Privacy Policy

SideWRK ("SideWRK", "we", "us") provides software that helps side-job and mobile mechanics run their business — customers, vehicles, estimates, invoices, payments, photos, and documentation. This policy explains what we collect, how we use it, and the choices you have. By using SideWRK you agree to this policy.

Who is responsible for the data

Two kinds of data flow through SideWRK:

• Your account data — we are responsible for the information you give us to run your SideWRK account (e.g., your email and business profile).
• Your customers' data — the customer names, phone numbers, emails, vehicles, photos, notes, and job records you enter belong to your business. You control that data; we process it on your behalf to provide the service. You are responsible for having the right to collect it and for how you use it.

Information we collect

• Account & profile: email address, and the business profile you add (business name, owner name, address, phone, registration/ARD number, logo, default labor rate).
• Business records you enter: customers, vehicles (incl. VINs), jobs, line items, notes, odometer/tire readings, photos and videos, payments, and authorization records.
• Usage analytics: a lightweight, privacy-conscious event beacon (e.g., page/feature usage) tied to a random anonymous identifier — used to understand how the app is used and improve it.
• Technical data: standard server logs (such as IP address and browser type) kept by our infrastructure providers for security and reliability.

We do not knowingly collect more than we need, and we do not sell personal information.

How we use information

• To provide and operate SideWRK (create estimates/invoices, render the customer approval page, send email, look up VINs/recalls, etc.).
• To secure accounts, prevent abuse, and troubleshoot.
• To improve features based on aggregate, de-identified usage.
• To communicate with you about your account and important service or security changes.

Service providers we share data with

We use a small set of trusted providers to run the service. They process data only to provide their service to us:

• Supabase (database, authentication, and file storage; hosted on AWS, US region) — stores your account and business records.
• Cloudflare (web hosting/CDN) — serves the app and the customer estimate pages.
• Resend (email delivery) — sends account emails and the branded estimates/invoices you email to customers.
• NHTSA (U.S. government VIN-decode and recall APIs) — when you scan or look up a VIN, that VIN (and year/make/model) is sent to NHTSA to return vehicle details and open recalls.
• OpenStreetMap (parts-store search) — when you search for nearby parts stores, the area/coordinates you provide are sent to perform the search.
• Stripe (payments, once enabled) — will process subscription and, if you enable it, customer card payments. Card details are handled by Stripe, not stored by us.

We may also disclose information if required by law, or to protect the rights, safety, and security of SideWRK and its users.

The customer estimate / approval page

When you send an estimate, SideWRK creates an unguessable link (e.g., sidewrk.app/?e=…) that shows that one job's estimate, photos, and approve/decline buttons. The page is token-gated and not indexed by search engines, and it never reveals your private part costs. Anyone you share that link with can view and respond to that estimate.

Data retention & deletion

We keep your data while your account is active. You can edit or delete customers, vehicles, jobs, and files in the app at any time. To delete your account and associated data, contact us and we'll process the request. Some records may be retained as required for legal, tax, or security reasons.

Security

Data is encrypted in transit (HTTPS). Each account's records are isolated at the database level (row-level security), and files live in a private store accessible only to your account or via the unguessable estimate links you choose to share. No system is perfectly secure, but we work to protect your data.

Your choices & rights

Depending on where you live (for example, under the California Consumer Privacy Act or GDPR), you may have rights to access, correct, export, or delete personal information, and to object to certain processing. To exercise these rights, contact us. If your request involves your customers' data, we will help you act on it as the business that controls that data.

Children

SideWRK is a business tool intended for adults (18+). It is not directed to children, and we do not knowingly collect their information.

International

SideWRK is operated from, and stores data in, the United States. If you use it from elsewhere, you consent to processing in the U.S.

Changes

We may update this policy; we'll change the "Last updated" date above and, for material changes, take reasonable steps to notify you.

Contact

Questions or requests: [email protected].