[ LEGAL ]
Privacy Policy
Last updated: 2026-02-19
Effective date: 2025-01-17
1. Who We Are
1361513 BC LTD. ("OPS," "we," "us") provides job management software for specialized trade businesses. This Privacy Policy describes how we collect, use, and protect personal information through opsapp.co and our iOS and Android applications (the "Service").
We comply with the Personal Information Protection and Electronic Documents Act (PIPEDA) and, where applicable, Quebec Law 25 (Act Respecting the Protection of Personal Information in the Private Sector) and Canada's Anti-Spam Legislation (CASL).
Privacy Officer: Jack S. — info@opsapp.co
2. What Information We Collect
2.1 Account and Company Information
When you register an account or set up your company in OPS, we collect:
- First name, last name, email address, phone number
- Company name, industry type, crew size
- Company code (6-character unique identifier)
- Your role (Admin, Office Crew, or Field Crew)
2.2 Professional Contacts (Your Clients)
When you enter your business clients into OPS, we store on your behalf:
- Client company names, contact names, phone numbers, email addresses
- Job site addresses and GPS coordinates
- Project and task notes and descriptions
- Estimates, invoices, and payment records related to your clients
Important: This data belongs to you. We process it as a service provider under your direction. Your clients are not our customers and have no account with OPS.
2.3 Job and Operational Data
Data generated through the normal use of the Service:
- Projects, tasks, task status updates, calendar events
- Job site photos (stored on AWS S3)
- Turn-by-turn navigation routes and GPS data used during active navigation sessions
- Crew assignments and scheduling data
2.4 Financial Data
For customers using the OPS web application financial features:
- Pipeline/CRM opportunity records
- Estimate and invoice records (line items, amounts, dates)
- Payment records (date, amount, method, reference number — not card data)
- Products and services catalog
We do not store credit card or bank account numbers. All payment card data is handled exclusively by Stripe, Inc. We only receive confirmation of payment and a Stripe payment reference ID.
2.5 Authentication Data
When you sign in via Google or Apple, we receive a unique identifier and your name and email address from that provider. We do not receive your Google or Apple password. Email/password accounts are managed through Firebase Authentication.
A 4-digit PIN is stored locally on your device in the device Keychain and is never transmitted to our servers.
2.6 Usage and Analytics Data
We collect usage data through Firebase Analytics, including:
- App screens visited and features used
- Session duration and frequency
- Device type, operating system version, and language
- Crash reports and performance data
This data is used to improve the Service and is associated with an anonymous device identifier, not your name or email.
2.7 Client Portal Access
If your business clients access the Client Portal (to view estimates, approve quotes, or pay invoices), we collect their email address and issue a time-limited magic link session token. No password is created. Portal sessions expire after 30 days.
2.8 QuickBooks Integration (Optional)
If you choose to connect your QuickBooks Online account to OPS, we access your QuickBooks account via Intuit's OAuth 2.0 API solely to provide the accounting sync feature you have authorized. Specifically:
Data OPS sends to QuickBooks on your behalf:
- Invoice records (invoice number, line items, amounts, due dates, client name)
- Payment records (amount, date, payment method, reference number)
Data OPS receives from QuickBooks:
- OAuth access token and refresh token (to maintain the authorized connection)
- Your QuickBooks company ID (Realm ID), used to route sync requests to the correct account
What we do not do:
- We do not access QuickBooks data beyond what is necessary to perform the sync you authorize
- We do not share QuickBooks data with any third party other than as required to provide the Service
- We do not use your QuickBooks data for advertising, profiling, or any purpose unrelated to the sync
Revoking access: You may disconnect your QuickBooks account at any time from OPS Account Settings. You may also revoke OPS's access directly from your Intuit account at myapps.intuit.com. Disconnecting removes OPS's OAuth tokens and stops all future sync activity. It does not delete data already synced into QuickBooks.
3. How We Use Your Information
| Purpose | Legal basis (PIPEDA) |
|---|---|
| Providing the Service (account management, job scheduling, billing) | Contract performance |
| Processing subscription payments via Stripe | Contract performance |
| Sending transactional emails (receipts, payment confirmations, service alerts) | Contract performance |
| Improving the Service (analytics, crash reports, product development) | Legitimate interest |
| Sending product update emails and feature announcements | Implied consent (existing customers within 2 years — CASL) |
| Sending marketing or promotional emails | Express consent only |
| Syncing invoice and payment data to your connected QuickBooks account | Consent (you explicitly connect the integration) |
| Responding to support requests | Legitimate interest |
| Complying with legal obligations | Legal obligation |
We do not sell your personal information to third parties. We do not use your business client data for any purpose other than providing the Service to you.
4. Third-Party Processors
We share data with the following service providers to operate the Service. Each is bound by contractual data protection obligations.
| Processor | Purpose | Data shared | Location |
|---|---|---|---|
| Stripe, Inc. | Subscription billing and client invoice payments | Name, email, billing address, transaction history | USA |
| Bubble Group, Inc. (Bubble.io) | Backend database — operational data | Employee data, client contacts, projects, tasks, calendar | USA |
| Supabase, Inc. | Database — financial and CRM data | Pipeline, estimates, invoices, payment records | USA |
| Amazon Web Services (AWS S3) | Photo and file storage | Job photos you upload | USA |
| Google LLC (Firebase) | Authentication and usage analytics | Email, auth tokens, anonymous usage data | USA |
| Apple Inc. | Sign-In with Apple authentication | Name, email (first sign-in only) | USA |
| Intuit Inc. (QuickBooks) | Accounting sync (if enabled by you) — OPS sends invoice and payment data to your QuickBooks account; Intuit provides OAuth tokens to authenticate the connection | Invoice records, payment records, OAuth credentials | USA |
| Sage Group plc | Accounting sync (if enabled by you) | Invoice and payment data you authorize | UK/USA |
Note on QuickBooks: When you connect your QuickBooks account, Intuit acts as both a data recipient (receiving invoice/payment records from OPS) and an authentication provider (issuing OAuth tokens). OPS's use of QuickBooks API data is governed by the Intuit Developer Terms of Service. You can review and revoke OPS's access at any time at myapps.intuit.com.
Cross-border transfers: Your data may be processed in the United States. We rely on contractual safeguards with each processor. For Quebec residents, we conduct Privacy Impact Assessments before transferring personal data to US-based processors as required by Quebec Law 25.
5. Location Data
Certain features require device location:
- Job site navigation: GPS is used during active navigation to provide turn-by-turn directions. This is initiated by the user and does not persist after the navigation session ends.
- Background location: The app may use background location while navigation is actively running and the app is backgrounded. This stops when navigation is ended.
- Job site coordinates: Addresses and coordinates you enter for projects are stored as part of your project records.
We do not track employee location continuously or outside of navigation sessions. If you use OPS to manage field crew, you are responsible for informing your employees about location use in compliance with applicable employment and privacy laws in your jurisdiction.
6. Your Rights
Under PIPEDA and applicable provincial privacy laws, you have the right to:
- Access — Request a copy of the personal information we hold about you
- Correction — Request correction of inaccurate or incomplete information
- Withdrawal of consent — Withdraw consent for uses based on consent (note: this may affect your ability to use the Service)
- Deletion — Request deletion of your personal information (see Section 8)
- Complaint — File a complaint with the Office of the Privacy Commissioner of Canada (OPC) at priv.gc.ca
Quebec residents additionally have the right to:
- Data portability — Receive your data in a structured, commonly used format
- De-indexing — Request removal from automated indexes where applicable
- Disclosure of automated decisions — Learn when automated processing affects you
To exercise any of these rights, contact us at info@opsapp.co. We will respond within 30 days.
7. Data Security
We implement appropriate technical and organizational measures to protect your personal information, including:
- Encrypted data transmission (TLS/HTTPS)
- Encryption at rest for database records
- Row-Level Security (RLS) policies ensuring each company's data is isolated
- Access controls limiting staff access to customer data
- Stripe handles all payment card data under PCI-DSS compliance — we never receive raw card numbers
In the event of a data breach that poses a real risk of significant harm, we will notify the Office of the Privacy Commissioner of Canada and affected individuals as required by PIPEDA. Where required by Quebec Law 25, the Commission d'acces a l'information (CAI) will be notified within 72 hours.
8. Data Retention
| Data type | Retention |
|---|---|
| Active account data | Retained for the life of your subscription |
| Deleted projects/clients (soft delete) | Retained 90 days then purged |
| Account data after cancellation | Retained 30 days after cancellation, then deleted |
| Firebase Analytics data | Up to 14 months (per Google's retention settings) |
| Stripe payment records | Retained as required by Stripe and financial record-keeping law |
| Portal session tokens | Expire after 7 days (unused) or 30 days (active) |
| QuickBooks OAuth tokens | Retained while integration is connected; deleted within 24 hours of disconnection |
You may request deletion of your account data at any time by contacting info@opsapp.co. After deletion, we may retain anonymized, aggregated data that cannot identify you.
9. Cookies
The OPS web application uses cookies and similar technologies for:
- Essential cookies: Session management, authentication state
- Analytics cookies: Firebase/Google Analytics (anonymous usage data)
We do not use advertising or tracking cookies for third-party ad targeting.
10. Children
The Service is not directed at individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child under 16, we will delete it promptly.
11. Communications
Transactional emails (subscription receipts, payment confirmations, service alerts, password resets) are sent as part of your contract with us and do not require separate consent.
Product update emails (new features, release notes) are sent to existing customers under implied CASL consent and include an unsubscribe link.
Marketing emails (promotions, referral offers) will only be sent with your express consent (an opt-in box you actively check — never pre-ticked). You may withdraw consent at any time using the unsubscribe link in any email.
All commercial emails include:
- Our company name and physical address (1361513 BC LTD., 303-1121 Oscar Street, Victoria BC V8V2X3)
- A functional unsubscribe link (processed within 10 business days)
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email at least 30 days before the new policy takes effect. Continued use of the Service after the effective date constitutes acceptance.
The current version of this policy is always available at opsapp.co/privacy.
13. Contact
Privacy Officer: Jack S. Email: info@opsapp.co Mail: 1361513 BC LTD., 303-1121 Oscar Street, Victoria BC V8V2X3
To make a privacy request, file a complaint, or ask questions about this policy, contact us at info@opsapp.co. If you are not satisfied with our response, you may contact:
- Office of the Privacy Commissioner of Canada: 1-800-282-1376 | priv.gc.ca
- Commission d'acces a l'information (Quebec): 1-888-528-7741 | cai.quebec.ca