Effective Date: July 13, 2025
TrenchCalc ("the app") is a utility tool designed for engineering professionals to calculate trench volumes and backfill estimates. We value your privacy and only collect the minimum data necessary to deliver core functionality.
TL;DR: We only collect your email for login and subscription management. We don't store your calculation data, track your location, or show ads.
Information We Collect
- Authentication: When you sign in, we use AWS Cognito to securely manage your login using your email address.
- LiDAR Scans: If you use LiDAR scanning features, scan data is processed locally on your device. With your explicit consent, anonymized scan data may be uploaded for ML model training.
- Project Information: Project details, calculations, and site data are stored locally on your device. This data is not uploaded to our servers unless you opt in to contribute anonymized data for ML training.
- Purchases: We use RevenueCat to manage your subscription status. We do not receive your payment details directly.
- Anonymous Feedback: If you delete your account, you may optionally leave feedback. This is stored anonymously and cannot be linked back to your identity.
Third-Party AI Services
Important: If you use the Site Diary or AI features, your voice transcriptions and text prompts are sent to third-party AI service providers for processing.
What Data is Sent to Third-Party AI Services
When you use Site Diary or voice transcription features, the following data is transmitted to third-party AI service providers:
- Voice Transcripts: Your voice recordings are first transcribed by a third-party speech-to-text service, then the transcriptions are sent to a third-party AI service for polishing
- Project Information: Project name, date, and location (if provided)
- User Prompts: Any text you enter for AI processing, including diary entries and voice transcriptions
- System Prompts: Instructions for how the AI service should format the output (e.g., "convert to formal construction site diary report")
How Third-Party AI Services Use Your Data
Third-party AI service providers process your data according to their own privacy policies and terms of service. Key points:
- Data Processing: AI services use your prompts to generate AI responses (diary polishing, text enhancement)
- Data Retention: AI service providers may retain your prompts for a limited period (typically up to 30 days) for abuse monitoring and service improvement, unless you opt out
- Model Training: By default, AI service providers may use your prompts to train their models. You can opt out of training data usage by contacting us
- Data Sharing: AI service providers do not share your prompts with third parties, but they may be reviewed by their staff for safety and quality purposes
Your Options Regarding Third-Party AI Services
- Opt-Out of Training: You can opt out of AI service providers using your prompts for model training by contacting us, and we will configure our system to exclude your prompts from training
- No Prompts Stored: We do not store your prompts or transcripts on our servers after processing
- Secure Transmission: All data sent to third-party AI services is encrypted in transit using HTTPS/TLS
- You Can Stop Using AI Features: You can disable AI features at any time and your data will no longer be sent to third-party AI services
⚠️ Important: If you include sensitive information (client names, project details, financial data, etc.) in your Site Diary entries or voice transcriptions, this information will be sent to third-party AI service providers. We recommend avoiding including highly sensitive information in AI-processed content.
Third-Party Services
TrenchCalc uses the following trusted third-party services:
AI and Processing Services
- Third-Party AI Service Providers – to process Site Diary voice transcriptions and text prompts for AI-generated reports.
- Your prompts and transcripts are sent to third-party AI service providers for processing
- AI service providers may retain your data for up to 30 days for abuse monitoring
- AI service providers may use your prompts for model training unless you opt out
- See Third-Party AI Services section above for detailed information
- Google Speech-to-Text – to convert voice recordings to text before sending to AI service providers
- Your voice recordings are sent to Google for transcription
- Google processes and returns transcriptions; recordings are not stored by Google
- Privacy Policy: Google Cloud Speech-to-Text Privacy
Authentication and Payment Services
- AWS Cognito – For secure user authentication
- RevenueCat – For managing in-app subscriptions
These services have their own privacy policies and handle your data according to industry-standard security practices.
What We Do Not Collect
- We do not store any trench calculation data in the cloud.
- We do not access your device location, contacts, or files.
- We do not show ads or track you across other apps.
- We do not sell or share your personal information with third parties.
Data Retention
You may delete your account at any time from the profile screen. This removes all login data from our authentication system. Anonymous feedback, if submitted, is not linked to your user ID and cannot be deleted.
Machine Learning Training Data
TrenchCalc includes an optional feature that allows you to contribute your LiDAR scans to help improve our AI models. This is completely optional and requires your explicit consent. You can opt-in or opt-out at any time in the app settings.
