Privacy Policy
Last updated: April 2026
Lineo ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our construction project management platform.
1. Information We Collect
We collect information you provide directly to us:
- Account information: Name, email address, organization name, profile picture
- Project content: Projects, budgets, calendars, bid packages, bid letters, purchase orders, documents you create
- Communication data: Messages, comments, and support requests
- Technical data: Hashed IP address, browser type, device information, operating system
- Usage data: Features used, pages visited, time spent in the application
2. Legal Basis for Processing (GDPR)
We process your personal data under the following legal bases:
| Purpose | Legal Basis |
|---|---|
| Providing our services | Contract performance |
| Account authentication | Contract performance |
| Security and fraud prevention | Legitimate interest |
| Audit logging | Legal obligation / Legitimate interest |
| Marketing communications | Consent (opt-in) |
| Product analytics | Legitimate interest with user opt-out |
3. How We Use Your Information
We use the information we collect to:
- Provide, maintain, and improve our services
- Process transactions and send related information
- Send technical notices, updates, and support messages
- Respond to your comments and questions
- Detect, investigate, and prevent fraudulent activity
- Comply with legal obligations and enforce our terms of service
4. Data Retention
We retain your data for the following periods:
| Data Type | Retention Period |
|---|---|
| Account data | Until account deletion plus a 30-day cancellation window |
| Project content | Until account deletion |
| Audit logs | 365 days |
| Link access logs | 90 days |
| Export download links | 7 days |
You can request deletion of your account and data at any time through your account settings. Deletion requests have a 30-day grace period during which you can cancel. After that window, the request moves into an org-admin review flow before processing.
5. Third-Party Service Providers
We work with third-party service providers to operate our platform. These providers process data only as necessary to provide their services to us:
- Supabase: Authentication, database, row-level security, and auth audit logging
- Vercel: Application hosting, performance telemetry, and runtime observability
- Sentry: Error tracking and debugging telemetry
- Google Cloud Storage: File storage and temporary export artifacts
- Resend: Transactional email delivery
We use privacy-redacted analytics and observability tooling to operate the service. Supabase and our application database are the authoritative record for compliance events; Sentry and Vercel are used for debugging and platform operations. A detailed subprocessor list is available upon request by contacting privacy@lineo.com.
6. Your Rights (GDPR)
Under the General Data Protection Regulation (GDPR), you have the following rights:
| Right | Description | How to Exercise |
|---|---|---|
| Access | Request a copy of your personal data | Settings → Privacy → "Download My Data" |
| Rectification | Correct inaccurate data | Edit your profile in Settings |
| Erasure | Delete your account and data | Settings → Privacy → "Delete Account" |
| Portability | Export data in machine-readable format | Settings → Privacy → "Download My Data" (JSON) |
| Objection | Object to marketing or processing | Settings → Privacy → Toggle marketing preferences |
| Withdraw Consent | Withdraw previously given consent | Settings → Privacy → Cookie/marketing settings |
You can exercise most rights directly through your account settings. For other requests, contact us at privacy@lineo.com.
7. Cookies and Tracking
We use cookies and similar technologies. You can manage your preferences through our cookie consent banner or Settings → Privacy → Cookie Settings.
| Category | Purpose | Can Disable? |
|---|---|---|
| Essential | Authentication, security, basic functionality | No (required) |
| Analytics | Understanding usage to improve the service | Yes |
| Marketing | Personalized content and advertising | Yes |
8. Data Security
We implement appropriate technical and organizational measures to protect your personal data:
- Encryption in transit (TLS/HTTPS)
- Encryption at rest for sensitive data
- IP address hashing (we never store raw IPs)
- Role-based access controls
- Regular security assessments
- Secure authentication via Clerk
9. International Data Transfers
Your data may be transferred to and processed in the United States where our sub-processors are located. We ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) and adequacy decisions where applicable.
10. Children's Privacy
Our service is not intended for users under 16 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.
11. Changes to This Policy
We may update this privacy policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last updated" date. For significant changes, we may also notify you via email or in-app notification.
12. Contact Us
If you have questions about this Privacy Policy or wish to exercise your rights, contact us:
- Email: privacy@lineo.com
- Data Protection: For GDPR-related requests, email privacy@lineo.com with subject "GDPR Request"
You also have the right to lodge a complaint with your local data protection authority if you believe your rights have been violated.