Punchlist
Features Free Generator Pricing Dashboard
Features Free Generator Pricing Dashboard

Privacy Policy

Last Updated: June 12, 2026

Quick Summary: We collect and use your data to provide and improve our services. We don't sell your personal information. You have rights over your data. Read below for full details.

1. Information We Collect

1.1 Information You Provide

When you use Punchlist, you may provide us with:

  • Account Information: Name, email address, phone number, company name
  • Business Data: Customer information, leads, quotes, invoices, payments, and accounting integration records
  • API and AI Agent Data: API/MCP credentials created by company admins, agent names or labels, prompts or instructions submitted by users or agents, tool inputs and results, and workflow actions requested through approved AI clients
  • Communications: Messages you send to us, support requests
  • Payment Information: Billing address, payment method details (processed by third-party payment processors)
  • Integration Data: When you authorize an accounting integration, provider tenant identifiers, selected sync settings, account and tax mappings, encrypted OAuth tokens, and provider record identifiers

1.2 Automatically Collected Information

  • Usage Data: Features used, pages visited, time spent, actions taken
  • Device Information: IP address, browser type, operating system, device identifiers
  • Cookies and Tracking: We use cookies and similar technologies (see Cookie Policy below)
  • Performance Data: Error logs, crash reports, performance metrics
  • Access Metadata: IP address, user-agent, request metadata, rate-limit events, credential prefixes, scopes, last-used timestamps, and audit metadata for API and AI agent activity

2. How We Use Your Information

We use your information for the following purposes:

  • Provide Services: To operate and deliver the Punchlist platform and features
  • Improve Services: To analyze usage, develop new features, and enhance user experience
  • Communication: To send service updates, security alerts, and support messages
  • Marketing: To send promotional content (with your consent, opt-out anytime)
  • Security: To detect fraud, prevent abuse, and ensure platform security
  • Compliance: To comply with legal obligations and enforce our Terms of Service
  • Analytics: To understand user behavior and improve our product
  • AI Agent Workflows: To process user-authorized instructions, retrieve relevant company context, return tool results, and perform scoped workflow actions requested through approved AI/MCP clients
Note: We may use anonymized and aggregated data to improve our services, develop new features, and generate industry insights. Your individual business data remains confidential and is never shared in identifiable form.

3. Data Sharing and Disclosure

3.1 We Share Your Data With:

  • Service Providers: Third-party vendors who help us operate (hosting, analytics, email, payment processing)
  • Business Partners: With your consent, for integrated features or services
  • Accounting Integration Providers: When you authorize an integration, we share selected customers, items/services, quotes, invoices, account and tax mappings, tenant identifiers, and sync metadata with the provider you connect, such as Xero
  • AI/MCP Clients You Authorize: When your company connects an AI client or agent, we may return company records, tool inputs, tool results, prompts, instructions, and audit metadata needed to complete the requested workflow
  • Legal Requirements: When required by law, court order, or government request
  • Business Transfers: In connection with merger, acquisition, or sale of assets
  • Protection: To protect our rights, property, or safety, and that of our users

3.2 We Do NOT:

  • Sell your personal information to third parties for their marketing purposes
  • Share your customer data with competitors

3.3 Beta Accounting Integrations

Accounting integrations are optional and outbound-only during beta. Punchlist remains your source of truth; connected providers receive the record types you select for sync, and provider-side changes are not written back automatically. You can disconnect an integration in company settings, but records already sent to the provider remain subject to that provider's terms, retention rules, and privacy policy.

3.4 Controlled-Beta AI Agent Access

AI agent access is optional and admin-authorized. If a company owner or admin creates a credential for an AI client, that client may receive the company data needed for the tools it calls, such as leads, notes, bookings, quotes, items, team member summaries, prompts, instructions, tool inputs, tool results, and related audit metadata. The external AI or MCP client you choose may process that information under its own terms and privacy policy.

We use customer business data for requested agent workflows and service operation. We do not sell customer business data or personal information. We do not use identifiable customer business data to train general-purpose AI models unless we have a separate lawful basis and explicit permission to do so.

