Privacy Policy
Effective Date: March 26, 2026
1. Introduction
This Privacy Policy describes how Kontrak, operated by Kontrak APP LLC ("Kontrak," "we," "us," or "our"), collects, uses, stores, and protects your personal and business information when you use our platform at kontrakapp.com (the "Service").
Kontrak is a SaaS platform for construction contractors to manage estimates, invoices, contracts, payroll, taxes, and finances. We are committed to protecting your privacy and being transparent about our data practices.
By using the Service, you consent to the collection and use of your information as described in this Privacy Policy. If you do not agree with this policy, please do not use the Service.
2. Information We Collect
We collect information necessary to provide and improve the Service. The types of information we collect include:
Account Information
- Name — Your full name as provided during registration
- Email address — Used for authentication, communication, and account recovery
- Password — Stored in a securely hashed format; we never store plaintext passwords
Business Information
- Company name and business details
- Business address and contact information
- Employer Identification Number (EIN) — For payroll and tax features
- Entity type — (e.g., sole proprietor, LLC, corporation)
Financial & Business Data
- Invoices, estimates, and contracts — Documents you create within the Service
- Expense records — Business expenses you track in the Service
- Payroll data — Employee information, pay rates, tax withholdings, and pay run records
- Bank transactions — Transaction data retrieved through Plaid (optional; only if you connect a bank account)
Payment Information
Subscription payments and customer invoice payments are processed by Stripe. Stripe collects and processes your payment card information directly. Kontrak does not store credit card numbers or bank account numbers on our servers. For details on how Stripe handles your payment data, see Stripe's Privacy Policy.
Usage Data
- Pages visited and features used within the Service
- Activity logs — Timestamps and actions performed (e.g., creating an invoice, sending a proposal)
- Device information — Browser type, operating system, and screen resolution
- IP address — Collected for security and fraud prevention
3. How We Use Your Information
We use the information we collect for the following purposes:
| Purpose | Description |
|---|---|
| Provide the Service | To operate, maintain, and deliver the features and functionality of Kontrak, including managing your estimates, invoices, contracts, payroll, and financial data. |
| Process Payments | To process subscription payments and customer invoice payments through Stripe. |
| Communicate | To send transactional emails (e.g., invoice delivery, proposal notifications), account-related communications, and important service updates. |
| Improve the Product | To analyze usage patterns, diagnose technical issues, and develop new features and improvements to the Service. |
| Security | To detect, prevent, and respond to security incidents, fraud, and abuse of the Service. |
| Legal Compliance | To comply with applicable laws, regulations, and legal processes. |
We do not sell your personal information to third parties. We do not use your data for advertising or marketing purposes unrelated to the Service.
4. Third-Party Services
Kontrak relies on trusted third-party service providers to deliver the Service. Each provider has access only to the data necessary to perform their function. Below are the third-party services we use and how they interact with your data:
Supabase
- Purpose: Database and authentication
- Data accessed: User accounts, business data, all application data
- Hosting: Hosted on Amazon Web Services (AWS)
- Website: supabase.com
Stripe
- Purpose: Payment processing for subscription billing and customer invoice payments
- Data accessed: Payment card information, billing details, email address
- Note: Stripe collects payment card information directly. Kontrak does not store card numbers.
- Privacy Policy: stripe.com/privacy
Plaid
- Purpose: Bank account connection (optional) for pulling transactions to support financial tracking features
- Data accessed: Bank account information and transaction history (only with your explicit consent)
- Note: Plaid integration is optional. You choose whether to connect a bank account.
- Privacy Policy: plaid.com/legal
SendGrid
- Purpose: Email delivery for sending estimates, invoices, proposals, and notifications to your customers
- Data accessed: Email addresses (sender and recipient), email content
- Website: sendgrid.com
Netlify
- Purpose: Website hosting and serverless functions
- Data accessed: HTTP request data (IP addresses, user agent strings) for hosting purposes
- Privacy Policy: netlify.com/privacy
5. Data Storage & Security
We take the security of your data seriously and implement industry-standard safeguards to protect it:
- Infrastructure: Application data is stored in Supabase, which is hosted on Amazon Web Services (AWS)
- Encryption in transit: All data transmitted between your browser and our servers is encrypted using TLS (Transport Layer Security)
- Access controls: We implement role-based access controls and row-level security policies to ensure that your data is accessible only to authorized users
- Password security: User passwords are securely hashed and salted before storage; we never store plaintext passwords
- Regular monitoring: We monitor our systems for security vulnerabilities and unauthorized access attempts
While we strive to protect your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security but will promptly notify affected users in the event of a data breach, in accordance with applicable law.
6. Data Retention
We retain your information for as long as necessary to provide the Service and fulfill the purposes described in this Privacy Policy:
- Active accounts: Your data is retained for as long as your account is active and your subscription is current
- Cancelled accounts: After cancellation, your data is retained in a read-only state for a reasonable period to allow for reactivation or data export
- Deletion requests: Upon request, we will delete your personal and business data within 30 days, except where retention is required by law (e.g., financial records for tax compliance)
- Backups: Data may persist in encrypted backups for up to 90 days after deletion, after which it is permanently removed
7. Your Rights
Depending on your location, you may have the following rights regarding your personal data:
- Access: You have the right to request a copy of the personal information we hold about you
- Correction: You have the right to request correction of any inaccurate or incomplete personal information
- Deletion: You have the right to request deletion of your personal data, subject to certain legal exceptions
- Data portability: You have the right to request your data in a structured, commonly used, machine-readable format
- Opt out of marketing: You may opt out of promotional emails at any time by clicking the "unsubscribe" link in any marketing email or by contacting us
- Restrict processing: You may request that we restrict the processing of your personal data under certain circumstances
To exercise any of these rights, please contact us at support@kontrakapp.com. We will respond to your request within 30 days.
8. Cookies
Kontrak uses a limited number of cookies to operate the Service:
- Session cookies: Used for authentication and maintaining your logged-in session. These are essential cookies required for the Service to function.
- Preference cookies: Used to remember your preferences (e.g., billing toggle state).
We do not use third-party tracking cookies, advertising cookies, or analytics cookies that track your behavior across other websites. We do not participate in ad networks or cross-site tracking.
9. Children's Privacy
The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to promptly delete that information. If you believe that a child under 18 has provided us with personal information, please contact us at support@kontrakapp.com.
10. California Privacy Rights (CCPA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):
- Right to Know: You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the sources from which it was collected, the business purpose for collection, and the categories of third parties with whom it is shared.
- Right to Delete: You have the right to request deletion of your personal information, subject to certain exceptions (e.g., where retention is necessary for legal compliance or completing a transaction).
- Right to Opt-Out: You have the right to opt out of the "sale" of your personal information. Kontrak does not sell your personal information.
- Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights. You will not receive a different level of service or pricing for exercising your rights.
To submit a CCPA request, contact us at support@kontrakapp.com. We may ask you to verify your identity before fulfilling your request.
11. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. If we make material changes, we will notify you by:
- Posting the updated policy on our website with a revised effective date
- Sending an email notification to the address associated with your account
- Displaying a notice within the Service
We encourage you to review this Privacy Policy periodically. Your continued use of the Service after the effective date of any changes constitutes your acceptance of the updated policy.
12. Contact
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:
Kontrak APP LLC
Email: support@kontrakapp.com
Website: kontrakapp.com
By using Kontrak, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy.