Last updated: April 10, 2026

Privacy Policy

Amped Integrations, LLC Effective Date: March 29, 2026 Last Updated: April 10, 2026

1. Introduction

Amped Integrations, LLC ("Amped Integrations," "we," "us," or "our") operates the Amped Foreman platform ("Platform"), a software-as-a-service application available at app.ampedforeman.com, and the Amped Integrations website at ampedintegrations.com (together, the "Services").

This Privacy Policy describes how we collect, use, disclose, and protect information when you use our Services. Amped Foreman is a field operations platform designed for construction contractors. Because of the nature of construction operations, we handle various categories of data — including project financials, field reports, safety records, and documents processed by artificial intelligence — and we take the handling of that data seriously.

By using our Services, you agree to the collection and use of information as described in this Privacy Policy. If you do not agree, please do not use the Services.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

Full name
Email address
Password (stored only as a cryptographic hash via Supabase Auth; we never store plaintext passwords)
Role within your organization (e.g., project manager, foreman, estimator)
Company name and affiliation

2.2 Project and Operations Data

As you use the Platform to manage construction projects, you may provide:

Project names, job numbers, and project addresses
Contract amounts and general contractor information
Project manager and foreman assignments
Cost codes, budget allocations, and burden rates

2.3 Financial Data

The Platform processes financial information related to your construction operations, including:

Project budgets and work-in-progress (WIP) entries
Purchase orders
Estimates with line-item pricing
Cost code structures and burden rate configurations

2.4 Field Operations Data

When your team uses the Platform for daily operations, we collect:

Daily reports: crew sizes, weather conditions, descriptions of work performed
Time tracking data: clock-in and clock-out timestamps, which may include GPS-derived location data
Safety records: inspection reports, incident reports, safety observations, and related documentation

2.5 Documents and Uploaded Files

You may upload documents to the Platform, including:

Construction drawings (PDF and image formats)
Specifications and project documents
Site photographs
Other project-related files

These files are stored in Supabase Storage (hosted on Amazon Web Services infrastructure).

2.6 AI-Processed Data

When you use AI-powered features, we process data through our AI systems:

Document analysis: Uploaded documents are analyzed by Anthropic's Claude API to generate material takeoffs, scope letters, engineering reports, and other outputs.
AI brain recall: Summaries and structured data extracted from your analyzed documents are stored in our AI brain system (hosted on Supabase with pgvector) to enable question-and-answer recall across your project documents. Document text may also be transmitted to OpenAI's API for generating vector embeddings used for semantic search within your organization. OpenAI does not use API-submitted data to train its models.
AI Guide interactions: Questions you ask the AI Guide, the responses generated, and any feedback you provide (e.g., whether a response was helpful).
AI estimating outputs: AI-generated estimates, schedules, and related content produced through the Platform.

2.7 Session and Device Data

When you access the Platform, we automatically collect:

IP address
User agent string (browser type and version)
Device fingerprint (stored as a cryptographic hash, not raw device identifiers)
Last active timestamp
Session information for concurrent session management

2.8 AI Usage Logs

We maintain logs of AI feature usage, including:

The AI model used for each request
Input and output token counts
The type of usage (e.g., estimating, document analysis, guide query, schedule generation)

These logs are used for service management, billing, and performance monitoring. They do not contain the substantive content of your queries or the AI responses.

3. How We Use Information

We use the information we collect for the following purposes:

3.1 Service Delivery

Operating and maintaining the Platform
Processing your project data, generating reports, and managing construction workflows
Providing AI-powered features including estimating, document analysis, schedule generation, and the AI Guide
Managing your account, authentication, and session security
Enforcing concurrent session limits based on your subscription plan

3.2 AI Features

Sending documents and prompts to the Anthropic Claude API for analysis, estimation, and content generation
Storing document summaries in the AI brain system to enable cross-document recall and question answering
Retrieving weather data from the National Weather Service API and WeatherAPI.com to populate daily report fields

3.3 Communication

Sending service-related notifications (e.g., account verification, password resets, critical alerts)
Delivering optional Slack notifications if you have enabled the Slack integration
Responding to your support requests

3.4 Service Improvement

Analyzing aggregate, de-identified usage patterns to improve Platform performance and features
Monitoring system health, uptime, and error rates
Identifying and fixing bugs

3.5 Security and Compliance

Detecting and preventing unauthorized access, fraud, and abuse
Enforcing our Terms of Service and Acceptable Use Policy
Complying with legal obligations

4. AI and Machine Learning Disclosure

Amped Foreman uses artificial intelligence to provide core Platform features. We believe transparency about how AI processes your data is important.

