Privacy Policy

Effective date: June 1, 2026

1. Who We Are and What This Covers

Progrid is a mobile app for construction field crews, vendors, and subcontractors, together with its accompanying website at getprogrid.com. Progrid is operated by Axsys Technologies LLC (“Progrid,” “Axsys,” “we,” “our,” or “us”). This Privacy Policy describes how we collect, use, and share information when you use the Progrid mobile app or visit our website.

Progrid is a multi-tenant service. The Progrid mobile app connects you to your employer’s or contracting company’s own Progrid workspace (“your Tenant”). For the operational data you create through the app — project records, daily logs, photos, schedules, messages — your Tenant is the data controller and is responsible for how that data is stored, retained, and shared. Axsys provides the app and the infrastructure that connects you to your Tenant, but does not control or access your operational project data except as needed for technical support requested by your Tenant.

This Privacy Policy applies to Axsys’s own collection and processing. For questions about how your Tenant uses the data you create in the app, contact your Tenant administrator directly.

2. Information We Collect

2.1 Information You Provide

  • Account information: your email address, used to identify which Tenant your account belongs to and to authenticate your session.
  • Authentication credentials: a password (verified against your Tenant’s Progrid workspace, never stored by Axsys) and an optional PIN you set to unlock the app. The PIN is stored only as a one-way hash inside the device’s secure enclave (iOS Keychain / Android Keystore) and is never transmitted off-device.
  • Photos and attachments you capture or upload through the app as part of daily logs or project records. These are uploaded directly to your Tenant’s Progrid workspace.
  • Text content you create in daily logs, comments, or other in-app fields. Uploaded to your Tenant’s Progrid workspace.

2.2 Information Collected Automatically

  • Device push token: when you grant notification permission, the operating system issues a token that we send to your Tenant’s Progrid workspace so the Tenant can route push notifications to your device. Axsys does not see the content of push notifications routed through Apple Push Notification Service or Firebase Cloud Messaging.
  • Location metadata on photos (mobile app only): if you grant location permission and choose to capture a photo through Progrid, the device’s current GPS coordinates are embedded in that photo’s EXIF metadata so the resulting image records where the work was photographed. Location is read only at the moment of photo capture, never in the background, and is uploaded only as part of the photo file. We do not maintain a separate location log.
  • Diagnostic and crash data: we use Sentry to collect anonymized crash reports, error stack traces, and performance metrics so we can identify and fix bugs. We have configured Sentry to exclude personal identifiers and to scrub IP addresses. Crash data is not linked to your identity.
  • Website usage: when you visit getprogrid.com, our hosting providers (Cloudflare and similar) log standard web request information including IP address, browser type, pages visited, and referrer. We do not use third-party advertising or behavioral analytics on the website.

2.3 Information We Do Not Collect

  • We do not use third-party advertising SDKs.
  • We do not track you across other companies’ apps or websites.
  • We do not collect contacts, health data, financial data, browsing history, search history, or sensitive personal information.
  • We do not read or transmit photos from your library other than ones you specifically attach to a daily log or project record.
  • Because we do not track you across other companies’ apps or websites, Progrid does not display the App Tracking Transparency prompt on iOS.

3. How We Use Information

We use the information described above to:

  • Authenticate you and route you to your Tenant’s Progrid workspace.
  • Deliver app features you request (uploading daily logs, displaying schedules, sending push notifications you opt into).
  • Store your PIN hash locally so you can unlock the app without retyping your password.
  • Diagnose crashes and fix bugs (via Sentry).
  • Maintain the security and integrity of our services.
  • Comply with our legal obligations.

We do not use your information for advertising, profiling for marketing purposes, or sale to third parties.

