Privacy Policy

RoofGrid, LLC — Effective May 6, 2026 — Last Updated May 6, 2026

1. Introduction

RoofGrid, LLC (“we,” “us,” or “our”) is committed to protecting the privacy and security of personal and financial information collected through the RoofGrid platform at https://roofgrid.app. This Privacy Policy describes how we collect, use, store, share, and protect your information.

2. Information We Collect

2.1 Information You Provide

• Account information: name, email address, phone number, company name
• Business data: customer records, jobsite information, proposals, invoices, work orders
• Financial data: bank account information, expense records, payment details

2.2 Information from Third-Party Services

When you connect your financial accounts through Plaid, we receive:

• Account names, balances, and account type information
• Transaction history including dates, amounts, merchant names, and categories
• Account holder name and institution information

We access this information only with your explicit authorization through the Plaid Link interface.

When you connect QuickBooks Online through Intuit, we receive:

• Customer and vendor records (names, contact information, balances)
• Invoice and payment data (amounts, dates, line items, status)
• Chart of accounts, tax codes, and general ledger information
• Company profile and preferences

We access QuickBooks data only with your explicit authorization through the Intuit OAuth flow. You may disconnect at any time through Settings → Integrations. Upon disconnection, we stop syncing and remove stored OAuth tokens. Previously synced records remain in RoofGrid unless you request deletion.

2.3 Information Collected Automatically

• Log data: IP address, browser type, pages visited, timestamps
• Device information: operating system, device type
• Cookies and similar technologies for session management

3. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve the RoofGrid platform and its features
• Process transactions and sync financial data from connected accounts
• Generate reports, invoices, proposals, and other business documents
• Auto-categorize transactions based on user-defined rules
• Communicate with you about your account and platform updates

We do not sell, rent, or share your personal or financial information with third parties for their marketing purposes.

4. Consumer Consent

We obtain explicit consent before collecting, processing, or storing your data:

• Account Creation: By creating a RoofGrid account, you consent to the collection and processing of the information you provide.
• Financial Data Access: Before connecting financial accounts through Plaid, you must explicitly authorize the connection through Plaid Link. You can revoke this access at any time through the Connected Accounts page.
• You may withdraw consent at any time by disconnecting linked accounts, deleting your data, or contacting us at admin@roofgrid.app.

5. Data Sharing

We share data only with the following categories of service providers, and only as necessary to operate the platform:

• Plaid Inc. — Financial data aggregation (SOC 2, ISO 27001, PCI DSS compliant)
• Intuit Inc. — QuickBooks Online accounting sync (SOC 1/SOC 2 certified). Data shared: invoices, customers, payments for two-way sync. No data is shared beyond what is necessary for the accounting integration.
• Stripe Inc. — Payment processing (PCI DSS Level 1 certified)
• Supabase Inc. — Database and authentication services (SOC 2 Type II certified)
• Vercel Inc. — Application hosting (SOC 2 Type II, ISO 27001 certified)

We do not share consumer financial data with any parties beyond those listed above. We do not sell data. We do not use consumer data for advertising or marketing purposes.

6. Data Retention and Deletion

We retain your data only as long as necessary to provide our services and comply with legal obligations:

• Active account data: Retained for the duration of your active subscription.
• Financial transaction data: Retained for 7 years in compliance with IRS record-keeping requirements for business financial records.
• Upon account deletion request: Personal data is deleted within 30 days. Financial records may be retained in anonymized form as required by law.
• Plaid connection data: Access tokens are invalidated and deleted when you disconnect an account.

To request data deletion, contact admin@roofgrid.app. We will process deletion requests within 30 days and confirm completion.

7. Data Security

We implement industry-standard security measures to protect your data, including:

• TLS 1.2+ encryption for all data in transit
• AES-256 encryption for all data at rest
• Role-based access controls with least-privilege enforcement
• Multi-factor authentication on all production infrastructure
• Regular security audits and vulnerability scanning
• Row Level Security (RLS) policies enforced at the database level

8. Your Rights

You have the right to:

• Access your personal data
• Correct inaccurate data
• Request deletion of your data
• Revoke consent for financial data access at any time
• Export your data
• Disconnect linked financial accounts

9. Children's Privacy

RoofGrid is a business-to-business platform designed for commercial construction contractors. We do not knowingly collect information from individuals under the age of 18. If we become aware that we have collected data from a minor, we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through a notice on the platform. Continued use of the platform after changes constitutes acceptance of the updated policy.

11. Contact

For privacy-related inquiries or requests, contact:

Christopher S. Wygle, Managing Member
RoofGrid, LLC
admin@roofgrid.app