punchoutpro Start Free Trial

Privacy Policy

This Privacy Policy explains what personal information we collect, how we use and share it, and the choices available to you.

Effective Date: March 16, 2026  ·  Last Updated: March 16, 2026

PunchOutPro, LLC ("PunchOutPro," "we," "us," or "our") operates the construction punch list management platform available at PunchOutPro.app (the "Service").

This Privacy Policy applies to all users of the Service, including General Contractors, Administrators, Superintendents, Subcontractors, and visitors to our website.

By creating an account or using the Service, you acknowledge that you have read and understood this Privacy Policy.

1. Who This Policy Applies To

This Privacy Policy applies to:

  • Account Administrators and Project Managers who create and manage organizational accounts
  • Superintendents who access the Service to create and manage punch list items
  • Subcontractors who are invited to access the Service to view assigned punch items
  • Website visitors who browse PunchOutPro.app without creating an account

This Policy governs both the public-facing marketing website and the authenticated application platform.

2. Information We Collect

2.1 Information You Provide Directly

Account Registration Information

  • First and last name
  • Business email address
  • Password (stored in hashed/encrypted form; we do not store plaintext passwords)
  • Company or organization name
  • Contact information (phone number, business address)

Profile and Company Settings

  • Company logo (uploaded by Admin users)
  • Company contact information for report branding

Subcontractor Records

  • Subcontractor company name, contact name, email address, phone number, and trade type (entered by your organization's Admin users)

Construction Project Data (Customer Data)

  • Project names, building names, floor layouts, and unit configurations
  • Punch list item descriptions, locations, statuses, and timestamps
  • Deficiency photographs (captured or uploaded by Superintendent users)
  • Subcontractor acknowledgment records and timestamps
  • Exported CSV and PDF report content

Communications

  • Messages, requests, or feedback you send to our support team

2.2 Information Collected Automatically

When you access the Service, we and our service providers may automatically collect:

  • Log data: IP address, browser type and version, operating system, referring URLs, pages visited, and time of access
  • Device data: Device type (mobile, tablet, desktop), device identifiers, screen resolution
  • Usage data: Features accessed, actions taken within the Service, session duration, and interaction patterns
  • Authentication data: Login timestamps, session tokens

2.3 Information from Third Parties

We may receive information about you from:

  • Payment processors (when you complete a subscription purchase): billing name, last four digits of payment method, billing address, and transaction records. We do not store full payment card numbers.
  • Your employer or the general contractor who invited you to join PunchOutPro as a Subcontractor user

3. How We Collect Information

We collect personal information through the following mechanisms:

  • Direct input: Information you enter during account registration, project setup, punch list creation, and settings configuration
  • Automated collection: Log files, session tokens, and usage telemetry collected automatically as you use the Service
  • Photo capture: Images captured directly from your device camera or uploaded from your camera roll during punch list item creation
  • Email invitation flows: Contact information entered by Admin users when inviting Superintendents and Subcontractors to the Service
  • Third-party integrations: Payment processors and infrastructure providers (described in Section 6)

4. How We Use Your Information

4.1 Providing and Operating the Service

  • Creating and authenticating your account
  • Enabling multi-tenant organizational data isolation
  • Storing and displaying your construction project data
  • Generating punch list reports and exports (CSV, PDF)
  • Sending transactional email notifications to subcontractors about their assigned punch items
  • Enabling subcontractor acknowledgment tracking

4.2 Account and Subscription Management

  • Processing subscription payments and managing your billing relationship
  • Sending account-related notifications (trial expiration, subscription confirmation, payment receipts)
  • Managing the 14-day free trial and paid subscription lifecycle
  • Enforcing our Terms of Service

4.3 Communications and Support

  • Responding to your questions, support requests, and feedback
  • Sending product announcements, feature updates, and service-related communications
  • Sending promotional or marketing communications (you may opt out as described in Section 8)

4.4 Service Improvement and Analytics

  • Analyzing usage patterns to improve platform performance and user experience
  • Diagnosing technical issues and debugging the platform
  • Developing new features and product improvements
  • Generating aggregated, de-identified analytics (which do not identify you individually)

4.5 Legal Compliance and Safety

  • Complying with applicable laws, regulations, and legal process
  • Enforcing our Terms of Service and other agreements
  • Protecting the rights, property, and safety of PunchOutPro, our users, and the public
  • Detecting and preventing fraud, abuse, and unauthorized access

5. How We Share Your Information

We do not sell your personal information to third parties. We do not share your personal information for cross-context behavioral advertising.

We share personal information only in the following circumstances:

5.1 Within Your Organization

Personal information associated with your account is accessible to other Authorized Users within your organization according to their assigned role (Admin, Superintendent, or Subcontractor). Subcontractor users can only see punch items assigned to them. Admin users have full visibility across their organization's projects.

