, or safety monitoring), it is done strictly in accordance with applicable data privacy laws, often necessitating explicit consent or a clear legal basis for processing.
4. How We Use Your Information
We use the collected information for the following legitimate business purposes:
4.1 Operational and Service Delivery Purposes
To run and operate our Platform and business, including displaying content, providing access to essential features such as time tracking, project management, safety management, document management, and resource management. This also includes fulfilling our contractual obligations with you and ensuring the overall security and stability of our Services.
4.2 Customer Service, Personalization, and Improvement
To enhance customer service, efficiently address your inquiries, and provide technical support. We use information to personalize your experience by tailoring content and features based on your usage patterns. Aggregated usage patterns are analyzed to identify trends, improve service functionality, and inform strategic planning. We also use data to test, enhance, and modify existing services, and to develop new offerings, whether specifically requested by you or as part of ongoing product innovation.
4.3 Payment Processing and Financial Management
To process payments for Services, subscriptions, or purchases. This sensitive information is handled securely and is not disclosed to outside parties unless absolutely necessary for the completion of the payment service.
4.4 Marketing, Communications, and Analytics
To support various marketing activities, including sending relevant information, updates, promotional content, and newsletters to you, consistent with your communication preferences. We also analyze trends in data, identify patterns, and make informed predictions about future project needs or market demands. Advanced analytics may be performed for purposes such as predictive safety analytics and industry guideline production, with appropriate de-identification or re-identification processes where legally permissible and necessary for the stated purpose.
4.5 Business Transactions
In the event of a business transaction, such as a sale, merger, acquisition, reorganization, or transfer of assets, your personal information may be transferred to the acquiring or successor entity as part of the business assets. This is a standard practice to ensure business continuity during corporate changes.
4.6 Legal Compliance, Rights Enforcement, and Fraud Prevention
We may disclose personal information when required by law, court order, subpoena, or valid governmental request. This also includes disclosure to investigate potential fraud, criminal activity, or violations of our Terms & Conditions, or to establish, exercise, or defend our legal rights.
5. How We Disclose Your Information
We do not sell, trade, or rent your personal information to others. However, we may disclose your information in the following ways:
5.1 Internal Sharing
To our affiliates, subsidiaries, other business units, and relevant employees for the purposes of managing business relationships, providing seamless service delivery, and supporting internal operations.
5.2 Sharing with Our Customers (Your Employer)
For construction management software, we disclose personal information, including potentially sensitive data like biometric information for opt-in users, directly to our customers (i.e., your employer or project manager). This is done specifically for operational purposes such as employee timekeeping, attendance verification, or safety compliance. While Subtrade Software Ltd acts as a data processor, your employer is often the primary data controller for their employees' data. We ensure our platform and policies enable our customers to meet their own privacy obligations.
5.3 Third-Party Service Providers and Contractors
To various third-party service providers or contractors who perform functions on our behalf. These services include email marketing, data analytics, cloud hosting (e.g., AWS S3, EFS, Redis), payment processing, customer support, and specialized services like biometric data storage and processing. These providers are contractually bound by strict confidentiality obligations and are only permitted to process data as instructed by us. We conduct due diligence to ensure they adhere to similar privacy, security, and confidentiality standards.
5.4 Business Partners and Integrations
With third-party business partners who offer complementary perks, features, or integrations via our Platform. This is common in the construction software ecosystem, which often relies on integrations with other specialized tools and "3rd party add-on solutions."
5.5 In the Event of a Business Transaction
During significant corporate events such as mergers, acquisitions, sales of company assets, or other changes in control, your personal information may be transferred as part of the acquired assets.
5.6 For Legal Purposes
When required by law, court order, subpoena, or valid governmental request. This also includes disclosure to investigate potential fraud, criminal activity, or violations of our Terms & Conditions, or to establish, exercise, or defend legal rights.
5.7 With Your Consent or Authorization
For any other purpose with your explicit consent or authorization.
5.8 Other Disclosures
For any other purpose explicitly disclosed to you at the time the information is provided.
6. Your Rights and Choices Regarding Your Information
We are committed to empowering you with control over your personal data.
6.1 General User Rights (Access, Correction, Deletion, Opt-Out)
You have fundamental rights concerning your personal information, including the right to:
-Access: Obtain a copy of your personal data.
-Update or Correct: Rectify inaccuracies in your data.
-Delete: Request the deletion of your personal data.
-Export (Data Portability): Receive your data in a structured, commonly used, and machine-readable format.
-Limit or Object: Restrict or object to certain uses of your information.
To submit such requests, please contact us using the methods provided in the "Contact Us" section. We will respond to your requests within applicable legal timelines. Please note that while we strive to fulfill all deletion requests, certain operational data (e.g., material quantities, labor hours, safety incidents) may be retained as part of your employer's project records or due to legal/contractual obligations, even if linked to an individual. In such cases, we will inform you of the limitations and direct you to your employer for further assistance regarding operational data.
6.2 Managing Cookies and Tracking Technologies
You can manage your cookie settings directly through your web browser preferences. You can also opt-out of third-party behavioral advertising or specific analytics cookies. Please be aware that disabling certain cookies may affect the functionality and user experience of our Platform.
