1. Introduction
Bridge Software Technologies, LLC ("we," "us," or "our") operates Where's The Crew (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application, administrative web portal, and promotional website located at https://wheresthecrew.com.
This Privacy Policy applies to all users of the Service, including company administrators who configure and manage their organization's account, dispatchers and managers who schedule and oversee field operations, and field workers who use the mobile application to receive assignments, track time, and complete inspections on the job site.
By accessing or using the Service, you acknowledge that you have read, understood, and consent to the practices described in this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.
2. Information We Collect
We collect information in several categories to provide, maintain, and improve the Service. The types of information we collect depend on your role within the Service and the features you use.
2a. Personal Information
When you register for an account or are invited to join an organization on the Service, we collect personal information that you provide directly. This includes your full name, email address, and phone number, all of which are provided during the registration process. We also collect your company name and your role or position within that organization, which is used to determine your level of access and the features available to you.
For organizations on paid subscription plans, we collect billing information necessary to process payments. However, payment card data is processed exclusively by our third-party payment processor and is never stored on our servers. We retain only a record of the transaction, the plan selected, and basic billing contact details.
2b. Location Data
Location data is central to the core functionality of the Service. We collect GPS coordinates through native operating system geofencing capabilities, specifically CLLocationManager on iOS and GeofencingClient on Android. These system-level APIs allow the Service to detect when a field worker enters or exits a designated job site geofence, and we record the corresponding geofence entry and exit timestamps.
During assigned work hours, the Service may collect real-time location data to provide authorized administrators with a live personnel map in the admin portal. It is important to understand that location tracking is fully configurable on a per-tenant basis. Company Administrators have the ability to set specific tracking windows (defining the hours during which location data may be collected) and configure the geofence radius for each job site. Location data is not collected outside of configured work hours.
The location data we collect is used for the following purposes: time verification, which compares the hours reported by a field worker against the GPS-verified hours to identify discrepancies; the real-time personnel map available in the admin portal, which allows authorized administrators to see where their crew members are currently located; and job site proximity detection, which enables the Service to determine whether a field worker is within the designated geofence of their assigned job site.
2c. Time & Activity Data
The Service collects detailed time and activity data to support workforce management and payroll accuracy. This includes clock-in and clock-out timestamps that are manually reported by users through the mobile application, as well as GPS-verified entry and exit timestamps that are captured automatically by the geofencing system.
When the hours reported by a field worker differ from the GPS-verified hours beyond a configurable threshold, the Service generates discrepancy flags that are surfaced to authorized administrators for review. We also collect records of job assignments, status changes (such as when a job transitions from scheduled to in-progress to completed), and completion records that document when work has been finalized.
Additionally, we collect task checklist completion data, which tracks progress on individual tasks within a job, and inspection form responses, including Pass, Fail, and N/A ratings that field workers submit when conducting on-site inspections.
2d. Photos & Media
The Service allows users to capture and upload photographic evidence and other media as part of their job site documentation and inspection workflows. This includes job site photos taken by field workers to document conditions, progress, or completed work, as well as inspection documentation photos that accompany inspection form responses.
We also collect digital signatures that are captured on-device when a customer or authorized party signs off on completed work or inspection results. All photos and media are stored in Microsoft Azure Blob Storage, where automatic thumbnail generation is performed to optimize display within the application. Each photo includes timestamp metadata to provide an auditable record of when the image was captured.
2e. Communication Data
The Service includes communication features that generate data we collect and store. Thread-based messages sent within the application are linked to specific jobs, enabling contextual communication between team members about particular assignments. We maintain records of push notification delivery logs, which help us ensure that critical operational notifications reach their intended recipients.
We also retain email notification records and SMS notification records, which document when service-related communications are sent to users. These records are maintained to support operational continuity and to troubleshoot delivery issues when they arise.
2f. Device & Technical Data
When you use the Service, we automatically collect certain technical information about your device and how you interact with the application. This includes your device type (iOS, Android, Windows, or MacCatalyst), your operating system version (the Service requires iOS 15 or later and Android 9 or later), and a unique device identifier that is used exclusively for push notification registration through Firebase Cloud Messaging (FCM) for Android and Apple Push Notification service (APNs) for iOS.
We also collect the version of the application you are running, which helps us provide appropriate support and ensure compatibility. Your IP address is captured during website form submissions and API requests for security purposes, including rate limiting and abuse prevention.
