Privacy Policy
Effective Date: 2026 · Last Updated: 2026
This Privacy Policy describes how Sodium Studio, LLC (“Sodium Studio,” “we,” “us,” or “our”) collects, uses, stores, and shares information when you use Spotless Pro, including the web application at app.spotlesspro.app and the Spotless Pro iOS, iPadOS, and Android mobile applications (collectively, the “Platform”).
Please read this Privacy Policy carefully. By using the Platform, you agree to the practices described in this policy. If you do not agree, please do not use the Platform.
1. Who This Policy Applies To
This Privacy Policy applies to:
- Operators — business owners and their authorized users (crew members, staff) who create and use Spotless Pro accounts to manage their exterior cleaning businesses
- End Customers — individuals whose information operators enter into the Platform as part of managing their business (homeowners, commercial clients, etc.)
- Website Visitors — individuals who visit spotlesspro.app without creating an account
If you are an End Customer whose information has been entered into Spotless Pro by a business that uses our platform, your primary relationship is with that business. Please contact the business directly with questions about how they use your information. We process End Customer data only on behalf of and under the instruction of the operator.
2. Information We Collect
2.1 Information You Provide Directly
Account and Business Information:
- Name, email address, and password when you create an account
- Business name, address, phone number, and email address
- Business logo (if uploaded)
- Subscription and billing information (processed by Stripe — we do not store your credit card number)
Operational Data You Enter:
- Customer names, email addresses, phone numbers, and service addresses
- Job details including services performed, scheduled dates, crew assignments, and notes
- Estimates and invoices including line items, pricing, and tax information
- Payment records including amounts, payment methods, and dates
- Equipment and chemical inventory
- Photos associated with customers, estimates, and jobs (including before and after photos)
- Crew member names and email addresses
2.2 Information Collected Automatically
When you use the Platform, we and our service providers automatically collect certain technical information:
- Device type, operating system, and browser type
- IP address and approximate location derived from IP address
- Pages visited, features used, and time spent on the Platform
- Error logs and crash reports
- Session data and usage patterns
2.3 Information from Third-Party Services
When you connect third-party integrations such as QuickBooks Online or FreshBooks, we receive authentication tokens necessary to sync data on your behalf. We do not receive or store your third-party account passwords.
3. How We Use Your Information
We use the information we collect for the following purposes:
To provide and operate the Platform:
- Creating and managing your account and organization
- Processing your subscription and billing
- Storing and displaying the operational data you enter
- Enabling crew members to access their assigned job information
- Generating estimates, invoices, and PDFs
- Syncing data with connected accounting platforms (QuickBooks, FreshBooks)
To communicate with you:
- Sending transactional emails via Resend, including account verification, password reset, estimate delivery, invoice delivery, and payment receipts
- Sending SMS notifications via Twilio, including job reminders and estimate notifications (only to recipients who have provided consent through your business)
- Responding to your support inquiries
To improve the Platform:
- Analyzing usage patterns and feature adoption through PostHog analytics
- Identifying and fixing bugs and performance issues
- Developing new features based on how the Platform is used
To protect the Platform and users:
- Detecting and preventing fraudulent activity and security incidents
- Enforcing our Terms of Service
- Complying with legal obligations
4. How We Share Your Information
We do not sell your personal information. We do not share your personal information with third parties for their own marketing purposes. We share information only in the following circumstances:
4.1 Service Providers
We share information with trusted third-party service providers who help us operate the Platform. These providers are contractually obligated to use your information only to provide services to us and to protect it appropriately:
| Service Provider | Purpose | Data Shared |
|---|---|---|
| Supabase | Database, authentication, and file storage | All platform data |
| Stripe | Payment processing and subscription billing | Billing information, payment data |
| Resend | Transactional email delivery | Email addresses, email content |
| Twilio | SMS delivery | Phone numbers, SMS content |
| PostHog | Product analytics | Usage data, anonymized events |
| Vercel | Web application hosting | Request logs, application data |
4.2 Accounting Integrations
If you connect QuickBooks Online or FreshBooks, we transmit data including customer names, service line items, and payment amounts to those platforms on your behalf when you record a payment. This data transfer is initiated by you and governed by your agreement with those platforms.
