GovPilot ("we", "our", or "us") is a professional file-tracking and ministry-clearing application powered by KTS. This Privacy Policy explains what personal data we collect, how we use it, and the rights you have regarding your information.
By creating an account or using GovPilot you agree to the practices described in this policy. If you do not agree, please discontinue use of the application.
1. Information We Collect
We collect only the information necessary to operate the service:
- Account information: your full name, email address or phone number, and password (stored as a secure hash managed by Supabase Auth — we never see your plaintext password).
- Organisation data: company name, team member names, phone numbers, roles (owner / admin / member / viewer), and invite codes issued by your organisation.
- Client and file data: client names, phone numbers, reference contacts, file notes, stage statuses, due dates, financial transactions (amounts in USD and LBP), and documents you upload or scan within the app.
- Stage and workflow data: route stages, status updates, per-stage city assignments, external assignee information, and stage requirements entered by your team.
- Document data: scanned images and uploaded files stored securely in cloud storage; document names and links to stage requirements.
- Financial data: expense and revenue transactions, contract prices, and financial report data — all scoped to your organisation only.
- Custom field data: any additional client or team member fields your organisation defines (e.g. ID number, address, social security number) and the values entered for those fields.
- Device information: push notification token (used solely to deliver real-time in-app notifications to your device).
- Activity data: timestamps of status changes, comments posted within the app, and document uploads — used for the activity log and audit trail.
We do not collect GPS location, payment card details, biometric data, or any data beyond what is explicitly entered by you or your team within the app.
2. How We Use Your Information
- To create and manage your account and your organisation's workspace.
- To provide the core service: file tracking, stage management, client management, and document storage.
- To send push notifications to team members about file activity — status changes, new comments, new files — according to each member's individual notification preferences.
- To enforce role-based access control so that each team member sees only the data they are permitted to access.
- To apply per-member file visibility rules configured by your organisation's owner or admin.
- To generate financial reports and summaries accessible within your organisation.
- To allow the organisation owner to manage team members, invite codes, and organisation settings.
- To respond to support requests, account deletion requests, or data inquiries you send us.
We do not sell, rent, share, or disclose your data to any third party for advertising or marketing purposes.
3. Data Storage and Security
All data is stored on Supabase, hosted on Amazon Web Services (US-East region). Supabase applies Row Level Security (RLS) policies so that each organisation's data is strictly isolated — no user or organisation can access another organisation's data.
Data is encrypted in transit using HTTPS/TLS and encrypted at rest. Passwords are managed by Supabase Auth using bcrypt hashing.
Document files (scanned images and uploads) are stored in a private Supabase Storage bucket accessible only to authenticated members of your organisation.
Session tokens are stored locally on your device using AsyncStorage. We recommend keeping your device secured with a passcode and keeping the operating system up to date.
4. Role-Based Access and Visibility Controls
GovPilot uses a four-tier role system (Owner, Admin, Member, Viewer) to control what each team member can see and do. In addition, organisation owners and admins can apply per-member file visibility restrictions — hiding specific files from specific team members — using the Visibility & Permissions settings.
These controls are enforced both in the application and at the database level via Row Level Security policies.
5. Push Notifications
GovPilot sends push notifications about file activity including status changes, new comments, and new files. Each team member can configure their notification preferences individually under Settings → Notifications, including:
- A master on/off toggle for all notifications.
- Filters by notification type (comments, status changes, new files).
- The ability to mute notifications from specific team members.
You can also disable all push notifications from your device's system settings at any time. Disabling notifications does not affect your ability to use the app.
6. Data Retention
We retain your personal data for as long as your account remains active. If you delete your account:
- Your team_members profile record is soft-deleted immediately, revoking access to the app.
- Your authentication account (email/phone and password hash) is permanently deleted within 24 hours via our secure deletion process.
- File, client, and organisation data associated with your organisation remains accessible to the organisation owner until they choose to delete it — your personal identity is removed from that data.
Organisation owners wishing to delete all organisational data should contact us at the address below.
7. Your Rights
You have the right to:
- Access the personal data we hold about you — contact us and we will provide a summary within 30 days.
- Correct inaccurate data via the Account screen in the app (name, phone number, and custom fields).
- Delete your account at any time via Account → Security → Delete Account in the app.
- Export your data by contacting us — we will provide your data in a machine-readable format within 30 days.
- Object to any processing by contacting us — we will respond within 30 days.
- Withdraw consent by closing your account; withdrawal does not affect the lawfulness of prior processing.
8. Third-Party Services
GovPilot relies on the following third-party infrastructure providers:
- Supabase — database, authentication, real-time subscriptions, and file storage (supabase.com).
- Expo Push Notification Service — delivery of push notifications to iOS and Android devices (expo.dev).
These providers process data only as necessary to deliver the service and are governed by their own privacy policies. We do not share data with any other third parties.
9. Children's Privacy
GovPilot is a professional business application intended for users aged 18 and over. We do not knowingly collect data from anyone under 18. If you believe a minor has registered an account, please contact us immediately so we can remove the account.
10. Changes to This Policy
We may update this Privacy Policy as the service evolves. We will notify registered users of material changes via a push notification or email at least 14 days before the changes take effect. Continued use of GovPilot after that date constitutes acceptance of the updated policy.
The "Last updated" date at the top of this page reflects when the most recent version was published.
11. Contact Us
For any privacy questions, data access requests, correction requests, or deletion requests, please contact us: