Privacy Policy

Last updated: May 18, 2026 · Effective: May 18, 2026

This policy explains what Siteward (operated by Train Flights LLC) collects, how we use it, and the choices you have. We do not sell your personal information, and we do not use it for advertising. We share an RfQ only with the contractor you chose, plus the limited service providers needed to run Siteward.

1. Who this applies to

This policy applies to the Siteward iOS app, the contractor portal at app.getsiteward.com, and the marketing site at getsiteward.com (together, the "Service"). The Service is intended for users in the United States and is not directed to children under 13.

2. What we collect

From homeowners (iOS app)

Account information. When you sign in with Apple, we receive an opaque user identifier from Apple, and — if you choose to share them — your name and email address. If you elect Apple's private email relay, only the relay address reaches us.
RfQ content. The Request for Quote you build and submit: room scans (including LiDAR-generated 3D scans), photos, video, audio recordings, room measurements, project type, budget range, timeline, and free-text notes.
Contact and location information you provide in the RfQ. Customer name, city, region, country, and any other detail you type into the request.
Device permissions you grant. Camera, microphone, and (where applicable) LiDAR access — used only while you are actively capturing for an RfQ.

From contractors (contractor portal)

Account information. The work email address we onboard you with, your name, and your contractor organization.
Status changes and notes you record against each RfQ.

From everyone

Session and security data. A randomly-generated session token (we store only its hash), session expiration timestamps, the timestamps of your requests, and your IP address as observed by our hosting provider.
Technical logs. Standard request logs from our hosting provider, used for operations, debugging, and abuse prevention.

We do not use third-party advertising trackers, cross-site advertising cookies, or analytics SDKs in the iOS app. The marketing site loads Google Fonts; no other third-party trackers are embedded.

3. How we use it

To create and authenticate your account.
To deliver an RfQ to the contractor you selected, and to show that RfQ in their portal.
To send transactional email — magic-link sign-in for contractors and new-RfQ notifications.
To operate, maintain, secure, and improve the Service, including enforcing submission limits and investigating abuse.
To comply with legal obligations and to respond to lawful requests.

We do not use your data to train third-party AI models.

4. How we share it

With your chosen contractor

When you submit an RfQ, the contractor you selected receives the full request, including the media you captured and the contact details you included. We do not share an RfQ with any other contractor unless you submit a new request to them.

With service providers ("processors")

We use a small set of vendors to run Siteward. Each is contractually limited to processing your information on our behalf:

Provider	What they do for us
Cloudflare (Workers, D1, R2, Pages)	Hosting the contractor portal, storing structured data, storing media files, and serving the marketing site.
Apple	Sign in with Apple authentication for the iOS app, and App Store distribution.
Resend	Sending transactional email (magic-link sign-in and new-RfQ notifications).
Google Fonts	Serving the typeface used on the marketing site.

For legal and safety reasons

We may disclose information if we believe in good faith that it is required by law, valid legal process, or necessary to protect the rights, property, or safety of Siteward, our users, or the public.

Business transfers

If Siteward is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you (for example, by email or in-app notice) if your information becomes subject to a materially different privacy policy as a result.

5. What we do not do

We do not sell your personal information.
We do not "share" your personal information for cross-context behavioral advertising.
We do not auction your RfQ to multiple contractors. It goes only to the one you selected.
We do not embed third-party advertising or analytics SDKs in the iOS app.

6. How long we keep it

Media files (photos, video, audio, LiDAR scans) are retained on our storage provider for approximately 180 days from upload and then automatically deleted. After deletion, the contractor portal continues to show that the media existed but the bytes are no longer retrievable.
RfQ metadata (the request itself, status events, customer name and contact fields) is retained for as long as your account exists and for a reasonable period thereafter for audit and dispute resolution.
Account records are retained while your account is active. If you ask us to delete your account, we delete or anonymize personal identifiers, except where retention is required by law or to resolve disputes and enforce our agreements.
Session tokens are stored only as a SHA-256 hash and expire on a sliding one-year window.

7. Security

We use industry-standard practices: TLS in transit, encrypted storage with our hosting provider at rest, scoped credentials, per-organization isolation in the database, hashing of session tokens, and least-privilege access by our team. No system is perfectly secure; you use Siteward at your own risk and are responsible for protecting your device, your Apple ID, and your email account.

8. Your rights and choices

Regardless of where you live, you can:

Access the RfQs you have submitted, from the iOS app.
Withdraw an RfQ from the iOS app. This marks it withdrawn in the contractor portal; we cannot retract any view, screenshot, or download the contractor already made before withdrawal.
Revoke device permissions (camera, microphone, location) at any time in iOS Settings.
Stop using Apple Sign-In by revoking Siteward's access from Settings → your Apple ID → Sign in with Apple.
Request deletion or a copy of your personal information by emailing [email protected]. We will verify your request using the email or Apple-relay address tied to your account.

Depending on your state of residence, you may have additional rights — for example, in California (under the CCPA/CPRA), Virginia, Colorado, Connecticut, Utah, and other states with comprehensive privacy laws, you may have the right to know, correct, delete, port, or limit certain processing of your personal information. To exercise these rights, email [email protected]. We do not discriminate against you for exercising your rights. If we deny a request, you may appeal by replying to our denial; we will respond within the time required by applicable law.

9. Children

Siteward is not directed to children under 13, and we do not knowingly collect personal information from them. If you believe a child has provided us with personal information, please contact us and we will delete it.

10. International users

Siteward is operated from, and intended for users in, the United States. If you access Siteward from outside the United States, you understand that your information will be processed in the United States, where data-protection laws may differ from those in your country.

11. Apple Sign-In specifics

When you sign in with Apple, Apple shares with us a stable, opaque user identifier scoped to Siteward and, if you choose, your name and an email address (which may be Apple's private relay address). If you revoke Apple Sign-In for Siteward, you will no longer be able to sign in; existing RfQs remain on the contractor's side until they age out or you ask us to delete them.

12. Changes to this policy

We may update this policy from time to time. We will update the "Last updated" date and, for material changes, provide more prominent notice (for example, in the app or by email). Your continued use of the Service after a change means you accept the updated policy.

13. Contact

Train Flights LLC · [email protected]