Last updated: March 3, 2026
Ontrakt, LLC ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use ontrakt.com and our platform services.
Account information: name, email, phone, business name, trade type. Business data: client information, project details, estimates, invoices, photos, and documents you enter. Media uploads: photos, videos, PDFs, and audio recordings you upload for AI processing. Payment information: processed by Stripe — we do not store raw card numbers. Usage data: IP address, browser type, pages visited, features used, session duration. Third-party integrations: data from Jobber, QuickBooks, or other services you connect.
We use your information to: provide and maintain the Service; process transactions and manage subscriptions; generate AI estimates, reports, and content on your behalf; power integrations with third-party services; troubleshoot and improve features; send transactional and service communications; and comply with applicable laws. We may use aggregated, de-identified data to improve our AI models. We do not use raw identifiable client data (names, addresses, phone numbers) for AI training without explicit consent.
We do not sell your personal information. We share data only with service providers under data processing agreements (Railway for hosting, Stripe for payments, Clerk for authentication, SendGrid for email, Twilio for SMS, Anthropic and Z.AI for AI processing, Backblaze for file storage). We may disclose information when required by law or to protect safety. In the event of a merger or acquisition, your information may be transferred to the acquiring entity.
When you use Ontrakt to manage your clients, you are the data controller for your clients' personal information. You are responsible for having a lawful basis to process client data, providing your clients with privacy notices, and honoring their data rights. Ontrakt acts as a data processor and processes client data only on your instructions.
We implement TLS/HTTPS encryption for all data in transit, AES-256 encryption for sensitive data at rest, access controls and principle of least privilege, and private file storage (Backblaze B2 with presigned URLs — no public file access). Despite these measures, no system is 100% secure.
Active account data: duration of subscription. Customer Data after cancellation: 90 days, then deleted. Payment records: 7 years (legal requirements). E-signature records: 7 years (ESIGN Act compliance). Usage logs: 12 months. AI processing logs: 90 days.
You have the right to access, correct, delete, and export your personal data. California residents have additional rights under CCPA/CPRA (right to know, delete, correct, opt-out of sale). EU/UK users have rights under GDPR including portability and the right to object. To exercise any of these rights, email privacy@ontrakt.com. We will respond within 45 days.
We use essential cookies (session management, authentication — required for Service operation), functional cookies (preferences and settings), and analytics cookies (understanding Service usage). We do not use third-party advertising cookies. You can control cookies through your browser settings.
The Service is not directed to children under 18 years of age. We do not knowingly collect information from children. If we learn we have collected information from a child under 18, we will delete it promptly.
We may update this Privacy Policy periodically. We will notify you of material changes via email or prominent notice in the Service at least 30 days before the changes take effect.
Privacy inquiries: privacy@ontrakt.com. Security concerns: security@ontrakt.com. General: hello@ontrakt.com. Ontrakt, LLC — legal@ontrakt.com.