2g. Customer/CRM Data
Company administrators may enter and manage customer relationship data within the Service. This data is entered and maintained by the administrators themselves and includes customer names, customer contact information (such as phone numbers and email addresses), GPS coordinates of customer locations (used for job site geofencing), and a complete job history and service record for each customer.
This customer data is owned by the organization that enters it and is subject to the multi-tenant data isolation protections described in Section 5 of this Privacy Policy.
2h. Integration Data
For organizations that connect the Service to third-party platforms, we collect and store the data necessary to maintain those integrations. When an organization connects its QuickBooks account, we store the OAuth 2.0 access tokens required to authenticate with the QuickBooks API. These tokens are encrypted at rest and are used exclusively for the purpose of synchronizing data between the Service and QuickBooks.
The data synchronized through the QuickBooks integration includes customer records, time entries, and invoices. This synchronization is initiated and controlled by the organization's administrators and operates within the scope of permissions granted during the OAuth authorization process.
2i. Website Data
When you visit our promotional website and interact with its features, we collect certain information. Contact form submissions include the name, email address, company name, subject, and message content that you voluntarily provide. We use session cookies for CSRF (Cross-Site Request Forgery) token management, which protects the integrity of form submissions.
Our website also uses Google reCAPTCHA v3 to protect against automated spam submissions. Google reCAPTCHA collects interaction data, including your IP address and a browser behavior score, to assess whether a form submission is likely from a human user. Google's use of this data is governed by the Google Privacy Policy.
3. How We Use Your Information
We use the information we collect for the following purposes, all of which are directed toward providing, maintaining, and improving the Service:
We use your information to provide and maintain the Service, ensuring that all features function as intended and that your account remains accessible and secure. GPS time verification is a core feature of the Service, and we use location data to compare reported work hours against GPS-verified entry and exit times, providing administrators with an objective record of time spent on-site.
We use location data to enable real-time crew tracking for authorized administrators, allowing them to view the current location of their field workers on an interactive map during configured work hours. Your information supports job scheduling, dispatch, and management, enabling administrators to create assignments, allocate resources, and track the progress of work across multiple job sites.
We use your contact information to deliver push, email, and SMS notifications related to job assignments, schedule changes, and other operational communications. Time and activity data is used to process and reconcile time entries, ensuring that payroll and billing records are accurate and complete. Inspection data, photos, and signatures are used to generate inspection reports that document the condition and compliance of work performed.
For organizations that have enabled the QuickBooks integration, we use integration data to sync data with QuickBooks, including verified time entries, customer records, and invoices. We analyze usage patterns to identify opportunities to improve the Service, fix bugs, and develop new features that better serve the needs of our users.
We use your contact information to communicate service updates, including changes to our terms, new feature announcements, and important security notices. Finally, we use technical data and activity logs to prevent fraud and enforce our Terms of Service, protecting the integrity of the platform for all users.
4. Data Sharing & Third-Party Services
We do not sell your personal data. We do not rent, trade, or otherwise make your personal information available to third parties for their marketing purposes. We share data only with the following service providers who assist us in operating and delivering the Service. Each provider receives only the minimum data necessary to perform its designated function.
| Service Provider | Purpose | Data Shared |
|---|---|---|
| Twilio | SMS notifications | Phone number, message content |
| SendGrid | Email notifications | Email address, message content |
| Firebase (Google) | Android push notifications | Device token, notification payload |
| Apple (APNs) | iOS push notifications | Device token, notification payload |
| Microsoft Azure Blob Storage | Photo and media storage | Photos, signatures, inspection images |
| Intuit QuickBooks | Accounting integration | Time entries, customer data, invoices |
| Google reCAPTCHA v3 | Website spam prevention | IP address, browser behavior |
All service providers listed above are bound by their own privacy policies and, where applicable, data processing agreements. We require that each provider maintains appropriate security measures and uses the data we share with them solely for the purpose of providing their services to us.
We may also disclose your information if required to do so by law, in response to valid legal process (such as a subpoena or court order), or when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.
5. Multi-Tenant Data Isolation
The Service operates as a multi-tenant platform, meaning multiple organizations share the same underlying infrastructure. To protect the privacy and confidentiality of each organization's data, we enforce strict data isolation measures.
Each company's data is isolated through TenantId-based row-level filtering that is enforced at the database query level. This means that every database query executed by the Service automatically includes a filter that restricts results to the requesting organization's data. No cross-tenant data access is possible through the application, whether by accident or by design.
