Privacy Policy
Privacy Policy
Effective Date: May 8, 2026 Last Updated: May 8, 2026 Version: 1.0
Plain-language summary: We are Landscaper Agent LLC, a software company in Tennessee. We collect the information you put into the Service so we can run it for you, plus standard usage and operational data so we can keep it secure, billed correctly, and steadily improving. We do not sell your data. We do not share it with advertising networks. Some of your data flows through service providers (listed in Section 4) who help us run the platform. You have rights over your data, including access, correction, and deletion — see Section 8. The full policy below explains the details.
1. Introduction
This Privacy Policy explains how Landscaper Agent LLC ("we," "us," or "our") collects, uses, shares, and protects information when you use the Landscaper Agent application, website, and related services (collectively, the "Service"). The Service is a software platform built for landscape contractors to run their businesses, including managing clients, jobs, schedules, quotes, invoices, communications, photos, and AI-assisted design and proposal tools.
By creating an account or using the Service, you agree to the practices described here. If you do not agree, do not use the Service.
This policy applies to professional users of the Service ("you," "your," or "Users") — typically business owners, managers, and crew members of landscape contracting businesses. It does not apply to the end customers of those businesses, whose personal information you input into the Service. Your handling of that end-customer data is governed separately by our Terms of Service and the Data Processing Addendum included therein (TOS Section 9).
2. Information We Collect
2.1 Information You Provide Directly
When you create an account and use the Service, you provide us with:
- Account information — name, email address, password (stored as a hash, never in plain text), business name, business address, phone number, and role (owner, manager, crew member).
- Business operating data — your clients, properties, jobs, quotes, invoices, schedule, photos, plant lists, pricing data, materials catalogs, equipment records, and similar operational records that you input or upload into the Service.
- Communications content — messages you send through the in-app communications inbox (SMS via our integrated provider, email replies), notes attached to clients or jobs, and AI prompts you submit.
- Payment information — when you subscribe to a paid plan, payment is processed by Stripe, Inc. We do not see or store your full payment card number; we receive only a last-four digits and a tokenized customer reference from Stripe.
- Optional integrations — if you connect Jobber or other third-party services, we receive data those platforms share via their APIs as authorized by you.
2.2 Information Collected Automatically
When you use the Service, we automatically collect:
- Usage data — pages and features accessed, actions taken (e.g., creating an estimate, generating a design render), buttons clicked, time spent, and feature engagement metrics.
- AI interaction logs — the prompts you send to AI features and metadata about generations (model used, tokens consumed, cost, success/failure, timestamps). The full content of AI prompts and responses is retained for billing reconciliation, abuse prevention, and product improvement, but is not used to train third-party AI models without your explicit instruction.
- Crew operational data — when crew features are enabled, the Service may record GPS coordinates at clock-in and clock-out, photos at job sites, timesheet entries, and job-completion records. These are collected at your direction as the account owner and operator. See Section 10 of our Terms of Service for your obligations as the employer.
- Device and connection data — IP address, browser type and version, operating system, device type, language preference, time zone, and approximate location derived from IP.
- Diagnostic data — error logs, crash reports, performance metrics, and stack traces. We use these to detect bugs, monitor stability, and prioritize fixes.
2.3 Information from Third Parties
We may receive information about you from third parties when you use related services. For example:
- Stripe sends us payment confirmations, subscription status, and dispute notices.
- Twilio sends us delivery status, opt-out events, and complaint reports for SMS you send.
- Resend sends us delivery, bounce, and complaint reports for email.
- Jobber (if connected) sends us your business records via its API, in scope of the permissions you grant.
- Cloudflare provides aggregate traffic data and abuse signals.
3. How We Use Information
We use the information described in Section 2 to:
- Provide and operate the Service — authenticate you, run the features you use, save your work, sync across devices, generate AI content, send communications you initiate, and process payments.
- Communicate with you — send transactional messages (signup confirmations, billing receipts, security alerts, service updates), respond to support requests, and — only if you opt in — send product news and marketing emails.
- Maintain security and prevent abuse — detect unauthorized access, fraud, misuse of AI features, spam, and violations of our Terms of Service or Acceptable Use Policy.
- Comply with legal obligations — respond to lawful subpoenas, court orders, tax filings, and other legal requirements.
- Bill you accurately — measure plan usage, AI consumption, and overage so we can charge you correctly, with transparency in your account.
- Improve the Service — analyze how features are used, identify friction points, prioritize roadmap, and test new functionality.
