Privacy Policy

Automic Trades is a product of Spartan X Corp ("we," "us," "our"). This Privacy Policy explains what information we collect about users of the platform at automictrades.com and the related app at app.automictrades.com (the "Service"), how we use it, and the choices you have.

Our Service is designed for owners of independent trade businesses (the "Owner") and the managers, shift leads, and field workers an Owner invites to use it. If you interact with us only because an Owner has invited you to participate, the Owner is the controller of your data; please contact them with questions about data they collect about you.

We collect the following categories of information:

• Account information. Email, name, mobile phone number, and authentication metadata (login times, device).
• Business information. Legal business name, business address, employer identification number (EIN) or social security number (SSN) where required for tax compliance and the founding-rate redemption ledger, business type, industry, hours of operation, service area.
• Payment information. Card details and billing addresses are collected and processed by Stripe; we receive only Stripe customer identifiers, last-4 digits, brand, and billing status. We do not store full card numbers.
• Customer and operational data. Information Owners and their invited team members enter into the Service about the Owner's customers, jobs, quotes, invoices, photos, notes, schedules, and other business records.
• Communications metadata. SMS, voice, and email metadata (delivery status, timestamps, costs) processed through Twilio and Resend on behalf of Owners.
• Agent activity logs. Records of actions our AI agents take on behalf of Owners — drafts written, messages sent, transactions categorized, etc. — together with the Owner approvals or auto-policy that authorized them.
• Integration data. When an Owner connects QuickBooks, Google, Meta, Jobber, or other third-party services, we receive OAuth tokens and the data the Owner authorizes us to access from those services.
• Usage and device data. IP address, browser type, pages visited, and basic interaction events for security, debugging, and product improvement.
• Mobile-specific information. If you use our iOS or Android app, we collect device push notification tokens (when push is enabled), mobile app crash and diagnostic data (via Sentry), and operating system / app version metadata. We do not collect device advertising identifiers. See "Mobile app permissions" and "Mobile app data handling" below for details.

We use information to:

• Provide, operate, and improve the Service.
• Authenticate users, including delivering one-time passcodes by SMS or email.
• Process payments and enforce the founding/intro pricing rules.
• Execute the operational tasks Owners delegate to our AI agents — for example, responding to leads, sending invoices, posting content, and reconciling books.
• Send transactional notifications about account activity and billing.
• Detect, prevent, and respond to fraud, abuse, and security incidents.
• Comply with legal obligations.

We do not sell personal information. We do not use Owner customer data to train generative models for use outside that Owner's own account.

We share information with the following categories of service providers (sub-processors) strictly to operate the Service:

• Hosting and database: Vercel (application hosting), Supabase (database, authentication, file storage; data hosted in the United States).
• Payments: Stripe.
• Communications: Twilio (SMS and voice), Resend (email), Deepgram (voice transcription).
• AI providers: Anthropic (large-language-model inference for agent reasoning).
• Optional integrations (only when an Owner connects them): QuickBooks Online (Intuit), Google (Calendar, Business Profile), Meta (Facebook, Instagram), Jobber.
• Operations and observability: Sentry (error reporting), PagerDuty (alerting), GitHub (source control).

We may also disclose information to comply with valid legal process, to protect the rights and safety of users and the public, or in connection with a corporate transaction (such as a merger or acquisition), in which case we will require the recipient to honor the protections in this Policy.

We use industry-standard technical and organizational measures to protect information, including encryption in transit (TLS) and at rest, role-based access controls in our database (Postgres row-level security), HMAC-hashed storage of business tax identifiers, and AES-GCM envelope encryption for sensitive document content. No system is perfectly secure — please use a strong password and keep your account credentials private.

We retain account data for as long as the Owner's account is active and as needed to provide the Service. After cancellation, we retain core records for up to 90 days to allow account recovery and then purge personal data on a rolling basis, except where longer retention is required by law (for example, tax and financial records). Operational logs are typically retained for 30 to 90 days.

Depending on your location, you may have the right to access, correct, delete, or export the personal information we hold about you. To exercise these rights, email privacy@automictrades.com. We will respond within the time required by applicable law. If you are an invited team member, please direct requests to the Owner who invited you in the first instance.

To opt out of SMS messaging, reply STOP to any text message we send. To get help, reply HELP. Standard message and data rates from your wireless carrier may apply.

We use a small number of strictly necessary cookies for authentication and session management. We do not use third-party advertising cookies. We may use privacy-respecting analytics to understand product usage in aggregate.

Our mobile apps (iOS and Android) request the following device permissions. Each is used only for the listed purposes; we do not access these capabilities outside the in-app feature that triggered the request.

• Camera. We use the device camera so workers can capture job-site photos (before/during/after work) and attach them to job records. Photos are uploaded to your Owner's account on our hosted database.
• Microphone. We use the device microphone when you tap the in-app voice button to issue commands to the Site Manager agent (for example, "clock me in" or "log inspection passed"). Audio is streamed to Deepgram for transcription and is not retained beyond the duration of the request.
• Push notifications. We send push notifications for time-sensitive events such as inspection reminders, urgent customer messages, schedule changes, and approval requests. You can disable push notifications at any time in your device settings.
• Biometric authentication (Face ID, Touch ID, fingerprint). If enabled, biometric data is used to unlock the app on subsequent opens. Biometric data never leaves your device — we receive only a success/failure signal from the operating system.
• Photo library (limited). With your permission, we let you attach existing photos from your library to a job; we access only the photos you select.
• Location (Phase 2 feature). Our launch version does NOT collect location. A future version may offer optional location features (route optimization, on-site verification); we will request permission at that time and you can deny without losing access to the rest of the app.

You can review and revoke any of these permissions at any time in your device's system settings.

The mobile app stores some data locally on your device and sends some data to our servers. Specifically:

• On-device data. Job assignment cache, queued photo uploads (for offline operation), and your authentication session are stored locally using your device's secure storage. This data is removed when you uninstall the app.
• Push notification tokens. When you enable push notifications, we receive a device-specific token from Apple Push Notification service (APNs) or Firebase Cloud Messaging (FCM) and store it associated with your account so we can route notifications to your device. Tokens are revoked when you disable push notifications or uninstall the app.
• Crash and diagnostic data. We use Sentry to collect anonymized crash reports and basic performance diagnostics from the mobile app, helping us identify and fix bugs. Diagnostic data is associated with a session identifier, not directly with your personal account, unless a crash explicitly references account context.
• Mobile app version + device metadata. Operating system version, app version, device model, and language. We use this for compatibility checks and to debug device-specific issues.
• No advertising identifiers. We do not access your Apple Advertising Identifier (IDFA) or Google Advertising ID. We do not show in-app advertising.

When you download our app from the Apple App Store or Google Play Store, Apple and Google's privacy practices also apply to your interaction with their stores (account, payment, app downloads). We have no control over what the stores collect about you in the course of providing the app to your device.

Each store also requires us to submit a structured summary of our data practices:

• Apple App Privacy: see our App Store listing → "App Privacy" section.
• Google Play Data Safety: see our Play Store listing → "Data Safety" section.

Those summaries are derived from this Privacy Policy. If there is ever a conflict between this Policy and a store summary, this Policy controls.

The Service is not directed to anyone under 18, and we do not knowingly collect personal information from children. If you believe a child has provided us information, please contact us and we will delete it.

We may update this Policy from time to time. If changes are material, we will notify Owners by email or in-product notice. Continued use of the Service after changes take effect constitutes acceptance of the updated Policy.

Spartan X Corp · 7600 Chevy Chase Drive, Bldg 2 Suite 300, Austin, TX 78752
Email: privacy@automictrades.com