5.2 With Your Subcontractors (at Your Direction)

When you send punch list notifications through the Service, we transmit email messages to the subcontractor email addresses you have entered. This sharing occurs at your express direction. PunchOutPro is not responsible for the accuracy of subcontractor contact information entered by your organization.

5.3 With Service Providers (Processors)

We share personal information with third-party service providers who process it on our behalf to provide the Service. These providers are contractually required to protect your data and use it only for the purposes we specify. See Section 6 for details.

5.4 For Legal Compliance

We may disclose personal information if we believe in good faith that disclosure is required to: (a) comply with applicable law or respond to valid legal process (subpoenas, court orders); (b) protect the rights or safety of PunchOutPro, our users, or the public; or (c) detect or prevent fraud or illegal activity.

5.5 Business Transfers

If PunchOutPro is involved in a merger, acquisition, reorganization, or sale of all or substantially all of its assets, personal information may be transferred as part of that transaction. We will notify you via email or in-app notice of any such change and any choices you may have regarding your information.

5.6 With Your Consent

We may share your personal information for other purposes with your explicit consent.

6. Third-Party Service Providers

PunchOutPro uses the following third-party service providers to operate the Service:

ProviderPurposeData Processed
SupabaseDatabase, file storage, authentication infrastructureAccount credentials, project data, punch item records, photos, session tokens
ResendTransactional email delivery (subcontractor notifications, account emails)Subcontractor email addresses, names, punch item details included in notification emails
Twilio (planned)SMS notification delivery to subcontractorsSubcontractor phone numbers, punch item summary data
StripeSubscription billing and payment processingName, billing address, payment card data (Stripe handles card data directly; we receive only tokenized references)
Vercel AnalyticsPrivacy-preserving aggregated analyticsAggregated page views and performance metrics only; no personally identifiable information

Note: Supabase is SOC 2 Type 2 certified, providing independent third-party verification of its security controls. PunchOutPro's use of Supabase as infrastructure does not, by itself, make PunchOutPro SOC 2 certified.

7. Cookies and Tracking Technologies

7.1 What We Use

  • Strictly Necessary / Session Cookies: Authentication tokens and session management cookies required for the Service to function. These cannot be disabled without impairing Service functionality.
  • Functionality Cookies: Remember your preferences (e.g., filter states, session settings) to improve your experience.
  • Privacy-Preserving Analytics (Vercel Analytics): We use Vercel Analytics to collect aggregated, anonymous usage data. Vercel Analytics does not use cookies, does not track individual users, and does not collect personally identifiable information. Data collected includes page views, visitor counts, and performance metrics in aggregate form only.

7.2 No Third-Party Advertising Cookies

We do not use advertising networks, behavioral tracking pixels, or retargeting cookies on the authenticated portions of the Service.

7.3 Managing Cookies

You can control browser cookies through your browser settings. Disabling strictly necessary cookies will impair your ability to log in and use the Service.

8. Email Communications and CAN-SPAM Compliance

8.1 Types of Email We Send

Transactional Emails (sent automatically based on Service activity): account creation and password setup, trial expiration and subscription reminders, subscription confirmations and billing receipts, and punch list notifications sent to subcontractors at the direction of your organization's Admin or Superintendent.

Marketing Emails (promotional): product updates and new feature announcements, educational content about construction punch list management, and promotional offers for paid subscriptions.

8.2 Opt-Out

You may opt out of marketing emails at any time by clicking the "Unsubscribe" link included in every marketing email. We will process your opt-out request within 10 business days as required by the CAN-SPAM Act. You cannot opt out of transactional emails related to your active account.

8.3 Subcontractor Notification Emails

Subcontractors who receive punch list notification emails through the Service receive those emails because a general contractor using PunchOutPro has entered your email address into the system and directed PunchOutPro to send notifications on their behalf. If you are a subcontractor who wishes to be removed from a contractor's notification list, please contact the general contractor directly or contact us at privacy@punchoutpro.app and we will facilitate the request.

8.4 Physical Address

In compliance with the CAN-SPAM Act, our physical postal address is:

PunchOutPro, LLC
PO Box 535
Travelers Rest, SC 29690

9. SMS Notifications

This section applies upon launch of the SMS feature, which is currently in development.

9.1 SMS Opt-In

SMS notifications through PunchOutPro are only sent to subcontractors who have provided explicit prior written consent. Consent is collected through the subcontractor onboarding flow, which includes clear disclosure that: (a) you are consenting to receive automated SMS messages about construction punch list items, (b) message and data rates may apply, and (c) you may opt out at any time.

9.2 Opt-Out

To stop receiving SMS notifications, reply STOP to any SMS message from PunchOutPro. You will receive a single confirmation message and no further SMS messages will be sent. You may re-subscribe at any time by replying START.

9.3 Message Frequency

Message frequency varies based on the volume of punch list activity on projects you are assigned to. You will only receive messages when an Admin or Superintendent sends notifications through the Service.

10. Data Retention

We retain personal information for as long as necessary to provide the Service and fulfill the purposes described in this Policy:

Data TypeRetention PeriodNotes
Account informationActive account + 30 days post-terminationExtended if required by legal hold
Project and punch list dataActive account + 30 days post-terminationAvailable for export during post-termination window
Punch item photosActive account + 30 days post-terminationStored in hierarchical object storage
Payment and billing records7 years from transaction dateRequired for tax and accounting compliance
Email communication logs90 daysDelivery tracking via Resend
Server and access logs90 daysSecurity and debugging purposes
Aggregated, de-identified analyticsIndefiniteNo individual identification possible

Post-Termination Export Window: Following account cancellation or expiration, your project data remains accessible in a read-only state for 30 days to allow data export. After this window, your data will be permanently deleted from our systems.

11. Data Security

We implement commercially reasonable technical and organizational security measures to protect your personal information, including:

  • Encryption in transit: All data transmitted between your device and our servers is encrypted using TLS
  • Encryption at rest: Personal data stored in our database is encrypted at rest via Supabase infrastructure
  • Authentication: Role-based access controls (Admin, Superintendent, Subcontractor) restrict data access to authorized users
  • Multi-tenant isolation: All data is namespaced by organization ID at the storage layer, ensuring complete data isolation between organizations
  • Photo storage: Images are stored in a hierarchical, access-controlled object storage system
  • Third-party security: Our infrastructure provider (Supabase) maintains SOC 2 Type 2 certification

Important Limitation: No method of electronic transmission or storage is 100% secure. While we strive to protect your personal information using commercially reasonable measures, we cannot guarantee absolute security against all threats.

Data Breach Notification: In the event of a confirmed security breach that materially affects your personal information, we will notify you without undue delay as required by applicable law, and will provide information about the breach and steps you can take to protect yourself.

12. Your Privacy Rights

Depending on your location and applicable law, you may have the following rights:

  • Access: Request a copy of the personal information we hold about you.
  • Correction: Request correction of inaccurate personal information.
  • Deletion: Request deletion of your personal information, subject to certain exceptions (e.g., where we are required to retain data by law).
  • Data Portability: Export your construction project data at any time using the CSV and PDF export features built into the Service.
  • Opt-Out of Marketing: Opt out of marketing communications at any time as described in Section 8.

To exercise any of these rights, contact us at privacy@punchoutpro.app with the subject line "Privacy Rights Request." We will respond to verifiable requests within 45 days.

13. California Privacy Rights (CalOPPA / CCPA Preparedness)

This Privacy Policy is posted conspicuously on our website in compliance with the California Online Privacy Protection Act (CalOPPA).

PunchOutPro is an early-stage company that does not currently meet the CCPA revenue or data volume thresholds. However, we are committed to CCPA-aligned practices. California residents have the right to know:

  • We do not sell your personal information.
  • We do not share your personal information for cross-context behavioral advertising.
  • Categories of personal information collected are described in Section 2.
  • Purposes for collection are described in Section 4.
  • Third parties with whom we share information are described in Sections 5 and 6.

14. Do Not Track Signals

Because there is currently no universally accepted standard for how websites should respond to DNT signals, PunchOutPro does not currently alter its data practices in response to DNT signals. We do not track your activity across third-party websites over time for behavioral advertising purposes.

15. Children's Privacy

The Service is designed for construction industry professionals and is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we learn that we have inadvertently collected personal information from a child under 18, we will promptly delete that information. If you believe we may have collected information from a child, please contact us at privacy@punchoutpro.app.

16. International Users

PunchOutPro is operated from the United States and the Service is primarily intended for use within the United States. If you access the Service from outside the United States, please be aware that your information will be transferred to and processed in the United States, where data protection laws may differ from those in your jurisdiction.

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will post the updated Privacy Policy with a new "Last Updated" date, notify you via email at least 30 days before the change takes effect, and provide in-app notice for significant changes.

Your continued use of the Service after a change takes effect constitutes your acceptance of the updated Privacy Policy.

18. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices:

Privacy Inquiries: privacy@punchoutpro.app
General Support: support@punchoutpro.app

Mailing Address:
PunchOutPro, LLC
PO Box 535
Travelers Rest, SC 29690
United States

We will acknowledge receipt of privacy-related inquiries within 5 business days and resolve them within 45 days.