Privacy Policy
Last updated: June 2026
Lineo ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our construction project management platform.
1. Information We Collect
We collect information you provide directly to us:
- Account information: Name, email address, organization name, profile picture
- Project content: Projects, budgets, calendars, bid packages, bid letters, purchase orders, documents you create
- Communication data: Messages, comments, and support requests
- Technical data: Hashed IP address, browser type, device information, operating system
- Usage data: Features used, pages visited, time spent in the application
- Production-credit information about third parties: Professional credit details (name, role, headline, bio, headshot, personal site, professional social links) that a customer organization adds about people who worked on a production, who may not be Lineo account holders. See Section 12.
2. Legal Basis for Processing (GDPR)
We process your personal data under the following legal bases:
| Purpose | Legal Basis |
|---|---|
| Providing our services | Contract performance |
| Account authentication | Contract performance |
| Security and fraud prevention | Legitimate interest |
| Audit logging | Legal obligation / Legitimate interest |
| Marketing communications | Consent (opt-in) |
| Product analytics | Legitimate interest with user opt-out |
| Displaying production credits on customer-shared reel pages | Legitimate interest of the customer organization (controller); Lineo acts as processor — see Section 12 |
3. How We Use Your Information
We use the information we collect to:
- Provide, maintain, and improve our services
- Process transactions and send related information
- Send technical notices, updates, and support messages
- Respond to your comments and questions
- Detect, investigate, and prevent fraudulent activity
- Comply with legal obligations and enforce our terms of service
4. Data Retention
We retain your data for the following periods:
| Data Type | Retention Period |
|---|---|
| Account data | Until account deletion plus a 30-day cancellation window |
| Project content | Until account deletion |
| Audit logs | 365 days |
| Link access logs | 90 days |
| Export download links | 7 days |
You can request deletion of your account and data at any time through your account settings. Deletion requests have a 30-day grace period during which you can cancel. After that window, the request moves into an org-admin review flow before processing.
5. Third-Party Service Providers
We work with third-party service providers to operate our platform. These providers process data only as necessary to provide their services to us:
- Supabase: Authentication, database, row-level security, and auth audit logging
- Vercel: Application hosting, performance telemetry, and runtime observability
- Sentry: Error tracking and debugging telemetry
- Google Cloud Storage: File storage and temporary export artifacts
- Resend: Transactional email delivery
We use privacy-redacted analytics and observability tooling to operate the service. Supabase and our application database are the authoritative record for compliance events; Sentry and Vercel are used for debugging and platform operations. A detailed subprocessor list is available upon request by contacting privacy@lineo.com.
6. Your Rights (GDPR)
Under the General Data Protection Regulation (GDPR), you have the following rights:
| Right | Description | How to Exercise |
|---|---|---|
| Access | Request a copy of your personal data | Settings → Privacy → "Download My Data" |
| Rectification | Correct inaccurate data | Edit your profile in Settings |
| Erasure | Delete your account and data | Settings → Privacy → "Delete Account" |
| Portability | Export data in machine-readable format | Settings → Privacy → "Download My Data" (JSON) |
| Objection | Object to marketing or processing | Settings → Privacy → Toggle marketing preferences |
| Withdraw Consent | Withdraw previously given consent | Settings → Privacy → Cookie/marketing settings |
You can exercise most rights directly through your account settings. For other requests, contact us at privacy@lineo.com.
7. Cookies and Tracking
We use cookies and similar technologies. You can manage your preferences through our cookie consent banner or Settings → Privacy → Cookie Settings.
| Category | Purpose | Can Disable? |
|---|---|---|
| Essential | Authentication, security, basic functionality | No (required) |
| Analytics | Understanding usage to improve the service | Yes |
| Marketing | Personalized content and advertising | Yes |
8. Data Security
We implement appropriate technical and organizational measures to protect your personal data:
- Encryption in transit (TLS/HTTPS)
- Encryption at rest for sensitive data
- IP address hashing (we never store raw IPs)
- Role-based access controls
- Regular security assessments
- Secure authentication via Supabase Auth
9. International Data Transfers
Your data may be transferred to and processed in the United States where our sub-processors are located. We ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) and adequacy decisions where applicable.
10. Children's Privacy
Our service is not intended for users under 16 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.
11. Changes to This Policy
We may update this privacy policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last updated" date. For significant changes, we may also notify you via email or in-app notification.
12. Production Credits and Shared Reel Pages
When a customer organization shares a reel through a private link, the page may show professional credit information about people who worked on the production — name, role, a short headline and bio, a headshot, a personal website, and professional social links. For this third-party information the customer organization is the data controller and Lineo is a processoracting on its behalf; the lawful basis is the customer's legitimate interest in presenting a record of its work.
These pages are reachable only through an unguessable private link, are not publicly listed or indexed, show only client-visible credits, and can be revoked at any time. If you appear on a shared reel and want to be removed or object to this processing, contact the organization that shared it, or email privacy@lineo.com and we will route your request to them.
13. Contact Us
If you have questions about this Privacy Policy or wish to exercise your rights, contact us:
- Email: privacy@lineo.com
- Data Protection:For GDPR-related requests, email privacy@lineo.com with subject "GDPR Request"
You also have the right to lodge a complaint with your local data protection authority if you believe your rights have been violated.