PRIVACY POLICY
Effective date: January 1, 2026
1. Information We Collect
We collect information you provide directly to us, such as when you create an account, submit an inspection, or contact us for support. This includes your name, email address, business information, and any data you enter into the platform — including data about your own clients, such as homebuyers and agents. We also automatically collect certain technical information when you use our services, including IP address, browser type, device information, and usage patterns. If your workspace turns on AI features by saving your own Google Gemini API key, the inspection text you choose to process is sent to Google under your own key and Google account so it can be polished; AI features are off until a key is configured, and we never send your content to Google on your behalf without one.
2. How We Use Your Information
We use the information we collect to provide, maintain, and improve our services; process transactions and send related information; send technical notices, updates, security alerts, and administrative messages; respond to your comments, questions, and customer service requests; and monitor and analyze trends, usage, and activities in connection with our services.
3. Data Storage & Security
Your data is stored on Cloudflare's global edge network using D1 (SQLite-compatible database) and R2 (object storage). We implement industry-standard security measures including encryption in transit (TLS 1.3), role-based access control, and ongoing security reviews. Inspection data is logically isolated per tenant — no tenant can access another tenant's data.
4. Data Sharing & Subprocessors
We do not sell, trade, or otherwise transfer your personal information to third parties except as described in this policy. We rely on a small set of service providers (subprocessors) to operate the platform: Cloudflare provides our infrastructure (hosting, database, file storage, bot protection, PDF rendering, and analytics delivery); Stripe processes subscription payments; Resend sends transactional email; Twilio and Telnyx (as applicable to the platform's active messaging configuration) deliver SMS text messages on the hosted platform; and Google Analytics provides usage analytics, delivered through Cloudflare's server-side tag loader (Cloudflare Zaraz). These providers are contractually obligated to protect your data. We do not sell or share mobile opt-in information or phone numbers with third parties or affiliates for their own marketing purposes. Google Gemini is not one of our subprocessors: it is an optional integration that a workspace enables with its own Google API key, and any inspection text sent to it goes under that workspace's own Google account, not ours.
5. Controller & Processor Roles
We play two different roles depending on the data. For account data — your identity as a user and your billing information — we are the data controller. For workspace content — the data about your clients that you enter into your inspections — we act as a processor on your behalf, and the inspection company is the controller. If you are an end client (for example, a homebuyer) and you want to access, correct, or delete your personal data, please contact the inspection company you hired; they control that data. When a company asks us to help fulfill such a request, we will assist them in doing so.
6. Your Rights
You may access, correct, or delete your personal information at any time through your account settings. You may also request a complete export of your data. If you are located in the European Economic Area, you have additional rights under the GDPR, including the right to data portability and the right to lodge a complaint with a supervisory authority.
7. Data Export & Deletion
You may export your data at any time, and we provide a full export at offboarding that includes your inspection data and your photo files. When you delete your account, we begin a 30-day grace period during which the account can be restored; after that period, your data is purged from our systems. Following a purge we retain only a destruction record — non-personal metadata confirming that the deletion took place — so we can demonstrate the data was removed.
8. Cookies & Analytics
We use essential cookies to keep you signed in and to protect against cross-site request forgery (CSRF). These are HttpOnly, Secure cookies, they cannot be read by client-side JavaScript, and they are always on because the Service cannot function without them. We also use Google Analytics 4 to understand how the Service is used, delivered first-party through Cloudflare's server-side tag loader (Cloudflare Zaraz); it sets analytics cookies (such as _ga). In regions that require consent — for example the EEA and the UK — analytics runs only after you accept it through our cookie banner, and you can decline or change your choice there. Where consent is required and not given, no analytics cookies are set.
9. International Data Transfers
Your data is processed on Cloudflare's global network, with primary storage located in the United States. By using the Service, you understand and agree that your data may be processed in the United States and in other jurisdictions where we or our service providers operate, which may have data-protection laws different from those in your own country.
10. Self-Hosted Instances
If you use the self-hosted version of the OpenInspection software, your data never touches our servers. You are solely responsible for the security and privacy of data on your own infrastructure. This privacy policy applies only to the hosted InspectorHub cloud platform.
11. SMS & Text Messaging
If you provide a mobile phone number and opt in, the inspection company you are working with may send you SMS text messages through our platform — including appointment confirmations and reminders, report-ready notifications, and other transactional updates about your inspection. Message frequency varies based on your inspection activity. Message and data rates may apply. You can opt out at any time by replying STOP to any message, and you can reply HELP for assistance. Consent to receive text messages is not a condition of any purchase or service. We do not sell or share mobile opt-in information or your phone number with third parties or affiliates for their own marketing purposes. SMS messages are delivered through our messaging provider, Twilio, Inc., acting as our subprocessor. On the hosted InspectorHub platform the platform's toll-free number sends these messages on the inspection company's behalf; self-hosted operators and companies using their own messaging account send from their own number under their own provider account.
12. Account SMS & Text Messaging (InspectorHub to Subscriber)
If you provide a mobile phone number and opt in at signup, InspectorHub may send you account and billing text messages — including subscription renewal reminders, payment alerts, and account lifecycle notices — from a dedicated InspectorHub toll-free number. Message frequency is low and varies by account activity. Message and data rates may apply. You can opt out at any time by replying STOP to any message, and you can reply HELP for assistance. Consent to receive account text messages is not a condition of any purchase or service. We do not sell or share your mobile number or opt-in status with third parties or affiliates for their own marketing purposes. These account alerts are separate from any text messages you may receive from the inspection company you work with (§11 above). Account SMS is delivered through our messaging provider(s), Twilio, Inc. and/or Telnyx, Inc., acting as our subprocessors.
13. Changes to This Policy
We may update this privacy policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the effective date. Your continued use of the platform after changes constitutes acceptance of the updated policy.
14. Contact Us
If you have any questions about this privacy policy or our data practices, please contact us at privacy@inspectorhub.io or through our contact form.