Privacy Policy
Tectus Protection, Inc. (“Tectus,” “we,” “our,” “us”) respects your privacy. This Policy explains how we collect, use, disclose, and protect information when you use our websites, mobile apps, and related services (the “Platform”).
By using the Platform, you agree to this Policy. If you do not agree, please do not use the Platform.
Not a contract for services. This Policy explains privacy practices. Your use of the Platform is governed by our Terms of Service. If you book services as a client, the Client Terms & Conditions also apply; if you provide services as a vendor, the Vendor Terms apply. If we process data on behalf of an enterprise client, our Data Processing Addendum (DPA) with that client controls that processing.
1) Scope & Roles (Controller vs. Processor)
• Controller / “business”: we act as a controller for account data, site/app activity, support, marketing, payments facilitation, fraud/security, and marketplace operations.
• Processor / “service provider”: we act under an enterprise client’s instructions (e.g., client personnel/visitor/incident data). The client’s notice and our DPA govern that processing.
2) Information We Collect
We collect information you provide, automatically, and from third parties.
A. You provide to us
• Identity & contact: name, email, phone, company, role.
• Account & booking details: job requests, preferences, notes, addresses relevant to jobs.
• Payment info: processed by third-party processors; we do not store full card numbers.
• Communications & content: messages, reviews, attachments, support requests.
• Vendors (providers): licensing, insurance, training, compliance attestations, and other onboarding information.
B. Collected automatically
• Device/usage data: IP, device IDs, OS/browser, app version, pages/screens, timestamps, referring URLs, crash/diagnostics.
• Cookies/SDKs: essential cookies; analytics; and (if enabled) advertising/retargeting cookies or mobile identifiers.
• Location: if you enable device location, we may collect approximate or precise location for features like service matching or timekeeping.
C. From third parties
• Identity/verification partners, payment processors, mapping and communications providers.
• Security/safety signals (e.g., fraud prevention), and public or enterprise client sources as needed for jobs.
Sensitive data. We do not seek government IDs, biometrics, or precise location unless a feature or law requires it (e.g., vendor licensing checks or location-based features). Where required (e.g., Colorado), we obtain your consent first.
3) How We Use Information (Purposes)
• Provide, operate, and improve the Platform and marketplace.
• Facilitate bookings and communications between clients and independent vendors.
• Verify identity, eligibility, licenses, and compliance (primarily for vendors).
• Process payments and send invoices/receipts (via third-party processors).
• Customer support, incident response, and safety/security (fraud, abuse, threat detection).
• Personalize experience; analytics to understand usage and improve features.
• Send transactional messages and (with consent or as permitted) marketing; you can opt out of marketing anytime.
• Comply with law, enforce terms, and protect rights, property, and safety.
Legal bases (EU/UK visitors). Performance of a contract, legitimate interests (e.g., to secure and improve the Platform), consent (e.g., marketing cookies/location), and legal obligations.
4) How We Share Information
We do not sell your personal information for money and have not sold it in the past 12 months. We share information as follows:
• Vendors (providers): necessary job details to fulfill a booking.
• Service providers/processors: hosting, cloud, analytics, communications, identity/verification, payment processing, logging/monitoring, and security—used only to provide services to us.
• Business transfers: as part of a merger, acquisition, financing, or sale of assets.
• Legal & safety: to comply with law, legal process, or lawful requests; to enforce terms; or to protect rights, property, and safety.
• With your consent or at your direction.
Cross-context behavioral advertising / “sharing.” If we deploy advertising cookies/SDKs that constitute “sharing” under California law or “targeted advertising” under Colorado law, you may opt out (see §8). We honor the Global Privacy Control (GPC) for California and the Colorado universal opt-out signal where applicable.
5) Cookies, Analytics & Ads
We use cookies/SDKs to run the site, remember preferences, perform analytics, and (if enabled) support advertising/retargeting.
• You can manage cookies in your browser/device (blocking essential cookies may break features).
• Where required, we will ask for consent for non-essential cookies.
• We honor GPC and state universal opt-out signals for applicable opt-outs.
• Link (recommended): Your Privacy Choices: [insert URL]
6) Data Retention
We retain information for as long as needed for the purposes in this Policy, to comply with legal obligations, resolve disputes, and enforce agreements. Criteria include account status, job life cycle, legal/regulatory requirements, fraud-prevention needs, and limitation periods. When no longer needed, we delete or de-identify data per our retention schedules.
7) Security
We employ reasonable and appropriate administrative, technical, and physical safeguards (e.g., encryption in transit, access controls, logging/monitoring). No security program is perfect; we cannot guarantee absolute security. If legally required, we will notify you of a data breach.
8) Your Privacy Rights
Depending on where you live, and subject to limits, you may have the right to:
• Access the categories and specific pieces of personal information we hold about you.