Company administrators can only view, modify, and manage data that belongs to their own organization. They cannot access, search, or interact with data belonging to any other tenant on the platform. Similarly, field workers can only access their own assignments, time records, and inspection data. They cannot view the assignments or records of other field workers, even within their own organization, unless specifically authorized by their administrator.
6. Data Security
We take the security of your information seriously and have implemented a comprehensive set of technical and organizational measures designed to protect your data against unauthorized access, alteration, disclosure, or destruction.
Authentication to the Service is managed through JWT (JSON Web Token) Bearer tokens, and all user passwords are hashed using the BCrypt algorithm, which is specifically designed to be computationally expensive and resistant to brute-force attacks. HTTPS is enforced site-wide, and we implement HTTP Strict Transport Security (HSTS) headers to ensure that browsers always connect to the Service over a secure channel. All data transmitted between your device and our servers is protected by TLS 1.2 or higher encryption.
Photos, signatures, and other media stored in Azure Blob Storage are encrypted at rest, ensuring that even if the underlying storage were compromised, the data would remain unreadable without the appropriate decryption keys. All web forms are protected by CSRF (Cross-Site Request Forgery) tokens, preventing malicious websites from submitting requests on your behalf.
We employ IP-based rate limiting on all public endpoints to mitigate brute-force attacks and denial-of-service attempts. Content Security Policy (CSP) headers are configured to prevent cross-site scripting (XSS) attacks by restricting the sources from which scripts, styles, and other resources can be loaded. We have plans to implement multi-factor authentication as an additional layer of account security. We also conduct regular security audits and penetration testing to proactively identify and address potential vulnerabilities.
While we strive to use commercially acceptable means to protect your personal information, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee absolute security, but we are committed to continuously improving our security practices.
7. Offline Data Storage
The mobile application is designed to function in environments where network connectivity may be intermittent or unavailable, which is common on many job sites. To support this capability, the app stores data locally on your device in a SQLite database for offline functionality.
The data stored locally on your device may include queued time entries that have not yet been synced to the server, cached job data that allows you to view your assignments without an active connection, pending photo uploads that were captured while offline, and draft inspection forms that are in progress but have not yet been submitted.
When your device regains network connectivity, all locally stored data is automatically synchronized with the server. Once synchronization is complete, the local copies of synced data are purged from the device's local storage to minimize the amount of data stored on-device at any given time.
Data stored locally on your device is protected by the device-level encryption provided by your mobile operating system. On iOS, this is managed by the Data Protection framework, and on Android, it is managed by the file-based encryption system. We strongly recommend that all users enable a device passcode or biometric lock to ensure that device-level encryption is active.
8. Data Retention
We retain your data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.
Active account data is retained for the duration of your organization's active subscription to the Service. This includes all user profiles, job records, time entries, inspections, photos, and communication data associated with the account.
Upon account deletion or subscription termination, all associated data is permanently purged within 90 days. This purge is comprehensive and includes all records, media, and metadata associated with the account across all of our systems.
GPS verification logs are retained for 12 months for audit and dispute resolution purposes. After this retention period, GPS verification logs are automatically purged from our systems.
Contact form submissions received through our promotional website are retained for 12 months, after which they are automatically deleted. Rate limiting data, which consists of IP addresses and request counts used to prevent abuse of public endpoints, is purged automatically after 1 hour.
Backups follow the same retention schedule as primary data. When data is purged from our primary systems, it is also purged from backup systems within the same retention window to ensure that deleted data is not inadvertently preserved.
9. Your Rights
Depending on your jurisdiction, you may have certain rights regarding the personal information we hold about you. We are committed to respecting these rights and have established processes to facilitate the exercise of each.
Right of Access. You have the right to request a copy of the personal data we hold about you. Upon receiving a verified request, we will provide you with a comprehensive summary of the data categories and specific data points associated with your account.
Right to Correction. If you believe that any personal data we hold about you is inaccurate, incomplete, or outdated, you have the right to request that we correct or update that information. Many data fields can be corrected directly within the application, but you may also submit a formal correction request.
Right to Deletion. You have the right to request the deletion of your personal data from our systems. Please note that this right is subject to certain limitations, including legal retention requirements, ongoing contractual obligations, and the need to maintain records for audit and dispute resolution purposes.
Right to Data Portability. You have the right to request that we provide your personal data in a structured, commonly used, and machine-readable format, allowing you to transfer that data to another service provider.