4. Who We Share Information With

  • Your Tenant’s Progrid workspace: all project, daily-log, photo, and operational data you create in the app is transmitted to your Tenant’s Progrid workspace. Your Tenant controls that data.
  • Apple Push Notification Service (APNs) and Firebase Cloud Messaging (FCM): used only to deliver push notifications. We share the device push token; we do not share message content with Apple or Google beyond what they need to route a notification.
  • Sentry (Functional Software Inc., dba Sentry): receives anonymized crash and performance data on our behalf.
  • Cloudflare: hosts our tenant-discovery service, which maps an email address to your Tenant’s instance URL during first-time login. Cloudflare receives the email address you submit during the discovery step.
  • Legal authorities: when required by valid legal process, or to protect the rights, property, or safety of Axsys, our users, or others.

We do not sell personal information. We do not share personal information for cross-context behavioral advertising as defined under the California Consumer Privacy Act.

5. Where Data Is Stored

  • On your device: authentication tokens and PIN hash in the iOS Keychain / Android Keystore; cached project data in an encrypted local SQLite database scoped per Tenant.
  • On your Tenant’s Progrid workspace: all operational data (projects, logs, photos, messages). Hosting location is determined by your Tenant.
  • On Cloudflare (tenant-discovery service): the mapping of your email address to your Tenant’s instance URL. Stored in Cloudflare Workers KV in the United States.
  • On Sentry: anonymized crash and diagnostic data, retained for the default Sentry retention period (currently 90 days).

6. Your Rights

6.1 General Rights

You can:

  • Sign out of the app at any time from the Profile screen.
  • Delete the app from your device to remove all locally stored data.
  • Contact us to request access to, correction of, or deletion of any information Axsys holds about you directly. Email: info@axsys.dev.

For data your Tenant holds about you in their Progrid workspace (projects, daily logs, photos, account record), contact your Tenant administrator. Axsys cannot delete data from a Tenant’s instance without the Tenant’s instruction.

6.2 California Residents (CCPA / CPRA)

If you are a California resident, you have the right to:

  • Know what personal information we collect, use, disclose, and retain.
  • Request deletion of personal information we hold.
  • Request correction of inaccurate personal information.
  • Opt out of the sale or sharing of personal information for cross-context behavioral advertising. Axsys does not sell or share personal information for these purposes, so this right is satisfied by default.
  • Limit use of sensitive personal information. We do not collect sensitive personal information as defined under the CPRA.
  • Non-discrimination for exercising these rights.

To exercise any of these rights, email info@axsys.dev with the subject line “CCPA Request.”

6.3 European Economic Area, United Kingdom, and Switzerland (GDPR / UK GDPR)

If you are located in the EEA, UK, or Switzerland, you have the right to:

  • Access the personal data we hold about you.
  • Request rectification of inaccurate data.
  • Request erasure (“right to be forgotten”) subject to legal retention requirements.
  • Restrict or object to processing.
  • Data portability for data you provided directly.
  • Lodge a complaint with your local data protection supervisory authority.

The legal basis for our processing is the performance of our contract with your Tenant (where we act as a processor on the Tenant’s behalf) and our legitimate interests in maintaining and securing the service.

To exercise these rights, email info@axsys.dev.

7. Data Retention

  • Local app data is retained on your device until you sign out or uninstall the app.
  • Tenant-discovery email-to-URL mapping is deleted when your Tenant’s administrator removes your user record from their Progrid workspace. The deletion is automatic and happens in the same transaction.
  • Sentry crash data is retained for 90 days, then automatically deleted.
  • Website request logs are retained for the default period configured by our hosting provider (currently 30 days) and are not linked to any personal identifier.
  • Operational project data is retained per your Tenant’s own retention policy.

8. Children’s Privacy

Progrid is intended for adult and working-age users. The app and website are not directed to children under 13, and we do not knowingly collect personal information from anyone under 13. If you believe a child under 13 has provided us with personal information, contact us at info@axsys.dev and we will delete it.

