Privacy

Homeland Development Services LLC

Privacy Policy

Homeland Development Services LLC

Service Dashboard Privacy Policy

Effective Date: January 15, 2026

Version: 2.0

Homeland Development Services LLC ("HDS," "Provider," "we," "our," or "us") is an Oklahoma limited liability company providing facilities maintenance management services and software solutions. This Privacy Policy describes how we collect, use, disclose, and protect your personal information when you use our Service Dashboard platform, website (hdsok.com), and related services (collectively, the "Services").

By using the Services, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree to this Privacy Policy, please do not use the Services.

---

§ 1. Information We Collect

1.1 Information You Provide

Account Information

When you register for the Services or are added as an Authorized User, we collect:

Name and job title

Email address

Phone number

Company or organization name

User role (district manager, store manager, vendor, etc.)

Work Order and Service Data

When you use the Services, you may provide:

Work order descriptions and details

Store and facility information

Asset and equipment data

Service requests and notes

Vendor assignments and communications

Financial and Billing Information

Invoice and billing data

Budget allocations

Payment information (processed by third-party payment processors)

Compliance Documents

Vendors and customers may upload documents including:

Insurance certificates

W-9 tax forms

Contractor licenses

Compliance certifications

1.2 Information from Third-Party Integrations

QuickBooks Online

When you connect your account to QuickBooks Online, we access:

Vendor bills and invoices

Payment records

Vendor contact information

Account spending data

This data is used solely for synchronizing financial information with your maintenance management workflows. Access is governed by Intuit's terms of service.

Service-Channel APIs

When configured, we may receive:

Asset and equipment data

Service history records

Warranty information

Clerk (Authentication)

Our authentication provider collects:

Session information

Organization membership data

1.3 Information Collected Automatically

Usage Data

Pages visited and features used

Time spent on the Services

Actions taken (work orders created, reports generated, etc.)

Error logs and performance data

For the avoidance of doubt, usage data and audit logs are collected independently by the Provider for internal purposes including improving the Services, ensuring accurate billing, and providing support. This data is not considered Customer Content.

Device and Browser Information

IP address

Browser type and version

Operating system

Device identifiers

Cookies and Tracking Technologies

We use cookies and similar technologies to maintain sessions, remember preferences, and analyze usage. See our Cookie Policy at https://www.hdsok.com/cookie-policy for details.

---

§ 2. How We Use Your Information

We use the information we collect to:

2.1 Provide and Operate the Services

Create and manage user accounts

Process work orders and service requests

Coordinate vendor dispatching

Track budgets and spending

Monitor SLA performance

Generate reports and analytics

2.2 Communicate with You

Send work-order updates and notifications

Deliver onboarding and training materials

Respond to support inquiries

Send service announcements and alerts

2.3 Improve the Services

Analyze usage patterns to improve functionality

Debug technical issues

Develop new features

Conduct internal research and analysis

2.4 Anonymization and Aggregation

We may anonymize and aggregate Customer Content (and related usage data) with similar information from other customers, ensuring no individual can be identified directly or indirectly. We use industry-standard techniques to render the data irreversibly non-identifiable. This anonymized data may be used to:

Improve, develop, or offer new services, tools, or insights

Generate industry benchmarks and reports

Enhance the overall platform experience

Anonymized data is not subject to any controller-processor relationship and may be used in compliance with applicable laws.

2.5 Ensure Security and Compliance

Authenticate users and prevent unauthorized access

Detect and prevent fraud or abuse

Enforce our Terms of Service

Comply with legal obligations

2.6 Billing and Payments

Process subscription payments

Generate invoices

Track payment status

---

§ 3. Multi-Tenant Data Architecture

3.1 Tenant Isolation

The Services operate on a multi-tenant architecture. Each customer organization ("Tenant") has logically isolated data. Data segregation is enforced through Supabase row-level security (RLS) policies, which ensure that:

Users can only access data belonging to their Tenant

Cross-tenant data access is prohibited at the database level

Audit logs track all data access

3.2 Data Storage

Customer data is stored in Supabase PostgreSQL databases hosted on secure cloud infrastructure. Compliance documents are stored in Supabase Storage with access controls.

3.3 User Roles

Access to data within a Tenant is controlled by user roles:

District Managers: Full access to all stores and data within the district

Store Managers: Access limited to their assigned store(s)

Vendors: Access limited to work orders assigned to them

HDS Staff: Administrative access for support purposes

---

§ 4. Third-Party Service Providers

We share information with the following categories of service providers:

4.1 Infrastructure and Hosting

Vercel: Website and application hosting

Supabase: Database and file storage

4.2 Authentication and Security

Clerk: User authentication, session management, and organization management

4.3 Communication Services

Postmark: Transactional email delivery for notifications, onboarding emails, and vendor communications

4.4 Analytics

Google Analytics: Website usage analytics (anonymized)

4.5 Accounting Integrations

QuickBooks Online (Intuit): Invoice and billing synchronization when enabled by Customer

4.6 Energy Analytics

DySync: Maintenance data synchronization for energy management analytics (when enabled)

All service providers are contractually obligated to protect your information and use it only for the purposes we specify.

---

§ 5. Third-Party Privacy Policies

When you use integrations, you are also subject to the privacy policies of those providers:

Intuit (QuickBooks): https://www.intuit.com/privacy/

Clerk: https://clerk.com/privacy

Vercel: https://vercel.com/legal/privacy-policy

Supabase: https://supabase.com/privacy

Postmark: https://postmarkapp.com/privacy-policy

We encourage you to review these policies to understand how your data is handled by each provider.

---

§ 6. How We Share Your Information

We do not sell, rent, or trade your personal information. We may share your information in the following circumstances:

6.1 Within Your Organization

Authorized Users within your Tenant may access work orders, reports, and data as permitted by their role.

6.2 With Vendors

When a work order is assigned to a vendor, relevant information (store location, service description, contact details) is shared with that vendor to enable service delivery.

6.3 With Service Providers

As described in Section 4, we share data with service providers who assist in operating the Services.

6.4 Third-Party Integrations Configured by Customer

We may transmit Customer Content to third-party applications and services configured by Customer to integrate with the Services. Customer is responsible for ensuring such transmissions comply with applicable data protection laws and third-party terms.

6.5 For Legal Compliance

We may disclose information when required by law, regulation, legal process, or government request.

6.6 Business Transfers

In connection with a merger, acquisition, or sale of assets, your information may be transferred to the new entity.

6.7 Protection of Rights

We may disclose information to enforce our terms, protect our rights, or ensure the safety of our users.

---

§ 7. Data Security

We implement appropriate administrative, physical, technical, and organizational safeguards to protect the security, confidentiality, and integrity of your information:

7.1 Technical Safeguards

Encrypted connections (TLS/SSL) for all data transmission

Row-level security policies in the database

Secure authentication via Clerk

Regular security assessments and penetration testing

7.2 Organizational Safeguards

Role-based access controls

Employee training on data protection

Incident response procedures

Vendor security assessments

7.3 Physical Safeguards

Data hosted in SOC 2 compliant data centers

Geographic redundancy for disaster recovery

7.4 Security Breach Notification

In accordance with our commitment to data security, HDS agrees to notify affected Customers of any security breaches that adversely impact Customer Content within 72 hours of becoming aware of such security breach. Notification will include:

Nature of the breach

Types of data affected

Steps taken to address the breach

Recommended actions for affected users

No system is completely secure. While we strive to protect your information, we cannot guarantee absolute security.

---

§ 8. Data Retention

8.1 Active Accounts

We retain your data for as long as your account is active and as needed to provide the Services.

8.2 Work Orders and Financial Data

Work-order records and financial data are retained for a minimum of 7 years to comply with tax and regulatory requirements.

8.3 Terminated Accounts

Upon termination of your subscription:

Data Export Period: You may export your data for 60 days following termination

Data Deletion Period: We delete Customer Content within 30 days after the export period

Deletion is performed in a secure and industry-standard-compliant manner

Aggregate, anonymized data may be retained indefinitely for analytics

8.4 Legal Retention

We may retain information longer if required by law, regulatory obligations, or to resolve disputes.

---

§ 9. Your Privacy Rights

9.1 All Users

Access: Request a copy of the personal information we hold about you.

Correction: Request correction of inaccurate or incomplete information.

Deletion: Request deletion of your personal information (subject to legal retention requirements).

Data Export: Export your data in a commonly used, machine-readable format.

Opt-Out: Unsubscribe from marketing communications at any time.

9.2 California Residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

Right to know what personal information is collected

Right to request deletion of personal information

Right to opt-out of the sale of personal information (we do not sell personal information)

Right to non-discrimination for exercising your rights

9.3 EU/UK Residents (GDPR)

If you are located in the European Union or United Kingdom, you have rights under the General Data Protection Regulation (GDPR):

Right to data portability

Right to restrict processing

Right to object to processing

Right to withdraw consent

Right to lodge a complaint with a supervisory authority

For processing activities where we act as a data processor on behalf of Customer (the data controller), please contact your organization's administrator for privacy requests.

9.4 Exercising Your Rights

To exercise your privacy rights, contact us at:

Email: privacy@hdsok.com

Phone: (405) 555-0123

We will respond to your request within 30 days (or as required by applicable law).

---

§ 10. Data Processing Addendum

For Customers who require a Data Processing Addendum (DPA) for compliance with GDPR or other data protection regulations, HDS provides a standard DPA that governs the processing of personal data in connection with the Services.

The DPA addresses:

Roles and responsibilities (Controller vs. Processor)

Processing purposes and instructions

Sub-processor management

Data subject rights

Security measures

International data transfers

Data breach procedures

To request a DPA, contact legal@hdsok.com.

---

§ 11. Children's Privacy

The Services are not intended for children under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

---

§ 12. International Data Transfers

The Services are hosted in the United States. If you access the Services from outside the United States, your information will be transferred to and processed in the United States. By using the Services, you consent to this transfer.

For EU/UK users, we rely on Standard Contractual Clauses or other appropriate safeguards for international data transfers as outlined in our Data Processing Addendum.

---

§ 13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or through the Services. The "Effective Date" at the top indicates when the policy was last updated.

Your continued use of the Services after changes are posted constitutes acceptance of the updated Privacy Policy.

---

§ 14. Related Documents

End-User License Agreement: https://www.hdsok.com/legal/eula

Cookie Policy: https://www.hdsok.com/cookie-policy

Terms of Service: https://www.hdsok.com/terms

Acceptable Use Policy: https://www.hdsok.com/acceptable-use

Service Level Agreement: https://www.hdsok.com/legal/sla

Data Processing Addendum: https://www.hdsok.com/legal/dpa

---

§ 15. Contact Us

For questions about this Privacy Policy or our data practices, please contact:

Homeland Development Services LLC

Data Protection Contact

Email: privacy@hdsok.com

Website: https://www.hdsok.com

Phone: (405) 555-0123

Address: Oklahoma City, Oklahoma

For EU/UK inquiries, you may also contact our Data Protection representative at the address above.

---

By using the Services, you acknowledge that you have read and understood this Privacy Policy.