Privacy Policy

This Privacy Policy explains how Northvane LLC, doing business as ServiceTracked, collects, uses, shares, and protects information when you use our Service.

By using ServiceTracked, you agree to the practices described in this Policy. If you do not agree, please do not use the Service.

1. Who We Are

Northvane LLC is a Wyoming-based limited liability company operating ServiceTracked, a software-as-a-service platform for service businesses.

• Data Controller: Northvane LLC (for our own customer accounts)
• Data Processor: Northvane LLC (for customer data submitted by our paying subscribers)

Registered office: Northvane LLC, 30 North Gould Street Ste N, Sheridan, WY 82801, United States. Privacy contact: privacy@servicetracked.com.

2. Information We Collect

2.1 Information You Provide

Account information: Name, email address, phone number, business name, password (stored encrypted; we cannot access it), billing address and payment information (processed via Stripe; we do not store card details), tax identification (for B2B customers requiring tax documentation).

Subscription information: Subscription tier and billing preferences, currency and locale preferences, trial status and billing history, Customer Portal access logs.

Content you submit: Voice recordings of service work, photos of service work, text descriptions and notes, customer information you input (customer names, contact details, addresses, vehicle/property details), service history and quotes.

Communications: Support emails, chat conversations, feedback, survey responses, beta program communications.

2.2 Information Collected Automatically

Technical: IP address and approximate geographic location, browser type, version, and operating system, device type, screen resolution, pages visited and features used, session duration and time-of-use patterns.

Usage: Number of voice memos submitted, photos uploaded, reports generated, feature usage patterns, errors and crash reports (collected via Sentry), login frequency and timing.

Cookies and similar technologies: Essential cookies (authentication, session management), functional cookies (locale, currency preferences), analytics cookies (Sentry, Vercel Analytics). See our Cookie Policy for details.

2.3 Information from Third Parties

• Payment information processed by Stripe (we receive subscription status, not card numbers)
• Authentication info from email providers (during magic link / passwordless login)
• Error and performance data from Sentry
• Hosting provider logs from Vercel
• Customer support data from email providers (Resend)

3. How We Use Your Information

3.1 Service Operation

• Authenticate users and maintain account security
• Process subscriptions and billing
• Deliver core features (voice transcription, AI-generated reports/quotes)
• Send transactional emails (receipts, password resets, trial reminders)
• Provide customer support and troubleshooting

3.2 AI Processing

Your content is processed by:

• OpenAI Whisper (voice transcription): Audio files are transmitted to OpenAI for speech-to-text conversion. OpenAI is contractually prohibited from using ServiceTracked customer data to train models.
• Anthropic Claude (AI generation): Text-based content is sent to Anthropic for report and quote generation. Anthropic is contractually prohibited from using ServiceTracked customer data to train models.

Both AI providers operate under written Data Processing Agreements that bind them to confidentiality, retention limits, and prohibition on training.

3.3 Communications

• Send service-related announcements (security updates, feature changes, billing notifications)
• Respond to your support requests
• Send marketing emails (only if you opt in; unsubscribe links in every email)
• Comply with legal obligations

3.4 Analytics and Improvement

• Understand how users interact with the Service
• Improve the Service based on usage patterns
• Detect and prevent fraud, abuse, and security incidents
• Generate aggregated, anonymized statistics

3.5 Compliance

• Meet legal obligations (tax, audit, court orders)
• Enforce our Terms of Service and Acceptable Use Policy
• Cooperate with law enforcement when legally required

4. Legal Bases for Processing (GDPR)

If you are in the EU/EEA/UK/Switzerland, our legal bases for processing your personal data are:

• Contract performance: Processing necessary to provide the Service you signed up for
• Legitimate interests: Improving the Service, detecting fraud, marketing to existing customers (you may opt out)
• Consent: Optional features (marketing emails, additional analytics) requiring your explicit consent
• Legal obligation: Compliance with tax laws, court orders, or other legal requirements

5. How We Share Your Information

5.1 Third-Party Processors

ServiceTracked uses specific third-party service providers for operational functions. We have contracts with each that bind them to data protection requirements:

Each processor has a Data Processing Agreement with us.

5.2 Business Transfers

If Northvane LLC is acquired, sold, or merges with another entity, your data may be transferred to the new owner. You will be notified of any such transfer and given the option to delete your data before the transfer takes effect.

5.3 Legal Compliance

We may disclose your data when required by law, valid court order, government request, or to protect our rights, property, or safety, or that of users or the public.

5.4 Affiliates

If you are part of our affiliate program, we may share information about referral activity (e.g., who referred your account) with the referring affiliate, but only at the level necessary for commission tracking. We do not share specific personal information with other affiliates.

5.5 We Do Not

• Sell your personal data to advertisers or third parties
• Share data with third parties for advertising purposes
• Use your business data to train AI models we use or develop
• Share customer data between unaffiliated ServiceTracked subscribers

6. International Data Transfers

ServiceTracked operates infrastructure primarily in the United States, with edge presence globally via Vercel and Cloudflare.

