This Privacy Policy explains how Planning Ops ("we," "us") collects, uses, and shares information when you use our software-as-a-service platform, including the Manpower Tracker and Place & Finish applications, and any related websites, APIs, and services (collectively, the "Service").
By using the Service, you consent to the practices described here. If you do not agree, please do not use the Service.
1.Information we collect
Information you provide directly.
- Account details: name, email address, company name, password (stored as a salted hash, never in plaintext), and the workspace URL slug you choose.
- Payment details: payment is processed entirely by Stripe. We do not see, store, or transmit your full credit card number — only a Stripe customer ID and the last four digits as returned by Stripe for receipt display.
- Operational data you upload: employee names, project information, schedule entries, pour details, regions, weather forecasts you query, and any other content you enter into the Service.
- Communications: if you email us, we keep the message and your reply chain to support our response.
Information collected automatically.
- Authentication and session data: session tokens (JWTs) issued at login, and the IP address used to obtain the session — stored by our authentication provider (Supabase) for fraud detection and rate limiting.
- Audit log: the Service maintains an in-app audit log of who created, modified, or deleted records within your workspace.
- Cookies / local storage: we store session tokens and small preferences (last visited week, UI toggles) in your browser's local storage. We do not use third-party advertising or tracking cookies.
- Server logs: our hosting providers (Netlify, Supabase) log standard request metadata (timestamp, IP, user agent, requested URL, response code) for operational and security purposes. These logs are retained per the providers' policies.
2.How we use information
- To operate, maintain, and provide the Service to you and your team.
- To authenticate users and enforce per-tenant data isolation (row-level security).
- To process payments and deliver receipts (via Stripe).
- To send transactional email — welcome, password reset, access-granted, and schedule distribution emails (via Resend).
- To monitor for abuse, fraud, or security incidents.
- To respond to your support requests.
- To comply with legal obligations.
We do not use your operational data (employee names, schedules, pours, etc.) for advertising, analytics services, machine learning training, or any purpose unrelated to providing the Service to you.
3.Third-party processors
We share data only with vendors strictly necessary to operate the Service. Each is bound by their own privacy commitments and applicable data-protection laws.
| Vendor | Purpose | Data shared |
|---|---|---|
| Supabase | Database, authentication, edge compute | All Customer Data and account info |
| Stripe | Payment processing | Email, name, billing details, last4 of card |
| Netlify | Static site hosting | Request logs, IP addresses |
| Resend | Transactional email | Recipient email, name, message content |
We do not sell, rent, or trade your information with any third party for marketing purposes.
4.Data location and transfers
The Service is hosted on infrastructure located in the United States. By using the Service, you consent to the transfer of your information to the United States, which may have data-protection laws different from your country of residence.
5.Data retention
We retain Customer Data for as long as your account is active. If your subscription lapses, your data is retained in a read-only, suspended state for up to 30 days, after which it may be permanently deleted. Backups may retain data for up to 90 days for disaster-recovery purposes.
You may request earlier deletion at any time by emailing hello@planningops.com. We will honor verified deletion requests within 30 days, except where retention is required by law (e.g., financial records related to your subscription).
6.Security
- Tenant isolation: per-tenant row-level security in the database means another customer cannot read or write your data, regardless of any application bug.
- Encryption in transit: all traffic is served over HTTPS with HSTS preload.
- Encryption at rest: our database provider encrypts all data at rest.
- Password hashing: passwords are hashed with industry-standard algorithms (PBKDF2-SHA256 for reuse history, bcrypt for primary auth via Supabase). Plaintext passwords are never stored.
- Strict CSP and security headers: the Service ships with a strict Content Security Policy, HSTS, X-Frame-Options DENY, and other defense-in-depth headers.
No system is perfectly secure. While we apply reasonable safeguards, we cannot guarantee absolute security. You are responsible for protecting your login credentials and notifying us of suspected unauthorized access.
7.Your rights
Subject to applicable law, you have the right to:
- Access the personal data we hold about you;
- Correct inaccurate or incomplete data;
- Delete your account and personal data (subject to legal retention exceptions);
- Export your data — the Service provides Excel exports for schedules and projections, and we will export account and audit-log data on request;
- Object to certain processing or withdraw consent where we rely on consent;
- Lodge a complaint with a data-protection authority if you believe we have violated your rights.
To exercise any of these rights, email hello@planningops.com from the email address associated with your account.
8.Children's privacy
The Service is not directed to children under 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected such information, contact us and we will delete it.
9.California, EU/UK residents
If you reside in California, the EU, the UK, or another jurisdiction with specific privacy laws (CCPA, GDPR, UK GDPR), the rights described in Section 7 apply to you, plus any additional rights granted by your jurisdiction's law. Contact us to exercise any such right. We do not sell personal information.
10.Changes to this policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you via email or via a notice in the Service. The "Last updated" date at the top of this page reflects the most recent revision.
11.Contact
Privacy questions or requests: hello@planningops.com.