Privacy Policy
Your privacy matters to us. Here's how we handle your data.
Last updated: March 27, 2026
1. Information We Collect
We collect the following categories of information: (a) Account Information — name, email address, business name, phone number, and business address when you create an account. (b) Job Data — job details, customer information, photos, signatures, notes, materials, and pricing you enter. (c) Location Data — GPS coordinates when using the map view feature (Team plan only, with your explicit permission). (d) Financial Data — invoice details, payment records, and currency preferences. We do not store credit card numbers — all payments are processed through Apple App Store, Google Play Store, or Stripe. (e) Device Information — device type, operating system, and push notification tokens for delivering notifications. (f) Usage Analytics — anonymous usage patterns via PostHog to improve our service.
2. How We Use Your Information
We use your information to: (a) Provide the Workslip service — creating jobs, generating invoices and quotes, managing customers, and team coordination. (b) Send transactional emails — job receipts, invoice PDFs, quote emails, and password reset emails via our email provider (Resend). (c) Deliver push notifications — job assignments, payment updates, and signature requests via Expo Push Notification service. (d) Generate reports — business analytics, SLA tracking, and team performance metrics. (e) Improve the service — analyzing usage patterns to enhance features and fix issues. (f) PDF generation — creating professional job receipts and invoices in your preferred language (7 languages supported).
3. Information Sharing & Third-Party Services
We do not sell, rent, or trade your personal data. We share information only with the following service providers necessary to operate Workslip: (a) Supabase — database hosting and authentication (PostgreSQL with row-level security, hosted in AWS). (b) Resend — transactional email delivery (invoice PDFs, job receipts, notifications) from noreply@getworkslip.com. (c) Stripe — payment processing for customer payments via payment links (only when you use this feature). (d) Expo — push notification delivery. (e) PostHog — anonymous product analytics. (f) Sentry — error tracking and crash reporting (no personal data, only technical error details). (g) Apple/Google — in-app purchase processing for subscriptions. All third-party providers are contractually obligated to protect your data and use it only for the services they provide to us.
4. Data Security
We implement enterprise-grade security measures: (a) All data is encrypted in transit (TLS 1.3) and at rest (AES-256). (b) Database uses Supabase PostgreSQL with row-level security (RLS) policies — each user can only access their own data. (c) Team members can only see jobs assigned to them or within their team. (d) Authentication uses secure JWT tokens with email verification. (e) Sensitive operations (account deletion, team management) require authenticated API calls with JWT verification. (f) File storage (photos, signatures, PDFs) uses Supabase Storage with access-controlled policies. (g) Edge functions verify authentication before processing any request.
5. Your Rights (GDPR & CCPA)
Regardless of where you are located, you have the following rights: (a) Right to Access — view all your data through the app at any time. (b) Right to Rectification — update your personal information in Settings. (c) Right to Deletion — permanently delete your account and all associated data through Settings > Edit Profile > Delete Account. This is irreversible and removes all jobs, invoices, quotes, customers, photos, signatures, and team data. (d) Right to Data Portability — export your reports in PDF and CSV formats (Pro and Team plans). (e) Right to Object — opt out of analytics by contacting us. (f) Right to Restriction — request processing limitations by contacting us. For EU residents (GDPR): We process data based on contractual necessity and legitimate interest. For California residents (CCPA): We do not sell personal information. You may request disclosure of data collected and its purpose. To exercise any of these rights, use the in-app features or contact us at hello@getworkslip.com.
6. Cookies & Analytics
The Workslip mobile app does not use browser cookies. Our website (getworkslip.com) uses minimal cookies for: (a) Essential cookies — language preference and session management. (b) Analytics — PostHog for anonymous usage analytics (can be opted out). We do not use advertising cookies or tracking pixels. The app uses MMKV secure storage for local data persistence on your device.
7. Data Retention
We retain your data for as long as your account is active. When you delete your account: (a) All personal data is permanently removed within 24 hours. (b) Job records, invoices, quotes, and customer data are deleted. (c) Photos, signatures, and PDFs are removed from storage. (d) Team associations are dissolved. (e) Authentication records are permanently deleted. We may retain anonymized, aggregated data for analytics purposes that cannot be used to identify you.
8. Children's Privacy
Workslip is designed for business use and is not intended for children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us at hello@getworkslip.com.
9. International Data Transfers
Your data may be processed in countries other than your own. Our infrastructure providers (Supabase, AWS) maintain data centers with appropriate security certifications. For EU users, transfers are protected by Standard Contractual Clauses.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes via email or in-app notification at least 30 days before they take effect. Your continued use of Workslip after changes constitutes acceptance.
11. Contact Us
For privacy-related questions, data requests, or concerns: Email: hello@getworkslip.com. Website: getworkslip.com/contact. We aim to respond to all privacy inquiries within 48 hours.