Privacy Policy
Last Updated: January 16, 2026
Notice for California Residents
WE DO NOT SELL YOUR PERSONAL INFORMATION.
SpecNook does not sell personal information as defined by the California Consumer Privacy Act (CCPA). We do not share your personal information with third parties for monetary or other valuable consideration.
1. Introduction
SpecNook (“we,” “our,” or “us”) provides a construction project management platform that helps general contractors, construction teams, and their clients manage project selections, contracts, change orders, documents, and approvals.
This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our website and services (collectively, the “Service”).
By using SpecNook, you agree to the collection and use of information in accordance with this policy.
2. Data Controller Information
Data Controller: SpecNook, Inc.
Address: 1209 Orange Street, Wilmington, DE 19801, USA
Privacy Email: privacy@specnook.com
Support Email: support@specnook.com
Geographic Scope
This Service is primarily offered to users in the United States. While we do not restrict access based on location, we do not specifically target or market to users in the European Union, European Economic Area, or United Kingdom. If you access the Service from outside the United States, you do so at your own initiative and are responsible for compliance with local laws.
When We Are the Data Controller
We act as the data controller for:
- User account information (your email, name, password, phone)
- Organization/company account data
- Usage data and internal analytics
- Audit logs of your activities
When We Are the Data Processor
We act as a data processor for:
- Client personal information you enter into projects
- Project-specific data you create and manage
- Documents and files you upload
When you input client or third-party personal data into SpecNook, you are the data controller and are responsible for obtaining appropriate consent, complying with applicable data protection laws, and providing privacy notices to your clients.
3. Information We Collect
3.1 Account Information
When you create an account, we collect basic registration information necessary to provide and secure your account, such as your email address, name, and password (stored in encrypted form). You may optionally provide additional profile information.
3.2 Business and Project Data
When you use our Service, we collect information you choose to provide, including:
- Business and organizational information
- Project-related data and documentation
- Client and third-party contact information you input
- Financial and transactional data related to your projects
- Communications and approvals conducted through the platform
3.3 Documents and Files
We store files and documents you upload to the Service, including contracts, project documentation, images, and electronically signed documents.
3.4 Automatically Collected Information
When you use our Service, we collect:
- IP address
- Browser type and user agent
- Device information
- Access timestamps
- Pages visited and actions taken
4. Legal Basis for Processing (GDPR)
4.1 Contractual Necessity
Processing necessary to provide the Service you've contracted for:
- Account creation and management
- Project management functionality
- Document storage and e-signature processing
- Client portal access provisioning
4.2 Legitimate Interests
Processing for our business interests, balanced against your rights:
- Security: IP logging, device information, rate limiting
- Service improvement: Internal analytics (no third-party sharing)
- Communications: Service updates, feature announcements
- Operations: Billing, accounting, legal compliance
4.3 Legal Obligation
Processing required to comply with legal requirements:
- Audit log retention for financial regulations
- Tax and accounting record retention
- Responding to lawful government requests
5. How We Use Your Information
- Provide the Service: Create and manage your account, process projects, manage selections, handle document signing
- Communications: Send transactional emails about account activity, project updates, signature requests
- Security: Protect against unauthorized access, detect fraud, enforce rate limits
- Compliance: Maintain audit trails for legal and regulatory compliance
- Improvements: Analyze usage patterns to improve our Service
- Support: Respond to your requests and provide customer support
6. Information Sharing
6.1 Third-Party Service Providers
We share information with trusted service providers who process data on our behalf to operate the Service. These providers include:
- Infrastructure providers: For database hosting, authentication, and file storage
- Electronic signature providers: For processing document signatures and maintaining audit trails
- Email delivery services: For sending transactional emails and notifications
All service providers are contractually bound to protect your data and use it only for the purposes we specify. A complete list of our sub-processors is available upon request by contacting privacy@specnook.com.
6.2 Legal Requirements
We may disclose your information if required by law, legal process, or government request. We will notify you of required disclosures when legally permitted.
7. International Data Transfers
Your information may be transferred to countries other than your country of residence. We implement appropriate safeguards:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Encryption of data in transit (TLS) and at rest
- Strict access controls and authentication
- Contractual commitments from vendors
8. Data Retention
We retain personal data only as long as necessary for the purposes described:
| Data Type | Retention |
|---|---|
| Account data | Until account deletion + 30 days |
| Project data | Until project deletion + 30 days |
| Audit logs | 7 years (legal compliance) |
| Signed documents | Contract duration + 7 years |
| Email logs | 2 years |
| Security logs | 12 months |
9. Data Security
We implement technical and organizational measures to protect your information:
- Encryption in transit: All data transmitted using HTTPS/TLS
- Encryption at rest: Database encryption via Supabase
- Access controls: Row-level security policies
- Secure authentication: Password hashing and session management
- Rate limiting: Protection against brute force attacks
- Security headers: HSTS, CSP, X-Frame-Options
10. Your Rights and Choices
How to Exercise Your Rights
For registered users: Account Settings → Profile & Privacy
For everyone: Email privacy@specnook.com
Response within 30 days (GDPR) or 45 days (CCPA)
Your Rights Include
- Right to Access: Obtain a copy of your personal data
- Right to Rectification: Correct inaccurate data
- Right to Erasure: Request deletion of your data
- Right to Restrict: Limit how we process your data
- Right to Portability: Receive data in machine-readable format
- Right to Object: Object to processing based on legitimate interests
California Residents (CCPA)
- Right to Know what personal information is collected
- Right to Delete personal information
- Right to Correct inaccurate information
- Right to Non-Discrimination for exercising rights
We do not sell personal information.
Right to Lodge a Complaint
If you believe we have not adequately addressed your privacy concerns, you have the right to lodge a complaint with the appropriate regulatory authority:
- California Residents: California Attorney General at oag.ca.gov/privacy
- Other US Residents: Federal Trade Commission at ftc.gov/complaint
12. Children's Privacy
SpecNook is a business-to-business (B2B) service intended solely for use by adults in a professional capacity. We do not knowingly collect personal information from children under 13 (COPPA) or under 16 without parental consent (GDPR).
If you believe we have collected information from a child, please contact us immediately at privacy@specnook.com.
13. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by:
- Posting the updated policy on our website
- Updating the "Last Updated" date
- Sending email notification for significant changes
14. Contact Us
If you have questions about this Privacy Policy or our data practices:
SpecNook, Inc.
1209 Orange Street, Wilmington, DE 19801, USA
Privacy: privacy@specnook.com
Support: support@specnook.com
For our Terms of Service, please visit specnook.com/terms.