Privacy Policy

This Privacy Policy applies only to the GregDavisTech business portal available on business.gregdavistech.com. It covers the client workspace, project messaging, file uploads, approvals, billing, and DocuSign agreement workflows used for business projects. It is separate from the privacy policy that applies to the public gregdavistech.com website.

We may collect information you provide directly in the business portal, including your name, email address, company name, project title, project description, service selections, budget range, messages, uploaded files, change requests, invoice information, and security settings.

We also collect operational and security information needed to run the portal, such as account details, authentication events, MFA challenge data, portal activity timestamps, and project audit records.

We use this information to create and manage your workspace, communicate about your project, review files and requests, deliver services, send invoices, maintain account security, keep internal records, and comply with legal or contractual obligations.

We may also use project and account data to troubleshoot portal issues, prevent abuse, and document project history so your build, approvals, and billing remain coordinated in one place.

When your project uses DocuSign for agreements or addenda, we may share the information necessary to prepare, send, view, sign, countersign, and track those documents. That can include your name, email address, project or company details, agreement content, signature routing information, timestamps, envelope status, and document metadata returned by DocuSign.

DocuSign may also capture information related to the signing event, such as completion timestamps and certificate-of-completion data associated with the envelope. We use that information only to administer the project agreement and keep an accurate business record of the transaction.

We use third-party services to operate the business portal and deliver related services. Depending on the feature, that may include Supabase for database and file storage, Stripe for invoices and payments, SendGrid for security emails, Google or GitHub for admin sign-in, and DocuSign for agreements and addenda.

Those providers only receive the information needed for their role in the service flow. Payment data is processed by Stripe, and e-signature workflow data is processed by DocuSign, under their own terms and privacy practices.

We keep project records, agreements, invoices, uploaded files, and related audit history for as long as they are reasonably needed to deliver services, support the business relationship, meet accounting or legal requirements, or protect against disputes.

We use reasonable administrative and technical safeguards to protect portal data, but no online service can guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials and MFA codes.

If you want to update account information, request access changes, ask about retention, or raise a privacy question about the business portal, contact GregDavisTech through the contact information provided in your project relationship. Requests may be limited where information must be retained for contractual, security, accounting, or legal reasons.