ProTrades LogoProTrades
Login

Privacy Policy

Last Updated: May 20, 2026

Who We Are

ProTrades is operated by Sabri Kuc, doing business as ProTrades, a sole proprietorship based in California, United States. References to "ProTrades," "we," "us," or "our" in this Privacy Policy mean Sabri Kuc d/b/a ProTrades. This Privacy Policy explains what data we collect, how we use it, and the rights you have over it.

1. Information Collected

Users provide information such as email, name, company details, and job data.

Mobile App Specific:

  • Location Data: GPS coordinates when using location-based features (job tracking, time card clock-in/out, map view). Location is only collected when the app is actively in use, never in the background.
  • Photos & Camera: Access to capture and upload photos of job sites, completed work, and documentation.
  • Device Information: Device type, operating system version, unique device identifiers for app functionality and crash reporting.
  • Usage Data: App interactions, feature usage, and performance metrics to improve user experience.

2. How We Use Your Information

Data is used to operate the platform, process payments, enable AI features, and provide support.

  • Provide and maintain app functionality
  • Manage user accounts and authentication
  • Track work hours and job locations automatically (with permission)
  • Enable communication between team members
  • Generate invoices, proposals, and reports
  • Send notifications about jobs, schedules, and updates
  • Improve app performance and user experience
  • Provide customer support

3. Location Data Usage

We collect location data only when you actively use the app for:

  • Clocking in/out at job sites to verify presence
  • Viewing jobs on the map
  • Navigating to job locations
  • Calculating travel time and mileage

Important: Location is NEVER collected in the background when the app is closed or not in use. You can disable location services at any time in your device settings, though some features may not function properly.

4. Camera & Photo Access

We request camera and photo library access to:

  • Take photos of completed work for job reports
  • Attach before/after photos to jobs
  • Document site conditions
  • Create visual records for clients

Photos are stored securely in our cloud storage and are only visible to authorized team members within your company.

5. Data Storage & Security

Data is stored securely via Supabase with industry-standard security measures:

  • Encrypted data transmission (HTTPS/TLS)
  • Encrypted password storage
  • Secure authentication tokens
  • Regular security audits
  • Access controls and role-based permissions

6. Data Sharing

Data may be processed by trusted third-party services:

  • Supabase: Database and authentication hosting
  • Stripe: Payment processing (see below)
  • OpenAI: AI-powered features
  • Google Analytics: Usage analytics
  • Amazon Textract: Document processing
  • QuickBooks Online: Optional accounting integration (see Section 7 for full details)
  • Google Calendar: Optional calendar sync integration (see Section 8 for full details)
  • Expo: Push notifications and app services (mobile)

Stripe & Payment Data:

When you connect your Stripe account to accept invoice payments, you create your own independent Stripe account directly with Stripe. Important information about payment data:

  • Your bank account information, tax IDs, and identity documents are collected and stored by Stripe directly, not by ProTrades.
  • ProTrades does not have access to your bank account details, full card numbers, or payout information.
  • Your payment data is governed by Stripe's Privacy Policy.
  • We only store your Stripe Account ID to link payments to your ProTrades account.

We DO NOT:

  • Sell your personal information to third parties
  • Share your data with advertisers
  • Use your data for purposes other than providing our services
  • Track you across other apps or websites
  • Store or access your bank account or payment credentials

7. QuickBooks Online Integration

Optional Connection

Connecting ProTrades to QuickBooks Online ("QBO") is optional. We process QBO-related data only when you authorize the integration through Intuit's OAuth consent flow, and only on behalf of the QuickBooks company ("realm") you select.

