Privacy Policy

Last updated: January 1, 2025

1. Introduction

Welcome to Kore ("we," "our," or "us"). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our construction management platform and services (the "Service").

This Privacy Policy complies with the Personal Information Protection and Electronic Documents Act (PIPEDA) and other applicable Canadian privacy laws. By using our Service, you consent to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Email address (required for authentication)
  • Name or display name (optional)
  • User role (ADMIN or EMPLOYEE)
  • Business name and business membership information

2.2 Construction Site Data

We collect information about construction sites you manage:

  • Site name and address
  • Site description and status
  • Site assignments linking employees to construction sites

2.3 Financial Data

To provide financial tracking features, we collect:

  • Transaction records (income and expenses)
  • Transaction amounts, descriptions, and dates
  • Transaction categories (materials, invoices, general expenses)
  • Receipt and invoice images uploaded by you

Note: All monetary amounts are stored as integers (in cents) to ensure precision and avoid floating-point errors.

2.4 Work and Labor Data

We collect work-related information:

  • Shift records (clock in/out times)
  • Hours worked and earnings calculations
  • Hourly wage information and wage history
  • Site assignments for employees

2.5 Media Files

When you upload receipts or invoices, we store:

  • Receipt and invoice images
  • Image metadata and file information

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our Service
  • Authenticate users and manage access to the platform
  • Process and track financial transactions
  • Calculate wages and generate financial reports
  • Enable multi-site management and site assignments
  • Generate profitability reports and analytics
  • Enforce role-based access control (ADMIN vs EMPLOYEE permissions)
  • Ensure data isolation between different businesses (multi-tenant architecture)
  • Respond to your inquiries and provide customer support

4. Data Storage and Security

Your data is stored securely using the following measures:

  • Database: All account, site, financial, and work data is stored in a PostgreSQL database hosted by Supabase, with data stored in Canada
  • File Storage: Receipt and invoice images are stored in Supabase Storage, a secure cloud storage service
  • Encryption: Data is encrypted in transit using HTTPS/TLS and at rest using industry-standard encryption
  • Authentication: User authentication is handled securely through Supabase Auth using email/password
  • Access Control: We implement role-based access control to ensure users only access data appropriate to their role (ADMIN or EMPLOYEE)
  • Multi-Tenant Isolation: All data queries are filtered by business ID to ensure strict data isolation between different businesses

5. Third-Party Services

We use the following third-party services to operate our platform:

5.1 Supabase

We use Supabase for:

  • Authentication: User authentication and session management
  • Database: PostgreSQL database hosting for all application data
  • Storage: Cloud storage for receipt and invoice images

Supabase's privacy policy can be found at https://supabase.com/privacy

5.2 Vercel Analytics

We use Vercel Analytics to understand how visitors interact with our website. Vercel Analytics collects:

  • Page views and navigation patterns
  • Performance metrics (page load times, Core Web Vitals)
  • Geographic location data (country-level, not specific addresses)
  • Device and browser information

Vercel Analytics is privacy-focused and does not use cookies or collect personally identifiable information. All data is aggregated and anonymized. Vercel's privacy policy can be found at https://vercel.com/legal/privacy-policy

6. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:

  • Service Providers: We share data with Supabase, our service provider, solely for the purpose of providing our Service. Supabase is contractually obligated to protect your data
  • Legal Requirements: We may disclose information if required by law, court order, or government regulation
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction
  • With Your Consent: We may share information with your explicit consent

7. Your Rights (PIPEDA Compliance)

Under Canadian privacy laws, including PIPEDA, you have the following rights:

7.1 Right to Access

You have the right to access the personal information we hold about you. You can view most of your data directly through the Service, or request a copy by contacting us.

7.2 Right to Correction

You can update or correct your personal information at any time through your account settings or by contacting us.

7.3 Right to Deletion

You may request deletion of your account and associated data. Note that some information may be retained as required by law or for legitimate business purposes (e.g., financial records for tax compliance).

7.4 Right to Withdraw Consent

You may withdraw your consent to our collection and use of your information at any time. However, this may limit your ability to use certain features of the Service.

7.5 Right to File a Complaint

If you believe we have violated your privacy rights, you may file a complaint with the Office of the Privacy Commissioner of Canada at https://www.priv.gc.ca

8. Data Retention

We retain your personal information for as long as necessary to provide the Service and fulfill the purposes outlined in this Privacy Policy. Specifically:

  • Account Data: Retained while your account is active and for a reasonable period after account closure
  • Financial Data: Retained as required by law for tax and accounting purposes (typically 7 years)
  • Work Records: Retained for payroll and employment record-keeping purposes
  • Receipt Images: Retained as long as associated with active transactions or as required by law

When you delete your account, we will delete or anonymize your personal information, except where retention is required by law or for legitimate business purposes.

9. Children's Privacy

Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

10. International Data Transfers

Your data is primarily stored in Canada through our service provider, Supabase. If data is transferred outside of Canada, we ensure appropriate safeguards are in place to protect your information in accordance with Canadian privacy laws.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. We encourage you to review this Privacy Policy periodically.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us at:

Email: support@getkore.ca

We will respond to your inquiry within 30 days as required by PIPEDA.