Privacy Notice

Introduction

This Privacy Notice describes how Sledge ("Sledge," "we," "us," or "our") collects, uses, discloses, and safeguards information in connection with your access to and use of the Sledge software-as-a-service platform, websites, applications, integrations, and related services (collectively, the "Services").

This Privacy Notice is intended to reflect enterprise SaaS best practices and is modeled on industry-standard privacy disclosures used by leading construction software platforms, while accurately reflecting Sledge's current operations.

1. Scope

This Privacy Notice applies to information collected:

• Through the Services and any related websites or applications
• Through communications between you and Sledge (including support and service communications)
• Through third-party services and integrations that you authorize

This Privacy Notice does not apply to information collected by third parties outside of Sledge's control, except as expressly described herein.

2. Information We Collect

We collect information in the following categories.

2.1 Information You Provide

You may provide information directly to us, including:

• Contact and account information (such as name, email address, phone number, business name, role)
• Login and authentication information (stored in hashed or encrypted form)
• Billing and payment information (processed by third-party payment processors)
• Business and operational data you upload or submit through the Services (including invoices, documents, files, and related metadata)
• Communications with Sledge, such as support requests, feedback, or inquiries

2.2 Information Collected Automatically

When you access or use the Services, we may automatically collect:

• IP address, device identifiers, and approximate location information
• Browser type, operating system, and device characteristics
• Usage data, logs, timestamps, and interaction data
• Diagnostic, performance, and error data
• Cookies, local storage, session storage, and similar technologies

2.3 Information from Third-Party Integrations

If you choose to connect third-party services to the Services, we may collect and process information made available by those services, including:

• Email content, attachments, and metadata from email providers (such as sender, recipient, subject, and timestamps)
• Accounting and financial data from accounting platforms (such as company profile information, vendors, customers, products/items, accounts, and transaction records)
• Integration configuration data and synchronization metadata (such as processing start dates, last-read or last-synced timestamps, and integration status)
• OAuth and connection data necessary to maintain integrations (such as access tokens, refresh tokens, scopes, token expiry, and provider identifiers)

We access and process third-party data only as authorized by you through the applicable integration.

You are responsible for ensuring that you have all necessary rights, permissions, and consents to connect third-party services and to share related data with Sledge, including where such data relates to your employees, contractors, vendors, or other third parties.

2.4 Onboarding and Configuration Information

We may collect and store onboarding and configuration information required to enable the Services, including integration status, setup preferences, and onboarding completion indicators.

3. How We Use Information

We use information for legitimate business purposes, including to:

• Provide, operate, maintain, and secure the Services
• Create and manage user accounts and authenticate users
• Enable, maintain, and manage authorized integrations
• Process, transform, and analyze data to provide automation features (such as invoice detection, document processing, and accounting synchronization)
• Process payments and manage billing
• Communicate with you about the Services, updates, and support matters
• Improve functionality, performance, and user experience
• Monitor usage, prevent misuse, and protect the security and integrity of the Services
• Comply with legal obligations and enforce our agreements

4. Roles and Responsibilities (Controller and Processor)

Depending on the context, Sledge may act as either a data controller or a data processor.

As a controller, Sledge determines the purposes and means of processing information relating to account administration, billing, marketing communications, and operation of the Services.

As a processor, Sledge processes data on behalf of its customers when customer content is submitted to the Services or accessed through authorized integrations (such as email or accounting systems), in accordance with customer instructions and applicable agreements.

Customers remain responsible for determining the purposes for which customer content is processed through the Services.

5. Automated Processing and AI-Assisted Features

The Services rely on automated systems and machine-assisted processing to analyze documents, extract information, and generate structured outputs. These processes may produce derived data such as classifications, metadata, and extracted records.

6. Sharing and Disclosure of Information

We may share information in the following circumstances.

6.1 Service Providers and Subprocessors

We engage trusted third-party service providers (sometimes referred to as "subprocessors") to support our operations. These providers process information on our behalf under contractual confidentiality and security obligations. Depending on your use of the Services, these providers may include:

• Hosting, compute, storage, and infrastructure providers
• Database and platform service providers
• AI and machine-assisted processing providers
• Payment processing and billing providers
• Email, accounting, and productivity service providers you choose to integrate
• Communications and email delivery providers

We share information with service providers only as necessary to provide the Services or enable the integrations you authorize.

6.2 Business Transfers

If Sledge is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, information may be transferred as part of that transaction, subject to applicable confidentiality protections.

6.3 Legal and Compliance Requirements

We may disclose information where required to do so by law, regulation, or legal process, or where we reasonably believe disclosure is necessary to protect the rights, property, or safety of Sledge, our users, or others.

7. Data Retention

We retain information for as long as reasonably necessary to:

• Provide the Services
• Fulfill contractual and operational requirements
• Comply with legal, accounting, or regulatory obligations
• Resolve disputes and enforce agreements

Retention periods may vary based on data type, usage, and legal requirements.

8. Security

We implement administrative, technical, and organizational measures designed to protect information against unauthorized access, loss, misuse, or disclosure. These measures may include access controls, encryption technologies, network security controls, monitoring, and controlled deployment practices.

9. Cookies and Similar Technologies

We use cookies and similar technologies (including local storage and session storage) to:

• Authenticate users and maintain sessions
• Enforce access controls and onboarding requirements
• Store user preferences and temporary state during setup and integrations
• Analyze usage and improve performance

You may control cookies through your browser settings, but disabling cookies may limit certain features of the Services.

10. International Data Transfers

The Services are operated primarily in the United States. If you access the Services from outside the United States, your information may be transferred to, stored, and processed in jurisdictions that may have different data protection laws than your location.

11. Customer Responsibilities

Customers are responsible for:

• Ensuring they have appropriate rights, permissions, and consents to provide data to the Services and to authorize integrations
• Complying with applicable privacy, data protection, and employment laws with respect to data processed through the Services
• Reviewing and validating outputs generated by the Services before relying on them

Sledge does not control the content of customer data processed through authorized integrations.

12. Your Choices

You may:

• Update certain account information through the Services
• Disconnect integrations you have authorized
• Request account deletion, subject to legal and operational requirements

Certain information may be retained as required by law or for legitimate business purposes.

13. Children's Privacy

14. Third-Party Services

The Services may contain links to or integrations with third-party services not controlled by Sledge. This Privacy Notice does not apply to those third-party services, and we encourage you to review their privacy practices separately.

15. Changes to This Privacy Notice

We may update this Privacy Notice from time to time. Changes will be effective when posted. Your continued use of the Services after changes are posted constitutes acceptance of the updated Privacy Notice.

16. Supplemental Notices

Additional privacy disclosures may apply depending on your jurisdiction or your use of specific features. Any such supplemental notices will be provided separately and will apply only in the relevant context.

17. Contact Us

If you have questions or concerns about this Privacy Notice or our data practices, please contact:

Sledge

Email: support@getsledge.com