Version: 2026-02-17
Effective Date: 2026-02-17
Subgrade (“we,” “our,” or “us”) operates the Subgrade Cyber platform at https://subgradecyber.com (the “Service”). This policy explains how we collect, use, and protect information when customers use Subgrade Cyber for civil construction operations and compliance workflows.
By using the Service, you consent to this policy. Terms not defined here have the meanings in our Terms of Service.
We collect account details (name, email, role), billing and subscription information, usage and security logs, and Customer Data entered by your organization.
Customer Data may include sensitive employment and competency records about workers, subcontractors, and operators. This can include competency matrix records, trade and safety tickets, HRWL/license details, induction records, silica awareness training, and fit-for-work or medical capability certificates where your organization chooses to store them.
The Service may collect and process GPS geometry and location-linked activity data, including site boundaries and location events generated during sign-ons, pre-starts, allocations, and related field workflows by supervisors and operators.
We use data to operate the Service, authenticate users, deliver safety and compliance workflows, generate audit trails, provide customer support, improve performance, and meet legal obligations.
For most project and worker records, your organization acts as the data controller and Subgrade Cyber acts as processor. For our own account, billing, and platform security records, Subgrade Cyber acts as controller.
We retain Personal Data and Customer Data as needed to provide the Service and comply with legal, contractual, and audit obligations. Construction compliance records may be retained for extended periods (including up to 7 years where required or reasonably necessary for legal defensibility), including after cancellation where retention is required by law, dispute handling, enforcement, or legitimate compliance interests.
We use service providers for hosting, communications, analytics, and payments. They process data under contractual safeguards and confidentiality obligations. We do not sell Customer Data.
We apply reasonable technical and organizational safeguards. No system is fully secure. You are responsible for protecting credentials and promptly reporting suspected unauthorized access.
Subject to applicable law, you may request access, correction, or deletion of your Personal Data. We may retain limited records where required for legal, compliance, fraud prevention, or audit purposes.
We may update this policy periodically. We will post updates here and may provide additional notice for material changes. Continued use after updates become effective means you accept the revised policy.
Questions about privacy? Email us at admin@subgradecyber.com.