Skip to content
BlackwingSystems

Privacy Policy

Last updated: April 14, 2026 - UCPA Compliant

1. Introduction

This Privacy Notice for Blackwing Systems LLC ("we," "us," or "our") describes how and why we might access, collect, store, use, and/or share ("process") your personal information when you use our services ("Services"), including when you:

  • Visit our website at www.blackwingsystems.com or any website of ours that links to this Privacy Notice
  • Download and use our mobile application (Blackwing Systems), or any other application of ours that links to this Privacy Notice
  • Engage with us in other related ways, including any marketing or events

This policy complies with the Utah Consumer Privacy Act (UCPA) and applicable data protection laws. If you do not agree with our policies and practices, please do not use our Services.

2. Summary of Key Points

This summary provides key points from our Privacy Notice:

  • What personal information do we process? When you visit, use, or navigate our Services, we may process personal information depending on how you interact with us and the Services, the choices you make, and the products and features you use.
  • Do we process any sensitive personal information? We may process sensitive personal information when necessary with your consent or as otherwise permitted by applicable law.
  • Do we collect any information from third parties? We do not collect any information from third parties.
  • How do we process your information? We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law.
  • How do we keep your information safe? We have adequate organizational and technical processes and procedures in place to protect your personal information. However, no electronic transmission over the internet or information storage technology can be guaranteed to be 100% secure.
  • What are your rights? Depending on where you are located geographically, the applicable privacy law may mean you have certain rights regarding your personal information.
  • How do you exercise your rights? The easiest way to exercise your rights is by submitting a data subject access request, or by contacting us at privacy@blackwingsystems.com.

3. What Information Do We Collect?

Personal Information You Provide

We collect personal information that you voluntarily provide when you register on the Services, express interest in our products, participate in activities on the Services, or contact us. This may include:

  • Names, email addresses, phone numbers
  • Mailing and billing addresses
  • Company name, job titles, and professional details
  • Usernames, passwords, and contact preferences
  • Contact or authentication data
  • Trade specialty and professional details

Sensitive Information

When necessary, with your consent or as otherwise permitted by applicable law, we may process the following categories of sensitive information:

  • Financial data
  • Credit worthiness data
  • Social security numbers or other government identifiers

Payment Data

We may collect data necessary to process your payment if you choose to make purchases, such as your payment instrument number and the security code associated with your payment instrument. All payment data is handled and stored by Stripe.

Social Media Login Data

We may provide you with the option to register using your existing social media account details (e.g., Google). If you choose to register this way, we will collect certain profile information from the social media provider, as described in the "Social Logins" section below.

Business Data

  • Project details, estimates, invoices, and financial records
  • Client and subcontractor contact information
  • Photos, documents, and files you upload
  • Time tracking and crew management data
  • Safety incidents and compliance records

Application Data

If you use our application(s), we may also collect the following information if you choose to provide us with access or permission:

  • Geolocation Information: We may request access to track location-based information from your mobile device to provide certain location-based services. You may change our access in your device's settings.
  • Mobile Device Access: We may request access to certain features from your mobile device, including your camera, calendar, contacts, reminders, SMS messages, and other features. You can revoke these permissions in your device's settings.
  • Push Notifications: We may request to send you push notifications regarding your account or certain features of the application. You can opt out in your device's settings.

Automatically Collected Information

  • Device type, browser, and operating system
  • IP address and approximate location
  • Usage patterns and feature interactions
  • Cookies and similar tracking technologies
  • Log and usage data (error reports, activity logs, timestamps)

4. How We Process Your Information

We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law. We process your information only when we have a valid legal reason to do so. Specifically, we use your data to:

  • Provide, maintain, and improve the Service
  • Facilitate account creation and authentication
  • Process transactions and send billing notifications
  • Send service-related communications (account updates, security alerts)
  • Provide AI-powered features (estimates, safety analysis, project planning, blueprint analysis)
  • Generate analytics and reports within your account
  • Respond to support requests and user inquiries
  • Detect, prevent, and address fraud, abuse, or security issues
  • Comply with legal obligations
  • Deliver targeted advertising and marketing (with your consent where required)

5. When and With Whom We Share Your Information

We do not sell your personal information. We may share data in the following situations:

  • Service Providers: Stripe (payments), cloud hosting providers, AI model providers, email delivery services — all bound by data processing agreements
  • Your Clients: When you send estimates, invoices, or share project access via the Client Portal
  • Legal Requirements: When required by law, subpoena, or government request
  • Business Transfers: In connection with a merger, acquisition, or sale of assets
  • With Your Consent: We may share your data with your specific consent for purposes not listed here

6. Cookies & Tracking Technologies

We use essential cookies for authentication and session management. We do not use third-party advertising cookies. Analytics cookies are used only to improve the Service and can be disabled in your browser settings.

We may also use pixel tags, web beacons, and similar technologies to understand how you interact with our Services and emails. You can control cookies through your browser settings, though disabling essential cookies may affect Service functionality.

7. Artificial Intelligence & Automated Processing

We provide AI-powered features within the Service, including but not limited to estimate generation, blueprint analysis, project planning, receipt parsing, and a construction assistant. These features use third-party AI model providers to process your data.

When you use AI-powered features, the data you submit (such as project details, documents, or images) may be sent to AI model providers for processing. We do not use your data to train third-party AI models. AI-generated outputs are provided "as-is" and should be reviewed and verified before use in business decisions.

You can choose not to use AI-powered features. Your core Service functionality will not be affected by declining to use AI features.

8. Social Logins

Our Services offer you the ability to register and log in using your third-party social media account details (e.g., Google). When you choose to do this, we will receive certain profile information from your social media provider. The profile information we receive may vary depending on the social media provider, but will often include your name, email address, and profile picture, as well as other information you choose to make public on such a social media platform.

We will use the information we receive only for the purposes described in this Privacy Notice. Please note that we do not control, and are not responsible for, other uses of your personal information by your third-party social media provider. We recommend that you review their privacy notice to understand how they collect, use, and share your personal information.

9. Data Security

We implement industry-standard security measures including encryption in transit (TLS 1.3) and at rest, row-level security policies on all database tables, secure authentication with session management, and regular security audits. While no system is 100% secure, we take reasonable measures to protect your data. We cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information.

10. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. Upon account deletion, we will delete or anonymize your personal data within 30 days, except where retention is required by law (e.g., financial records for tax purposes). When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it.

11. Your Privacy Rights

Under the Utah Consumer Privacy Act (UCPA) and other applicable laws, you have the right to:

  • Access: Request a copy of the personal data we hold about you
  • Deletion: Request deletion of your personal data
  • Portability: Receive your data in a portable, readily usable format
  • Opt-Out: Opt out of targeted advertising or sale of personal data (we do not sell data)
  • Correction: Request correction of inaccurate personal data
  • Non-Discrimination: We will not discriminate against you for exercising your privacy rights

To exercise these rights, submit a data subject access request or contact us at privacy@blackwingsystems.com. We will consider and act upon any request in accordance with applicable data protection laws. We will respond within 45 days.

Account Information

If you would at any time like to review or change the information in your account or terminate your account, you can log in to your account settings and update your user account, or contact us. Upon your request to terminate your account, we will deactivate or delete your account and information from our active databases within 30 days. However, we may retain some information as necessary to comply with our legal obligations.

12. United States Residents — Specific Rights

If you are a resident of certain US states, you may have additional rights under state privacy laws, including the Utah Consumer Privacy Act (UCPA), and potentially the California Consumer Privacy Act (CCPA), Virginia Consumer Data Protection Act (VCDPA), Colorado Privacy Act (CPA), and Connecticut Data Privacy Act (CTDPA).

Categories of Personal Information Collected

We have collected the following categories of personal information in the past twelve (12) months:

  • Identifiers (name, email, phone, address)
  • Financial information (billing data processed via Stripe)
  • Commercial information (transaction records, purchase history)
  • Internet or network activity (browsing history, usage data)
  • Geolocation data (approximate location from IP, precise location if permitted)
  • Professional or employment-related information (trade specialty, company)
  • Inferences drawn from any of the above to create a profile

We do not sell personal information and have not done so in the past twelve (12) months. We do not process personal information for targeted advertising purposes.

13. Controls for Do-Not-Track Features

Most web browsers and some mobile operating systems include a Do-Not-Track ("DNT") feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. At this stage, no uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online.

14. Global Privacy Control (GPC)

We honor the Global Privacy Control (GPC) signal. When your browser sends a GPC signal, we treat it as a valid opt-out request for data selling and sharing under applicable laws, including the UCPA. Since we do not sell personal data or engage in targeted advertising, honoring GPC reinforces our existing practices. No additional action is required on your part.

15. Data Breach Notification

In the event of a confirmed data breach that affects your personal information, we will notify affected users within 72 hours of discovery via the email address associated with your account. The notification will include: the nature of the breach, the types of data affected, steps we are taking to address the breach, and recommended actions you can take to protect yourself.

16. Subprocessors

We use the following categories of third-party subprocessors to deliver the Service. All subprocessors are bound by data processing agreements:

  • Cloud Infrastructure: Hosting, database, and file storage services located in the United States
  • Payment Processing: Stripe, Inc. — processes billing and payment card information
  • AI Model Providers: Third-party machine learning APIs used for AI-powered features (estimates, blueprint analysis, etc.)
  • Email Delivery: Transactional email services for account notifications and communications

17. International Data Transfers

Your data is primarily stored and processed in the United States. If your data is transferred to servers or subprocessors outside of the US, we ensure appropriate safeguards are in place, including standard contractual clauses or equivalent mechanisms, to protect your data in compliance with applicable data protection laws.

18. Children's Privacy

The Service is not intended for individuals under 18 years of age. We do not knowingly collect personal data from children. If we learn that we have collected personal information from a child under 18, we will take steps to delete that information as quickly as possible.

19. Changes to This Policy

We may update this Privacy Notice from time to time. The updated version will be indicated by an updated "Last updated" date at the top of this page. We will notify you of material changes by email or through the Service. If we make material changes to this Privacy Notice, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. Your continued use after changes constitutes acceptance.

20. How Can You Review, Update, or Delete Your Data?

Based on the applicable laws of your country or state of residence, you may have the right to request access to the personal information we collect from you, details about how we have processed it, correct inaccuracies, or delete your personal information. You may also have the right to withdraw your consent to our processing of your personal information.

To request to review, update, or delete your personal information, please submit a data subject access request by contacting us at the details below.

21. Contact Us

If you have questions or comments about this Privacy Notice, or to exercise your data rights, you may contact us at: