Privacy Policy

Last updated: April 2026

Plain-language summary: We collect what you give us (account info, project data, customer details), what your team enters (time entries, photos, GPS clock-in locations), and what we need to operate (logs, billing). We don't sell personal information. We share it only with vendors that help us run the Service. You can export or delete your data at any time.

1. Introduction

FieldsHub, a product of Beewist ("we," "our," or "us"), is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our construction management platform and related services (the "Service").

This policy applies to all users — administrators, managers, workers (employees and subcontractors), accountants, and homeowner/customer-portal users.

2. Information We Collect

We collect information that you provide directly to us, including:

  • Account Information: Name, email address, phone number, company name, and password when you create an account.
  • Business Information: Company details, addresses, tax information, branding assets, payroll/employer-of-record references you provide during onboarding.
  • Project Data: Project details, estimates, invoices, time entries, expenses, daily logs, photos, RFIs, change orders, permits, equipment records, and other construction management data you enter.
  • Customer Data: Information about your clients (names, addresses, email addresses, phone numbers) that you store in the platform.
  • Worker Data: Crew member contact info, role, employment status, certifications, and hours worked, entered by you or your administrators.
  • Location Data (GPS): When workers clock in or out using the mobile or web app with location enabled, we record latitude/longitude. See Section 4 below.
  • Photos & Files: Photos uploaded for daily logs, safety incidents, expense receipts, plan documents, and similar features.
  • Communications: SMS messages we send for one-time passwords, notifications, and reminders (subject to your opt-in). See Section 5.
  • Payment Information: Billing details processed through Stripe. We do not store full credit card numbers; Stripe stores tokenized payment methods.
  • Usage & Device Data: Log data, IP address, browser/OS, device identifiers, pages viewed, and feature interactions. Used for security, analytics, and product improvement.
  • Cookies & Similar Technologies: See our Cookie Policy.

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and improve the Service
  • Authenticate users and maintain account security (including OTP via SMS)
  • Process subscription payments and send billing notifications
  • Send estimates, invoices, change orders, and other business documents on your behalf
  • Power FieldsHub AI features (estimate drafting, daily-log summaries, scheduling, photo analysis, receipt scanning, permit review, AI chat)
  • Calculate payroll-relevant time and location data for your organization's reporting
  • Detect, investigate, and prevent fraud, abuse, and security incidents
  • Comply with legal obligations and respond to lawful requests
  • Communicate updates, support, and (with your consent) marketing

4. Location (GPS) Data & Worker Tracking

FieldsHub captures GPS coordinates when a worker clocks in or out, only when location services are enabled and the user has accepted the in-app location consent prompt. Coordinates are stored with the corresponding time entry and are visible to the worker's organization administrators and managers for purposes of attendance, payroll verification, and site safety.

If you are a worker or subcontractor: Your employer or hiring contractor controls the FieldsHub organization that you belong to. You will be shown a one-time consent screen before any location data is captured. You can decline location capture and continue clocking in without GPS, if your employer's policy allows. Some states (including Illinois, New York, California, Connecticut, Delaware, New Jersey, and Tennessee) require employer notice or consent for employee electronic monitoring; we surface this notice in the app and your employer is responsible for obtaining any additional consent required by local law.

If you are an employer/admin: You represent and warrant that you have provided the required notice and obtained any necessary consents from workers before enabling GPS tracking, monitoring, or geofencing features.

We do not track location continuously, in the background, or while a worker is clocked out.

5. SMS Messaging & Mobile Data (TCPA / A2P 10DLC)

Program description. By providing your phone number and creating an account, you consent to receive SMS messages from FieldsHub including:

  • Account security: one-time login passcodes (OTP), suspicious-activity alerts
  • Operational: team-member invitations with account-setup links, schedule updates, customer-approval requests for estimates and change orders
  • Billing: invoice notifications and payment receipts

Message frequency: varies based on account activity. Typical accounts receive between a few and several dozen messages per month. Message and data rates may apply based on your wireless carrier's plan.

How to opt in. Consent is given when (a) you register on FieldsHub and provide your phone number, or (b) your organization administrator invites you to join their team and enters your phone number through the FieldsHub platform. Consent is not a condition of any purchase, but is required to receive the security and operational SMS messages described above.

How to opt out. Reply STOP to any FieldsHub SMS message at any time to stop all non-essential messages from that number. Reply HELP for support. Opting out of authentication messages (such as login codes) may prevent you from accessing your account. To re-subscribe after opting out, reply START.

No sharing of mobile data with third parties or affiliates for marketing or promotional purposes. We do not, and will not, share, sell, lease, or otherwise transfer mobile phone numbers, SMS opt-in data, or messaging consent records to third parties or affiliates for marketing or promotional purposes. This applies to all phone numbers and SMS-related data collected through the FieldsHub platform.

Subprocessor. SMS delivery is performed by Twilio, Inc., our messaging service provider. Twilio receives the recipient phone number, message body, and metadata necessary to deliver the message. Twilio is contractually prohibited from using this information for any purpose other than delivering messages on our behalf.

Questions or to revoke consent. Contact support@beewist.com.

6. AI Features & Data Processing

What FieldsHub AI processes. When you use one of our AI-assisted features, only the specific content you submit for that request is processed by the FieldsHub AI:

  • AI Estimate Wizard: the project type, square footage, location, and scope details you type into the wizard.
  • Photo Analysis: the photo you upload plus any project context you choose to attach.
  • Receipt Scanning: the receipt image (or PDF) you upload.
  • Permit Review Assistant: the plan-review comment text and project context you provide.
  • AI Chat / Help: the messages you type in the chat.