6.3 Opting Out of Marketing Communications
We provide clear mechanisms for opting out of various marketing communications:
-Electronic Newsletters: You can opt-in to our marketing mailing lists. To unsubscribe at any time, simply click the "unsubscribe" link at the bottom of each email.
-SMS Text Messages: If you elect to receive recurring text messages, standard message and data rates may apply. Your consent is voluntary and not a condition of purchase or service use. To stop messages, text "STOP" to the number provided. For help, text "HELP".
7. Specific Jurisdictional Rights and Compliance
We are committed to complying with the privacy laws applicable to our operations and your location.
7.1 California Residents (CCPA/CPRA)
If you are an eligible California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), grants you specific rights regarding your personal information:
-Right to Know and Access: You have the right to request information about the categories of personal information collected about you, the sources from which it was collected, the business purposes for collection, and the specific pieces of personal information collected in the preceding 12 months.
-Right to Delete: You have the right to request the deletion of personal information collected from you.
-Right to Correct Inaccuracies: You have the right to request the correction of inaccurate personal information.
-Right to Non-Discrimination: You have the right not to receive discriminatory treatment for exercising your CCPA/CPRA rights.
-Right to Opt-Out of the Sale or Sharing of Personal Information: You have the right to opt-out of the "sale" or "sharing" of your personal information. Under California law, "sharing" includes disclosing personal information to a third party for cross-context behavioral advertising, even without monetary exchange.
-Response Timelines: We will respond to deletion, correction, or information requests within 45 days (with a possible 45-day extension if communicated) and opt-out requests within 15 business days, notifying involved third parties.
7.2 Canadian Residents (PIPEDA, Data Residency Considerations)
If you are a resident of Canada, the Personal Information Protection and Electronic Documents Act (PIPEDA) and other provincial privacy laws apply to our collection, use, and disclosure of your personal information.
-Consent and Rights: We process personal information with appropriate consent. You have the right to access, update, and correct your information, and to withdraw consent for certain processing activities.
-Data Residency and CLOUD Act: While PIPEDA does not explicitly require personal information to be housed in Canada, the Canadian Privacy Commissioner has a longstanding policy requiring companies to inform customers if their data is housed outside Canada. Please be aware that if Subtrade Software Ltd utilizes cloud services owned by American companies (e.g., AWS, Microsoft Azure, Google Cloud), your data, even if physically located in Canada, could potentially be legally accessed by U.S. authorities under the U.S. Clarifying Lawful Overseas Use of Data (CLOUD) Act, without our consent or even knowledge.
7.3 Other U.S. State Privacy Laws
Eligible residents of other "Covered States" (e.g., Colorado, Connecticut, Virginia, Utah) may have privacy rights similar to those under CCPA/CPRA, including the Right to Access, Right to Delete, Right to Correct, Right to Opt Out (of targeted advertising, the sale of personal information, and profiling), and the Right to Appeal decisions regarding their requests. Subtrade Software Ltd does not "sell" information as defined in these Covered State Laws.
7.4 Mobile App Platform Requirements (Apple App Store, Google Play Store, CalOPPA)
For our mobile applications, we comply with specific platform mandates:
-Apple App Store: Apple mandates that all iOS applications include a comprehensive privacy policy, regardless of whether other privacy laws apply. Our policy is accessible within the app and on our App Store listing.
-Google Play Store: Every application published on the Google Play Store must have a privacy policy that declares how it collects, protects, and handles private user data. Our policy is available in the designated field within the Play Console and linked to or included as actual text within the app itself.
-CalOPPA: Our mobile application privacy policy provides information about modifications and how they will be made, discloses any third parties collecting user data, and is presented as a clear link from the mobile app's homepage, which contains the word "privacy."
8. Data Security and Retention
8.1 Security Measures Employed
We implement robust technical and organizational security measures to protect your personal information from unauthorized access, alteration, disclosure, or destruction. These measures include:
-Using secured networks.
-Implementing strict access controls with limited access rights for authorized personnel.
-Encrypting sensitive information via Secure Socket Layer (SSL) technology during transmission
-Conducting regular malware scanning.
-Utilizing modern cloud storage platforms that offer automated backups.
While we strive to protect your personal information, no method of transmission over the internet or method of electronic storage can be guaranteed as 100% secure. You also bear a responsibility for maintaining data security, particularly regarding the confidentiality of your passwords.
8.2 Data Retention Policies
We retain personal information only for as long as needed to fulfill the stated purposes for which it was collected, or as required by applicable law, contract, or legitimate business interests. For highly sensitive data categories, such as biometric information, specific retention policies are implemented (e.g., destruction within 30 days after 366 days of inactivity), demonstrating our commitment to time-limited retention.
9. Children's Privacy
Our Services are not intended for children under the age of 13. We do not knowingly collect personal information from children under 13 (or 16 where applicable, as per CCPA/CPRA). If we become aware that we have collected personal information from a child under the applicable age without parental consent, we will take steps to delete that information promptly.
10. Third-Party Websites
This Privacy Policy applies solely to information collected by Subtrade Software Ltd. It does not apply to third-party websites, services, or applications linked from our Platform. We encourage you to review the privacy policies of any third-party sites you visit.
Contact Us
If you have any questions about this Privacy Policy, our data practices, or wish to exercise your privacy rights, please contact us at:
Email: support@subtradesoftware.com