What We Store About Your Connection

To operate the integration, we store the following in our database:

  • Encrypted OAuth tokens: Your access and refresh tokens are encrypted at rest using AES-256-GCM with an application-layer encryption key. We never log or expose token values.
  • Realm identifier: The QuickBooks company ID Intuit returns when you connect. Realm IDs are masked in our logs (only the last 4 characters appear).
  • OAuth scope: The permissions you granted (currently "accounting").
  • Connection metadata: Who connected, when, when last refreshed, and your account mapping configuration (which QuickBooks accounts you assigned to Undeposited Funds, Stripe Fees, etc.).
  • Sync activity: Records of each sync attempt — entity type, operation, success or failure, error messages, and retry state — used for troubleshooting and to retry failed syncs.

What We Send To QuickBooks

Sync is one-way from ProTrades to QuickBooks. We may transmit clients, items, invoices, payments, refunds, and Stripe payout records (as Deposits) that you create or modify in ProTrades, based on the mapping you configure.

What We Receive From QuickBooks

We receive only what is necessary to operate the integration: your chart of accounts and item list (so you can map them in the setup wizard), the IDs QuickBooks returns when records are successfully created, and error responses when sync fails. We do not pull your full QuickBooks ledger, transactions, or reports into ProTrades.

How QuickBooks Data Is Protected

  • OAuth tokens are AES-256-GCM encrypted at the application layer before being stored in our database.
  • Access to your connection row is restricted by row-level security to members of your ProTrades company.
  • Tokens are never logged, displayed in the UI, or sent to third parties other than Intuit during the standard OAuth refresh flow.
  • QuickBooks data is not shared with advertisers, sold to anyone, used to train machine-learning or AI models, or used for any purpose outside operating the integration and supporting you when you ask for help.

Disconnecting

You may disconnect at any time using the in-app QuickBooks controls or by revoking ProTrades' access from within Intuit. When you disconnect through ProTrades, we attempt to revoke the refresh token at Intuit (best-effort), and we mark the connection record as disconnected so no new sync activity is initiated.

For audit and reconnect purposes, we retain the connection record (including the encrypted token blob, which is no longer usable once revoked at Intuit) and your sync activity logs after disconnect. If you would like the encrypted token blob and sync history fully deleted, email sabri@protrades.ai and we will erase them within 30 days, subject to the legal retention exceptions in Section 9.

Your Relationship With Intuit

ProTrades is independent of Intuit Inc. Data you maintain inside QuickBooks Online is governed by Intuit's Privacy Statement and your agreement with Intuit, which apply independently of this Privacy Policy.

8. Google Calendar Integration & Google API Services User Data Policy

Limited Use Disclosure

ProTrades' use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Optional Connection

Connecting ProTrades to Google Calendar is optional. We access Google Calendar data only after you authorize the integration through Google's OAuth consent flow, and only for the Google account and calendars you select.

Scopes We Request

We request the minimum scopes necessary to operate the integration:

  • https://www.googleapis.com/auth/calendar — read and write calendar events so that schedule items you create in ProTrades can sync to your Google Calendar, and Google Calendar events you create can appear in ProTrades.
  • https://www.googleapis.com/auth/calendar.events — manage individual events on the calendars you have chosen to sync.
  • userinfo.email / userinfo.profile / openid — identify which Google account granted access so we can attach the correct connection to your ProTrades user.

How We Use Google User Data

Data obtained from Google APIs is used only to provide and improve the user-facing calendar sync feature you enabled. Specifically, we use it to:

  • Show your Google Calendar events inside the ProTrades schedule view.
  • Create, update, and delete events on the Google calendars you selected when you schedule or modify jobs in ProTrades.
  • Maintain a two-way sync between ProTrades schedule items and Google Calendar events.
  • Display which Google account is connected, on which calendars, in your profile and schedule settings.

What We Do NOT Do With Google User Data

Consistent with the Google API Services User Data Policy Limited Use requirements, ProTrades does not:

  • Transfer Google user data to third parties except as necessary to provide or improve user-facing features, when required by law, or as part of a merger, acquisition, or sale of assets with appropriate notice to users.
  • Use Google user data for serving advertisements, including retargeting, personalized, or interest-based advertising.
  • Use Google user data to train, develop, or improve generalized or non-personalized machine-learning or AI models. Google Calendar event content is never sent to OpenAI or any other AI provider.
  • Allow humans to read Google user data, except (a) with your explicit consent for specific events, (b) when necessary for security purposes such as investigating abuse, (c) to comply with applicable law, or (d) where the data has been aggregated and anonymized and is used for internal operations.
  • Sell Google user data.

How Google Data Is Stored & Protected

  • OAuth access and refresh tokens are encrypted at rest using AES-256-GCM at the application layer before being written to our database.
  • Tokens are never logged, never shown in the UI, and are transmitted only over TLS to Google's OAuth and Calendar API endpoints.
  • Access to your connection row and synced events is restricted by row-level security to members of your ProTrades company.
  • Calendar event payloads we cache for sync (titles, times, attendees, descriptions you created or modified through ProTrades) are stored only for as long as needed to maintain the two-way sync.

Disconnecting & Deletion

You may disconnect Google Calendar at any time from the "Connected Calendars" section of your profile, or by revoking ProTrades' access from your Google Account permissions page. When you disconnect through ProTrades, we revoke the refresh token at Google (best-effort), stop the Google Calendar push notification channel, and mark the connection as disconnected so no new sync activity occurs.

To request deletion of any cached Google Calendar data we still hold, email sabri@protrades.ai and we will erase it within 30 days, subject to the legal retention exceptions in the "Data Retention & Deletion" section below.

Your Relationship With Google

ProTrades is independent of Google LLC. Data you maintain inside Google Calendar is governed by Google's Privacy Policy and your agreement with Google, which apply independently of this Privacy Policy.

9. Cookies & Tracking Technologies

ProTrades uses cookies and similar technologies to provide and improve our service:

  • Essential Cookies: Required for authentication, security, and core functionality. These cannot be disabled.
  • Analytics Cookies: We use Google Analytics to understand how users interact with our service. This helps us improve features and user experience.
  • Preference Cookies: Store your preferences such as theme settings and dashboard layouts.

Third-Party Analytics: Google Analytics may collect information about your device, browser, and how you interact with ProTrades. You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.

Do Not Track: ProTrades does not currently respond to Do Not Track (DNT) browser signals. We do not track users across third-party websites.

10. Data Retention & Deletion

Active Accounts: Data is retained while your account is active.

Deleted Accounts: Personal data is permanently deleted within 30 days of account deletion.

Business Records: Job history, invoices, and financial records may be retained for legal and tax compliance (typically 7 years).

Account Deletion: To delete your account, contact us at sabri@protrades.ai. Company owners must transfer ownership before deleting their account.

11. Your Rights

You have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Request data deletion
  • Export your data
  • Opt-out of notifications
  • Disable location services
  • Revoke camera and photo access

12. Children's Privacy

ProTrades is not intended for users under 18 years of age. We do not knowingly collect information from children under 18.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes through in-app notifications, email notifications, or by updating the "Last Updated" date at the top of this page.

14. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to Know: You can request information about the categories and specific pieces of personal information we have collected about you.
  • Right to Delete: You can request that we delete your personal information, subject to certain exceptions.
  • Right to Opt-Out of Sale: ProTrades does not sell personal information to third parties as defined under CCPA. We do not and will not sell your personal information.
  • Right to Non-Discrimination: You will not receive discriminatory treatment for exercising your CCPA rights.

To exercise your California privacy rights, contact us at sabri@protrades.ai. We will verify your identity before processing your request.

15. Data Breach Notification

In the event of a data breach that affects your personal information:

  • We will notify affected users via email within 72 hours of discovering the breach.
  • We will provide information about what data was affected and what steps you should take.
  • We will notify relevant authorities as required by applicable law.
  • We will take immediate steps to contain the breach and prevent further unauthorized access.

16. Contact Us

For privacy-related questions or requests:

17. Legal Compliance

This Privacy Policy complies with Apple App Store Review Guidelines, General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other applicable data protection laws.