9. Security

We use industry-standard security practices, including:

  • All network traffic uses HTTPS (TLS 1.2 or higher).
  • Authentication tokens and PIN hashes are stored only in the device’s secure enclave.
  • The local SQLite database is encrypted at rest using OS-provided full-disk encryption (iOS Data Protection, Android File-Based Encryption).
  • Access to Axsys’s infrastructure is restricted to authorized personnel and authenticated with multi-factor authentication.

No security measure is perfect. If you suspect unauthorized access to your account, contact your Tenant administrator and email info@axsys.dev.

The website and the app may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties. Review their policies before providing them information.

11. International Users

Axsys is based in the United States. By using Progrid, you understand that your information will be processed in the United States and other countries where our service providers operate, which may have different data protection laws than your country of residence.

12. Changes to This Policy

We may update this Privacy Policy from time to time. The “Effective date” at the top of this page reflects the most recent revision. Material changes will be communicated through the app or by email where appropriate. Continued use of Progrid after a change takes effect constitutes acceptance of the revised policy.

13. Contact Us

For privacy questions, requests, or complaints:

Axsys Technologies LLC
21905 Fairview Street
Excelsior, MN 55331
United States

Email: info@axsys.dev (privacy inquiries)
Direct: ben@axsys.dev

14. Meta Platform Data (Progrid Web Platform)

This section describes how Progrid collects, uses, stores, and shares data obtained from Meta Platforms, Inc. (Facebook and Instagram) when a Progrid customer (“Tenant”) connects their Meta business assets to the Progrid web platform — the multi-tenant Progrid CRM accessed in a web browser, separate from the Progrid mobile app described in the rest of this Policy.

14.1 When This Applies

A Tenant administrator may connect their Meta business assets to their Progrid workspace from the Meta Ads Configuration screen, either by:

  • Clicking Connect Meta Account and authorizing Progrid through Meta’s OAuth consent screen, or
  • Adding Axsys Technologies’ Meta Business Manager as a partner on their Meta pixel or ad account and pasting an access token they generate themselves.

Either flow grants Progrid scoped access to the Tenant’s Meta assets, limited to the permissions listed in §14.2 below.

14.2 Meta Permissions We Request

When a Tenant connects, the Progrid web platform requests the following Meta permissions. We do not request, collect, or store Meta data outside this list.

Ads & Lead Capture

  • ads_read — read ad-account metadata and campaign / ad-set / ad performance metrics.
  • ads_management — create and update Custom Audiences sourced from CRM segments the Tenant chooses to sync.
  • business_management — identify which Meta business assets the Tenant has authorized us to access.
  • leads_retrieval — pull form submissions from Meta Lead Ads forms the Tenant has connected, so those leads are surfaced inside the Tenant’s CRM.

Social Publishing (when the Tenant enables the social publishing feature)

  • pages_show_list, pages_manage_posts, pages_read_engagement, pages_manage_engagement — list the Tenant’s Facebook Pages, publish posts on their behalf, read engagement, and reply to comments on their behalf.
  • instagram_basic, instagram_content_publish, instagram_manage_comments, instagram_manage_insights — equivalent capabilities for the Tenant’s Instagram Business accounts.

14.3 What Meta Data We Collect

  • Ad account metadata — account name, currency, timezone, and account ID.
  • Campaign performance metrics — campaign, ad-set, and ad-level statistics (spend, impressions, clicks, reach, conversions, and conversion value), refreshed on a rolling lookback window.
  • Pixel / Dataset IDs — identifiers for the Meta pixels the Tenant has configured for conversion measurement.
  • Lead form submissions — contact fields the lead entered into a Meta Lead Ad form (typically name, email, and phone, plus any custom fields the Tenant configured), along with the originating form name, ad name, and submission timestamp. These create contact records inside the Tenant’s CRM.
  • Custom audience membership — hashed personal identifiers (email, phone) generated from CRM contacts the Tenant chooses to sync as a Custom Audience. Identifiers are hashed locally before transmission and are sent only to Meta.
  • Page and Instagram post engagement — likes, comments, reactions, and reach on Facebook Page posts and Instagram media that the Tenant has published through Progrid.
  • Access tokens — long-lived OAuth access tokens issued by Meta during the connection flow, used to authenticate subsequent API calls on the Tenant’s behalf.