- Aggregate and de-identify data for cross-tenant insight — at an aggregated and de-identified level (with no information that could reasonably identify you, your business, your employees, or your end customers), analyze patterns across the entire user base to improve the Service for everyone. Examples include regional pricing benchmarks, route efficiency models, plant performance trends, and AI prompt quality. This data is never sold and never shared with advertising networks.
4. How We Share Information
We share information only as described below. We do not sell your personal information. We do not share your personal information with advertising networks or for cross-context behavioral advertising.
4.1 Subprocessors
We use the following service providers ("subprocessors") to operate the Service. Each is bound by contractual confidentiality and security obligations.
| Subprocessor | Purpose | Data Categories | Location |
|---|---|---|---|
| Supabase, Inc. | Database, authentication, file storage | All Service data | United States |
| Stripe, Inc. | Payment processing | Billing data, last-four card digits, customer reference | United States |
| Twilio Inc. | SMS delivery and communications inbox | Phone numbers, message content, delivery metadata | United States |
| Resend, Inc. | Transactional email delivery | Email addresses, message content, delivery metadata | United States |
| Anthropic, PBC | AI generation (Claude models) | AI prompts and outputs you submit to AI features | United States |
| OpenAI, L.L.C. | AI generation (image and text models) | AI prompts and outputs you submit to AI features | United States |
| Cloudflare, Inc. | Hosting, CDN, DDoS protection | All Service traffic | Global edge network |
| Jobber Software Inc. | Optional two-way sync (if you connect it) | Business records you authorize | Canada |
| Google LLC (Workspace) | Email infrastructure for support@/privacy@/legal@ | Email addressed to those mailboxes | United States |
We will update this list before adding a new subprocessor that materially changes the data flow. The current list always lives in this Policy, and material updates trigger the change-notice process in Section 11.
4.2 Other Sharing
We may also share information:
- With your authorization — when you direct us to share, export, or integrate your data with another party.
- With professional advisors — lawyers, accountants, and auditors bound by confidentiality, when reasonably needed for our operations.
- In a corporate transaction — if we are acquired, merged, or sell substantially all our assets, your information may transfer to the acquiring entity, subject to this Policy or a successor with materially equivalent protections.
- For legal reasons — in response to a valid subpoena, court order, or other lawful legal process; to enforce our agreements; to protect the rights, property, or safety of us, our users, or others; or to comply with applicable law.
- As aggregated or de-identified data — that cannot reasonably be used to identify you.
5. Local Storage and Similar Technologies
The Service stores limited data in your browser to function. This is sometimes called "cookies," but the Service does not currently use third-party advertising or tracking cookies of the kind that trigger most consent banner requirements.
5.1 What We Store in Your Browser
- Authentication tokens — issued by our authentication provider (Supabase) so you stay logged in without re-entering your password on every request.
- Application state — your current view, draft estimates, draft messages, and similar work-in-progress data so it isn't lost on a page reload.
- Preferences — UI settings (e.g., sidebar collapsed, theme, last-viewed tab) so the Service remembers how you like it.
These items are categorized under most laws (including CCPA/CPRA and the EU ePrivacy Directive) as "strictly necessary" — required for the Service to function — and do not require opt-in consent. We disclose them here for transparency.
5.2 What We Don't Use
As of the Effective Date above, we do not use:
- Third-party advertising cookies
- Cross-site tracking cookies
- Meta Pixel, Google Ads, or similar advertising trackers
- Behavioral retargeting
5.3 If This Changes
If we add third-party analytics (e.g., Posthog, Sentry replay, Google Analytics, Meta Pixel) in the future, we will:
- Update this Section 5 to disclose the new technology and its purpose.
- Add a consent banner where required by applicable law (EU/UK/Brazil/etc.).
- Provide an opt-out mechanism where required by US state law (California, Colorado, Connecticut, Virginia, etc.).
- Notify you per Section 11 (Changes to This Policy).
6. Data Retention and Deletion
6.1 Retention Periods
We retain information only as long as needed for the purposes described in this Policy:
- Active account data — retained while your account is active.
- Account-deletion grace period — 30 days after you close your account or stop paying, during which you can recover the account and data.
- Standard backup retention — operational backups of the Service are retained for up to 90 days from the date of backup.
- Billing and tax records — retained for 7 years to comply with US federal and state tax law.
- Legal-hold or dispute records — retained as long as a litigation hold, regulatory investigation, or active legal claim requires.
- Aggregated and de-identified data — retained indefinitely, since it cannot reasonably be linked back to you.
6.2 Deletion on Request
You may request deletion of your account and personal data at any time by emailing privacy@landscaperagent.com or, where available, using the in-app deletion control. We will delete or anonymize personal data within 30 days of a verified deletion request, except for information we are legally required or permitted to retain (e.g., billing/tax records, fraud investigation records, dispute records).
6.3 Backups
Deleted data may persist in encrypted backups for up to 90 days before being overwritten. Backups are not restored to live systems except for disaster recovery.
7. Security
We use reasonable administrative, technical, and physical safeguards to protect personal information, including:
- Encryption in transit (TLS) for all communication with the Service.
- Encryption at rest for primary data stores.
- Hashed-and-salted password storage; we never see or store plain-text passwords.
- Role-based access controls inside the company; only personnel with a need-to-know access production data, and access is logged.
- Multi-factor authentication on critical administrative accounts.
- Routine security review and patch management.
No system is perfectly secure. If we suffer a confirmed security incident affecting your personal information, we will notify you and any required authorities without undue delay, in accordance with applicable law.
8. Your Rights
Depending on where you live, you may have some or all of the following rights over the personal information we hold about you:
- Access — request a copy of the personal information we hold.
- Correction — request that we correct information that is inaccurate.
- Deletion — request that we delete your personal information.
- Portability — request a copy of your information in a portable, machine-readable format.
- Restriction — ask us to limit certain processing.
- Objection — object to certain processing.
- Withdraw consent — for processing that relies on consent, withdraw it at any time without affecting the lawfulness of processing before withdrawal.
- Non-discrimination — exercise these rights without us treating you adversely (e.g., terminating your account purely because you asserted a right).
8.1 How to Exercise Your Rights
Email privacy@landscaperagent.com with your name, the email associated with your account, and a description of the request. We will respond within the timeframe required by applicable law (typically 30–45 days). We may need to verify your identity before fulfilling certain requests.
You may authorize an agent to act on your behalf. Agent requests must include verifiable proof of authorization.
8.2 California Residents (CCPA/CPRA)
If you are a California resident, the California Consumer Privacy Act, as amended by the California Privacy Rights Act ("CCPA/CPRA"), gives you specific rights:
- The categories of personal information we collect, the sources, and the purposes are described in Sections 2 and 3.
- We do not "sell" personal information as that term is defined under California law, and we do not "share" personal information for cross-context behavioral advertising.
- The categories of personal information disclosed to subprocessors for a business purpose are described in Section 4.1.
- You may exercise the rights to know, delete, correct, and limit the use of sensitive personal information by contacting us at privacy@landscaperagent.com.
- We will not retaliate against you for exercising your CCPA/CPRA rights.
8.3 EU/UK/Swiss Residents (GDPR / UK GDPR / FADP)
If you are in the European Economic Area, the United Kingdom, or Switzerland, the GDPR (or its UK or Swiss equivalent) gives you the rights listed above. Our legal bases for processing are typically:
- Performance of a contract — to provide the Service to you.
- Legitimate interests — to operate, secure, and improve the Service.
- Consent — for any processing that requires it (e.g., marketing email opt-in).
- Legal obligation — to comply with applicable law.
You have the right to lodge a complaint with a supervisory authority in your country of residence.
8.4 Other US States
Residents of Colorado, Connecticut, Virginia, Utah, Texas, Oregon, Montana, and other states with comprehensive privacy laws have substantially similar rights to those listed above. To exercise them, contact privacy@landscaperagent.com.
9. Children's Privacy
The Service is intended for use by professionals operating landscape contracting businesses and is not directed at children under 16. We do not knowingly collect personal information from children. If we learn we have collected such information, we will delete it. If you believe a child has provided us with personal information, contact privacy@landscaperagent.com.
10. International Users
The Service is operated from the United States. If you access it from outside the United States, your information will be transferred to, stored, and processed in the United States and other countries where our service providers operate. By using the Service, you consent to such transfer.
For transfers from the European Economic Area, the United Kingdom, or Switzerland, we rely on Standard Contractual Clauses or other lawful transfer mechanisms with our subprocessors.
11. Changes to This Policy
We may update this Policy from time to time. When we make material changes, we will notify you via the Service or by email and update the "Last Updated" date and version number above. Continued use of the Service after the effective date of an updated Policy constitutes acceptance of the changes.
We retain previous versions of this Policy. To request a prior version, email privacy@landscaperagent.com.
12. Contact Us
For questions about this Policy or to exercise your privacy rights:
Landscaper Agent LLC c/o Northwest Registered Agent Inc., 116 Agnes Rd, Ste 200, Knoxville, TN 37919
Privacy requests: privacy@landscaperagent.com
General support: support@landscaperagent.com
Legal notices: legal@landscaperagent.com