Privacy Policy

Last updated: May 26, 2026

Who we are

SiteStamp is software that helps residential remodeling contractors capture, price, and document jobsite change orders. This policy explains what data we collect, why we collect it, and how we handle it. If anything here isn’t clear, email us at russelljbundy@gmail.com.

What we collect

We only collect what we need to run the service. That includes:

  • Account information. Your name, company name, email address, and password (stored as a hash). We use this to create and secure your account.
  • Project data. Project names, addresses, descriptions, change order details, prices, and notes that you enter while using SiteStamp.
  • Photos. Photos you or your crew upload to document change orders. These are stored privately and accessible only via signed URLs to authenticated users on your account or the homeowner whose token-scoped portal link references them.
  • Homeowner and crew contact info. Names, phone numbers, and email addresses you add for the people working on or approving your projects. We use phone numbers to send tokenized links via SMS at your direction. Mobile phone numbers are not shared with third parties for marketing or promotional purposes.
  • Homeowner signatures. When a homeowner approves a change order, we store the signature image and a timestamp as part of the change order record.
  • Activity logs. Timestamps and actions taken on your projects (captured, priced, sent, approved, etc.) so that there’s a complete audit trail.
  • Billing information. Stripe handles payment details directly — we never see or store your full credit card number. We store the Stripe customer and subscription IDs that link your account to your billing record.

How we use your data

  • To operate SiteStamp: creating projects, storing change orders, generating tokenized links, sending the SMS messages you trigger, and processing your subscription.
  • To generate optional AI pricing suggestions. When you request one, we send the change order’s description, category, and attached photos to Anthropic’s Claude API. The contractor always sets the final price — the AI suggestion is a starting point, not a commitment.
  • To keep an immutable activity log of who did what and when, which exists to protect both the contractor and the homeowner if there’s ever a dispute about a change order.
  • To send account-related email about your subscription (receipts, failed payments, important account notices). We do not send marketing email without your consent.

Who we share data with

We do not sell your data. We do not share it for advertising. We use a small number of vendors to deliver the service:

  • Supabase hosts our database, authentication, and file storage.
  • Stripe processes subscription payments.
  • Twilio delivers the SMS messages you send to homeowners and crew.
  • Anthropic provides the Claude API that powers optional AI pricing suggestions. Photos and descriptions are sent only when you request a suggestion.
  • Vercel hosts the application.

Each of these vendors has its own privacy practices. We share with them only what they need to deliver their part of the service. We will also disclose information if required by law or to investigate fraud or abuse of the service.

SMS/Text Messaging

SiteStamp sends transactional text messages to homeowners and field crew members related to active construction projects. These messages contain links to view, approve, or submit project documentation. Message frequency varies based on project activity. Message and data rates may apply. Reply STOP to any message to opt out of future texts. Reply HELP for support. For questions, contact support@sitestamp.app.

How long we keep your data

We keep your account data and project records for as long as your account is active. If you close your account, we’ll delete your projects, change orders, and photos within 30 days unless we have a legal obligation to retain them longer (for example, tax records related to billing). Activity log entries tied to closed change orders may be retained for an additional period so that the audit trail remains intact for any party who relied on it.

How we protect your data

Data is transmitted over HTTPS. Passwords are hashed by Supabase Auth and never stored in plaintext. Photos and signatures are stored in private buckets and served only via short-lived signed URLs. Database access is gated by row-level security so that contractors can only access their own projects. Token-based links for crew and homeowners are random and validated server-side on every request.

Your rights

You can export, correct, or delete your account data at any time. Email russelljbundy@gmail.com and we’ll respond within 30 days. Depending on where you live, you may have additional rights under laws like GDPR or CCPA — the same email address handles those requests too.

Children

SiteStamp is a business tool. It is not intended for anyone under 18, and we do not knowingly collect data from children.

Changes to this policy

If we make material changes to this policy, we’ll update the date at the top and notify active customers by email. Continued use after a change means you accept the updated policy.

Contact

Questions, requests, or concerns: russelljbundy@gmail.com.