14.4 How We Use Meta Data

We use the data described in §14.3 to provide three Progrid features inside the Tenant’s workspace:

  1. Lead capture — Meta Lead Ad submissions are deduplicated and converted into CRM contacts so the Tenant’s sales team can follow up.
  2. Performance reporting — campaign, ad-set, and ad metrics are displayed alongside CRM pipeline data so the Tenant can see how advertising translates to revenue.
  3. Conversion measurement — when a lead progresses through the Tenant’s sales pipeline to a configured outcome (for example, becomes a customer), Progrid sends that event back to Meta via the Conversions API on the Tenant’s instruction, so Meta’s ad reporting and optimization can incorporate the offline outcome.

All Meta-related processing is performed on the Tenant’s instruction and on the Tenant’s behalf. We do not use Meta data to profile users, advertise to users on behalf of any party other than the Tenant, train machine-learning models, or for any purpose unrelated to providing the features above.

14.5 Who We Share Meta Data With

  • The Tenant: all Meta data described in §14.3 is available to administrators inside the Tenant’s own Progrid workspace.
  • Meta: we send Conversions API events and hashed Custom Audience identifiers back to Meta’s Graph API endpoints on the Tenant’s behalf, as part of providing the features in §14.4.
  • No one else: we do not share Meta data with any other third party, sell it, transfer it for cross-context behavioral advertising, or use it to train models.

14.6 Where Meta Data Is Stored

Meta data is stored inside the Tenant’s Progrid workspace database, encrypted at rest. Access tokens, in particular, are stored as AES-256-GCM ciphertext derived from a per-deployment key (APP_KMS_KEY) and are never logged in plaintext. Hosting location follows the Tenant’s overall Progrid deployment (in the United States by default).

14.7 Retention

  • Ad-account metadata, campaign / ad-set / ad metrics, and engagement data — retained for as long as the Tenant keeps the Meta account connected. When the Tenant disconnects, the access token is invalidated; the underlying historical records remain in the Tenant’s CRM until the Tenant deletes them.
  • Lead form submissions — retained as CRM contacts inside the Tenant’s workspace per the Tenant’s own retention policy.
  • Custom audience member snapshots — rolling, replaced on each full refresh; intermediate per-member rows are kept only long enough to compute the delta against the previous snapshot.
  • Upload and sync logs — 90 days, then automatically purged by a background process.
  • Health alerts — retained until acknowledged by a Tenant administrator; archived alerts are purged after 90 days.

14.8 Disconnecting and Deletion

A Tenant administrator may disconnect a Meta account at any time from the Meta Ads Configuration screen by opening the relevant Ad Account row and clicking Disconnect. Doing so:

  • Invalidates and removes the stored access token.
  • Stops further data ingestion from that Meta account.
  • Preserves historical records (insights, lead form submissions, audit logs) inside the Tenant’s CRM until the Tenant deletes them or until the per-record retention period in §14.7 elapses.

An end user wishing to revoke Progrid’s access to their personal Meta data can also do so directly in Meta at facebook.com → Settings → Business Integrations → remove Progrid. Independently, the Tenant administrator should be notified so any cached data can be deleted per §6.

For deletion requests that fall outside what a Tenant administrator can perform, contact info@axsys.dev. We coordinate with the Tenant to honor the request within applicable legal timelines.

14.9 Meta Platform Terms Compliance

When acting as a Meta Platform developer, Axsys Technologies complies with Meta’s Platform Terms and Developer Policies. Progrid does not use Meta Platform Data to discriminate against any person, take any action ineligible under Meta’s terms, or transfer Meta Platform Data to a data broker, advertising network, or analytics provider.