PunchPad Privacy Policy  

Effective Date: August 23, 2025  

PunchPad respects your privacy. This Privacy Policy explains how we collect, use, and protect your information when you use our mobile application, website, and related services (collectively, the “Services”). By using PunchPad, you agree to this Policy. If you do not agree, do not use the Services.  

Information We Collect  

We collect the following categories of information when you use the Services:  

  • Account Information: Email address, password, billing details, and subscription records.  

  • Usage Data: How you use the app, features accessed, device information, operating system, IP address, browser type, crash logs, and performance data.  

  • Content Data: Tasks, project names, notes, subcontractor tags, and punch list reports you create.  

  • Shared Reports: Information displayed in links you choose to share. These reports are not password protected, and anyone with the link can access them.  

  • Payment Data: Processed by third-party providers. We do not store full credit card numbers.  

  • Communication Data: Emails, support requests, or other messages you send us.  

How We Use Information  

We use your information to:  

  • Provide and operate PunchPad  

  • Authenticate users and secure accounts  

  • Process payments and manage subscriptions  

  • Improve, monitor, and troubleshoot the Services  

  • Develop new features and enhancements  

  • Generate anonymized and aggregated analytics for business and benchmarking  

  • Comply with legal obligations and enforce our Terms of Service  

  • Communicate with you regarding updates, support, and administrative messages  

We do not sell your personal data.  

Usage Data and Analytics  

We collect and analyze anonymized and aggregated usage data to improve PunchPad. This may include error reports, feature adoption, and aggregated behavior patterns. We may share aggregated, de-identified insights publicly or with partners for analytics, but they will never identify you personally.  

Cookies and Tracking Technologies  

PunchPad and our service providers may use cookies, pixels, session replay, and other technologies to:  

  • Authenticate and keep you logged in  

  • Remember preferences  

  • Collect analytics about feature usage  

  • Improve app performance  

You may control cookies through your browser or device settings, but some features may not function properly without them.  

Data Sharing  

We may share your data with:  

  • Service Providers: For hosting, analytics, payment processing, and customer support.  

  • Legal Authorities: When required to comply with law, regulation, legal process, or government requests.  

  • Business Transfers: If PunchPad is involved in a merger, acquisition, or sale of assets.  

  • With Your Consent: When you choose to share links, reports, or information with others.  

We do not allow subcontractors or third parties to edit or add tasks in PunchPad. Subcontractors only receive access to punch list reports you choose to share.  

Data Security  

We implement industry-standard security measures to protect your information. However, no method of electronic transmission or storage is completely secure. You use PunchPad at your own risk.  

Data Retention  

  • Account data is retained as long as your account is active.  

  • Content you delete is permanently removed and cannot be recovered.  

  • If you delete your account, we remove personal data within a commercially reasonable time, except where retention is required by law.  

  • Aggregated, anonymized data may be retained indefinitely.  

Children’s Privacy  

PunchPad is not directed to individuals under 18. We do not knowingly collect personal information from children. If we learn we have collected information from a minor without consent, we will delete it.  

International Users  

PunchPad is based in the United States. If you access the Services from outside the U.S., you consent to the transfer and processing of your data in the U.S., which may not provide the same level of protection as your home jurisdiction.  

Your Rights  

Depending on your jurisdiction (e.g., GDPR, CCPA), you may have rights to:  

  • Access the personal data we hold about you  

  • Request correction or deletion  

  • Opt out of certain data uses, including marketing  

  • Request a copy of your data in portable format 

To exercise these rights, contact us at support@punchpad.app. We may require verification of your identity.  

Marketing Communications  

We may send service announcements and administrative messages that are required. Marketing emails are optional, and you can unsubscribe by following the instructions in the email.  

Data Processing Addendum (DPA)

PunchPad processes Personal Data as a processor/service provider on behalf of its customers.  

  • Customer is the Controller, PunchPad is the Processor (GDPR) and Service Provider (CCPA/CPRA).  

  • PunchPad processes data only to provide the Services, comply with instructions, or as required by law.  

  • PunchPad does not sell or use Personal Data outside the scope of providing the Services.  

  • Subprocessors may be engaged for hosting, analytics, or payment processing. All subprocessors are contractually bound to data protection standards no less protective than those in this DPA. A current list of subprocessors is available upon request.  

  • Personal Data may be transferred internationally. For data originating in the EEA, UK, or Switzerland, PunchPad applies Standard Contractual Clauses (SCCs) or equivalent safeguards.  

  • PunchPad maintains industry-standard security measures to protect Personal Data.  

  • If a data breach occurs, PunchPad will notify Customers without undue delay and cooperate to address the issue.  

  • PunchPad will, at Customer’s expense, provide reasonable assistance with data subject rights requests.  

  • Upon termination of Services, Personal Data will be deleted or returned, except where retention is required by law. Aggregated and anonymized data may be retained indefinitely.  

  • Customers may request, once per year, documentation of PunchPad’s compliance. Audits may be satisfied through third-party certifications or reports.  

  • Each party’s liability under this DPA is subject to the limitations of liability in the PunchPad Terms of Service.  

Changes to This Policy  

We may update this Privacy Policy. If changes are material, we will notify you via email or through the Services. Continued use of PunchPad after changes means you accept the revised policy.  

Contact Us  

PunchPad Privacy Inquiries  

support@punchpad.app  

https://www.punchpad.app