Privacy Policy

Effective Date: June 24, 2026

SOP Reports ("we," "our," or "us") operates the sopreports.com website and the SOP Reports inspection platform (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

1. Information We Collect

1.1 Information You Provide

When you create an account or use our Service, we may collect:

• Account Information: Name, email address, company name, phone number, and password.
• Business Information: Industry type, state(s) of operation, license numbers, and inspector credentials.
• Inspection Data: Property addresses, inspection findings, photographs, annotations, report content, and client information (names, email addresses, phone numbers) that you enter during inspections.
• Standards of Practice Documents: Any SOP documents, checklists, or templates you upload for parsing and citation.
• Payment Information: Credit/debit card details and billing address, collected and processed by Square, Inc. We do not store full payment card numbers on our servers.
• Communications: Messages you send to us, including support requests, feedback, and survey responses.

1.2 Information Collected Automatically

• Usage Data: Pages visited, features used, time spent, and actions taken within the Service.
• Device Information: Browser type, operating system, device type, IP address, and mobile device identifiers.
• Cookies and Similar Technologies: We use cookies for authentication, preferences, and analytics. See our Cookie Policy for details.

2. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve the Service, including report generation, SOP citation matching, and AI-powered features.
• Process payments and manage subscriptions via Square.
• Send transactional communications: account notifications, billing receipts, password resets, and service updates.
• Send marketing communications (with your consent) about new features, tips, and promotions. You may opt out at any time.
• Detect, prevent, and address technical issues, fraud, and abuse.
• Comply with legal obligations and enforce our Terms of Service.

3. AI and Automated Processing

Our Service uses artificial intelligence to:

• Parse uploaded Standards of Practice documents and extract citation structures.
• Auto-cite relevant SOP sections in inspection findings.
• Generate report narratives and voice-to-report transcriptions.
• Analyze inspection photos for defect detection (when enabled).

AI processing is performed on servers we control. We may send text content (findings, report sections) to third-party AI providers (such as OpenAI, Anthropic, or DeepSeek) for processing. We have data processing agreements with these providers that prohibit them from using your data to train their models. Photographs and full reports are processed locally whenever possible.

4. How We Share Your Information

We do not sell your personal information. We share information only in the following circumstances:

• Service Providers: With third parties who perform services on our behalf, including:
  • Square, Inc. — Payment processing and subscription billing.
  • AI Providers — Text processing for report generation and SOP citation matching.
  • Cloud Hosting — Infrastructure and database hosting.
  • Email Service — Transactional and marketing email delivery.
• With Your Consent: When you direct us to share report data with clients, agents, or third parties (e.g., via the client portal or report share tokens).
• Legal Requirements: If required by law, subpoena, or governmental request, or to protect our rights, property, or safety.
• Business Transfers: In connection with a merger, acquisition, or sale of assets, your information may be transferred as a business asset.

5. Data Retention

We retain your information for as long as your account is active or as needed to provide the Service:

• Account Data: Retained while your account is active. Upon account deletion, we delete or anonymize your personal data within 30 days.
• Inspection Reports: Retained for the duration of your subscription plus 90 days after cancellation, to allow for data export.
• Payment Records: Retained for 7 years to comply with tax and accounting regulations.
• Usage Logs: Retained for 12 months for security and analytics purposes.

6. Your Rights and Choices

6.1 Access and Portability

You may request a copy of your personal data in a machine-readable format. We will provide this within 30 days of verifying your request.

6.2 Correction and Deletion

You may update your account information at any time through your account settings. You may request deletion of your account and associated data by contacting us at privacy@sopreports.com.

6.3 Marketing Opt-Out

You may unsubscribe from marketing emails by clicking the "unsubscribe" link in any marketing email or by updating your notification preferences in your account settings.

6.4 Cookie Preferences

You may manage cookie preferences through your browser settings. See our Cookie Policy for details.

6.5 CCPA Rights (California Residents)

If you are a California resident, you have the right to:

• Know what personal information we collect, use, disclose, and sell (we do not sell personal information).
• Request deletion of your personal information.
• Not be discriminated against for exercising your privacy rights.

To exercise these rights, contact us at privacy@sopreports.com. We will verify your identity before processing your request.

6.6 GDPR Rights (EU/EEA Residents)

If you are in the European Economic Area, you have the right to access, rectify, erase, restrict processing, and port your data. You also have the right to object to processing and to withdraw consent. To exercise these rights, contact us at privacy@sopreports.com. You also have the right to lodge a complaint with your local data protection authority.

7. Data Security

We implement industry-standard security measures to protect your information:

• Encryption in transit (TLS 1.3) and at rest (AES-256).
• Regular security audits and penetration testing.
• Role-based access controls and multi-factor authentication for internal systems.
• Payment card data is handled exclusively by Square and never touches our servers.

No method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security, but we continuously work to protect your data.

8. Children's Privacy

Our Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we learn that we have collected personal information from a child without verification of parental consent, we will delete that information promptly.

9. International Data Transfers

Your information may be transferred to and processed in the United States, where our servers are located. If you are accessing the Service from outside the United States, you consent to the transfer of your information to the United States. We take appropriate safeguards to ensure your data is protected in accordance with this policy.

10. Third-Party Links

Our Service may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties. We encourage you to review their privacy policies.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email (to the address associated with your account) or by a notice on our website prior to the change becoming effective. The "Effective Date" at the top of this policy indicates when it was last revised.

12. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights:

• Email: privacy@sopreports.com
• Mail: SOP Reports, PO Box 1234, Bellingham, WA 98225
• Data Protection Officer: dpo@sopreports.com