Privacy Policy

Last updated: April 21, 2025

FieldGovern ("we", "our", or "us") is committed to protecting the privacy of organizations and individuals who use our field data collection platform. This Privacy Policy explains what information we collect, how we use it, and your rights with respect to that information.

1. Information We Collect

We collect information you provide directly when you register an account, create forms, or contact us, including:

• Account credentials (phone number, hashed password — we never store plain-text passwords)
• Organization name, administrator name, and contact details
• Form definitions and submission data you create and collect
• Photos and audio files uploaded as part of field submissions
• GPS coordinates captured during data collection (only when your form includes a GPS field)

We also collect certain technical information automatically:

• Browser type, device type, and operating system
• IP address and general location (country/region)
• Pages accessed, timestamps, and usage patterns within the platform
• Service worker and PWA activity logs (for offline sync diagnostics)

2. How We Use Your Information

• To provide, operate, and improve the FieldGovern platform
• To authenticate users and enforce role-based access controls
• To sync offline-collected data between field devices and your organization's account
• To send you important service notices (account changes, security alerts)
• To respond to your support requests
• To analyze aggregate usage trends (never individual-level without consent) to improve features

We do not sell, rent, or share your personal data with third parties for marketing purposes.

3. Multi-Tenant Data Isolation

FieldGovern is a multi-tenant platform. Every piece of data — forms, submissions, users, media — is strictly isolated to your organization's tenant. Row-Level Security (RLS) is enforced at the database layer, meaning no organization can ever access another organization's data, even in the event of application-level misconfiguration.

4. Data Storage and Security

All data is stored on servers hosted by Railway.app (United States). Data in transit is encrypted using TLS 1.2+. Passwords are hashed using bcrypt with a cost factor of 12. JWT tokens expire after 2 hours. API keys are hashed before storage.

Media files (photos, audio) are stored on server local disk by default. Enterprise customers may configure Google Drive or AWS S3 storage with their own credentials.

While we implement industry-standard security practices, no system is 100% secure. We will notify affected organizations within 72 hours of discovering a data breach.

5. Offline Data on Field Devices

When enumerators use FieldGovern offline, form data and media are stored locally on the device using browser storage (OPFS on Chrome/Android, IndexedDB on Safari/iOS). This data remains on the device until sync is triggered. FieldGovern does not control what happens to a lost or stolen device — we recommend enumerators use device-level screen locks and remote wipe policies.

6. Data Retention

We retain your data for as long as your organization maintains an active account. Upon account termination, we will delete your data within 30 days upon written request to hello@fieldgovern.com. Aggregate, anonymized statistics may be retained indefinitely.

7. Cookies

The FieldGovern web app uses minimal browser storage: JWT tokens are stored in localStorage for session management, and offline data is stored in OPFS/IndexedDB for sync functionality. We do not use third-party tracking cookies. Our marketing website (fieldgovern.com) uses Google Fonts (a third-party request to fonts.googleapis.com).

8. Third-Party Services

FieldGovern may integrate with the following third-party services at your organization's option:

• Google Drive — for media storage (requires your Google OAuth credentials)
• AWS S3 — for media storage (requires your AWS credentials)
• Google Sheets — for export/sync (requires your authorization)
• SMTP providers — for email notifications (configured by your organization)

Use of these integrations is governed by the respective third-party privacy policies.

9. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your data
• Object to or restrict processing of your data
• Data portability (export in CSV or JSON format)

To exercise any of these rights, contact us at hello@fieldgovern.com. We will respond within 30 days.

10. Children's Privacy

FieldGovern is a B2B platform intended for use by organizations and their adult employees. We do not knowingly collect personal information from children under 18. If your research involves collecting data about minors as research subjects, your organization is responsible for obtaining appropriate consent under applicable law.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered org admins by email when material changes are made. Continued use of the platform after the effective date constitutes acceptance of the updated policy.

12. Contact Us

For privacy-related questions or requests:

• Email: hello@fieldgovern.com
• Website: www.fieldgovern.com