What Data is Collected (ML Training)
- LiDAR Point Clouds: 3D point cloud data from your scans (fully anonymized before upload)
- Quality Metrics: Scan quality, density, coverage, and noise levels
- Geometric Features: Shape descriptors, bounding boxes, and volume measurements
- Anonymized User ID: Your user ID is hashed using HMAC-SHA256 (cannot be traced back to you)
How ML Data is Protected
- Full Anonymization: All personally identifiable information is removed before upload
- User ID Hashing: Your user ID is hashed using HMAC-SHA256 with a server-side secret
- Metadata Sanitization: All PII fields (location, GPS, project names, client names, etc.) are automatically removed
- Differential Privacy: Optional noise injection available for additional privacy protection
- Quality Filtering: Only high-quality scans (quality > 0.5) are uploaded for training
How ML Data is Used
Your anonymized scans are used solely for training machine learning models to improve object detection accuracy (such as detecting pipes, shoring, and other objects in trenches). The data is:
- Never sold or shared with third parties
- Never used for marketing or advertising
- Only used for ML training purposes
- Stored securely on AWS S3 with encryption
Your Rights Regarding ML Data
- Opt-In/Opt-Out: You can grant or revoke consent at any time in the app settings
- Data Deletion: If you revoke consent, all your previously uploaded ML training data will be deleted within 30 days
- Data Portability: You can export your consent and contribution data
- Transparency: You can see your contribution statistics and rewards in the app
- No Penalties: You can opt-out without any penalty or loss of app functionality
Consent Management
When you first use features that could contribute to ML training, you will be presented with a clear consent screen explaining what data is collected, how it's used, and your rights. You must explicitly opt-in to contribute. Consent is versioned, so if our terms change, you'll be asked to re-consent.
Data Retention
- Account Data: Retained until account deletion
- ML Training Data: Retained until consent is revoked, then deleted within 30 days
- Usage Data: Retained for 24 months for analytics purposes
Your Rights
Under GDPR and other privacy laws, you have the right to:
- Access: Request a copy of your personal information
- Rectification: Request correction of any inaccurate data
- Erasure: Delete your account and associated data at any time (right to be forgotten)
- Portability: Export your data in a machine-readable format
- Object: Object to processing of your personal information
- Withdraw Consent: Withdraw consent for ML training data at any time
- Opt Out: Opt out of optional data collection
California Privacy Rights (CCPA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):
- Right to Know: You can request information about the personal information we collect, use, and disclose
- Right to Delete: You can request deletion of your personal information
- Right to Opt-Out: You can opt-out of the sale of your personal information (we do not sell personal information)
- Non-Discrimination: We will not discriminate against you for exercising your privacy rights
To exercise your CCPA rights, contact us at: engsitetools@gmail.com
Data Security
We implement industry-standard security measures to protect your data:
- Encryption: All communications with our servers are encrypted using HTTPS/TLS
- Authentication: AWS Cognito with industry-standard security (SOC 2, ISO 27001 compliance)
- Access Controls: Role-based access control for all data
- Anonymization: ML data is fully anonymized before storage
- Secure Storage: All data stored on AWS with encryption at rest
Data Processors
We use the following third-party services that process your data under data processing agreements (DPAs):
- AWS Cognito: User authentication (DPA: AWS Data Processing Addendum)
- RevenueCat: Subscription management (DPA: RevenueCat Data Processing Agreement)
- Third-Party AI Service Providers: AI text processing for Site Diary features (DPA: Data Processing Agreement with provider)
- Processes voice transcriptions and text prompts
- May retain data for up to 30 days for abuse monitoring
- May use prompts for model training unless you opt out
- Google Speech-to-Text: Voice transcription services (DPA: Google Cloud Data Processing Agreement)
- AWS S3: ML training data storage (DPA: AWS Data Processing Addendum)
- AWS SageMaker: Machine learning model training and processing (DPA: AWS Data Processing Addendum)
- Processes anonymized LiDAR scan data for ML model training
- Used for object detection and analysis improvements
- Data is fully anonymized before processing
International Data Transfers
Your data may be transferred to and processed in countries outside your country of residence (primarily the United States). We ensure appropriate safeguards are in place through:
- Standard Contractual Clauses (SCCs) for EU data transfers
- AWS data processing agreements for cloud services
- Compliance with applicable data protection laws
Children's Privacy
TrenchCalc is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.
Data Breach Notification
In the event of a data breach that affects your personal information, we will:
- Notify affected users within 72 hours (GDPR requirement)
- Notify relevant data protection authorities where required
- Provide details about the breach and mitigation steps
Changes to This Policy
We may update this privacy policy from time to time. We will notify you of any significant changes through the app or via email. Continued use of TrenchCalc after changes constitutes acceptance of the updated policy.
Contact Us
If you have any questions or concerns about this privacy policy or to exercise your privacy rights, please contact us at:
Email: engsitetools@gmail.com
Privacy Contact: engsitetools@gmail.com
Thank you for using TrenchCalc. We're committed to protecting your privacy.