Legal

Privacy Policy

Last updated: April 2026

ElevaTechPro, Inc. ("ElevaTechPro," "we," "us," or "our") operates a cloud-based elevator maintenance management platform. This Privacy Policy explains what information we collect, how we use it, and how we protect it. By accessing or using ElevaTechPro, you agree to the practices described in this policy.

1. Information We Collect

We collect information in the following categories:

Account Information

When you create an account, we collect your name, email address, company name, phone number, and billing address. For technician accounts, we may also collect license numbers and certifications.

Usage Data

We automatically collect information about how you use the platform, including pages visited, features accessed, session duration, browser type, device type, and IP address. This data is used to improve the platform and diagnose technical issues.

Elevator Unit and Inspection Data

As part of the core service, we store elevator unit records (unit ID, location, type, serial number, installation date), inspection checklists, test results, violation records, photos captured during inspections, technician signatures, and compliance certificates. This data is owned by you and processed on your behalf.

Billing Information

Payment card data is processed directly by Stripe and is never stored on our servers. We retain records of transaction amounts, dates, invoice numbers, and billing history for accounting and audit purposes.

2. How We Use Your Information

We use the information we collect to:

  • Provide and operate the ElevaTechPro platform and all its features
  • Process payments and generate invoices
  • Send service-related notifications, including compliance deadline reminders, work order updates, and system alerts
  • Improve the platform through usage analytics and error monitoring
  • Respond to support requests and communicate with your account
  • Comply with applicable laws and regulations, including ASME A17.1 recordkeeping requirements
  • Detect and prevent fraud, abuse, and security incidents

We do not sell your data to third parties. We do not use your inspection records or unit data for any purpose other than providing the service to you.

3. Data Storage and Security

ElevaTechPro uses industry-standard security measures to protect your data:

  • Encryption at rest: All database data is encrypted using AES-256.
  • Encryption in transit: All data transmitted between your browser, the mobile app, and our servers uses TLS 1.3.
  • Multi-tenant isolation: Every record in the database is scoped by company identifier. PostgreSQL Row-Level Security policies enforce tenant isolation at the database layer, independent of application code.
  • Audit logging: All data access and modifications are logged with user identity and timestamp. Audit logs are retained for 3 years.
  • Access controls: Internal access to customer data is restricted to authorized personnel with a documented business need.

Our infrastructure is hosted on AWS in US-East and US-West regions with automated backups, geographic redundancy, and 99.9% uptime targets.

4. Data Retention

We retain your data according to the following schedule:

  • Account data (name, email, settings): Retained while your account is active. Deleted within 90 days of account closure, subject to the exceptions below.
  • Compliance records (inspection reports, violation records, MCP maintenance logs): Retained for a minimum of 10 years per ASME A17.1 and applicable state regulatory requirements. These records cannot be deleted even upon account closure.
  • Billing records: Retained for 7 years for tax and accounting compliance.
  • Usage logs: Retained for 12 months, then aggregated and anonymized.

5. Third-Party Services

ElevaTechPro integrates with the following third-party services to operate the platform. Each provider processes only the minimum data necessary for their function:

  • SendGrid (Twilio): Delivery of transactional email notifications. Receives recipient email address and message content.
  • Twilio: Delivery of SMS notifications. Receives recipient phone number and message content.
  • Stripe: Payment processing. Receives billing information directly from your browser. We never see or store full payment card numbers.
  • QuickBooks (Intuit): Accounting data sync when you enable the integration. Receives invoice records, payment records, and customer information that you choose to sync.
  • AWS: Cloud infrastructure and hosting. Processes all data as our infrastructure provider under a data processing agreement.

Each of these providers operates under their own privacy policy and is contractually bound to handle data in compliance with applicable law.

6. Your Rights

You have the following rights with respect to your data:

  • Access: You may request a full export of your account data at any time from Settings > Data Export.
  • Export: Unit records, inspection reports, and billing history can be exported in CSV and PDF formats.
  • Correction: You may correct inaccurate account information directly in the platform or by contacting support.
  • Deletion: You may request deletion of your account and non-regulated data. Compliance records subject to ASME and state retention requirements cannot be deleted.
  • Marketing opt-out: You may unsubscribe from marketing emails at any time using the unsubscribe link in any marketing message. Transactional notifications related to your account and work orders are not optional while your account is active.

7. Cookies

ElevaTechPro uses cookies for the following purposes:

  • Session cookies: To maintain your authenticated session while you are logged in. These are essential and cannot be disabled without breaking the application.
  • Preference cookies: To remember your display preferences such as table column widths and filter settings.

We do not use third-party tracking cookies. We do not use advertising cookies or participate in any advertising networks. We do not share cookie data with any third party for marketing or analytics purposes.

8. ASME Compliance Records

Inspection reports, violation records, and MCP maintenance logs generated through ElevaTechPro are subject to ASME A17.1 and applicable state regulatory recordkeeping requirements. These records are retained for a minimum of 10 years regardless of account status. They cannot be deleted upon account closure. If your account closes, these records remain securely stored and accessible to you upon written request for the duration of the retention period.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email at least 30 days before the changes take effect. The updated policy will be posted at this URL with a new "Last updated" date. Your continued use of the platform after the effective date constitutes acceptance of the updated policy.

10. Contact

If you have questions about this Privacy Policy or how we handle your data, please contact us:

ElevaTechPro Privacy Team
Email: [email protected]