VisitPro
visitpro
Service proof in every visit.
Back to home

Privacy Policy

Last updated:

VisitPro ("we", "us", "our") provides field-service tools for cleaning and home-services companies. This policy explains what personal data we collect, why we collect it, who we share it with, and the rights you have over your data under the EU General Data Protection Regulation (GDPR) and equivalent laws.

If you have any question about this policy or want to exercise your rights, contact us at [email protected].

Who we are (Data Controller)

VisitPro is operated as a sole-proprietor business based in the European Union. The company contact for privacy matters is [email protected]. We act as a data controller for account, billing, and product analytics data, and as a data processor for visit content (photos, notes, checklists) on behalf of the customer companies that subscribe to VisitPro.

Personal data we collect

We collect the following categories of personal data, depending on how you use the product:

  • Contact information: email address, first and last name, optional phone number.
  • Account credentials: hashed password, session tokens.
  • Visit content: photos taken during visits, free-text notes, checklist responses, and structured visit fields. This content may incidentally include personal data of clients of the customer company.
  • Identifiers: an internal user ID, a device push-notification token, and a Sentry installation ID for crash reporting.
  • Usage data: feature interactions, errors, and breadcrumb logs sent to Sentry.
  • Diagnostics: stack traces and limited device metadata (OS version, app version, device model) sent to Sentry.
  • Financial information: payment method and billing details are entered directly with our payment processor (Stripe). We do not receive or store full card numbers — only the last four digits, brand, and a Stripe customer reference.
  • Location data: latitude and longitude of a worker's last known position, used only when location features are explicitly enabled inside the app.

Why we use your data (purposes and legal bases)

We process your data on the following legal bases under GDPR Article 6:

  • Performance of a contract (Article 6(1)(b)) — to create and operate your account, deliver the service, process subscription payments, and provide support.
  • Legitimate interests (Article 6(1)(f)) — to keep the service secure, prevent abuse, debug crashes, and improve product quality. We balance these interests against your privacy rights and minimise the data used.
  • Legal obligation (Article 6(1)(c)) — to keep records required by tax, accounting, and consumer-protection law.
  • Consent (Article 6(1)(a)) — for optional features such as AI photo analysis and push notifications. You can withdraw consent at any time without affecting prior processing.

Use of external AI services

VisitPro includes an optional feature called Via that uses external artificial-intelligence services to extract structured information from visit photos and to assist with form filling. When you use Via, the relevant photos and free-text content are sent to the following providers strictly for processing the request:

  • Google Gemini 2.5 Flash — vision extraction from photos.
  • DeepSeek V4 Pro — reasoning and structured form completion.
  • DeepL — translation of free-text content.

These providers process content on our behalf as sub-processors. We do not allow them to use the content to train their general models, and we transmit only what is needed to complete the task. AI output can be incorrect; you remain responsible for reviewing and correcting it before submitting a visit. Via is opt-in and can be disabled at any time in the app.

Third parties we share data with (Sub-processors)

We use the following service providers to operate VisitPro. Each receives only the data needed for its function:

  • Stripe (Ireland / United States) — subscription billing and payment processing.
  • Cloudflare Images (United States, EU edge) — visit photo storage and delivery.
  • Sentry (United States) — crash reporting and error monitoring.
  • Firebase Cloud Messaging (Google, United States) — delivery of push notifications.
  • Zoho Mail (India / United States) — transactional email delivery.
  • Google Gemini (United States) — AI vision processing for the Via feature.
  • DeepSeek (Singapore) — AI reasoning for the Via feature.
  • DeepL (Germany) — text translation for the Via feature.
  • Hetzner Cloud (Germany) — primary application hosting and MongoDB database (EU data residency).
  • Redis Cloud (EU) — session and rate-limit storage.

Where data is transferred outside the European Economic Area, we rely on the European Commission's Standard Contractual Clauses or an adequacy decision.

Data retention

We keep account data while your account is active. When you delete your account, your personal account fields are erased within 30 days. Visit content created by you may be retained by the customer company that subscribes to VisitPro under their own data-retention policy; in that case the customer company is the controller and you should contact them to request erasure of that content. Billing records are retained for the period required by tax law (typically 7 years in the EU). Crash and error logs are retained for 90 days.

Your rights

Under GDPR you have the right to:

  • Access the personal data we hold about you (Article 15).
  • Rectify inaccurate or incomplete data (Article 16).
  • Erase your personal data (Article 17).
  • Restrict or object to certain processing (Articles 18 and 21).
  • Receive a copy of your data in a portable format (Article 20).
  • Withdraw consent at any time for consent-based processing.
  • Lodge a complaint with your national data-protection authority.

You can exercise the access and erasure rights directly inside the app from Settings, or by writing to [email protected]. See the Your Privacy Choices page for step-by-step guidance.

Security

We protect your data with encryption in transit (TLS 1.2 or higher), encryption at rest for primary storage, scoped access controls for staff, and regular dependency and security review. No system is perfectly secure, and we encourage you to use a strong unique password and to enable any device-level security available to you.

Children

VisitPro is a business product and is not directed to children under 16. We do not knowingly collect personal data from children. If you believe a child has used the product, contact [email protected] and we will delete the data.

Changes to this policy

We may update this policy when our processing changes or when laws change. The "Last updated" date at the top reflects the latest version. Material changes will be communicated in-app or by email.

Contact

Privacy questions: [email protected]. General support: [email protected].