Privacy Policy

1. Introduction

Sylk ("we," "our," or "us") provides a service business management platform through our mobile application and related web services (collectively, the "Service"). We are committed to protecting the privacy and security of your personal information.

This Privacy Policy explains what information we collect, how we use and share it, and your choices regarding your data. This policy applies to all users of the Service, including business owners, supervisors, and workers.

By using Sylk, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use the Service.

2. Information We Collect

We collect information in several categories depending on how you use the Service and your role within your organization.

2.1 Personal Identifiers

Full name, email address, phone number
Business name, business phone, business email
Job title and role within the organization (Owner, Supervisor, or Worker)
Account credentials (email and encrypted password)
Trade specializations and professional skills

2.2 Financial Information

Bank account data collected via Teller: account and routing numbers, institution name, account balances, and transaction history
Payment card data processed via Stripe: card number, expiration date, billing address (we do not store card details on our servers)
Project budgets, expenses, income, and profit calculations
Worker pay rates (hourly, daily, weekly, or project-based)
Estimates, invoices, and payment records
Subscription billing information

2.3 Location Data

GPS coordinates collected during supervisor clock-in/clock-out
Service location addresses and geocoded coordinates
Distance calculations between your location and service locations
Location is collected in the foreground only — we do not track your location in the background

2.4 Audio Data

Voice recordings captured when you use the voice-to-text feature
Recordings are processed by our transcription providers (Deepgram, Groq) and converted to text
Audio recordings are not permanently stored — only the resulting text transcriptions are retained
Transcriptions may appear in daily reports, notes, chat messages, and task descriptions

2.5 Photos & Media

Project documentation photos taken through the app
Daily report photos documenting work progress
Business logos uploaded for branding
Photos may be analyzed by AI for progress tracking and documentation (see Section 4)
All media is stored securely in encrypted cloud storage with access controls

2.6 Project & Work Data

Project details: name, description, client information, addresses, timelines
Project phases, tasks, assignments, and completion status
Time tracking records: clock-in/out times, hours worked, break periods
Daily reports: narrative descriptions, completed tasks, hours, materials, weather conditions
Worker assignments and scheduling information
Client contact information and communication history

2.7 Communications Data

In-app chat messages exchanged with the AI assistant
SMS and WhatsApp messages sent through the platform to workers, supervisors, or clients
Push notification preferences and delivery records
Email communications sent via the app (supervisor invitations)

2.8 AI Interaction Data

Chat conversations with the AI assistant
Project context provided to AI for estimate generation and suggestions
AI-learned user preferences and business patterns (stored as "user memories" to personalize your experience)
Historical pricing data used for AI-powered pricing intelligence

2.9 Device & Technical Data

Device type, model, and operating system version
Push notification tokens (Expo push tokens)
App version and usage patterns
Crash reports and diagnostic data

3. How We Use Your Information

We use the information we collect for the following purposes:

Service Delivery: Operating and maintaining the core business management features including project tracking, task management, and team coordination
AI-Powered Features: Generating estimates, providing suggestions, analyzing project data, processing voice input, and personalizing your experience through learned preferences
Payment Processing: Managing subscriptions through Stripe, connecting bank accounts through Teller, and processing financial transactions
Team Management: Enabling the owner-supervisor-worker hierarchy, facilitating invitations, managing assignments, and providing role-appropriate data access
Location Services: Calculating distances to service locations, verifying supervisor clock-in locations, and providing location-based appointment reminders
Communications: Sending push notifications, enabling SMS/WhatsApp messaging, delivering email invitations, and providing in-app alerts
Financial Tracking: Reconciling bank transactions with project expenses, generating invoices, tracking payments, and providing financial reports
Service Improvement: Understanding usage patterns, diagnosing technical issues, and improving app performance and features
Legal Compliance: Fulfilling legal obligations, responding to legal requests, and protecting our rights and the rights of our users

4. AI Data Usage

Transparency Notice: Sylk uses third-party artificial intelligence providers to power features such as estimate generation, project analysis, and the AI chat assistant. This section describes exactly what data is shared with these providers and how it is handled.

4.1 AI Providers

We use the following AI service providers:

Anthropic (Claude) — accessed via OpenRouter — powers the AI assistant, estimate generation, project analysis, and photo analysis
Groq — provides fast AI routing and speech-to-text transcription (Whisper model)
Deepgram — provides speech-to-text transcription services

4.2 What Data Is Sent to AI Providers

Project details (names, descriptions, status, phases, tasks)
Financial summaries (budgets, expenses, income — at the project level)
Chat messages you send to the AI assistant
Daily report photos (for visual analysis of work progress)
Your AI-learned preferences and business patterns
Audio recordings (sent to Deepgram or Groq for transcription only)

4.3 What Is NOT Sent to AI Providers

Your password or authentication credentials
Bank account credentials, access tokens, or raw banking data
Payment card numbers or billing details
Other users' personal contact information

4.4 How AI Providers Handle Your Data

Under their commercial API terms, Anthropic and Groq do not use data submitted through their APIs to train their AI models. Your data is processed to generate responses and is subject to their respective data retention and security policies.

AI-generated outputs (estimates, suggestions, analysis) are provided for informational purposes only and should not be relied upon as professional, financial, or engineering advice. You are responsible for independently verifying all AI-generated content.

5. Third-Party Services

We share data with the following service providers who help us operate the Service. Each provider processes data under their own privacy policies and security standards.

Service	Data Shared	Purpose
Teller	Bank credentials, account info, transactions	Bank account connections & transaction reconciliation
Stripe	Payment card data, email, billing info	Subscription payments & billing management
Anthropic (Claude)	Project data, chat messages, photos	AI estimates, suggestions, chat assistant
Groq	Audio files, text for AI routing	Speech transcription & AI model routing
Deepgram	Audio files	Speech-to-text transcription
Google Maps	Addresses, coordinates	Geocoding & distance calculations
Expo / EAS	Push tokens, device info	Push notifications & over-the-air updates
Supabase	All app data	Database, authentication, file storage
Sentry	Error logs, stack traces, device info	Error monitoring & crash reporting

We do not sell your personal information to third parties. We share data with the providers listed above solely to operate and improve the Service.

6. Data Sharing Between Roles

Sylk operates with a team hierarchy (Owner → Supervisor → Worker). Different roles have different levels of data access:

Role	Can View
Owner	All projects, all financial data, all supervisor/worker data including time tracking, location data during clock-in, and daily reports
Supervisor	Assigned projects, workers assigned to their projects, project-level financial data (may be restricted by owner settings), own time tracking
Worker	Assigned projects and phases, own time tracking, own daily reports
Client	Only estimates and invoices explicitly shared with them by the owner via unique access links

Important for Workers and Supervisors: By accepting an invitation and joining an organization on Sylk, you acknowledge that the business Owner will have access to your work-related data, including time tracking records and location data collected during clock-in events.

7. Your California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

Right to Know: You can request the categories and specific pieces of personal information we have collected about you in the prior 12 months
Right to Delete: You can request deletion of your personal information, subject to certain legal exceptions
Right to Correct: You can request correction of inaccurate personal information
Right to Opt-Out of Sale/Sharing: We do not sell or share your personal information for cross-context behavioral advertising
Right to Limit Use of Sensitive Personal Information: You may limit our use of sensitive personal information (which includes your financial data, precise geolocation, and audio data) to purposes necessary to provide the Service
Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights

Categories of sensitive personal information we collect: financial account information (bank data via Teller), precise geolocation data, and audio recordings (voice-to-text).

To exercise any of these rights, please contact us at sylksupport@gmail.com. We will verify your identity and respond within 45 days.

8. Location Tracking

Sylk collects location data in the following circumstances:

Supervisor clock-in/clock-out: GPS coordinates are captured at the time of clock-in and clock-out to verify presence at service locations
Distance calculations: Your location may be used to calculate travel distances to service locations for appointment reminders
Location geocoding: Project addresses are converted to coordinates for mapping and distance features

Location data is collected only while the app is in use (foreground). We do not track your location in the background or outside of the specific features described above.

How to opt out: You can revoke location permissions at any time through your device's Settings app. Some features that depend on location (distance calculations, clock-in location verification) will be limited if location access is disabled.

9. Voice & Audio Data

When you use the voice-to-text feature in Sylk, the following occurs:

Your voice is recorded through your device's microphone
The audio recording is transmitted securely to our transcription provider (Deepgram or Groq)
The provider converts the audio to text and returns the transcription
The text transcription is saved in your account (in daily reports, notes, or chat messages)
The original audio recording is not permanently stored by Sylk or our transcription providers under their API terms

How to opt out: You can revoke microphone permissions at any time through your device's Settings app. Voice-to-text features will be unavailable, but you can still type all input manually.

10. Financial Data

Sylk handles financial information through secure, regulated third-party providers:

10.1 Bank Connections (Teller)

When you connect a bank account, Teller securely handles authentication with your bank. Sylk receives account identifiers, account names and types, and transaction data. We never see or store your bank login credentials. Teller access tokens are stored encrypted on our servers and are never exposed to the mobile app.

10.2 Payments (Stripe)

Subscription payments are processed entirely by Stripe. We never see, process, or store your full payment card number. Stripe is PCI-DSS Level 1 certified, the highest level of security certification.

10.3 Project Financial Data

Project-level financial data (budgets, expenses, income, invoices) is stored in our database with encryption at rest and protected by row-level security policies ensuring each user can only access their own financial data.

11. Data Security

We implement industry-standard security measures to protect your data:

Encryption in transit: All data transmitted between your device and our servers uses HTTPS/TLS encryption
Encryption at rest: Data stored in our database and file storage is encrypted at rest
Row-Level Security: Database policies ensure each user can only access their own data and data explicitly shared with them through the team hierarchy
Authentication: Secure JWT-based authentication with encrypted password storage
Server-side secrets: Bank access tokens, API keys, and sensitive credentials are stored on our servers only and are never exposed to the mobile application
Access controls: Role-based access controls limit data visibility based on your role within the organization

While we strive to protect your information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

12. Data Retention & Deletion

We retain your personal information for as long as your account is active or as needed to provide the Service.

Account deletion: When you delete your account, all associated data (profile, projects, estimates, invoices, workers, chat history, AI memories, financial records, photos, and notifications) is permanently deleted within 30 days
Audio recordings: Not permanently stored — only text transcriptions are retained
Financial records: May be retained for the legally required period for tax and accounting purposes even after account deletion
Bank connections: Teller access tokens are revoked and deleted upon account deletion or when you disconnect a bank account
Subscription data: Billing records maintained by Stripe are subject to Stripe's own data retention policies

To request deletion of your account and data, contact us at sylksupport@gmail.com.

13. Children's Privacy

Sylk is a professional business management tool intended for users who are 18 years of age or older. We do not knowingly collect personal information from anyone under the age of 18. If we learn that we have collected personal information from a person under 18, we will promptly delete that information. If you believe a minor has provided us with personal information, please contact us at sylksupport@gmail.com.

14. Data Breach Notification

In the event of a data breach that compromises the security of your personal information, we will:

Notify affected users via email and in-app notification as promptly as possible and in compliance with applicable state notification laws
Describe the nature of the breach, the types of information affected, and the steps we are taking in response
Provide guidance on steps you can take to protect yourself
Report the breach to relevant regulatory authorities as required by law

15. Your Rights & Choices

You have the following rights regarding your personal information:

Access: Request a copy of the personal information we hold about you
Correction: Request correction of inaccurate or incomplete information
Deletion: Request deletion of your account and associated data
Location opt-out: Revoke location permissions through your device settings
Voice opt-out: Revoke microphone permissions through your device settings
Notification preferences: Manage push notification types and quiet hours in-app
Bank disconnection: Disconnect bank accounts at any time through the app
AI memories: Your AI-learned preferences can be corrected or deleted

To exercise any of these rights, contact us at sylksupport@gmail.com.

16. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will:

Update the "Effective Date" at the top of this page
Notify you via email and/or in-app notification
Where required by law, obtain your consent before applying material changes

We encourage you to review this Privacy Policy periodically. Your continued use of the Service after changes are posted constitutes your acceptance of the updated policy.

17. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: sylksupport@gmail.com

We will respond to all inquiries within 30 days.