What FieldsHub AI does NOT process. We do not forward your customers' names, addresses, email addresses, phone numbers, payment information, banking details, employee records, or other sensitive account data to our AI. The AI only sees the specific content you choose to type or upload for that request.

Data is deleted right after the response is returned. Submitted content (including uploaded photos and receipt images) is processed in memory only for the duration of that single request and discarded immediately once the response is generated. Nothing you submit to an AI feature is retained, used to train any model, or made available to any other user.

The AI has no memory between requests. Each AI request is stateless. The AI does not remember previous prompts, previous photos, previous receipts, or anything else from past sessions. Every request is independent.

What we DO store. The structured output the AI returns to you (e.g., the line items of a generated estimate, the extracted merchant/total/date from a scanned receipt, a tagged photo analysis) is saved in your FieldsHub account so you can review, edit, and use it. You control deletion of these outputs the same way you delete any other record in your account.

Accuracy disclaimer. AI outputs may contain errors. You are responsible for reviewing AI-generated content (including estimates, change orders, and schedules) before sending it to a customer or relying on it for business decisions.

7. Subprocessors & Service Providers

We use the following third-party service providers (subprocessors) to deliver the Service. Each is bound by contractual data-protection obligations:

  • Microsoft Azure — Hosting, database, file storage (United States)
  • Stripe — Payment processing and subscription billing
  • Twilio — SMS delivery (one-time passwords, notifications)
  • Google Maps Platform — Map display and geocoding
  • Upstash — Rate-limiting cache

An up-to-date subprocessor list and our Data Processing Addendum are available at /legal/dpa.

8. Data Sharing & Sale

We do not sell your personal information, and we do not share it for cross-context behavioral advertising. We share information only:

  • With the service providers listed above, strictly as needed to operate the Service.
  • With your customers/clients, when you send them estimates, invoices, change orders, or portal access.
  • With other members of your organization, based on their assigned role and permissions.
  • To comply with applicable law, lawful requests, court orders, or to protect rights, property, or safety.
  • In connection with a merger, acquisition, financing, or sale of business assets, subject to standard confidentiality protections.

9. Your Privacy Rights

Depending on where you live, you may have the following rights regarding your personal information:

  • Right to know what personal information we collect, use, and share.
  • Right to access a copy of the personal information we hold about you.
  • Right to correct inaccurate personal information.
  • Right to delete your personal information, subject to legal exceptions.
  • Right to portability — receive your data in a structured, machine-readable format.
  • Right to opt out of sale or sharing for advertising — we do not sell or share your data, but you may still submit a preference signal.
  • Right to limit use of sensitive personal information.
  • Right to non-discrimination for exercising your privacy rights.

To exercise these rights, email us at privacy@beewist.com. We will verify your identity (using account credentials or other reasonable means) and respond within the timeframes required by your local law (typically 30–45 days). You may also designate an authorized agent to submit requests on your behalf.

California residents (CCPA/CPRA): The categories of personal information we collect, use, and disclose are listed in Section 2 above. We do not sell or share personal information for cross-context behavioral advertising. We retain personal information for as long as necessary to provide the Service, comply with legal obligations, resolve disputes, and enforce agreements. To submit a Do Not Sell or Share request, email privacy@beewist.com.

EU/UK residents (GDPR): Beewist acts as a data processor for your organization's data and a controller for account-level information. Our lawful bases include contract performance, legitimate interests, consent, and legal obligation. You may lodge a complaint with your local data protection authority.

10. Data Security

We implement industry-standard security measures including TLS 1.2+ encryption in transit, encryption at rest for sensitive fields, role-based access control, principle-of-least-privilege for employee access, audit logging, and regular security review. No method of transmission or storage is 100% secure; we cannot guarantee absolute security.

In the event of a personal data breach affecting you, we will notify you and the appropriate authorities without undue delay and, where feasible, within 72 hours of becoming aware, in line with applicable law.

11. Data Retention

We retain account and project data for as long as your account is active. After account closure, we retain data for up to 90 days to support recovery, then delete or anonymize it, except where we are required to retain it longer (e.g., financial records for tax compliance, security logs for forensic investigation, or as required by your organization's subscription terms).

Backup copies are retained for up to 35 days and overwritten on a rolling basis.

12. International Data Transfers

The Service is hosted in the United States. If you access the Service from outside the U.S., your information will be transferred to and processed in the U.S. We rely on Standard Contractual Clauses and other lawful transfer mechanisms where applicable.

13. Children's Privacy

The Service is not intended for individuals under 18. We do not knowingly collect personal information from children under 13. If we learn we have collected such information, we will delete it. Contact privacy@beewist.com if you believe a child has provided us with personal information.

14. Cookies

We use strictly-necessary cookies for authentication and session management, and (with consent) analytics cookies. See our Cookie Policy for details and how to manage your preferences.

15. Changes to This Policy

We may update this Privacy Policy from time to time. For material changes, we will provide at least 30 days' advance notice by email or in-app notice. Your continued use of the Service after the effective date constitutes acceptance.

16. Contact Us

For questions about this Privacy Policy, exercise of your rights, or to report a privacy concern:

Email: privacy@beewist.com
General support: support@beewist.com