Privacy Policy

Biltit (“we”, “our”, or “us”) operates the Biltit web application and mobile app (the “Service”). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

We collect the following types of information:

• Account information: name, email address, and password when you create an account.
• Profile information: job title, role, and profile photo if provided.
• Project data: project details, tasks, field reports, files, and messages you create within the Service.
• Device information: device type, operating system, and push notification tokens when you use the mobile app.
• Usage data: how you interact with the Service, including pages visited, features used, and timestamps.
• Location data: if you enable site check-in on the mobile app, we collect your approximate location to determine when you are near a project site. Location data is not stored on our servers — it is processed on your device only.

We use your information to:

• Provide, operate, and maintain the Service.
• Send push notifications about task assignments, status changes, approvals, and reminders (you can customize or disable these in notification settings).
• Send transactional emails such as field report summaries and team invitations.
• Improve and personalize your experience.
• Respond to support requests.

We do not sell your personal information. We share data only in the following circumstances:

• Within your workspace: project data is visible to team members in your workspace based on their role and permissions.
• Service providers: we use third-party services that process data on our behalf: Supabase (database and authentication), Expo (push notifications), Resend (email delivery), and Anthropic (AI-powered features such as daily briefings and risk analysis). Project metadata — such as task titles, phase names, and team member names — may be sent to Anthropic to generate insights. No passwords, files, or message content are shared with AI providers.
• Legal requirements: we may disclose information if required by law or to protect our rights.

Your data is stored securely on Supabase infrastructure in the EU (Frankfurt). We use encryption in transit (TLS) and at rest. Access to your data is protected by Row Level Security policies that enforce workspace and role-based access controls.

The mobile app may request permission to send push notifications. You can control which notification types you receive and set quiet hours in the app's notification settings. You can disable all push notifications at any time from your device settings or within the app.

The mobile app stores limited data locally on your device to support offline functionality. This data is synced to our servers when connectivity is restored and can be cleared by signing out of the app.

We retain your data for as long as your account is active. If your account is deleted, we remove your personal information within 30 days, except where required by law.

You have the right to:

• Access, update, or delete your personal information.
• Export your data in machine-readable format (JSON) from your account settings or via the data export API.
• Opt out of non-essential communications.
• Delete your account and all associated data. You can do this from account settings. Upon deletion, your personal data, uploaded files, and notification tokens are permanently removed. Messages you sent are anonymized to preserve conversation context.

The Service is not intended for children under 16. We do not knowingly collect information from children under 16.

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the “Last updated” date.

If you have questions about this Privacy Policy or your data, contact us at privacy@biltit.app.