Privacy Policy

1. Introduction

Service Link Commercial (“SLC,” “we,” “us,” or “our”) operates an internal operations platform used by SLC employees and contractors, delivered as a web application at app.svclink.com and as a companion Android application (“ServiceLink Ops”). This policy describes what information the Platform collects, how it is used, how it is protected, and the choices users have. The Android application is distributed to SLC personnel only and is not intended for use by the general public.

2. Information We Collect

The Platform collects the following categories of information:

• Account information: Name, email address, phone number, and role assigned to each user of the Platform. Phone numbers are used for work-related contact and for optional SMS notifications tied to job assignments.
• Precise location (mobile app):When a field technician clocks in, clocks out, starts a job, or completes a job on the Android app, the device’s precise GPS coordinates are captured and attached to that event. Location is collected only at the moment of these explicit actions and is used to verify that work occurred at the correct property. The app does not track continuous background location.
• Photos and camera access:Field technicians may capture job-site photos (before/after, damage documentation, equipment). Photos are uploaded to SLC’s secure storage and associated with the corresponding job record. The camera is used only when the user explicitly initiates a photo capture within the app.
• Operational data: Timecards, purchase orders, payroll records, job assignments, signatures, and other business records created by authorized users.
• Integration data (Jobber, QuickBooks):When an SLC administrator connects an integration, the Platform accesses client records, jobs, quotes, invoices, users, and custom field configurations via the third-party API on SLC’s behalf.
• Push notification tokens: If the user allows notifications, a device push token is stored so that job assignments, schedule changes, and approvals can be delivered. Tokens are used solely for app-related work notifications, never for marketing.
• Diagnostics and crash data: Anonymized crash reports and error telemetry (stack traces, device model, OS version, app version) are collected to diagnose problems. Diagnostics do not include contact information, photos, or location data.
• Usage and security logs: Timestamps, IP addresses, and actions taken within the Platform are logged for security monitoring, audit, and abuse prevention.

3. How We Use Information

Collected information is used to:

• Operate and maintain the Platform and its integrations
• Verify that field work was performed at the correct property (GPS check)
• Synchronize field service data between Jobber, QuickBooks, and SLC workflows
• Process timecards, approvals, and contractor payroll
• Authenticate users and enforce role-based access controls
• Deliver work-related push and SMS notifications the user has opted into
• Diagnose crashes, bugs, and performance issues
• Monitor for unauthorized access and maintain the security of SLC data

We do not use personal information for advertising, do not sell personal information, and do not share personal information with third parties except the service providers described below.

4. Android Permissions

The ServiceLink Ops Android app requests the following permissions. Each is used only for the purpose described and only at the time the user performs the corresponding action:

• Location (fine/coarse, foreground and background): GPS-stamp clock-in, clock-out, and job start/complete events. Background location is used only to keep a clock-in session accurate when the screen is off during a job; it is not used to profile users.
• Camera: Capture job-site photos initiated by the user.
• Notifications: Deliver job assignments and schedule alerts.
• Biometric:Optional fingerprint/face unlock of the app’s session. Biometric data never leaves the device.
• Internet, foreground service: Sync records with the SLC server and keep clock-in active while the app is in the background.

Permissions can be revoked at any time from Android Settings > Apps > ServiceLink Ops > Permissions. Revoking location or camera will disable the related features but will not otherwise prevent use of the app.

5. Data Sharing and Service Providers

We do not sell, rent, or share personal information for marketing. Data is processed by the following service providers solely to operate the Platform:

• Supabase — database, authentication, file storage
• Vercel — web application hosting
• Microsoft 365 — transactional email and OAuth sign-in
• Google Firebase Cloud Messaging — Android push notifications
• Sentry — crash and error diagnostics (anonymized)
• Intuit QuickBooks and Jobber — business data synchronization when connected by an administrator

Each provider is contractually required to protect the data they process on our behalf.

6. Data Security

Data is transmitted over TLS, stored in Supabase with row-level security enforced server-side, and protected by role-based access controls. OAuth tokens and credentials are stored encrypted and never exposed to the client. Administrative access is limited to named SLC personnel. Security-relevant events are logged and monitored.

7. Data Retention

Operational records (timecards, job records, invoices) are retained as long as necessary for business, tax, and legal purposes. Diagnostic and log data are retained for up to 90 days. OAuth tokens are deleted immediately upon integration disconnection. User accounts are deactivated upon termination of employment or contractor relationship with SLC.

8. Integrations and OAuth

The Platform connects to Jobber and QuickBooks using OAuth 2.0. When an administrator authorizes a connection, the provider grants the Platform an access token that allows SLC to read and write that provider’s data on SLC’s behalf. Tokens are stored encrypted and used only for Platform operations. An administrator can revoke access at any time from within the Platform (Settings → Integrations → Disconnect) or directly from the provider’s connected-apps settings. Upon disconnection, stored tokens are deleted.

9. Your Rights and Data Deletion

SLC personnel may request access to, correction of, or deletion of their personal information by contacting SLC administration at gusgabel@svclink.com. Because the Platform is an internal employer system, some operational records (e.g. timecards, payroll) must be retained for tax and legal compliance even after a deletion request; where retention is required, we will describe what is kept and why. All other personal data will be deleted within 30 days of a verified request.

10. Children

The Platform is an internal operations tool for SLC employees and contractors. It is not directed to children under 13, and we do not knowingly collect information from children.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated to affected users. Continued use of the Platform after changes are posted constitutes acceptance of the updated policy.

12. Contact

For privacy-related questions, data access requests, or deletion requests, contact gusgabel@svclink.com.