Right to Opt Out. You have the right to opt out of non-essential communications, including marketing emails and promotional notifications. Essential service communications (such as security alerts and account notifications) cannot be opted out of while your account remains active.
Right to Restrict Processing. You have the right to request that we restrict certain data processing activities. When processing is restricted, we will continue to store your data but will refrain from further processing until the restriction is lifted or the matter is resolved.
To exercise any of these rights, please contact us at wtcinfo@bridgesoftwaretechnologies.com. We will acknowledge your request promptly and will respond with a substantive determination within 30 days of receipt. If additional time is required to fulfill your request, we will notify you of the delay and the reason for it.
10. Children's Privacy
The Service is designed for use in professional work environments, including field service management, job scheduling, time tracking, and inspection documentation. It is not directed to individuals under the age of 18, and we do not knowingly collect personal information from anyone under the age of 18.
If we become aware that we have inadvertently collected personal data from a person under the age of 18, we will take immediate steps to delete that information from our servers and terminate any associated account. If you are a parent or guardian and believe that your child has provided us with personal information, please contact us at wtcinfo@bridgesoftwaretechnologies.com so that we can take appropriate action.
11. SMS Privacy
Phone numbers collected during the registration process are used exclusively for service-related notifications, including job assignment alerts, schedule changes, time entry reminders, and other operational communications directly related to your use of the Service. We do not share phone numbers with third parties for marketing purposes, and we do not send unsolicited promotional messages via SMS.
SMS message delivery is handled through Twilio, our authorized service provider. Twilio processes your phone number and message content solely for the purpose of delivering notifications on our behalf and is bound by its own privacy policy and data processing commitments.
You may opt out of SMS notifications at any time by replying STOP to any message you receive from the Service, or by adjusting your notification preferences within your account settings in the mobile application. Please note that opting out of SMS notifications may affect your ability to receive time-sensitive operational alerts. For complete SMS disclosure, including message frequency and carrier obligations, please refer to our Terms of Service.
13. California Privacy Rights (CCPA)
If you are a resident of the State of California, you are afforded certain additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) regarding the personal information we collect about you.
Right to Know. You have the right to request that we disclose the categories of personal information we have collected about you, the categories of sources from which that information was collected, the business or commercial purpose for collecting the information, the categories of third parties with whom we share the information, and the specific pieces of personal information we have collected about you.
Right to Delete. You have the right to request that we delete any personal information we have collected from you, subject to certain exceptions permitted by law, such as data required for ongoing service delivery, legal compliance, or the exercise of legal claims.
Right to Know About Sales and Disclosures. You have the right to know whether your personal information is sold or disclosed to third parties for a business purpose. We do not sell personal information. We do not have any financial arrangements with third parties in which personal information is exchanged for monetary or other valuable consideration.
Right to Non-Discrimination. You have the right to not be discriminated against for exercising any of your CCPA rights. We will not deny you the Service, charge you different prices or rates, provide a different level or quality of service, or suggest that you will receive any of the foregoing as a result of exercising your privacy rights.
To make a request under the CCPA, please contact us at wtcinfo@bridgesoftwaretechnologies.com. We will verify your identity before processing any request and will respond within the timeframes required by applicable law.
14. International Data Transfers
The Service is currently hosted and operated in the United States. If you access the Service from a location outside the United States, please be aware that your information may be transferred to, stored in, and processed in the United States, where data protection laws may differ from those in your jurisdiction.
By using the Service, you consent to the transfer of your information to the United States and the processing of your information in accordance with this Privacy Policy. We take reasonable steps to ensure that your data is treated securely and in accordance with this Privacy Policy, regardless of where it is processed or stored.
15. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes to this Privacy Policy, we will notify registered users via email at least 30 days before the changes take effect, providing a summary of the changes and an opportunity to review the revised Policy.
The "Effective Date" displayed at the top of this page indicates the date of the most recent revision to this Privacy Policy. We encourage you to review this page periodically to stay informed about how we protect your information.
Your continued use of the Service after the effective date of any revised Privacy Policy constitutes your acceptance of the changes. If you do not agree with the revised Privacy Policy, you should discontinue your use of the Service and contact us to request deletion of your account and associated data.
16. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please do not hesitate to contact us.
Bridge Software Technologies, LLC
- Email: wtcinfo@bridgesoftwaretechnologies.com
- Address: 6695 Spring Mist Ct, Mason, Ohio 45040
We strive to respond to all inquiries within a reasonable timeframe and are committed to working with you to resolve any privacy-related concerns.