This policy applies to the CustomIT web dashboard (customit.tech and its subdomains) and the CustomIT iOS application (App Store identifier com.customit.tech).
1. About This Policy
CustomIT (“we”, “us”) provides a SaaS dispatch and customer management platform for service businesses (e.g. locksmith, HVAC, automotive roadside). The Service is licensed to a business (the “Customer”), and the Customer’s employees (owners, dispatchers, technicians) use the platform to schedule jobs, contact clients, and run their day-to-day operations.
This policy explains what we collect, how we use it, and the rights you have. Where we process data on behalf of a business Customer (for example, a locksmith company’s end-clients) we act as a data processor and the Customer is the data controller for that data.
2. Information We Collect
From the business user (employees of the Customer):
- Account Information: Name, email, phone number, role (owner / dispatcher / technician), company name, and the password you set.
- Device Push Tokens: Apple Push Notification Service (APNs) tokens generated by your iPhone or iPad so we can deliver job-assignment, message, and reminder pushes.
- Location Data (technicians only): When you grant the location permission, we periodically log your GPS coordinates so dispatch can show your live position on the map and so we can offer ASAP jobs to the nearest technician. Background location is used only while you have an active assigned job.
- Microphone audio: Recorded only when you press the voice-note button in chat or accept an inbound voice call. Audio is sent to the recipient and stored for the conversation history.
- Camera and photo library: Used only when you attach a photo to a chat. The photo is uploaded to our object storage so the recipient can see it.
- Usage and diagnostics: Server-side logs (timestamp, IP address, endpoint, status code) for security and debugging. We do not embed third-party analytics or advertising SDKs in the iOS app.
On behalf of the business (about its end-customers):
- Customer name, phone number, email, and service address (entered by the business or fetched from incoming WhatsApp / Messenger / Instagram / SMS / call records).
- Job details, prices, parts used, scheduled and completed timestamps, technician assignment, internal notes.
- Inbound and outbound message history across the channels the business has connected (WhatsApp, Facebook Messenger, Instagram Direct, SMS, email, voice call logs).
- Call recordings and call metadata when the Customer enables call masking through Twilio.
3. iOS Permission Disclosures
The CustomIT iOS app requests the following permissions. Each is opt-in and can be revoked at any time in iOS Settings → CustomIT.
- Microphone — for voice notes in customer chats and for handling incoming WhatsApp / VoIP calls.
- Camera — to capture a photo from inside the chat composer.
- Photo Library — to attach an existing photo or video to a chat.
- Location (When In Use & Always) — to show technicians on the dispatch map, route them to job sites, and let dispatch see live ETA. Background location is restricted to the duration of an active assignment.
- Notifications — to deliver job assignments, ASAP reminders, message previews, and call alerts via APNs.
4. How We Use Information
- Operate, maintain, and improve the Service
- Authenticate users and protect against fraud or abuse
- Route jobs to the nearest available technician
- Deliver inbound customer messages from connected channels
- Translate messages between business users and their non-English customers
- Send transactional notifications (assignments, reminders, payment receipts, account changes)
- Generate the business reports and analytics shown inside the dashboard
- Respond to support requests and legal obligations
We do not sell personal information. We do not use customer data to train any AI model.
5. Sub-Processors and Third Parties
We rely on a small set of vetted vendors to run the Service. They process data only on our instructions and are bound by data-processing agreements.
- Vercel — web and API hosting.
- Supabase — managed PostgreSQL database and object storage.
- Apple Push Notification service (APNs) — delivery of iOS push notifications.
- Twilio — voice calls, SMS messaging, and call masking.
- Meta Platforms (WhatsApp Cloud API, Messenger, Instagram) — inbound and outbound messages on channels the Customer has explicitly connected.
- Resend — transactional email delivery.
- OpenAI — on-demand translation of chat messages when the user taps Translate. Message text is sent with no metadata identifying the customer.
- Google Maps Platform — address autocomplete, geocoding, and routing.
6. Data Storage and Security
Data is stored in Supabase’s managed PostgreSQL database. Object storage (photos, voice notes, call recordings) is encrypted at rest. All client traffic is served over TLS 1.2+. Passwords are hashed with bcrypt. Session tokens are bound to a single device and rotated on logout.
Each business Customer’s data is logically partitioned by a company identifier; queries are filtered server-side so a user from one company cannot read another company’s rows.
7. Data Retention
We retain personal information for as long as the Customer’s account is active. When a Customer closes their account we keep an export-ready snapshot for 30 days, after which the data is permanently deleted from the primary database. Encrypted backups are kept for up to 35 days for disaster recovery and then cycled out.
An individual end-user (e.g. a customer of the locksmith business) can request that their record be deleted at any time. We forward the request to the relevant business Customer who, as the data controller, executes the deletion.
8. Your Rights
Depending on your jurisdiction (GDPR, CCPA, etc.) you may have the right to access, correct, port, or delete your personal data, and to object to or restrict processing. To exercise these rights:
- If you are an employee of a Customer, contact your business administrator.
- If you are an end-customer of a business that uses CustomIT, contact that business directly. We will assist them in fulfilling your request.
- Otherwise, email privacy@customit.tech.
9. Children's Privacy
CustomIT is a B2B service intended for business operators. The Service is not directed at children under 18, and we do not knowingly collect data from children.
10. International Transfers
Our infrastructure is hosted in the United States. If you access the Service from outside the U.S., you consent to the transfer of your data to the U.S. for the purposes described in this policy. We use Standard Contractual Clauses where required.
11. Account Deletion (iOS)
To request deletion of your CustomIT account and associated data, log into the iOS app, open Settings → Account → Delete Account, or email privacy@customit.tech. Your account is fully deleted within 30 days of the request. Some records may be retained longer where required by law (for example, financial records).
12. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be announced via email and/or in-app notice at least 7 days before they take effect. The “Last updated” date at the top of this page reflects the most recent revision.