For EU/EEA/UK customers, data may be transferred outside your home region. We rely on:

• Standard Contractual Clauses (SCCs) for transfers to the US
• Adequate safeguards required by GDPR Article 46
• Your explicit consent where required by local law

If you require specific data residency, contact privacy@servicetracked.com to discuss Enterprise-tier custom arrangements.

7. Data Retention

We retain personal data for as long as your subscription is active and for a period after termination:

• Account information: Retained as long as account exists; deleted within 90 days of account closure
• Content (voice memos, photos, reports, quotes): Retained per your subscription. After account closure, retained for 90 days as a buffer for reactivation, then deleted.
• Billing and tax records: Retained for 7 years per US tax law requirements
• Support communications: Retained for 3 years
• Aggregated analytics: Retained indefinitely (anonymized, no personal identifiers)

You may request earlier deletion via privacy@servicetracked.com, subject to legal retention requirements.

8. Your Privacy Rights

8.1 EU/EEA/UK/Switzerland Residents (GDPR)

You have the right to:

• Access: Know what personal data we hold about you
• Correction: Update inaccurate or incomplete data
• Deletion: Request deletion of your data (subject to legal exceptions)
• Portability: Receive your data in a portable format
• Restriction: Limit how we process your data in specific cases
• Objection: Object to processing based on legitimate interests
• Withdrawal of consent: Where processing is based on consent

To exercise these rights, email privacy@servicetracked.com. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.

8.2 California Residents (CCPA)

• Know what personal information we collect, sell (we do not sell), and disclose
• Access your personal information
• Delete your personal information
• Opt out of sale of personal information (we do not sell, so this does not apply)
• Non-discrimination for exercising your rights

8.3 Mexican Residents (LFPDPPP)

You have rights of access, rectification, cancellation, and opposition (ARCO rights) under Mexican federal data protection law. To exercise these, email privacy@servicetracked.com.

8.4 Other Jurisdictions

We honor privacy rights granted under applicable local law. Contact privacy@servicetracked.com to make a request.

9. Children's Privacy

ServiceTracked is not designed for and is not marketed to anyone under 18. We do not knowingly collect personal data from children. If we learn we have collected data from someone under 18 without proper consent, we will delete it. Parents or guardians who believe their child has provided data may contact privacy@servicetracked.com.

10. Security

We use reasonable security measures to protect your information:

• Encryption in transit: TLS 1.2+ for all data transmission
• Encryption at rest: Sensitive data (license numbers, business registrations, insurance policies) encrypted using pgcrypto
• Authentication: Strong password requirements, optional multi-factor authentication
• Access controls: Need-to-know basis for employee access
• Network security: Cloudflare DDoS protection, WAF
• Audit logs: Track access to sensitive data
• Incident response: Documented procedures for data breaches

If you suspect a security incident, contact security@servicetracked.com immediately.

We will notify affected users of any security breach affecting their data within 72 hours of discovering it, as required by GDPR and other applicable law.

11. AI Processing Disclosure

11.1 OpenAI Whisper (Voice Transcription)

• Voice recordings sent to OpenAI's servers
• Transcribed and returned to ServiceTracked
• OpenAI contracted not to retain or use for training
• Audio files deleted from OpenAI within 30 days

11.2 Anthropic Claude (AI Generation)

• Text content (transcriptions, prompts, vertical configs) sent to Anthropic
• Generated outputs returned to ServiceTracked
• Anthropic contracted not to retain or use for training
• Caching may temporarily store inputs for prompt caching efficiency (with retention limits)

11.3 No Model Training

Both OpenAI and Anthropic have contractually agreed not to use ServiceTracked customer data for training models. This is a contractual requirement, not just a marketing claim.

11.4 Your Choice

If you would prefer not to use AI processing, contact sales@servicetracked.com about Enterprise-tier custom arrangements that allow processing without third-party AI.

12. Cookies and Tracking

See our Cookie Policy for full details on cookies and similar technologies used by ServiceTracked.

We use:

• Essential cookies (authentication, session, security)
• Functional cookies (locale, currency, preferences)
• Performance cookies (analytics, error monitoring)

We do NOT use:

• Cross-site tracking cookies
• Third-party advertising cookies
• Affiliate tracking on the public website (except via voluntary affiliate cookies for referrals)

13. Changes to This Privacy Policy

We may update this Policy periodically. Material changes (changes to processing purposes, data sharing, retention) will be announced at least 30 days in advance via:

• Email notification to your registered account email
• In-app notification
• Updated "Last Updated" date on this page

14. Contact Us

For privacy questions, data subject requests, or any other inquiries:

• Privacy contact: privacy@servicetracked.com
• General contact: support@servicetracked.com
• Mailing address: Northvane LLC, 30 North Gould Street Ste N, Sheridan, WY 82801, United States
• EU/EEA Representative (GDPR): [EU Representative TBD - designate before EU market activation]

We will respond to data subject requests within 30 days. Urgent matters (security breaches) within 72 hours.

15. Your Acknowledgment

By using ServiceTracked, you acknowledge that you have read and understood this Privacy Policy.

This Privacy Policy is effective as of the date shown above.

Operated by Northvane LLC, doing business as ServiceTracked.