fieldsmith
← HomeStart free — 14 days

Privacy Policy

Last updated: 2026-04-29

This Privacy Policy explains what information Fieldsmith (“we,” “us”) collects, how we use it, who we share it with, and the choices you have. It applies to fieldsmith.work, the Fieldsmith application, and related services.

1. Who this applies to

We process two kinds of personal data:

  • Account data about you as a Fieldsmith customer (the business owner, crew members, and admins who log in). For this data we're the data controller.
  • End-customer data about the customers, jobs, and payments that you track in your Fieldsmith workspace. For this data you're the data controller and we're a processor acting on your instructions. Our Data Processing Addendum (DPA) governs that relationship.

2. What we collect

Directly from you

  • Account information: name, email, business name, password (hashed), role.
  • Billing information: handled by Stripe. Stripe gives us a token and summary data (card brand, last four, expiry); we don't store card numbers.
  • Content you put in the app: customer records, job details, invoices, notes, files you upload.
  • Support communications: emails you send us, feedback submitted through the in-app widget.

Automatically

  • Usage and device data: pages visited, actions taken, browser type, device type, IP address, timestamps.
  • Cookies and similar technologies: session cookies for authentication, preference storage, and anonymized analytics. We don't use advertising cookies.
  • Crew location (opt-in only): if you enable GPS crew tracking, location pings are recorded during active jobs and retained for the job's lifetime. Location tracking is off by default.

From third parties

  • Payment events from Stripe (successful payments, refunds, disputes).
  • Email delivery events from SendGrid (delivered, bounced, opened).

3. How we use your information

We use personal data to:

  • Provide, maintain, and improve the service.
  • Authenticate you, authorize access, detect and prevent fraud and abuse.
  • Process payments and send invoices.
  • Send service-related emails (trial expiry, billing, security alerts). These are not promotional.
  • Send occasional product updates by email. You can opt out at any time.
  • Respond to support requests and feedback, and investigate safety or policy issues.
  • Comply with legal obligations and enforce our Terms.

We do not sell your personal data. We do not use your Customer Data or end-customer data to train AI models, and we require our AI sub-processor to do the same.

4. Legal bases (EEA, UK, Switzerland)

If you're in the EEA, UK, or Switzerland, we process personal data under these GDPR lawful bases:

  • Contract — to deliver the service you signed up for.
  • Legitimate interests — for analytics, security, fraud prevention, and product improvement.
  • Consent — for optional features like marketing emails or crew location tracking. You can withdraw consent at any time.
  • Legal obligation — to comply with applicable law (tax, accounting, responding to lawful requests).

5. Who we share it with (sub-processors)

We use vetted third-party service providers, all bound by data-protection terms, in the following categories:

  • Database and application hosting (U.S.).
  • Web hosting and content delivery (U.S., global edge).
  • Payment processing (U.S.).
  • Transactional email delivery (U.S.).
  • AI model processing for scheduling and materials features (U.S.).
  • Mapping and routing (U.S.).
  • Error monitoring and analytics (U.S.).

The current named list of sub-processors is available on request to privacy@fieldsmith.work.

We share personal data with law enforcement or other authorities only when we're required to by law and after reviewing the request. We will tell you about a legal request unless legally prohibited.

6. International transfers

Fieldsmith is operated from the United States. If you access the service from outside the U.S., your data is transferred to and processed in the U.S. For transfers subject to GDPR or UK GDPR, we rely on Standard Contractual Clauses (SCCs) with our sub-processors and apply supplementary measures as needed.

7. Data retention

  • Active accounts: we keep data for as long as your account is active.
  • Cancelled accounts: we retain Customer Data for 30 days after cancellation so you can reactivate or export. After 30 days, we delete or anonymize, except where retention is required by law (for example, tax records) or for legitimate business purposes (for example, fraud prevention), in which case we limit the scope of retention.
  • Usage logs: up to 13 months.
  • Crew GPS location data: 90 days after the relevant job ends, unless you set a shorter retention period in your workspace settings.

8. Your rights

Depending on where you live, you may have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate personal data.
  • Delete your personal data (“right to be forgotten”).
  • Restrict or object to certain processing.
  • Port your data to another service.
  • Withdraw consent where we process on the basis of consent.
  • Lodge a complaint with your local data-protection authority.

To exercise any of these rights, email privacy@fieldsmith.work. For end-customer data, please route requests through the Fieldsmith customer who controls it (they're the controller; we're the processor).

9. California residents (CCPA/CPRA)

California residents have additional rights: to know what personal data we've collected, to delete it, to correct it, to opt out of any “sale” or “sharing” of personal data (we do neither), and to limit use of sensitive personal data. We don't discriminate against you for exercising these rights. To submit a request, email privacy@fieldsmith.work.

10. Children

Fieldsmith isn't directed to children under 16, and we don't knowingly collect personal data from them. If you believe a child has given us personal data, contact us and we'll delete it.

11. Security

We use reasonable administrative, technical, and physical safeguards including TLS 1.2+ in transit, encryption at rest (AES-256) via our database provider, scoped access controls, audit logging, and regular dependency patching. No system is perfectly secure; if you discover a vulnerability, please report it to security@fieldsmith.work.

12. Breach notification

If we experience a data breach that affects your personal data, we'll notify you and applicable authorities without undue delay in line with applicable law (for GDPR, within 72 hours where required).

13. Changes to this policy

We may update this Privacy Policy. If we make material changes, we'll notify you by email or in-product notice at least 14 days before the change takes effect.

14. Contact

Email us at privacy@fieldsmith.work for privacy questions, or support@fieldsmith.work for anything else.