Privacy Policy

Effective Date: February 17, 2026

Boresite ("we," "us," or "our") operates the Boresite mobile application (the "App"). This Privacy Policy explains what information we collect, how we use it, and your choices regarding your data. By using the App, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

1.1 Account Information

When you create an account or sign in, we collect the information associated with your authentication credentials, such as your name and email address. Authentication is handled via a secure web-based sign-in flow powered by Supabase.

1.2 Authentication Tokens

Upon signing in, authentication tokens (access token, refresh token, and token expiry) are stored locally on your device to maintain your session. These tokens are not shared with third parties and are removed when you sign out.

1.3 Push Notification Tokens

If you grant permission for push notifications, we collect your device's push notification token. This token is stored on our servers (hosted by Supabase) and is used solely to deliver alarm and job-related notifications to your device.

1.4 Device Information

We collect basic device information, specifically your device's operating system platform (iOS or Android), to ensure the App functions correctly during authentication and notification delivery.

1.5 User Preferences

The App stores your preferences (such as timezone settings and display preferences) locally on your device using on-device storage. These preferences are not transmitted to our servers.

1.6 Work Order and Operational Data

The App accesses work order, well, shift report, alarm, and other operational data associated with your employer's account. This data is stored on our servers and is accessed only by authorized users within your organization.

2. Information We Do Not Collect

We want to be clear about what we do not collect:

• We do not collect location data.
• We do not access your camera, photos, contacts, or microphone.
• We do not use any advertising or ad-tracking SDKs.
• We do not use third-party analytics or tracking tools.
• We do not track your activity across other apps or websites.
• We do not sell, rent, or trade your personal data to third parties.

3. How We Use Your Information

The information we collect is used for the following purposes:

• Authentication: To verify your identity and maintain your signed-in session.
• Notifications: To send you push notifications related to alarms, job updates, and operational alerts.
• App Functionality: To display relevant work orders, well data, shift reports, analytics, and other operational information.
• Service Improvement: To ensure the App functions correctly across different devices and operating systems.

4. Third-Party Services

We use the following third-party services to operate the App:

• Supabase — Provides authentication, database, and backend services. Your account information, push notification tokens, and operational data are stored on Supabase's infrastructure. Supabase's privacy policy is available at supabase.com/privacy.
• Expo — Provides push notification delivery services. Your Expo push token is processed by Expo's notification service to deliver notifications to your device. Expo's privacy policy is available at expo.dev/privacy.

These third-party services are contractually obligated to protect your data and may only use it as necessary to provide their services to us. They are not permitted to use your data for their own marketing or advertising purposes.

5. Data Storage and Security

We take reasonable measures to protect your information. Authentication tokens are stored securely on your device. Data transmitted between the App and our servers is encrypted using HTTPS/TLS. Access to operational data is restricted to authenticated and authorized users within your organization.

6. Data Retention

We retain your account information and associated data for as long as your account is active or as needed to provide you with our services. Authentication tokens stored on your device are removed when you sign out. Push notification tokens are removed from our servers when you sign out or delete your account.

7. Your Rights and Choices

7.1 Push Notifications

You can opt out of push notifications at any time by disabling them in your device's Settings. The App will continue to function without push notifications enabled.

7.2 Account Deletion

You may request deletion of your account and all associated personal data by visiting our Account Deletion page or by contacting us at the email address provided below. Upon receiving your request, we will delete your account data from our servers within 30 days, except where retention is required by law.

7.3 Data Access and Portability

You have the right to request access to the personal data we hold about you. You may also request a copy of your data in a portable format. To make such a request, contact us using the information below.

7.4 Withdraw Consent

Where we rely on your consent to process personal data, you may withdraw that consent at any time. You can withdraw consent for push notifications via your device settings, or contact us to withdraw consent for other processing activities. Withdrawing consent does not affect the lawfulness of processing carried out before the withdrawal.

8. Children's Privacy

The App is not intended for use by children under the age of 13 (or the applicable age of consent in your jurisdiction). We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected personal data from a child, we will take steps to delete that information promptly.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from the laws of your jurisdiction. By using the App, you consent to the transfer of your information to such countries.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy within the App or by other appropriate means. The "Effective Date" at the top of this policy indicates when it was last revised. Your continued use of the App after changes are posted constitutes your acceptance of the updated policy.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Boresite
Email: generalinquiries@boresite.io
Website: boresite.io