Privacy Policy

This Privacy Policy explains what information Foreman ("Foreman", "we", "us") collects, how we use it, and the choices you have. It applies to your use of the Foreman service.

1. Information We Collect

Account Information

When you sign up, we collect your name, business name, email address, and chosen vertical (HVAC, plumbing, electrical, etc.). We may also store login credentials (hashed passwords or third-party sign-in identifiers from Google).

Customer & Operational Data

When you connect third-party accounts, Foreman accesses and stores the data you authorize:

• Gmail — message threads with your customers, used to draft replies and detect inbound responses.
• Google Calendar — your calendar events, used to suggest appointment times and avoid conflicts.
• Twilio — SMS conversations sent through your Twilio number.
• Jobber — your client list, jobs, invoices, and job notes, used to populate Foreman's customer book and extract equipment history.

We also store data you create in Foreman directly: customer notes, voice profile, draft messages, outreach history, and equipment records.

Usage Data

We log basic usage events (page views, agent runs, message sends) to operate, debug, and improve the service. We may collect IP address and user-agent for security and abuse prevention.

2. How We Use Information

• Provide the service: draft outreach, score customers, suggest appointments, send approved messages on your behalf.
• Improve the service: aggregate, anonymized analysis to refine AI prompts, agent logic, and feature priorities.
• Customer support: respond to your questions, debug issues, communicate service updates.
• Security: detect abuse, prevent unauthorized access, enforce these terms.

We do not sell your customer data, and we do not use your customer data to train foundation AI models on behalf of any third party.

3. Third-Party Service Providers

Foreman relies on the following sub-processors to operate:

• Anthropic — large language model API used to draft messages, score customers, and extract structured data. Per Anthropic's API terms, your data sent to the API is not used to train their models.
• Google (Gmail, Calendar APIs) — when you connect these accounts, Google handles authentication and serves the underlying email/calendar data.
• Twilio — SMS message delivery for connected operators.
• SendGrid — transactional email (login links, account notifications).
• Railway — hosting infrastructure where Foreman runs.
• Sentry — error monitoring; may capture stack traces and request metadata.

Each sub-processor receives only the data needed to perform its function and is bound by its own privacy commitments.

4. Data Sharing

We do not sell your personal information. We share data only with the sub-processors listed above, when required by law (subpoena, court order), or with your explicit consent. If Foreman is acquired or merged, your data may transfer to the new entity under the same privacy commitments.

5. Data Retention

We retain account and customer data for as long as your account is active, plus a reasonable period afterward to comply with legal obligations and resolve disputes. You may request deletion at any time by contacting us. Deletion is typically completed within 30 days, except where law requires longer retention.

6. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access the personal information we hold about you.
• Correct inaccurate information.
• Request deletion of your account and associated data.
• Export your data in a portable format.
• Object to or restrict certain types of processing.

To exercise any of these rights, email us at the address below. We respond within 30 days.

7. Disconnecting Integrations

You may disconnect any third-party integration (Gmail, Calendar, Jobber, Twilio) from Foreman's Settings page at any time. This revokes Foreman's access tokens and stops new data from syncing. Data already pulled into Foreman is retained per the retention policy above unless you request deletion.

8. Security

We use industry-standard technical and organizational measures to protect your data, including encryption in transit (HTTPS), authentication tokens stored as hashes where applicable, and strict per-operator data isolation enforced by the application. No method of transmission or storage is 100% secure; we cannot guarantee absolute security.

9. Children's Privacy

Foreman is intended for business use by adults. We do not knowingly collect information from anyone under 18.

10. International Users

Foreman is operated from the United States. By using the service, you consent to the transfer of your information to the United States, which may have different data-protection laws than your country of residence.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated to your account email at least 30 days before they take effect.

12. Contact

Questions about this Privacy Policy or how we handle your data? Email hello@foreman.work.