4.1 How AI Processes Your Data

Anthropic Claude API: When you use AI estimating, document analysis, the AI Guide, or schedule generation, your inputs (such as document content, project parameters, or questions) are sent to Anthropic's Claude API for processing. Anthropic returns the AI-generated output to the Platform.
AI Brain: Summaries and structured information extracted from your documents are stored in our AI brain system, hosted on Supabase infrastructure with pgvector, to enable intelligent recall and question-answering across your project history. Vector embeddings for semantic search are generated via OpenAI's embedding API.

4.2 Your Data Is Not Used to Train AI Models

Anthropic does not use data submitted through its API to train its AI models. Your project documents, estimates, and other information processed through the Claude API are used solely to generate responses to your requests and are subject to Anthropic's API data usage policy.

Similarly, data stored in the AI brain system is used exclusively to serve your organization's recall queries. It is not used to train any third-party machine learning models. OpenAI's embedding API is used solely for generating search vectors and does not retain or train on submitted data.

4.3 AI Output Limitations

AI-generated content — including material takeoffs, cost estimates, scope letters, engineering reports, and schedules — is provided as a professional aid, not as a substitute for professional judgment. All AI outputs should be reviewed and verified by qualified personnel before being relied upon for construction decisions. See our Terms of Service for additional disclaimers regarding AI-generated content.

5. Data Sharing and Third-Party Services

5.1 Service Providers

We share information with the following third-party service providers who process data on our behalf to operate the Platform:

Provider	Purpose	Data Processed	Hosting
Supabase	Database, authentication, file storage	Account data, project data, uploaded files	Amazon Web Services (AWS)
Anthropic	AI document analysis, estimating, guide, scheduling	Document content, prompts, project parameters	Anthropic infrastructure
AI Brain (pgvector)	AI memory and document recall	Document summaries and structured extractions	Supabase
OpenAI	Vector embedding generation for semantic search	Document text (truncated) for embedding	OpenAI infrastructure
Vercel	Website and application hosting	Request data, session tokens	Vercel infrastructure
Cloudflare R2	Object storage for user exports, compliance archives, and data-subject-request deliveries	Generated PDFs, Excel exports, scope letters, compliance archives, DSAR exports	Cloudflare global edge network
National Weather Service / WeatherAPI.com	Weather data for daily reports	Location (project address or coordinates)	Government / WeatherAPI servers
Slack (optional)	Team notifications	Notification content configured by your organization	Slack infrastructure

5.2 What We Do Not Do

We do not sell your personal information or project data.
We do not share your data with advertisers.
We do not use third-party advertising or tracking cookies.
We do not provide your data to data brokers.

5.3 Legal Requirements

We may disclose information if required to do so by law, regulation, legal process, or governmental request, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

5.4 Business Transfers

If Amped Integrations is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control of your information.

6. Data Storage and Security

6.1 Where Data Is Stored

Primary database and file storage: Supabase, hosted on AWS infrastructure in the United States.
AI memory system: Supabase pgvector brain, hosted on Supabase infrastructure. Vector embeddings generated via OpenAI API.
Application hosting: Vercel.
Document exports, compliance archives, and data-subject-request (DSAR) deliveries: Cloudflare R2 object storage. Data is encrypted at rest by default and stored in Cloudflare's global edge network, which may route and cache data across multiple geographic regions for performance and availability. We do not designate a single fixed jurisdiction for R2 storage. If your organization requires a specific storage region (for example, EU-only or US-only under a regulated data program), contact us at privacy@ampedintegrations.com to discuss enterprise options.
Retention enforcement: Files in Cloudflare R2 are subject to automated lifecycle rules matching the retention policies described in Section 8 (Data Retention and Deletion). Compliance archives are retained for their full legal retention period, and DSAR export files are automatically deleted after 45 days. Every read, write, and delete operation on compliance-sensitive storage is logged to an append-only audit trail retained for 7 years.

