Privacy Policy
Effective date: July 14, 2026
This Privacy Policy describes how NDUSTRA ("NDUSTRA," "we," "us") collects, uses, and protects information in connection with the NDUSTRA platform, applications, and website (the "Service"). NDUSTRA is a business-to-business field management platform: most information in the Service is submitted by our business customers ("Customers") about their own operations, and we process that information on the Customer's behalf.
1. Information We Collect
- Account information — name, email address, phone number, role, and login credentials for users a Customer provisions on the Service.
- Customer business data — information Customers enter into the Service in the course of using it, such as projects, jobs, schedules, estimates, invoices, purchase orders, equipment, safety records, and workforce records (including employee names, contact details, positions, certifications, time and labor entries, and, where a Customer uses payroll-related features, compensation-related data).
- Integration data — when a Customer connects a third-party service (for example, QuickBooks Online), we store the connection credentials (encrypted) and exchange the data the Customer directs us to sync, such as customers, vendors, invoices, bills, and time entries.
- Usage and log data — technical information generated by use of the Service, such as IP addresses, device and browser type, pages viewed, and actions taken, used for security, auditing, and improving the Service.
- Website inquiries — if you submit a demo request or contact form on ndustra.com, we collect the details you provide (name, email, company, message).
2. How We Use Information
- To provide, operate, secure, and support the Service.
- To perform integrations the Customer has enabled, exchanging data with third-party services at the Customer's direction.
- To communicate with users about the Service, including operational notices and support.
- To monitor for, prevent, and investigate security incidents, fraud, or misuse.
- To improve the Service, using aggregated or de-identified information where practical.
- To comply with legal obligations.
We do not sell personal information, and we do not use Customer business data for advertising.
3. Third-Party Integrations
Integrations are optional and enabled only by a Customer administrator. When a Customer connects QuickBooks Online or another third-party service, data is shared with that provider only as needed to perform the sync the Customer configures. Authorization uses the provider's own consent flow (for example, Intuit's OAuth), and we store access credentials encrypted. Third-party providers handle data under their own privacy policies. Customers can disconnect an integration at any time from within the Service or from the provider's connected-apps settings, which stops further data exchange.
4. How Information Is Shared
- With the Customer — data in a Customer's account is accessible to that Customer's authorized users according to the roles and permissions the Customer configures.
- Service providers — we use trusted infrastructure and service providers (such as cloud hosting and email delivery) that process data only on our instructions.
- Third-party services — as directed by the Customer through enabled integrations (Section 3).
- Legal — if required by law, legal process, or to protect the rights, safety, or property of NDUSTRA, our Customers, or others.
- Business transfers — in connection with a merger, acquisition, or sale of assets, subject to this Policy.
5. Security
We maintain administrative, technical, and physical safeguards designed to protect information, including:
- Encryption of data in transit (TLS) and at rest.
- Encryption of integration credentials with keys stored separately from the database.
- Tenant isolation enforced at the database layer, so each Customer's data is segregated.
- Role-based access controls, audit logging, and least-privilege practices.
No system can be guaranteed 100% secure, but we work continuously to protect the information entrusted to us.
6. Data Hosting and Location
The Service is hosted on Amazon Web Services (AWS) in the United States.
7. Data Retention
We retain Customer data for as long as the Customer's account is active or as needed to provide the Service. After termination, Customers may request an export of their data, after which we delete or de-identify it within a commercially reasonable period, except where retention is required for legal, audit, or security purposes.
8. Your Choices and Rights
Because NDUSTRA processes most personal information on behalf of its Customers, individuals whose information appears in a Customer's account (for example, a Customer's employees) should direct access, correction, or deletion requests to that Customer. We will assist our Customers in responding to such requests. For information NDUSTRA controls directly (such as website inquiries), you may contact us at the address below to access, correct, or delete your information, subject to applicable law.
9. Children
The Service is intended for business use and is not directed to children under 16. We do not knowingly collect personal information from children.
10. Changes to This Policy
We may update this Policy from time to time. Material changes will be communicated to Customers and reflected by the effective date above.
11. Contact
Questions about this Policy or our data practices: info@ndustra.com
