ContentsOps
Sign In

Privacy Policy

Effective Date: March 2, 2026

1. Introduction

This Privacy Policy (“Policy”) describes how Superlab LLC dba ContentsOps (“Company,” “we,” “us,” or “our”) collects, uses, discloses, and protects personal information through our ContentsOps platform, including the web application at contentsops.com, the administrative dashboard, and the ContentsOps mobile application (collectively, the “Service”).

ContentsOps is a field operations management platform designed for contents restoration companies. This Policy applies to all users of the Service, including business customers (“Subscribers”), their employees, contractors, and field personnel (“Authorized Users”), and the homeowners, property managers, insurance adjusters, and other individuals whose information is entered into the Service (“End Customers”).

By accessing or using the Service, you acknowledge that you have read and understood this Policy. If you are an Authorized User, your Subscriber's agreement with us governs the processing of data you enter into the Service, and your Subscriber is responsible for ensuring you are informed about how your personal information is handled.

2. Data Controller and Processor Roles

ContentsOps operates in a dual capacity depending on the type of data involved:

Data Controller: We act as the data controller for information we collect directly from Subscribers during account creation, billing, and platform administration, as well as usage data generated by the Service.

Data Processor / Service Provider: We act as a data processor (or “service provider” under the California Consumer Privacy Act) on behalf of our Subscribers for all End Customer data, employee data, and operational data that Subscribers and their Authorized Users enter into the Service. Our Subscribers determine the purposes and means of processing this data, and we process it only in accordance with their instructions and our Terms of Use.

If you are an End Customer whose information has been entered into ContentsOps by a restoration company, please direct any privacy inquiries to that company. We will assist them in responding to your requests as required by applicable law.

3. Information We Collect

3.1 Account and Profile Information

When a Subscriber creates an account or invites Authorized Users, we collect:

  • Full name, email address, and phone number
  • Job title or role within the organization
  • Profile photograph (optional)
  • Organization name and business address
  • Authentication credentials (passwords are hashed and never stored in plaintext)

3.2 End Customer and Property Information

Subscribers and Authorized Users may enter the following End Customer information into the Service:

  • Homeowner or property manager name, phone number, and email address
  • Property address, including street address, city, state, and ZIP code
  • Property type (residential or commercial) and property coordinates (latitude/longitude for geofencing and navigation)
  • Insurance company name and claim numbers
  • Loss type (water damage, fire, mold, storm, or similar categories)
  • Additional contact information for adjusters, contractors, or secondary contacts
  • Notes and communication history related to restoration work

3.3 Location and Geofencing Data

The ContentsOps mobile application collects precise geolocation data from Authorized Users' mobile devices when the user has granted location permissions and has an active work session.

What We Collect

  • Precise GPS coordinates (latitude and longitude) from the mobile device
  • Location status changes (such as arriving at a job site, departing, driving to a location, or present at a warehouse or storage facility)
  • Geofence entry and exit events when an Authorized User enters or leaves a defined work zone
  • GPS signal accuracy and quality metrics

When Location Data Is Collected

  • Location tracking begins only after the Authorized User initiates a “Start Day” action in the mobile app
  • Location tracking is paused when the user activates a lunch break
  • Location tracking stops when the user initiates an “End Day” action
  • No location data is collected when the user is off duty, signed out, or has not started a work session
  • Location polling frequency adapts to device battery level: approximately every 45 seconds at normal battery levels (above 30%), every 60 seconds at low battery (15–30%), and every 120 seconds at critical battery levels (below 15%)

How Location Data Is Used

  • To automatically log time entries when Authorized Users arrive at or depart from job sites, warehouses, and storage facilities
  • To determine work status (on site, in transit, at warehouse) for scheduling and dispatch purposes
  • To verify time and attendance records for payroll processing
  • To provide navigation assistance to job sites

Who Can Access Location Data

  • The Subscriber's administrators and office managers can view location status and time entry records for their Authorized Users
  • Individual Authorized Users can view their own location-derived time entries
  • We do not sell, share, or disclose location data to third parties for advertising or marketing purposes
  • We do not track real-time location for surveillance purposes outside of work session hours

Geofence Clock Policies

Subscribers may configure one of three geofence policies for each Authorized User:

  • Strict: The user must be within a defined geofence zone to clock in or out
  • Assisted: The user may override geofence requirements by providing a written reason, which is logged for audit purposes
  • Manual: No geofence requirement for clocking in or out

Data Retention for Location Data

Location status change logs are retained indefinitely as part of the time tracking audit trail. We do not store continuous GPS breadcrumb trails; only status transition events (arrival, departure, and similar changes) are recorded.

3.4 Photographs and Files

The Service allows Authorized Users to capture and upload photographs and documents related to restoration work. This may include:

  • Before, after, and progress photographs of restoration projects
  • Document images such as receipts, inventory lists, and inspection records
  • File metadata including file name, size, MIME type, upload timestamp, and the identity of the uploader
  • Photographs may contain embedded EXIF metadata from the device camera, which can include the date, time, and GPS coordinates where the photo was taken

Photos are stored in encrypted cloud storage (Supabase Storage) and organized by customer. Access to photos is restricted to Authorized Users within the same organization.

3.5 Time Tracking and Labor Data

The Service collects detailed time and labor information, including:

  • Automatic time entries generated by geofence detection (source marked as “geofence”)
  • Manual time entries created by Authorized Users (source marked as “manual”)
  • Activity type categorization (such as job site work, driving, warehouse work, cleaning, inventory and packing, and other restoration-specific activities)
  • Submission, review, and approval records for timesheet workflows
  • Restoration-specific metadata such as boxes used, items processed, and inventory counts (stored as structured data within time entries)
  • Daily session records including start time, end time, and break periods
  • Customer attribution for time entries, allowing time to be tracked against specific customers even when not linked to a scheduled event

3.6 Push Notification Data

When Authorized Users enable push notifications on the mobile app, we collect:

  • Device push notification tokens (Expo push tokens) for delivering notifications
  • Notification preference settings

Push notifications are used to alert Authorized Users of new event assignments, schedule changes, and reminder alerts. We do not use push notifications for marketing or advertising.

3.7 Communication Data

The Service may process communications in the following ways:

  • Inbound emails from customers or leads received through the email intake system (via Postmark webhook), including sender name, email address, subject, and message body
  • Outbound SMS notifications sent to End Customers (via Twilio) when a crew is en route, which includes the customer's phone number and a brief status message

3.8 Role and Permission Data

The Service supports custom, organization-defined roles with scoped permissions. This includes:

  • Role assignments and privilege levels for each Authorized User
  • Permission scopes that define data visibility (such as self-only, team, office, or organization-wide)
  • Changes to user roles and permissions are recorded in the audit log

3.9 Technical and Usage Data

We automatically collect certain technical information when you use the Service:

  • Device type, operating system, and app version
  • Browser type and version (for web applications)
  • IP address (hashed for security event logging)
  • Pages visited and features used within the Service
  • Error and crash reports (via Sentry), which may include device information, app state, and stack traces at the time of an error, but do not intentionally capture personal information
  • Performance traces (sampled at 10% for web and 20% for mobile in production environments)

3.10 Offline Data

The mobile application may temporarily cache data on the device to support offline functionality:

  • Pending time entries and data updates are queued locally (up to 500 records, retained for a maximum of 48 hours) and automatically synchronized when connectivity is restored
  • Photos awaiting upload are queued locally (up to 50 photos, retained for a maximum of 72 hours)
  • Schedule and event details are cached for read-only access while offline
  • All locally cached data is scoped to the signed-in user and is cleared upon sign-out

4. How We Use Your Information

We use the information we collect for the following purposes:

  • Service Delivery: To provide, maintain, and improve the ContentsOps platform, including scheduling, dispatching, time tracking, invoicing, photo documentation, and customer relationship management.
  • Authentication and Security: To verify user identities, manage access controls, enforce role-based permissions, and protect against unauthorized access, fraud, and abuse.
  • Time and Attendance: To facilitate accurate time tracking through geofence detection and manual entry, support timesheet review and approval workflows, and enable payroll processing by Subscribers.
  • Communication: To send transactional notifications (event assignments, schedule changes, reminders), system alerts, and service-related announcements. We do not send marketing communications without consent.
  • Audit and Compliance: To maintain audit logs of changes to sensitive records, support data integrity, and enable Subscribers to meet their regulatory and business compliance requirements.
  • Product Improvement: To analyze aggregated and anonymized usage patterns to improve the Service's features, performance, and reliability. We do not use individually identifiable data for product development without consent.
  • Legal Compliance: To comply with applicable laws, regulations, and legal processes, and to enforce our Terms of Use.

5. How We Share Information

We do not sell personal information. We share information only in the following limited circumstances:

With Subscribers: Authorized User data (including location, time entries, and photos) is shared with the Subscriber organization that employs or engages the user. Subscribers control access to this data through role-based permissions configured within the Service.

Service Providers: We use the following categories of service providers to operate the Service:

  • Supabase (database hosting, authentication, file storage, and serverless functions)
  • Expo / Expo Application Services (mobile app build, distribution, and push notification delivery)
  • Postmark (transactional email delivery and inbound email processing)
  • Twilio (SMS notifications to End Customers, if enabled by Subscriber)
  • Sentry (error and performance monitoring for application reliability; receives crash reports and performance traces but is configured to minimize collection of personal information)

These providers process data on our behalf and are contractually obligated to use it only for the services they provide to us.

Legal Requirements: We may disclose information if required to do so by law, regulation, legal process, or governmental request, or if we believe disclosure is necessary to protect the rights, property, or safety of our users, the public, or our company.

Business Transfers: In the event of a merger, acquisition, reorganization, or sale of assets, personal information may be transferred as part of that transaction. We will notify affected users of any change in ownership or control of their personal information.

With Consent: We may share information with third parties when we have the user's explicit consent to do so.

6. Data Security

We implement technical and organizational measures designed to protect personal information, including:

  • Encryption in transit using TLS/HTTPS for all data transmitted between clients and servers
  • Encryption at rest using AES-256 for data stored in our database and file storage systems
  • Row-Level Security (RLS) policies enforcing strict organization-level data isolation, ensuring that users can only access data belonging to their own organization
  • Role-based access controls (RBAC) restricting data visibility based on user roles (field technician, office manager, administrator, and similar designations)
  • Multi-factor authentication (MFA) available for administrator accounts
  • Comprehensive audit logging of all changes to sensitive records, including who made the change, when, and what values were modified
  • Hashing of IP addresses and user agents in security event logs
  • Secure session management using httpOnly cookies for web applications and token-based authentication for mobile applications

While we strive to protect personal information, no method of transmission over the Internet or method of electronic storage is completely secure. We cannot guarantee absolute security.

7. Data Retention

We retain personal information for as long as necessary to fulfill the purposes described in this Policy, unless a longer retention period is required or permitted by law.

  • Account Data: Retained for the duration of the Subscriber's account and for a reasonable period thereafter to comply with legal obligations and resolve disputes.
  • Operational Data (events, time entries, photos): Retained for the duration of the Subscriber's account. Subscribers may request deletion of specific records, subject to applicable legal retention requirements.
  • Location Status Logs: Retained as part of the time tracking audit trail for the duration of the Subscriber's account.
  • Audit Logs: Retained indefinitely for compliance and data integrity purposes.
  • Offline Cache Data: Automatically purged from mobile devices after 48–72 hours and upon user sign-out.

When a Subscriber terminates their account, we will delete or anonymize their data within 90 days, except where retention is required by law.

8. Your Rights and Choices

8.1 All Users

Depending on your jurisdiction, you may have the following rights:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request correction of inaccurate or incomplete personal information
  • Deletion: Request deletion of your personal information, subject to legal retention requirements
  • Portability: Request a copy of your data in a structured, commonly used, machine-readable format
  • Objection: Object to certain processing activities
  • Withdrawal of Consent: Withdraw consent at any time where processing is based on consent

To exercise these rights, contact us at privacy@contentsops.com. We will respond within 45 days (or sooner if required by applicable law).

8.2 Location Data Controls

Authorized Users can control location data collection in the following ways:

  • Revoke location permissions through the device's operating system settings at any time
  • Choose not to initiate a “Start Day” session (location tracking only occurs during active work sessions)
  • Use the lunch break feature to pause location tracking during breaks
  • Request that the Subscriber set their geofence policy to “Manual” to remove geofence requirements

Disabling location services may affect certain features of the mobile application, including automatic time entry generation and geofence-based clock-in/out.

8.3 Push Notification Controls

You can disable push notifications through your device settings at any time. Disabling push notifications will not affect other functionality of the Service but may cause you to miss event assignment alerts and schedule reminders.

8.4 Account Deletion

Authorized Users may request account deactivation through their Subscriber's administrator. Subscribers may request full account deletion by contacting us at privacy@contentsops.com.

9. California Privacy Rights

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), provides you with additional rights regarding your personal information.

9.1 Categories of Personal Information Collected

In the preceding 12 months, we have collected the following categories of personal information as defined by the CCPA:

  • Identifiers (name, email, phone number, IP address)
  • Professional or employment-related information (job title, role, employer)
  • Geolocation data (precise GPS coordinates during active work sessions)
  • Internet or electronic network activity (usage data, device information)
  • Audio, electronic, visual, or similar information (photographs, document images)
  • Inferences drawn from the above (work status, schedule patterns)

9.2 Your California Rights

As a California resident, you have the right to:

  • Know what personal information we collect, use, disclose, and sell or share
  • Delete your personal information, subject to certain exceptions
  • Correct inaccurate personal information
  • Opt out of the sale or sharing of your personal information (we do not sell or share personal information as defined by the CCPA)
  • Limit the use of sensitive personal information (including precise geolocation) to purposes necessary for providing the Service
  • Non-discrimination for exercising your privacy rights

9.3 How to Submit Requests

You may submit a request by emailing privacy@contentsops.com or by writing to us at the address listed in Section 14. We will verify your identity before processing your request and will respond within 45 days. If you are an Authorized User, we may direct you to your Subscriber to fulfill certain requests, as they are the controller of your operational data.

9.4 Sale and Sharing of Personal Information

We do not sell personal information as defined by the CCPA. We do not share personal information for cross-context behavioral advertising purposes.

10. Additional State Privacy Rights

Residents of Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, Delaware, and other states with comprehensive privacy laws may have similar rights to those described in Section 9, including rights of access, correction, deletion, portability, and the right to opt out of targeted advertising or profiling. To exercise any of these rights, contact us at privacy@contentsops.com.

11. Children's Privacy

The Service is not directed to individuals under the age of 16, and we do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child under 16, we will take steps to delete that information promptly. If you believe a child has provided us with personal information, please contact us at privacy@contentsops.com.

12. Third-Party Links and Services

The Service may contain links to third-party websites or services (such as map applications for navigation). We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party service you access through the Service.

13. Changes to This Policy

We may update this Policy from time to time. When we make material changes, we will notify Subscribers by email and/or by posting a prominent notice within the Service at least 30 days before the changes take effect. The “Effective Date” at the top of this Policy indicates when it was last revised. Your continued use of the Service after the effective date of any changes constitutes your acceptance of the updated Policy.

14. Contact Us

If you have questions about this Privacy Policy, wish to exercise your privacy rights, or have concerns about our data practices, please contact us at:

Superlab LLC dba ContentsOps
Attn: Privacy Inquiries
Email: privacy@contentsops.com
Website: https://contentsops.com