• Correct inaccurate personal information.
• Delete personal information we collected from you.
• Portability (obtain a portable copy).
• Opt out of “sale,” “sharing,” or targeted advertising (as defined by law).
• Limit use of sensitive personal information (California).
• Appeal our decision if we deny your request (Colorado, Virginia, Connecticut).
• Withdraw consent where processing is based on consent.
• Non-discrimination for exercising your rights.
How to exercise rights: email privacy@tectusapp.com or support@tectusapp.com with “Privacy Request” in the subject. We may need to verify your identity (email verification, account checks; we may request a signed declaration for some deletion requests). You may use an authorized agent where permitted (we may require proof of authority and your verification). We aim to respond within 45 days (and may extend once by 45 days where allowed).
Appeals (CO/VA/CT): If we deny a request, reply “Appeal.” We will respond within 45 days. You may also contact your state Attorney General.
Opt-outs: If we engage in “sharing”/targeted advertising, use your browser’s GPC (we honor it) or contact us as above. Where required (e.g., Colorado), we also honor the recognized universal opt-out mechanism.
9) California Notice at Collection (provided at or before collection)
Identifiers
• Examples: name, email, phone, IP address, device IDs
• Business purposes: account, support, security/fraud, bookings, communications
• Sold?: No
• Shared for cross-context behavioral advertising?: Possibly*
• Retention: see §6 (criteria)
Commercial information
• Examples: bookings, quotes, invoices, transaction history
• Business purposes: operate marketplace, customer service, analytics/reporting
• Sold?: No
• Shared for cross-context behavioral advertising?: No
• Retention: see §6 (criteria)
Internet/technical
• Examples: device data, usage logs, app events, cookies/SDKs
• Business purposes: security, debugging, analytics, service improvement
• Sold?: No
• Shared for cross-context behavioral advertising?: Possibly*
• Retention: see §6 (criteria)
Geolocation
• Examples: coarse or precise location if you enable it
• Business purposes: service matching, fraud prevention, timekeeping features
• Sold?: No
• Shared for cross-context behavioral advertising?: No
• Retention: see §6 (criteria)
Professional information
• Examples: company, role (B2B)
• Business purposes: account administration, vendor onboarding/verification
• Sold?: No
• Shared for cross-context behavioral advertising?: No
• Retention: see §6 (criteria)
Sensitive personal information
• Examples: vendor licensing/insurance documents; precise location if enabled
• Business purposes: compliance/verification where required by law or job
• Sold?: No
• Shared for cross-context behavioral advertising?: No
• Retention: see §6 (criteria)
* “Possibly” applies only if/when we deploy advertising cookies/SDKs that qualify as “sharing.” You may opt out at any time (see §8 Your Privacy Rights) and via Your Privacy Choices. We honor GPC and, where applicable, the Colorado universal opt-out signal. We do not sell personal information for money and we do not knowingly “share” personal information of users under 16. We do not offer financial incentives for personal information. If that changes, we will provide a Notice of Financial Incentive before enrollment.
10) Children’s Privacy
The Platform is intended for adults 18+. We do not knowingly collect personal information from children under 13 (or under 16 in certain jurisdictions) without required consent. If you believe a child provided personal information, contact us and we will delete it.
11) International Visitors
For EEA/UK visitors:
• Tectus is the controller for Platform data as described in §1.
• We rely on Standard Contractual Clauses (or other lawful transfer mechanisms) for transfers to the U.S.
• You may have GDPR rights (access, correction, deletion, objection, restriction, portability, and complaint to your supervisory authority).
• If required by law, we will designate an EU/UK representative; contact details will be posted on our Legal page.
12) Third-Party Links & Services
Links to third-party sites/services are governed by their privacy policies, not ours.
13) Changes to This Policy
We may update this Policy from time to time. We will post the updated version with a new Effective Date and provide additional notice where required by law. Your continued use after changes signifies acceptance.
14) Contact Us
Questions or requests?
Email: support@tectusapp.com (preferred) or privacy@tectusapp.com
Mailing Address: [Insert business/registered-agent mailing address shown on your Legal page]
15) Additional U.S. State Disclosures
• Do Not Track: Standards are evolving; we currently respond to GPC and Colorado universal opt-out signals where applicable (see §8).
• Authorized Agent (CA): You may designate an agent with written permission; we will verify both of you.
• Nevada: We do not sell personal information as defined by Nevada law. Nevada residents may email privacy@tectusapp.com with “Nevada Opt-Out” in the subject.
• Non-Discrimination: We will not deny services, charge different prices, or provide different quality for exercising your rights, except as permitted by law.
• Retention (CA): We retain each category of personal information for as long as reasonably necessary for the disclosed purposes, considering legal, security, and operational needs (see §6).