6.2 Security Measures

We implement the following security measures to protect your data:

Encryption in transit: All data transmitted between your browser and our servers is encrypted using TLS (HTTPS).
Encryption at rest: Data stored in our database and file storage systems is encrypted at rest using industry-standard encryption.
Row-Level Security (RLS): Our database enforces row-level security policies so that users can only access data belonging to their own organization.
Authentication security: Passwords are hashed using Supabase Auth's cryptographic hashing. Session tokens are managed securely with automatic expiration.
Session management: Concurrent session limits are enforced based on your subscription plan. Sessions are tracked by device fingerprint hash, and inactive sessions are automatically deactivated.
Access controls: Role-based access within your organization restricts data visibility based on user roles.
Storage audit trail: Every read, write, delete, and presigned-URL operation against our object storage (user exports, compliance archives, DSAR deliveries) is logged to an append-only audit table with 7-year retention. This supports compliance reconstruction, data-subject-request evidence, and regulatory audit requirements.

6.3 Security Limitations

No method of electronic transmission or storage is 100% secure. While we implement commercially reasonable security measures, we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials.

7. Construction-Specific Data Handling

Because Amped Foreman serves construction contractors, certain categories of data warrant specific attention.

7.1 Daily Reports and Project Records

Daily reports created in the Platform — including crew sizes, weather conditions, and work descriptions — may constitute project records relevant to contract disputes, claims, or regulatory inquiries. You should maintain your own independent backups of critical project records and not rely solely on the Platform for record retention.

7.2 Safety Records and OSHA Considerations

Safety inspection reports, incident reports, and safety observations entered into the Platform may be relevant to Occupational Safety and Health Administration (OSHA) recordkeeping requirements or other regulatory obligations. The Platform is a tool to assist with documentation; it does not guarantee compliance with OSHA or any other regulatory framework. You are responsible for ensuring your own regulatory compliance, including maintaining records for required retention periods.

7.3 GPS and Location Data

If time tracking features capture GPS-derived location data (e.g., at clock-in or clock-out), that location data is associated with the time entry. We collect location data only in connection with time tracking actions initiated by the user, not through continuous background location monitoring.

7.4 Financial and Bid Data

Estimates, budgets, cost code structures, burden rates, and bid pricing entered into the Platform are treated as confidential business information. This data is not shared with other Platform users outside your organization and is not used for any purpose other than providing the Services to you.

8. Data Retention and Deletion

8.1 Retention Periods

The following default retention periods apply to data stored on the Platform. These periods reflect a combination of legal requirements (IRS, OSHA, state privacy laws), industry standards (SOX-adjacent audit trails, construction statute-of-limitations windows), and operational needs. Your organization's regulatory environment or contractual obligations may require longer retention — contact us if you need custom retention terms for an enterprise engagement.

Data Type	Retention Period	Reason
Financial records (purchase orders, budgets, WIPs, invoices, T&M invoices)	7 years	IRS and state tax requirements
Safety records (OSHA 300 logs, incident reports, inspections)	5 years	Federal OSHA requirements (29 CFR 1904.33)
Audit logs (role changes, change-order audits, storage access)	7 years	SOX-adjacent compliance and dispute reconstruction
Change orders	7 years	Tied to contract obligations and warranty windows
Estimates — submitted and won	7 years	Contract support, warranty claims, historical benchmarking
Estimates — lost bids	3 years	Business analytics and competitive historical analysis
Daily reports and RFIs	3 years	Project closeout and dispute resolution
Active account data	Retained while account is active	Service provision
Session logs	90 days	Security monitoring and incident response
AI trace logs (model, tokens, prompt metadata)	90 days	Billing, service monitoring, and AI safety
Soft-deleted projects	30-day grace period, then permanent deletion	Accidental deletion recovery window
DSAR export files (data-subject-request deliverables)	45 days after delivery	Privacy hygiene and regulatory minimum
Storage audit trail (object storage access logs)	7 years	Compliance reconstruction and DSAR evidence
Deleted account data	Up to 90 days in live systems	Reactivation window

How retention is enforced:

File-level retention (exports, compliance archives, DSAR deliveries) is enforced automatically via Cloudflare R2 object lifecycle rules. Files under each compliance prefix (for example, financial/, safety/, audit/) are automatically deleted by the storage platform at the end of their retention window.
Database-level retention (session logs, AI trace logs, storage audit trail) is enforced via scheduled cleanup functions that run on a recurring basis.
Backups of our production database are retained on an encrypted rolling schedule consistent with industry best practices. Data that has been deleted from the live system may persist in backups for a limited period before being overwritten.
AI usage logs used for billing and service management are retained under the AI trace logs policy above.

If you need verification that a specific record was deleted on schedule, contact us at privacy@ampedintegrations.com.

8.2 Construction Record Considerations

Given that construction project records may need to be retained for extended periods due to warranty obligations, statute of limitations periods, or regulatory requirements, we recommend that you export and independently retain any data you may need beyond your subscription period.

9. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

9.1 Access

You may request a copy of the personal information we hold about you.

9.2 Correction

You may request that we correct inaccurate or incomplete personal information. You can also update much of your account information directly through the Platform.

9.3 Deletion

You may request deletion of your personal information. Note that we may need to retain certain information for legal compliance, dispute resolution, or enforcement of our agreements. Deletion of your account will result in the removal of your personal account data but may not immediately remove all project data if other authorized users in your organization still have active accounts.

9.4 Data Export

You may request an export of your data in a commonly used, machine-readable format.

9.5 Exercising Your Rights

To exercise any of these rights, contact us at:

Email: support@ampedintegrations.com
Subject line: "Privacy Rights Request"

We will respond to verified requests within 30 days, or within the timeframe required by applicable law.

10. Children's Privacy

The Services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete that information promptly. If you believe a child under 18 has provided us with personal information, please contact us at support@ampedintegrations.com.

11. Cookies and Similar Technologies

11.1 Cookies We Use

The Platform uses a limited number of cookies, all of which are essential to the operation of the Services:

Supabase authentication session cookies: Used to maintain your authenticated session. These are necessary for the Platform to function.
Session throttle cookie (_st_ts): Used to manage session validation frequency and prevent excessive authentication checks.

11.2 Local Storage

The Platform uses browser local storage for limited purposes:

Welcome guide dismissed flag: Remembers whether you have dismissed the onboarding guide so it is not shown repeatedly.

11.3 No Third-Party Tracking Cookies

We do not currently use any third-party advertising cookies, analytics cookies, or tracking pixels. If this changes in the future, we will update this Privacy Policy and our Cookie Policy accordingly.

For more detail, see our Cookie Policy.

12. California Privacy Rights (CCPA)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with specific rights regarding your personal information.

12.1 Right to Know

You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources from which we collected it, the business purposes for collection, and the categories of third parties with whom we share it.

12.2 Right to Delete

You have the right to request deletion of your personal information, subject to certain exceptions permitted by law.

12.3 Right to Opt-Out of Sale

We do not sell personal information. Because we do not sell personal information, there is no need to opt out.

12.4 Right to Non-Discrimination

We will not discriminate against you for exercising any of your CCPA rights.

12.5 Categories of Information Collected

In the preceding 12 months, we have collected the following categories of personal information (as defined by the CCPA):

Identifiers: Name, email address, IP address, device fingerprint hash.
Commercial information: Subscription plan, usage records.
Internet or electronic network activity: Session data, user agent, pages visited within the Platform, AI feature usage logs.
Professional or employment-related information: Company name, role/title within your organization.
Geolocation data: Approximate location derived from IP address; precise location if GPS-based time tracking is used.

12.6 How to Submit a Request

California residents may submit requests by emailing support@ampedintegrations.com with the subject line "CCPA Request." We will verify your identity before processing your request.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

Update the "Last Updated" date at the top of this policy
Notify you through the Platform or by email for significant changes
Post the revised policy on our website

Your continued use of the Services after any changes constitutes your acceptance of the updated Privacy Policy.

14. Contact Information

If you have questions or concerns about this Privacy Policy or our data practices, contact us at:

Amped Integrations, LLC Email: info@ampedintegrations.com Support: support@ampedintegrations.com Website: ampedintegrations.com

This Privacy Policy is effective as of March 29, 2026.