Contents
FSMsync ("we," "our," or "us") is a field service management platform built for trade businesses — HVAC, plumbing, electrical, and related industries. This Privacy Policy explains how we collect, use, store, and protect information when you use our mobile application (iOS and Android), web application at app.fsmsync.com, and marketing website at fsmsync.com.
By using FSMsync, you agree to the practices described in this policy. If you do not agree, please discontinue use of the service.
Information We Collect
We collect information you provide directly, information generated through your use of the service, and limited device-level data required for app functionality.
| Category | Examples | Purpose |
|---|---|---|
| Account information | Name, email address, password (hashed), company name, phone number | Authentication and account management |
| Business data | Customer records, job details, estimates, invoices, payment records, service types, notes | Core application functionality |
| Payment information | Credit/debit card data (processed by Square), billing address | Processing customer payments via Square hardware |
| Location data | GPS coordinates (foreground only, when app is open) | Job routing and technician dispatch |
| Device & Bluetooth | Bluetooth scan for Square card reader; device OS, model, app version | Connecting to Square payment terminal |
| Usage data | Feature interactions, session duration, error logs, crash reports | Improving app reliability and performance |
| Push notification tokens | Firebase Cloud Messaging (FCM) device token | Sending job assignments and alerts to technicians |
| Subscription & billing | Stripe customer ID, subscription plan, payment status | Managing your FSMsync subscription |
Location access: FSMsync requests location permission only while the app is in use (foreground). We do not track your location in the background. You can revoke location permission at any time in your device settings.
Bluetooth access: Bluetooth is used solely to detect and connect to Square card readers for in-person payment processing. We do not scan for or store data from other Bluetooth devices.
How We Use Your Information
We use the information we collect to:
- Provide, operate, and improve the FSMsync platform
- Authenticate users and protect account security
- Process payments made by your customers via Square
- Send push notifications for job assignments, estimate approvals, and system alerts
- Generate estimates, invoices, and payment records for your business
- Manage your subscription, trial period, and billing via Stripe
- Respond to support requests and communicate service updates
- Detect, investigate, and prevent fraudulent or unauthorized activity
- Comply with applicable legal obligations
We do not sell your personal information to third parties. We do not use your business data for advertising purposes.
Third-Party Services
FSMsync integrates with the following third-party services. Each operates under its own privacy policy:
| Service | Purpose | Data shared |
|---|---|---|
| Square | In-person and card-not-present payment processing | Payment card data, transaction amounts. Card data never touches FSMsync servers — it goes directly to Square. |
| Stripe | FSMsync subscription billing | Email, subscription plan, payment method for your FSMsync account billing |
| Firebase (Google) | Push notifications (FCM), crash reporting | FCM device token, anonymous crash/error data |
| QuickBooks Online (Intuit) | Optional accounting integration | Invoice and payment data you explicitly choose to sync — only when you connect your QuickBooks account |
| Railway | Backend infrastructure and hosting | All application data transits and is stored on Railway's servers (SOC 2 Type II) |
Links to their privacy policies: Square · Stripe · Firebase · Intuit/QuickBooks
Data Sharing
We do not sell, rent, or trade your personal information. We share data only in these limited circumstances:
- Service providers: Third-party processors listed above, strictly to deliver the service
- Within your company account: Admins, dispatchers, and technicians on the same company account can access shared business data (customers, jobs, estimates) according to their assigned role
- Legal obligations: When required by law, court order, or to protect the rights and safety of FSMsync, its users, or the public
- Business transfer: If FSMsync is acquired or merged, data may transfer as part of that transaction. We will notify you via email prior to any such transfer
Data Retention
We retain your data for as long as your account is active. When you cancel your account:
- Your business data (customers, jobs, invoices, estimates) is retained for 30 days, then permanently deleted
- You may request immediate deletion at any time — see Your Rights
- Financial transaction records may be retained longer where required by applicable tax or legal regulations
- Anonymized, aggregated usage statistics may be retained indefinitely and cannot be linked back to you
Security
We take reasonable technical and organizational measures to protect your data:
- All data transmitted between the app and our servers uses TLS 1.2 or higher
- Passwords are hashed using bcrypt and are never stored in plaintext
- Authentication uses short-lived JWT access tokens with refresh token rotation
- Each user session is limited to two active devices simultaneously
- Payment card data is never transmitted to or stored on FSMsync servers — Square's PCI-compliant SDK handles all card capture
No method of transmission or storage is 100% secure. If you believe your account has been compromised, contact us immediately at support@fsmsync.com.
Your Rights
Depending on your location, you may have the following rights regarding your personal information:
- Access: Request a copy of the personal data we hold about you
- Correction: Request correction of inaccurate or incomplete information
- Deletion: Request deletion of your account and associated personal data
- Portability: Request your business data in a structured, machine-readable format
- Opt out of notifications: Disable push notifications at any time in your device Settings app
- Revoke location access: Disable location permission at any time in your device Settings app
To exercise any of these rights, email support@fsmsync.com with the subject line "Privacy Request." We will respond within 30 days.
California residents may have additional rights under the CCPA. EU/EEA residents may have additional rights under the GDPR. Contact us to learn more.
Children's Privacy
FSMsync is a business management platform intended for use by adults operating trade businesses. We do not knowingly collect personal information from children under 13 (or under 16 in applicable jurisdictions). If you believe a child has provided us with personal information, please contact us and we will delete it promptly.
Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email and update the "Last updated" date at the top of this page. Your continued use of FSMsync after changes become effective constitutes acceptance of the updated policy.
We encourage you to review this page periodically.
Contact Us
If you have questions about this Privacy Policy or want to exercise your privacy rights, please reach out: