Privacy Policy

CADsuite, LLC ("CADsuite," "we," "us," or "our") operates the CADsuite platform, including appraisers.cadsuite.com, stormwatch.cadsuite.com, and related services (collectively, the "Service"). This Privacy Policy describes how we collect, use, disclose, and protect your information when you use our Service.

By accessing or using the Service, you agree to this Privacy Policy. If you do not agree, please do not use the Service.

1. Information We Collect

A. Information You Provide

• Account information: name, email address, phone number, business name (DBA), username, and password when you create or update an account.
• Job and claim data: policyholder names, addresses, claim numbers, insurance information, dates of loss, estimates, invoices, and related documents you enter into the system.
• Documents and files: PDFs, images, Word documents, inspection photos, contracts, and other files you upload.
• Communications: SMS messages, email content, chat messages, and notes created or transmitted through the Service.
• Signatures: electronic signatures, signer names, and related data collected through our contract signing feature.
• Payment and billing data: invoice details, payment records, and time tracking entries. We do not directly process credit card numbers.

B. Information Collected Automatically

• Usage data: pages visited, features used, timestamps, and interaction patterns.
• Device and browser information: IP address, browser type, operating system, and device identifiers.
• Session data: authentication tokens, session identifiers, and login timestamps.

C. Information from Third-Party Services

When you connect third-party accounts, we may receive information from those services:

• QuickBooks Online: company name, realm ID, and invoice synchronization data via Intuit's OAuth 2.0 API.
• Gmail: email threads, message content, and attachments for emails you choose to sync.
• SMS providers (Twilio, RingCentral, Vonage): message delivery status and provider-assigned message IDs. Your provider credentials are encrypted at rest using AES-256-CBC.
• NOAA / National Weather Service: publicly available storm event data (hail, wind, tornado reports) used in our StormWatch feature.

2. How We Use Your Information

• Provide and operate the Service: manage your account, process jobs and claims, generate estimates and invoices, facilitate communications, and enable document management.
• AI-powered features: when enabled by your account administrator, we use Anthropic's Claude AI to suggest job-email associations, draft email replies, generate document request emails, and convert uploaded documents into fillable forms. AI processing uses only the data you explicitly submit for each request. We log token usage for billing transparency.
• Third-party integrations: sync invoices with QuickBooks, send SMS reminders, import emails from Gmail, and link storm event data to jobs.
• Security and fraud prevention: monitor for unauthorized access, enforce session management, and protect against abuse.
• Improvements: analyze usage patterns to improve features, fix bugs, and develop new functionality.
• Legal compliance: respond to legal requests, enforce our terms, and comply with applicable laws.

3. How We Share Your Information

We do not sell your personal information. We may share information in the following circumstances:

• Within your organization: other users in your CADsuite account can access shared job data, documents, chat messages, and reports as permitted by their access level.
• Third-party service providers: we transmit data to services you choose to connect, including Intuit (QuickBooks), Google (Gmail), Twilio, RingCentral, Vonage, and Anthropic (AI features). Each provider's use of your data is governed by their own privacy policy.
• Public signing and upload pages: when you send a contract for signature or a document upload request, the recipient accesses a public page containing the contract content or upload instructions you created. These pages are secured by unique, single-use tokens.
• Legal requirements: we may disclose information if required by law, subpoena, court order, or government request, or to protect the rights, property, or safety of CADsuite, our users, or the public.
• Business transfers: in the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.

4. AI and Automated Processing

CADsuite offers optional AI-powered features using Anthropic's Claude language model. When enabled:

• AI features are off by default and must be enabled by an account administrator.
• Data sent to the AI (email content, document text, job details) is used solely to generate the requested output (suggestions, drafts, form fields).
• We do not use your data to train AI models. Anthropic's API usage policy prohibits using API inputs for model training.
• AI token usage (input/output) is logged per account for cost transparency.
• AI suggestions (such as job-email matching) are presented for human review and are never automatically acted upon.

5. Data Security

• Encryption in transit: all connections to the Service use TLS/HTTPS.
• Encryption at rest: third-party integration credentials (SMS provider keys, OAuth tokens) are encrypted using AES-256-CBC before storage.
• Password security: user passwords are hashed using bcrypt. Legacy plaintext passwords are automatically migrated to bcrypt on first login.
• Session management: sessions use secure, HTTP-only, SameSite cookies with configurable expiration. CSRF protection is enforced on all state-changing API requests.
• Access controls: multi-tenant architecture with account-level data isolation. Role-based access restricts features by user level.
• Prepared statements: all API database queries use parameterized prepared statements to prevent SQL injection.

While we implement industry-standard safeguards, no system is 100% secure. You are responsible for maintaining the confidentiality of your login credentials.

6. Data Retention

• Account data: retained for as long as your account is active. Deactivated user accounts are soft-deleted (marked inactive) but not permanently erased, to preserve audit trails and job history.
• Job and claim data: retained for the life of your account. You may delete individual documents, uploads, and records through the Service.
• Communication logs: SMS logs, chat messages, and email data are retained as part of your account's operational records.
• AI usage logs: token usage records are retained for billing and audit purposes.
• Integration tokens: OAuth tokens for QuickBooks and Gmail are retained until you disconnect the integration, at which point they are deleted.

To request deletion of your account and associated data, contact us at the address below.

7. Your Rights and Choices

• Access and update: you can view and update your profile information through the My Account page.
• Disconnect integrations: you can disconnect QuickBooks, Gmail, and SMS providers at any time through Settings or My Account.
• Disable AI: account administrators can disable AI features at any time from Settings > Integrations.
• Data export: you can export reports and documents through the Service's built-in export features.
• Deletion: contact us to request deletion of your account and personal data. Note that some data may be retained as required by law or legitimate business purposes.

California Residents (CCPA/CPRA): you have the right to know what personal information we collect, request deletion, and opt out of the sale of personal information. We do not sell personal information. To exercise your rights, contact us below.

EEA/UK Residents (GDPR): if applicable, you have rights to access, rectification, erasure, restriction of processing, data portability, and objection. Our legal bases for processing include contract performance, legitimate interests, and consent. Contact us to exercise these rights.

8. Cookies and Tracking

We use session cookies to maintain your login state and preferences. We do not use third-party advertising or analytics cookies. Session cookies are configured as:

• HTTP-only (not accessible to JavaScript)
• SameSite=Lax (cross-site request protection)
• Secure flag enabled on HTTPS connections

9. Children's Privacy

The Service is designed for business use and is not directed at individuals under 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it.

10. Third-Party Links and Services

The Service may contain links to or integrations with third-party services (Intuit QuickBooks, Google, Twilio, RingCentral, Vonage, Anthropic). These services have their own privacy policies, and we are not responsible for their practices. We encourage you to review their policies before connecting your accounts.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a revised "Last Updated" date. Your continued use of the Service after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or wish to exercise your privacy rights, contact us at:

CADsuite, LLC
Email: [email protected]
Website: cadsuite.com