Privacy Policy
1. Who we are
Brushworx Construction Services LLC (“Brushworx”, “we”, “us”) is a construction and renovation company based in Oklahoma City, Oklahoma. Brushworx HQ is our internal business operations application, used to manage estimates, work orders, invoicing, and the financial operations of the business.
This Privacy Policy explains what information Brushworx HQ collects, how it is used, how it is protected, and the choices available regarding that information.
2. Scope and nature of the application
Brushworx HQ is a single-tenant internal application. It is used by the business owner and authorized Brushworx personnel to operate the business. It is not a consumer product and does not collect personal information from members of the public.
The only financial account connected through the application is the business’s own bank account, connected by the business owner for the business’s own bookkeeping and financial management.
3. Information we collect
3.1 Business and operational data
Information entered by Brushworx personnel in the normal course of business: client and project records, estimates, work orders, invoices, crew time, and related operational data.
3.2 Financial account information (via Plaid)
When the business owner connects a bank account, we use Plaid Inc. (“Plaid”) to facilitate that connection. Through Plaid we may receive:
- Account identifiers and metadata (account name, type, masked account number, institution name)
- Account balances
- Transaction history (amounts, dates, descriptions, categories)
Brushworx does not receive or store online banking login credentials. Those are entered by the user directly into Plaid’s secure interface and are never transmitted to or visible to Brushworx.
3.3 Authentication data
Email addresses and authentication information for Brushworx personnel who log in to the application, managed through our authentication provider.
4. How we use information
We use the information described above only to operate Brushworx’s own business:
- To display, categorize, and reconcile the business’s financial transactions
- To support bookkeeping, invoicing, and financial reporting
- To operate the application’s estimating, work-order, and invoicing features
- To monitor the security and reliability of the application
We do not use this information for advertising, and we do not sell it.
5. How we share information
We do not sell personal or financial information. We share information only with the service providers that operate the application’s infrastructure, and only to the extent necessary for them to provide their service:
- Plaid Inc. — bank account connectivity. Plaid’s handling of data is governed by Plaid’s own privacy policy at https://plaid.com/legal/.
- Supabase — database and authentication hosting.
- Vercel — application hosting.
- Upstash — rate limiting and caching.
- Sentry — error monitoring.
- Anthropic — AI-assisted features within the application.
We may also disclose information where required by law.
6. How we protect information
- All data transmitted between users and the application is encrypted in transit using TLS 1.2 or higher.
- All data stored in our database is encrypted at rest (AES-256) by our hosting provider.
- Production secrets and API credentials are stored in an access-controlled, encrypted environment variable system.
- Access to financial data within the application is restricted by role-based access control; access to production infrastructure is restricted to the business owner and protected by multi-factor authentication.
7. Data retention and deletion
We retain business and financial data for as long as it is needed for the operation, bookkeeping, tax, and recordkeeping purposes of the business.
A connected bank account can be disconnected at any time from within the application. Disconnecting an account removes the stored Plaid access token. Requests to delete stored financial data can be made by contacting brushworxok@gmail.com.
8. Your choices and rights
Because Brushworx HQ is a single-tenant internal application, the data subject is the business itself. The business owner has direct administrative access to view, correct, export, and delete all data stored in the application, and may disconnect any connected financial account at any time.
For any question or request regarding data held by Brushworx, contact brushworxok@gmail.com.
9. Children’s privacy
Brushworx HQ is a business application and is not directed to children. We do not knowingly collect information from children.
10. Changes to this policy
We may update this Privacy Policy from time to time. Material changes will be reflected by updating the effective date above and, where appropriate, through direct notice.
11. Contact
Questions about this Privacy Policy or about data held by Brushworx can be directed to:
Brushworx Construction Services LLC
Oklahoma City, Oklahoma
Email: brushworxok@gmail.com