4. Data Retention

We retain your information for as long as necessary to provide services and fulfill the purposes outlined in this policy:

  • Account Data: Until you delete your account, plus 30 days for backup purposes
  • Business Data: For the duration of your subscription plus 30 days. You are responsible for exporting any data required for your own tax and accounting records before account deletion
  • API and Agent Access Metadata: For as long as needed to operate credentials, investigate abuse, support audit trails, and meet security or legal obligations
  • Usage Data: Anonymized and aggregated analytics data may be retained indefinitely
  • Marketing Data: Until you opt-out or 3 years of inactivity

5. Your Rights and Choices

Depending on your location, you may have the following rights:

  • Access: Request a copy of your personal data
  • Correction: Update inaccurate or incomplete information
  • Deletion: Request deletion of your data (subject to legal requirements)
  • Portability: Receive your data in a machine-readable format
  • Opt-Out: Unsubscribe from marketing communications
  • Object: Object to processing based on legitimate interests
  • Withdraw Consent: Revoke consent for specific processing

To exercise these rights, contact us at [email protected]

6. Cookies and Tracking Technologies

We use the following types of cookies:

  • Necessary Cookies: Required for the platform to function (cannot be disabled)
  • Analytics Cookies: Help us understand how users interact with our service (Google Analytics, Hotjar)
  • Marketing Cookies: Track conversions and show relevant ads (Facebook Pixel, LinkedIn Insight Tag)

You can manage cookie preferences using our cookie banner or your browser settings.

7. Data Security

We implement industry-standard security measures:

  • TLS/SSL encryption for data in transit
  • Encryption at rest for sensitive data
  • Regular security audits and penetration testing
  • Access controls and authentication
  • Employee security training
  • Incident response procedures

However, no system is 100% secure. You are responsible for maintaining the confidentiality of your account credentials.

8. International Data Transfers

Your data may be transferred to and processed in countries other than your own. We ensure adequate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs)
  • Privacy Shield frameworks (where applicable)
  • Data processing agreements with vendors

9. Children's Privacy

Punchlist is a business tool not intended for users under 18 years of age. We do not knowingly collect information from minors. If you believe we have inadvertently collected such information, contact us immediately.

10. GDPR Compliance (EU Users)

If you are in the European Economic Area (EEA), you have additional rights under GDPR:

  • Our legal basis for processing: Contract performance, legitimate interests, consent
  • Data Protection Officer contact: [email protected]
  • Right to lodge a complaint with your local supervisory authority
  • Right to object to automated decision-making

11. CCPA Compliance (California Users)

California residents have the right to:

  • Know what personal information is collected, used, shared, or sold
  • Delete personal information held by us
  • Opt-out of sale of personal information (we don't sell your data)
  • Non-discrimination for exercising CCPA rights

12. Australian Privacy Principles (Australian Users)

If you are in Australia, we comply with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth). You have additional rights including:

  • Access to your personal information upon request
  • Correction of inaccurate personal information
  • Anonymity or use of a pseudonym where practicable
  • Right to complain to the Office of the Australian Information Commissioner (OAIC) if you believe we have breached the APPs

We will respond to access requests within 30 days. To make a request, contact us at [email protected]

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by:

  • Email notification to your registered address
  • Prominent notice on our platform
  • Updating the "Last Updated" date

Continued use of our service after changes constitutes acceptance of the updated policy.

14. Contact Us

Data Protection Inquiries:

Email: [email protected]

Company: Software Deck Ltd

Postal Address: 11 Drovers Street, Upper Kedron 4055, Brisbane, QLD

This privacy policy is legally binding. By using Punchlist, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.

Punchlist

The all-in-one platform for service businesses.

Product

  • Features
  • Free Generator
  • Pricing
  • Lead Management
  • Quote Software
  • Job Scheduling
  • Payments
  • Testimonials
  • Security

Industries

  • Field Service Teams
  • Home Service Teams
  • Installation & Maintenance

Company

  • About
  • Contact
  • FAQ
  • Blog
  • Dashboard

Legal

  • Privacy Policy
  • Terms of Service

© 2026 Punchlist. All rights reserved.

๐Ÿช We use cookies

We use cookies to enhance your experience, analyze site traffic, and for marketing purposes. By clicking "Accept All", you consent to our use of cookies. Read our Privacy Policy

Cookie Preferences

Necessary Cookies

Required for the website to function properly. Cannot be disabled.

Analytics Cookies

Help us understand how visitors interact with our website.

Marketing Cookies

Used to track visitors and display relevant ads.