Subgrade (“we,” “our,” or “us”) operates the Subgrade Cyber platform at https://subgradecyber.com (the “Service”). This policy explains how we collect, use, and protect information for customers using Subgrade Cyber to manage civil construction projects, people, plant, Day Works, timesheets, and safety workflows.
We use your information only as described here and in accordance with applicable law.
By using the Service, you consent to this policy. Terms not defined here have the meanings in our Terms of Service.
“Personal Data” means information that identifies or can be used to identify a person, such as name, email, phone, role, or identifiers tied to a worker, client, or contact.
“Usage Data” means technical information collected automatically when you use the Service (e.g., IP address, device, browser, pages viewed, timestamps). “Cookies” are small files stored on your device to keep you signed in and remember preferences.
“Customer Data” means data you input or integrate, including project details, site geometry, allocations, timesheets, Day Works, asset records, SWMS, incident logs, and approvals.
For most Customer Data, you are the controller and we process on your behalf. For account and billing data, we act as controller.
We collect: (a) account data (admin and user names, emails, roles), (b) billing data, (c) Customer Data you enter or import (projects, sites, allocations, timesheets, Day Works, plant, safety records), and (d) Usage Data for security and performance.
We process data to operate and secure the Service, provision tenants, manage billing, send operational notices, provide support, improve product performance, and meet legal obligations.
We may send product updates or training materials; you can opt out of marketing at any time.
We log Usage Data (IP, device, browser, pages/actions, timestamps) to maintain security, diagnose issues, and improve reliability for field users.
We use cookies to keep you signed in, remember preferences, and understand product usage. You can adjust browser settings to refuse cookies; some features may not work without them.
Customer Data includes the operational records you enter (for example: worker details, project and site information, GPS geometry, allocations, timesheets, Day Works, plant registers, pre-starts, SWMS sign-offs, incidents, approvals, and audit trails). We process this data solely to provide the Service to you and your authorized users.
We process Customer Data according to your instructions and our agreement, and we do not sell Customer Data.
We retain Personal Data as long as needed to deliver the Service and comply with legal obligations. Customer Data is retained per your configuration and agreement; you may request deletion where feasible and lawful.
We may process data on servers located in various regions. We use reasonable safeguards to protect data during transfer and storage.
We use vetted service providers (e.g., hosting, analytics, email, payments) to operate the Service. They process data only under our instructions and are bound by confidentiality and security obligations.
If we are involved in a merger, acquisition, or asset sale, your information may transfer as part of that transaction. We will provide notice if ownership or this policy changes.
We may disclose information if required by law, court order, or to protect rights, safety, or the integrity of the Service.
We use reasonable technical and organizational measures to protect data (including access controls, encryption in transit where applicable, and logging). No method is 100% secure; please safeguard your credentials and notify us of any suspected breach.
You can update account information in your settings. Subject to applicable law, you may request access, correction, or deletion of your Personal Data. We may need to verify your identity and retain certain data to comply with legal obligations or maintain audit trails you require for your projects.
The Service is not directed to children under 13, and we do not knowingly collect Personal Data from them. If you believe a child has provided data, contact us to remove it.
We may use privacy-aware analytics to understand feature adoption and reliability. Where possible, data is aggregated or de-identified.
We may use remarketing in a limited way to reach interested customers. You can opt out via your browser or ad settings.
If you purchase paid plans, payments are processed by third-party payment processors. We do not store full payment card details; processors handle them in accordance with PCI-DSS and their own privacy policies.
The Service may link to third-party sites or services. Their privacy practices are their own; review their policies before providing data.
We are not responsible for third-party content or practices.
We may update this policy periodically. We will post changes here and, if material, provide additional notice. Continued use after changes means you accept the updated policy.
Questions about privacy? Email us at support@saasykit.com.