This Privacy Policy describes how the BGIS Tagging App ("App", "we", "our", or "us") collects, uses, stores, and protects your information when you use our building inspection application. By using the App, you agree to the practices described in this policy.

1. Information We Collect

1.1 Account Information

When your administrator creates your account, the following information is stored:

• Email address — used for authentication and login
• Display name — your name as shown within the App
• Role — your assigned role (e.g., Assessor, Vendor, Dealer, CT Corporate, Admin)
• Company information — company name and ID for vendor and dealer users

1.2 Inspection Data

As part of building inspections, the App collects data you create:

• Inspection tags — deficiency records including category, subcategory, deficiency area, status, and descriptions placed on building floorplans
• Photos — images you capture or select from your device to document building deficiencies
• Reports — inspection reports including creation dates, stage progression, and vendor assignments
• Annotations — drawings and markups you make on floorplan images

1.3 Location Data

The App may request access to your device's location services for the following purposes:

• Floorplan positioning — to show your real-time position on a building floorplan during inspections
• Building calibration — to calibrate GPS coordinates with floorplan images

Location data is used in real time and is not stored on our servers. You can deny location permissions and still use the App; the location indicator on the floorplan will simply be unavailable.

1.4 Device and Usage Data

• Local storage — the App caches data on your device using local storage to enable offline functionality
• Authentication sessions — login sessions are cached on your device for up to 7 days to support offline access
• Network status — the App monitors your device's network connectivity to manage online/offline synchronization

2. How We Use Your Information

We use the information we collect for the following purposes:

• Authentication — to verify your identity and manage access to the App
• Building inspections — to enable you to create, view, and manage inspection tags and reports
• Role-based access control — to enforce permissions based on your assigned role (e.g., vendors can only view tags assigned to their company)
• Report management — to track inspection reports through their lifecycle stages and coordinate between assessors, dealers, and vendors
• Vendor notifications — to notify assigned vendors about inspection findings relevant to their work
• Offline support — to allow you to continue working without an internet connection, with automatic synchronization when connectivity is restored
• PDF export — to generate printable inspection reports with floorplan annotations and photos

3. Data Storage and Security

3.1 Cloud Storage

Your data is stored in a secure cloud database powered by Supabase (built on PostgreSQL). This includes inspection tags, reports, photos, notifications, and account profiles. Data is transmitted over encrypted HTTPS connections.

3.2 Local Storage

The App stores data locally on your device to support offline functionality. This includes cached inspection data, authentication sessions, and a queue of changes made while offline. Local data is synchronized with the cloud when connectivity is restored.

3.3 Photo Storage

Photos you attach to inspection tags are uploaded to secure cloud storage (Supabase Storage). Photos may be temporarily stored on your device before upload. The App performs automatic cleanup of local photo files after they have been successfully uploaded.

3.4 Security Measures

• All data transmission is encrypted via HTTPS/TLS
• Authentication is managed through Supabase Auth with secure password hashing
• Row-Level Security (RLS) policies enforce data access controls at the database level
• Role-based access control restricts what each user can view and modify
• Authentication tokens are securely stored and automatically refreshed

4. Data Sharing

Your data may be shared in the following ways:

• Within your organization — inspection data and reports are visible to authorized users within your organization based on their role and permissions
• Vendor assignments — when tags are assigned to a vendor company, those vendors can view the relevant tag details for their assigned work
• Report distribution — reports may be shared with dealers and CT Corporate staff as part of the inspection review workflow

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

5. Third-Party Services

The App uses the following third-party services:

• Supabase — cloud database, authentication, real-time synchronization, and file storage. Supabase Privacy Policy
• Expo — development framework for building and distributing the App. Expo Privacy Policy
• OpenAI — voice-to-text transcription (Whisper API) for optional voice input features, if enabled. Audio data is sent to OpenAI for processing. OpenAI Privacy Policy
• Google Maps — map display and places autocomplete for building location features. Google Privacy Policy

6. Data Retention

• Account data is retained for as long as your account is active. Administrators can deactivate accounts, which prevents login access.
• Inspection data (tags, reports, photos) is retained indefinitely as part of building inspection records unless explicitly deleted by an authorized user.
• Local cached data is stored on your device and can be cleared by uninstalling the App or clearing the App's data through your device settings.
• Authentication sessions cached on your device expire after 7 days of being offline.

7. Your Rights

Depending on your jurisdiction, you may have the following rights:

• Access — request a copy of the data we hold about you
• Correction — request correction of inaccurate information
• Deletion — request deletion of your account and associated data
• Data portability — request your data in a portable format
• Withdraw consent — revoke permissions such as location access through your device settings at any time

To exercise any of these rights, please contact your organization's administrator.

8. Children's Privacy

The App is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact your administrator.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we make changes, we will update the "Effective Date" at the top of this page. We encourage you to review this policy periodically for any updates.

10. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact your organization's administrator or reach out to us at:

Email: andy.liao@bgis.com