Work & Field

Privacy Policy

Last Updated: February 10, 2026

This Privacy Policy describes how Work & Field, Inc. ("Company," "We," "Us," or "Our") collects, uses, discloses, and protects your personal information when you use our Work & Field field service management platform and related services ("Services"). By using our Services, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

1.1 Information You Provide Directly

We collect information you provide when you:

  • Create an Account: Name, email address, phone number, company name, job title, password, and billing information.
  • Use Our Services: Customer information, work order details, scheduling data, invoices, notes, photos, signatures, and any other content you upload or create.
  • Contact Us: Information in support requests, feedback, surveys, or other communications with us.
  • Payment Information: Credit card numbers, billing addresses, and payment details (processed securely by our payment processor, Stripe).

1.2 Information Collected Automatically

When you access our Services, we automatically collect:

  • Device Information: Device type, operating system, browser type and version, unique device identifiers, and mobile network information.
  • Usage Information: Pages viewed, features used, time spent on pages, navigation paths, search queries, clicks, and interactions with the Services.
  • Log Data: IP addresses, access times, referring URLs, error logs, and system activity information.
  • Location Information: Approximate location based on IP address, and with your consent, precise GPS location for field technician features like check-ins and route optimization.

1.3 Information from Third Parties

We may receive information from:

  • Authentication Providers: When you sign in using third-party services like Google or Microsoft, we receive your name, email, and profile picture.
  • Payment Processors: Transaction status, payment confirmations, and fraud detection information from Stripe.
  • Integrated Services: Data from accounting software (QuickBooks, Xero), mapping services, and other integrations you enable.
  • Business Partners: Referral information if you were referred by a partner or through a marketing campaign.

1.4 Customer Data

As a field service management platform, you may input information about your customers, including their names, addresses, contact information, service history, and payment information. You are responsible for ensuring you have appropriate consent to share this information with us and for complying with applicable privacy laws regarding your customers' data.

2. How We Use Your Information

We use the information we collect to:

2.1 Provide and Maintain Our Services

  • Create and manage your account
  • Process work orders, scheduling, and invoicing
  • Enable collaboration between team members
  • Provide customer support and respond to inquiries
  • Process payments and send transaction notifications
  • Generate reports and analytics for your business

2.2 Improve and Develop Our Services

  • Analyze usage patterns to improve features and user experience
  • Conduct research and development for new features
  • Test new functionality and performance improvements
  • Aggregate and anonymize data for statistical analysis

2.3 Communicate With You

  • Send service-related announcements and updates
  • Provide technical notices, security alerts, and support messages
  • Send marketing communications (with your consent)
  • Respond to your comments, questions, and requests

2.4 Ensure Security and Prevent Fraud

  • Detect, investigate, and prevent fraudulent or unauthorized activity
  • Monitor for security breaches and protect against malicious activity
  • Verify identity and prevent account abuse
  • Enforce our terms of service and protect our legal rights

2.5 Legal Compliance

  • Comply with applicable laws, regulations, and legal processes
  • Respond to lawful requests from public authorities
  • Protect the rights, property, or safety of our users and others

3. Information Sharing and Disclosure

We do not sell your personal information. We may share your information in the following circumstances:

3.1 With Your Consent

We may share information when you give us explicit consent to do so.

3.2 Service Providers

We share information with third-party vendors who perform services on our behalf, including:

  • Cloud Infrastructure: Amazon Web Services (AWS) for hosting and data storage
  • Payment Processing: Stripe for payment processing and subscription management
  • Email Services: For transactional and marketing emails
  • Analytics: For usage analytics and performance monitoring
  • Customer Support: Help desk and support ticket systems
  • Authentication: AWS Cognito for secure user authentication

These providers are contractually obligated to protect your information and use it only for the services they provide to us.

3.3 Business Transfers

If we are involved in a merger, acquisition, bankruptcy, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have.

3.4 Legal Requirements

We may disclose your information if required to do so by law or in response to:

  • Subpoenas, court orders, or other legal processes
  • Requests from law enforcement or government agencies
  • To protect our rights, property, or safety, or that of our users or others
  • To investigate potential violations of our terms of service

3.5 Aggregated or De-Identified Data

We may share aggregated or de-identified information that cannot reasonably be used to identify you for research, marketing, analytics, and other purposes.

3.6 Within Your Organization

Information you provide may be visible to other authorized users within your organization based on their permission levels and roles.

4. Data Retention

We retain your information for as long as necessary to:

  • Provide our Services to you
  • Comply with legal obligations (e.g., tax and accounting requirements)
  • Resolve disputes and enforce our agreements
  • Support business operations and improve our Services

When you delete your account, we will delete or anonymize your personal information within 90 days, except where we need to retain certain information for legitimate business or legal purposes.

Backup Retention: Copies of your data may exist in our backup systems for up to 12 months after deletion.

5. Data Security

We implement appropriate technical and organizational measures to protect your information, including:

  • Encryption: Data is encrypted in transit using TLS 1.2+ and at rest using AES-256
  • Access Controls: Role-based access controls and multi-factor authentication
  • Infrastructure Security: Secure cloud infrastructure with regular security audits
  • Monitoring: Continuous monitoring for security threats and anomalies
  • Employee Training: Regular security awareness training for our team
  • Incident Response: Documented incident response procedures

While we strive to protect your information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

6. Your Rights and Choices

You have the following rights regarding your personal information:

6.1 Access and Portability

You can access your personal information through your account settings. You can export your data in common formats (CSV, PDF) using our export features.

6.2 Correction

You can update or correct your account information at any time through your account settings.

6.3 Deletion

You can request deletion of your account and personal information. Some information may be retained as required by law or for legitimate business purposes.

6.4 Marketing Communications

You can opt out of marketing emails by clicking the "unsubscribe" link in any marketing email or updating your notification preferences in your account settings.

6.5 Location Services

You can disable location services through your device settings or within our mobile app settings. Note that some features may not function properly without location access.

6.6 Do Not Track

Our Services do not currently respond to "Do Not Track" browser signals. However, you can manage tracking preferences through your browser settings and our cookie preferences.

7. Cookies and Tracking Technologies

We use cookies and similar technologies to:

  • Essential Cookies: Enable core functionality like authentication and security
  • Preference Cookies: Remember your settings and preferences
  • Analytics Cookies: Understand how you use our Services to improve them
  • Marketing Cookies: Deliver relevant advertisements (only with consent)

Types of Tracking Technologies

  • Cookies: Small text files stored on your device
  • Local Storage: Data stored in your browser's local storage
  • Session Storage: Temporary data cleared when you close your browser
  • Pixels/Beacons: Small images used to track email opens and page views

Managing Cookies

Most browsers allow you to control cookies through their settings. Blocking certain cookies may impact your experience with our Services.

8. Third-Party Services

Our Services integrate with third-party services. When you connect these services, you may be sharing information with them according to their privacy policies:

  • Stripe: Payment processing - Stripe Privacy Policy
  • QuickBooks/Xero: Accounting integrations
  • Google Maps: Mapping and location services
  • AWS: Cloud infrastructure and services
  • Twilio: SMS notifications

We encourage you to review the privacy policies of any third-party services you connect to our platform.

9. International Data Transfers

Your information may be transferred to, stored, and processed in countries other than your country of residence, including the United States, where our servers are located.

When we transfer personal information from the European Economic Area (EEA), United Kingdom, or Switzerland, we rely on:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions by relevant authorities
  • Other legally recognized transfer mechanisms

10. Children's Privacy

Our Services are not directed to children under 16 years of age. We do not knowingly collect personal information from children under 16. If you believe we have collected information from a child under 16, please contact us immediately, and we will take steps to delete such information.

11. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

11.1 Right to Know

You have the right to request information about:

  • Categories of personal information we collect
  • Sources of personal information
  • Business purposes for collection
  • Categories of third parties with whom we share information
  • Specific pieces of personal information we have collected about you

11.2 Right to Delete

You have the right to request deletion of personal information we have collected, subject to certain exceptions.

11.3 Right to Opt-Out of Sale

We do not sell personal information as defined by the CCPA. If this changes, we will provide a "Do Not Sell My Personal Information" link.

11.4 Right to Non-Discrimination

We will not discriminate against you for exercising your CCPA rights.

11.5 Authorized Agent

You may designate an authorized agent to make requests on your behalf. We may require verification of your identity and the agent's authorization.

11.6 Shine the Light

California's "Shine the Light" law permits California residents to request information regarding disclosure of personal information to third parties for direct marketing purposes. We do not disclose personal information to third parties for their direct marketing purposes.

12. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR):

12.1 Legal Basis for Processing

We process your personal data based on:

  • Contract: To perform our contract with you (providing the Services)
  • Legitimate Interests: For our legitimate business interests (improving Services, security)
  • Consent: Where you have given consent (marketing communications)
  • Legal Obligation: To comply with legal requirements

12.2 Your Rights

Under GDPR, you have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your personal data ("right to be forgotten")
  • Restriction: Restrict processing of your personal data
  • Portability: Receive your data in a portable format
  • Objection: Object to processing based on legitimate interests
  • Withdraw Consent: Withdraw consent at any time where processing is based on consent

12.3 Supervisory Authority

You have the right to lodge a complaint with a supervisory authority in your country of residence if you believe we have violated your privacy rights.

12.4 Data Protection Officer

For GDPR-related inquiries, please contact our Data Protection Officer at: dpo@workandfield.com

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

  • Posting the updated policy on our website
  • Updating the "Last Updated" date at the top of this policy
  • Sending you an email notification (for significant changes)
  • Displaying a notice within the Services

Your continued use of the Services after any changes indicates your acceptance of the updated policy. We encourage you to review this policy periodically.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

Work & Field, Inc.

General Inquiries: privacy@workandfield.com

Data Protection Officer: dpo@workandfield.com

Support: support@workandfield.com

Mailing Address:

Work & Field, Inc.

Attn: Privacy Team

United States

We will respond to your request within 30 days (or sooner if required by applicable law).

By using Work & Field, you acknowledge that you have read and understood this Privacy Policy.