CostAnchor logoStart Free Trial
← Back to home

PRIVACY POLICY

Last updated April 12, 2026

This Privacy Notice for CostAnchor ("we," "us," or "our"), describes how and why we might access, collect, store, use, and/or share ("process") your personal information when you use our services ("Services"), including when you:

  • Visit our website at https://costanchor.com/ or any website of ours that links to this Privacy Notice.
  • Use CostAnchor. CostAnchor audits your field reports against your active contracts and schedules in real-time to catch margin leaks, document weather delays, and generate OAC briefs automatically.
  • Engage with us in other related ways, including any marketing or events.

Questions or concerns? Reading this Privacy Notice will help you understand your privacy rights and choices. We are responsible for making decisions about how your personal information is processed. If you do not agree with our policies and practices, please do not use our Services. If you still have any questions or concerns, please contact us at contact@costanchor.com.

SUMMARY OF KEY POINTS

What personal information do we process? When you visit, use, or navigate our Services, we may process personal information depending on how you interact with us and the Services, the choices you make, and the products and features you use.

Do we process any sensitive personal information? We do not process sensitive personal information.

Do we collect any information from third parties? We do not collect any information from third parties.

How do we process your information? We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law.

In what situations and with which parties do we share personal information? We may share information in specific situations and with specific third-party sub-processors who facilitate our software infrastructure.

How do we keep your information safe? We have adequate organizational and technical processes and procedures in place to protect your personal information. However, no electronic transmission over the internet or information storage technology can be guaranteed to be 100% secure.

What are your rights? Depending on where you are located geographically, the applicable privacy law may mean you have certain rights regarding your personal information.

How do you exercise your rights? The easiest way to exercise your rights is by contacting us at seth@costanchor.com.

1. WHAT INFORMATION DO WE COLLECT?

Personal information you disclose to us

In Short: We collect personal information that you provide to us.

We collect personal information that you voluntarily provide to us when you register on the Services, express an interest in obtaining information about us or our products and Services, when you participate in activities on the Services, or otherwise when you contact us.

The personal information that we collect depends on the context of your interactions with us and the Services. The personal information we collect may include:

  • names
  • email addresses
  • passwords

Project and Field Report Data

When you email or upload field reports, contracts, or schedules, we securely store these documents solely to provide the CostAnchor risk analysis service.

The AI Training Guarantee

Your private project data is never used to train external or public AI models. Because we utilize enterprise API endpoints (such as the Google Gemini API), your unstructured data is processed temporarily for text extraction and analysis, and is strictly siloed and excluded from any public foundation model training.

Sensitive Information. We do not process sensitive information.

Information automatically collected

In Short: Some information — such as your Internet Protocol (IP) address and/or browser and device characteristics — is collected automatically when you visit our Services.

We automatically collect certain information when you visit, use, or navigate the Services. This information does not reveal your specific identity (like your name or contact information) but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our Services, and other technical information. This information is primarily needed to maintain the security and operation of our Services, and for our internal analytics and reporting purposes.

The information we collect includes:

  • Log and Usage Data. Service-related, diagnostic, usage, and performance information our servers automatically collect when you access or use our Services.
  • Location Data. We collect imprecise location data derived from your IP address. We do not track precise GPS device location.

Google API
Our use of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

2. HOW DO WE PROCESS YOUR INFORMATION?

In Short: We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law.

We process your personal information for a variety of reasons, depending on how you interact with our Services, including:

  • To facilitate account creation and authentication and otherwise manage user accounts.
  • To respond to user inquiries/offer support to users.
  • To request feedback.
  • To protect our Services.
  • To evaluate and improve our Services, products, marketing, and your experience.
  • To identify usage trends.

3. WHAT LEGAL BASES DO WE RELY ON TO PROCESS YOUR INFORMATION?

In Short: We only process your personal information when we believe it is necessary and we have a valid legal reason (i.e., legal basis) to do so under applicable law.

If you are located in Canada, we may process your information if you have given us specific permission (i.e., express consent) to use your personal information for a specific purpose, or in situations where your permission can be inferred (i.e., implied consent). You can withdraw your consent at any time.

In some exceptional cases, we may be legally permitted under applicable law to process your information without your consent, including for investigations, fraud detection and prevention, or if disclosure is required to comply with a subpoena, warrant, or court order.

4. WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?

In Short: We may share information in specific situations described in this section and/or with the following third parties.

Vendors, Consultants, and Our Sub-Processors. We may share your data with third-party vendors, service providers, contractors, or agents ("third parties") who perform services for us or on our behalf and require access to such information to do that work.

To provide the CostAnchor platform, we utilize the following secure third-party infrastructure (Sub-Processors):

  • Vercel: Application hosting and serverless execution.
  • Supabase: Secure database and PDF file storage.
  • Resend: Inbound and outbound email routing (the "Magic Mailbox").
  • Google (Gemini API): Unstructured data processing and text extraction.
  • Stripe: Payment processing. (Note: CostAnchor never touches, processes, or stores your raw credit card data. All payment details are handled entirely by Stripe's secure system).

We also may need to share your personal information in the following situations:

  • Business Transfers. We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.
  • Affiliates. We may share your information with our affiliates, in which case we will require those affiliates to honor this Privacy Notice.

5. DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?

In Short: We may use cookies and other tracking technologies to collect and store your information.

We may use cookies and similar tracking technologies (like web beacons and pixels) to gather information when you interact with our Services. Specific information about how we use such technologies and how you can refuse certain cookies is set out in our Cookie Notice: https://costanchor.com/cookies.

Google Analytics: We may share your information with Google Analytics to track and analyze the use of the Services. To opt out of being tracked by Google Analytics across the Services, visit https://tools.google.com/dlpage/gaoptout.

6. DO WE OFFER ARTIFICIAL INTELLIGENCE-BASED PRODUCTS?

In Short: We offer products, features, or tools powered by artificial intelligence, machine learning, or similar technologies.

As part of our Services, we offer products, features, or tools powered by artificial intelligence, machine learning, or similar technologies (collectively, "AI Products").

We provide the AI Products through third-party service providers, including Google Cloud AI (Gemini). Your input, output, and personal information will be shared with and processed by these AI Service Providers. As stated in Section 1, your personal data is securely processed to provide your specific insights and is never utilized to train external or public models.

7. HOW LONG DO WE KEEP YOUR INFORMATION?

In Short: We keep your information for as long as necessary to fulfill the purposes outlined in this Privacy Notice unless otherwise required by law.

We will only keep your personal information for as long as it is necessary for the purposes set out in this Privacy Notice, unless a longer retention period is required or permitted by law. No purpose in this notice will require us keeping your personal information for longer than the period of time in which users have an account with us.

8. HOW DO WE KEEP YOUR INFORMATION SAFE?

In Short: We aim to protect your personal information through a system of organizational and technical security measures.

We have implemented appropriate and reasonable technical and organizational security measures designed to protect the security of any personal information we process. However, despite our safeguards and efforts to secure your information, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure.

9. DO WE COLLECT INFORMATION FROM MINORS?

In Short: We do not knowingly collect data from or market to children under 18 years of age or the equivalent age as specified by law in your jurisdiction.

If you become aware of any data we may have collected from children under age 18, please contact us at contact@costanchor.com.

10. WHAT ARE YOUR PRIVACY RIGHTS?

In Short: Depending on your state of residence in the US or in some regions, such as Canada, you have rights that allow you greater access to and control over your personal information.

Withdrawing your consent: If we are relying on your consent to process your personal information, you have the right to withdraw your consent at any time.

Opting out of marketing and promotional communications: You can unsubscribe from our marketing and promotional communications at any time by clicking on the unsubscribe link in the emails that we send.

Account Information: If you would at any time like to review or change the information in your account or terminate your account, you can log in to your account settings and update your user account.

11. CONTROLS FOR DO-NOT-TRACK FEATURES

Most web browsers and some mobile operating systems include a Do-Not-Track ("DNT") feature or setting. At this stage, no uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, we do not currently respond to DNT browser signals.

12. DO UNITED STATES RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?

In Short: If you are a resident of certain states, you may have the right to request access to and receive details about the personal information we maintain about you.

Categories of Personal Information We Collect

In accordance with the principle of data minimization, we only collect the data necessary to operate our service. We have collected the following categories of personal information in the past twelve (12) months:

  • A. Identifiers (Name, email, IP address)
  • B. Personal information as defined in the California Customer Records statute (Name, contact information)
  • D. Commercial information (Subscription and payment status via Stripe)
  • F. Internet or other similar network activity (Dashboard browsing/analytics)
  • G. Geolocation data (Imprecise location derived from IP addresses only)

We DO NOT collect:

  • Protected classification characteristics (e.g., race, gender)
  • Biometric information
  • Sensory, visual, or audio data
  • Professional, employment, or educational records

Your Rights

Depending on your state of residence, you may have the right to:

  • Know whether or not we are processing your personal data
  • Access your personal data
  • Correct inaccuracies in your personal data
  • Request the deletion of your personal data
  • Obtain a copy of the personal data you previously shared with us

13. DO WE MAKE UPDATES TO THIS NOTICE?

In Short: Yes, we will update this notice as necessary to stay compliant with relevant laws.

We may update this Privacy Notice from time to time. The updated version will be indicated by an updated "Revised" date at the top of this Privacy Notice.

14. HOW CAN YOU CONTACT US ABOUT THIS NOTICE?

If you have questions or comments about this notice, you may contact our Data Protection Officer (DPO) by email at seth@costanchor.com, by phone at 520-369-2777, or contact us by post at:

CostAnchor
Data Protection Officer
6100 Lake Ellenor Drive
Suite 151 #1166
Orlando, FL 34761
United States

15. HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?

Based on the applicable laws of your country or state of residence, you may have the right to request access to the personal information we collect from you, correct inaccuracies, or delete your personal information.

How to Exercise Your Rights

If you are a General Contractor (Admin), you can instantly delete your entire workspace, all associated user accounts, and all field reports by navigating to your Project Settings and clicking "Delete My Account."

For all other requests, including individual account deletion, data correction, or requesting a copy of your personal data, please email us directly at seth@costanchor.com. We will process your request manually within 30 days.