Privacy Policy

Effective Date: April 2025

TrenchCalc values your privacy. This policy explains what data we collect, how it is used, and your rights as a user.

Data Collection

We collect the following types of data:

• Authentication: When you sign in, we use AWS Cognito to securely manage your login using your email address.
• LiDAR Scans: If you use LiDAR scanning features, scan data is processed locally on your device. With your explicit consent, anonymized scan data may be uploaded for ML model training.
• Project Information: Project details, calculations, and site data are stored locally on your device. This data is not uploaded to our servers unless you opt in to contribute anonymized data for ML training.
• Location: If you enable weather advisories, the app may access your device's location to provide relevant site information. Location data is not stored or shared.
• Purchases: Subscription purchase information is processed through Apple App Store and Google Play. We do not have access to your payment details.
• Usage Data: We may collect anonymous interaction data (such as app launches, crash reports, and performance metrics) to improve stability and features.

Third-Party AI Services

Important: If you use the Site Diary or AI features, your voice transcriptions and text prompts are sent to third-party AI service providers for processing.

What Data is Sent to Third-Party AI Services

When you use Site Diary or voice transcription features, the following data is transmitted to third-party AI service providers:

• Voice Transcripts: Your voice recordings are first transcribed by a third-party speech-to-text service, then the transcriptions are sent to a third-party AI service for polishing
• Project Information: Project name, date, and location (if provided)
• User Prompts: Any text you enter for AI processing, including diary entries and voice transcriptions
• System Prompts: Instructions for how the AI service should format the output (e.g., "convert to formal construction site diary report")

How Third-Party AI Services Use Your Data

Third-party AI service providers process your data according to their own privacy policies and terms of service. Key points:

• Data Processing: AI services use your prompts to generate AI responses (diary polishing, text enhancement)
• Data Retention: AI service providers may retain your prompts for a limited period (typically up to 30 days) for abuse monitoring and service improvement, unless you opt out
• Model Training: By default, AI service providers may use your prompts to train their models. You can opt out of training data usage by contacting us
• Data Sharing: AI service providers do not share your prompts with third parties, but they may be reviewed by their staff for safety and quality purposes

Your Options Regarding Third-Party AI Services

• Opt-Out of Training: You can opt out of AI service providers using your prompts for model training by contacting us, and we will configure our system to exclude your prompts from training
• No Prompts Stored: We do not store your prompts or transcripts on our servers after processing
• Secure Transmission: All data sent to third-party AI services is encrypted in transit using HTTPS/TLS
• You Can Stop Using AI Features: You can disable AI features at any time and your data will no longer be sent to third-party AI services

Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your browsing experience and analyze website traffic.

Types of Cookies We Use

• Necessary Cookies: Required for the website to function properly. These cannot be disabled.
• Analytics Cookies: We use Google Analytics to understand how visitors interact with our website. This helps us improve our content and user experience. You can opt out of analytics cookies using our cookie consent banner.
• Functional Cookies: We use Google Translate to provide language translation services. This stores your language preference.

Managing Cookies

You can manage your cookie preferences at any time in several ways:

• Cookie Consent Banner: When you first visit our website, a cookie consent banner will appear at the bottom of the page. You can choose to accept all cookies, reject optional cookies, or customize your preferences.
• Cookie Settings Link: You can change your cookie preferences at any time by clicking the "Cookie Settings" link in the footer of any page on our website.
• Browser Settings: You can also disable cookies through your browser settings, though this may affect website functionality.

Note: If you close the cookie banner without making a selection, it will appear again on your next visit. Your preferences are saved once you make a choice.

Third-Party Services

We use third-party services to support TrenchCalc and our website:

AI and Processing Services

• Third-Party AI Service Providers – to process Site Diary voice transcriptions and text prompts for AI-generated reports.
  • Your prompts and transcripts are sent to third-party AI service providers for processing
  • AI service providers may retain your data for up to 30 days for abuse monitoring
  • AI service providers may use your prompts for model training unless you opt out
  • See Third-Party AI Services section above for detailed information
• Google Speech-to-Text – to convert voice recordings to text before sending to AI service providers
  • Your voice recordings are sent to Google for transcription
  • Google processes and returns transcriptions; recordings are not stored by Google
  • Privacy Policy: Google Cloud Speech-to-Text Privacy

Analytics and Website Services

• Google Analytics – to analyze website traffic and user behavior (uses cookies). You can opt out using our cookie consent banner.
• Google Translate – to provide language translation services (uses cookies).
• Crisp Chat – to provide customer support chat functionality on our website. When you use the chat feature, Crisp may collect information such as your IP address, browser type, and messages you send. This data is used solely for providing customer support. You can find Crisp's privacy policy at crisp.chat/en/privacy.

Authentication and Payment Services

• RevenueCat – to manage in-app subscriptions.
• Apple App Store / Google Play – to handle purchases and billing securely.
• AWS Cognito – for secure user authentication and account management.

Machine Learning Training Data

TrenchCalc includes an optional feature that allows you to contribute your LiDAR scans to help improve our AI models. This is completely optional and requires your explicit consent. You can opt-in or opt-out at any time in the app settings.

What Data is Collected (ML Training)

• LiDAR Point Clouds: 3D point cloud data from your scans (fully anonymized before upload)
• Quality Metrics: Scan quality, density, coverage, and noise levels
• Geometric Features: Shape descriptors, bounding boxes, and volume measurements
• Anonymized User ID: Your user ID is hashed using HMAC-SHA256 (cannot be traced back to you)

How ML Data is Protected

• Full Anonymization: All personally identifiable information is removed before upload
• User ID Hashing: Your user ID is hashed using HMAC-SHA256 with a server-side secret
• Metadata Sanitization: All PII fields (location, GPS, project names, client names, etc.) are automatically removed
• Differential Privacy: Optional noise injection available for additional privacy protection
• Quality Filtering: Only high-quality scans (quality > 0.5) are uploaded for training

How ML Data is Used

Your anonymized scans are used solely for training machine learning models to improve object detection accuracy (such as detecting pipes, shoring, and other objects in trenches). The data is:

• Never sold or shared with third parties
• Never used for marketing or advertising
• Only used for ML training purposes
• Stored securely on AWS S3 with encryption

Your Rights Regarding ML Data

• Opt-In/Opt-Out: You can grant or revoke consent at any time in the app settings
• Data Deletion: If you revoke consent, all your previously uploaded ML training data will be deleted within 30 days
• Data Portability: You can export your consent and contribution data
• Transparency: You can see your contribution statistics and rewards in the app
• No Penalties: You can opt-out without any penalty or loss of app functionality

Consent Management

When you first use features that could contribute to ML training, you will be presented with a clear consent screen explaining what data is collected, how it's used, and your rights. You must explicitly opt-in to contribute. Consent is versioned, so if our terms change, you'll be asked to re-consent.

Data Retention

• Account Data: Retained until account deletion
• ML Training Data: Retained until consent is revoked, then deleted within 30 days
• Usage Data: Retained for 24 months for analytics purposes
• Cookies: Retention periods vary by cookie type (see cookie settings)

Data Security

We implement industry-standard security measures to protect your data:

• Encryption: All data in transit uses HTTPS/TLS encryption
• Authentication: AWS Cognito with industry-standard security (SOC 2, ISO 27001 compliance)
• Access Controls: Role-based access control for all data
• Anonymization: ML data is fully anonymized before storage
• Secure Storage: All data stored on AWS with encryption at rest

Your Rights

Under GDPR and other privacy laws, you have the right to:

• Access: Request a copy of your personal information
• Rectification: Request correction of inaccurate data
• Erasure: Request deletion of your personal information (right to be forgotten)
• Portability: Export your data in a machine-readable format
• Object: Object to processing of your personal information
• Withdraw Consent: Withdraw consent for ML training data at any time

You may choose to disable location access at any time in your device settings. TrenchCalc does not sell or share personal information with advertisers.

California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to Know: You can request information about the personal information we collect, use, and disclose
• Right to Delete: You can request deletion of your personal information
• Right to Opt-Out: You can opt-out of the sale of your personal information (we do not sell personal information)
• Non-Discrimination: We will not discriminate against you for exercising your privacy rights

To exercise your CCPA rights, contact us at: engsitetools@gmail.com

Data Processors

We use the following third-party services that process your data under data processing agreements (DPAs):

• AWS Cognito: User authentication (DPA: AWS Data Processing Addendum)
• RevenueCat: Subscription management (DPA: RevenueCat Data Processing Agreement)
• Third-Party AI Service Providers: AI text processing for Site Diary features (DPA: Data Processing Agreement with provider)
  • Processes voice transcriptions and text prompts
  • May retain data for up to 30 days for abuse monitoring
  • May use prompts for model training unless you opt out
• Google Speech-to-Text: Voice transcription services (DPA: Google Cloud Data Processing Agreement)
• Google Analytics: Website analytics (DPA: Google Analytics Data Processing Terms)
• AWS S3: ML training data storage (DPA: AWS Data Processing Addendum)
• AWS SageMaker: Machine learning model training and processing (DPA: AWS Data Processing Addendum)
  • Processes anonymized LiDAR scan data for ML model training
  • Used for object detection and analysis improvements
  • Data is fully anonymized before processing

International Data Transfers

Your data may be transferred to and processed in countries outside your country of residence (primarily the United States). We ensure appropriate safeguards are in place through:

• Standard Contractual Clauses (SCCs) for EU data transfers
• AWS data processing agreements for cloud services
• Compliance with applicable data protection laws

Children's Privacy

TrenchCalc is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.

Data Breach Notification

In the event of a data breach that affects your personal information, we will:

• Notify affected users within 72 hours (GDPR requirement)
• Notify relevant data protection authorities where required
• Provide details about the breach and mitigation steps

Contact

If you have any questions about this privacy policy or to exercise your privacy rights, you can reach us at:

Email: engsitetools@gmail.com

Privacy Contact: engsitetools@gmail.com

© 2025 EngSite Tools