4.3 Legal Requirements
We may disclose your information if required to do so by law or in response to valid legal process, such as a subpoena, court order, or government request. We will notify you of such requests where permitted by law.
4.4 Business Transfers
In the event of a merger, acquisition, or sale of all or substantially all of Sodium Studio’s assets, your information may be transferred to the acquiring entity. We will notify you of any such change and the acquiring entity will be required to honor this Privacy Policy.
4.5 Protection of Rights
We may disclose information when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a legal claim.
5. Data Storage and Security
Your data is stored on Supabase’s managed PostgreSQL infrastructure, which is hosted on Amazon Web Services (AWS). Photos and files are stored in Supabase Storage (also AWS-backed). All data is encrypted in transit using TLS and encrypted at rest.
We implement Row Level Security (RLS) at the database layer, ensuring that each organization’s data is completely isolated from other organizations — not just at the application level, but at the database level. This means it is architecturally impossible for one organization’s data to be accessed by another.
We do not store payment card numbers or sensitive cardholder data. All payment information is handled by Stripe, which is PCI DSS compliant.
While we implement reasonable security measures, no system is completely secure. We cannot guarantee the absolute security of your information. You are responsible for maintaining the security of your account credentials.
6. Data Retention
We retain your data for as long as your account is active. If you cancel your account, we retain your data for 30 days to allow you to export it before permanent deletion. You may request earlier deletion by contacting us at contact@spotlesspro.app.
We may retain certain information for longer periods where required by law or for legitimate business purposes such as resolving disputes or enforcing our agreements.
7. Your Rights and Choices
Depending on your location, you may have certain rights with respect to your personal information:
Access and Portability: You may request a copy of the personal information we hold about you. The Platform provides data export functionality for your operational data.
Correction: You may update or correct your account information at any time through your account settings.
Deletion: You may request deletion of your personal information by cancelling your account or contacting us at contact@spotlesspro.app. Note that we may retain certain information as required by law or for legitimate business purposes.
Opt-Out of Marketing: We do not send marketing emails without your consent. If you receive marketing communications from us, you may unsubscribe using the link in any such email.
California Residents: If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect and how it is used, the right to request deletion of your personal information, and the right to non-discrimination for exercising your privacy rights. To exercise these rights, contact us at contact@spotlesspro.app.
To exercise any of these rights, please contact us at contact@spotlesspro.app. We will respond to verifiable requests within 30 days.
8. Cookies and Tracking Technologies
The Platform uses cookies and similar technologies to maintain your session, remember your preferences, and analyze usage. Specifically:
- Session cookies — required for authentication and maintaining your logged-in state
- Analytics — PostHog collects anonymized usage events to help us understand how the Platform is used and improve the product
You may disable cookies through your browser settings, but doing so may prevent you from using certain features of the Platform that require authentication.
9. Children's Privacy
Spotless Pro is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete that information promptly. If you believe we have inadvertently collected such information, please contact us at contact@spotlesspro.app.
10. Third-Party Links and Integrations
The Platform may contain links to third-party websites or integrate with third-party services. This Privacy Policy does not apply to those third parties. We encourage you to review the privacy policies of any third-party services you use in connection with Spotless Pro, including Stripe, QuickBooks Online, FreshBooks, and Twilio.
11. SMS Privacy
When you use Spotless Pro’s SMS features to communicate with your customers, you are responsible for ensuring you have obtained appropriate consent from those customers to receive SMS messages. Sodium Studio transmits SMS messages through Twilio on your behalf and is not responsible for your compliance with applicable SMS regulations including the Telephone Consumer Protection Act (TCPA).
Message and data rates may apply to SMS messages sent or received. SMS message frequency varies based on your use of the Platform.
12. International Users
Spotless Pro is operated in the United States and is intended primarily for use by US-based businesses. If you access the Platform from outside the United States, your information will be transferred to and processed in the United States, where data protection laws may differ from those in your country. By using the Platform, you consent to this transfer and processing.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. We will notify you of material changes by posting the updated policy on the Platform and updating the “Last Updated” date above. Your continued use of the Platform after the effective date of any changes constitutes your acceptance of the revised policy.
14. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:
We will respond to all inquiries within 30 days.
This Privacy Policy was last updated in 2026. Please check back periodically for updates.