Privacy Policy

Last Updated: May 12, 2026

Potomac Operations Group LLC is committed to protecting your privacy. This Privacy Policy describes how we collect, use, disclose, and safeguard information when you use the POG ERP web platform and the POG ERP mobile app for iOS and Android.

1. Information We Collect

• Account Information: Name, email, phone, business name, login credentials
• Business Data: Financial records, customer records, employee records, inventory, transactions
• Usage Data: Log data, IP addresses, browser type, pages visited
• Communications: Support tickets, emails, SMS messages processed through AI Lead Recovery
• Mobile App Data: Push notification tokens, photos you choose to attach to jobs, and anonymous crash diagnostics — see the Mobile App section below.

2. How We Use Information

• To provide and maintain the Service
• To process transactions
• To send administrative notifications
• To send receipts, estimates, appointment reminders via email and SMS (with your consent)
• To respond to support requests
• To improve the Service
• To comply with legal obligations

3. Data Sharing

We do not sell your personal information. We may share data with service providers (hosting, payment processing via Stripe, SMS delivery via Telnyx) and law enforcement when required by valid legal process. These providers only receive data necessary for their services.

4. SMS/Text Messages

Phone numbers provided with SMS consent may receive automated messages including appointment reminders, lead follow-ups, and service updates. You can opt out at any time by replying STOP. See our SMS Policy for full details.

5. SMS Data Sharing Policy

We do not sell, rent, loan, trade, lease, or otherwise transfer for profit any phone numbers or personal information collected through our SMS messaging services to any third party. Your phone number and messaging data are used solely to deliver the services you consented to. No exceptions.

6. Data Security

We implement industry-standard security measures including encryption in transit (TLS 1.2/1.3), hashed passwords (bcrypt), role-based access controls, rate limiting, CSP headers, and audit logging.

7. Data Retention

Customer Data is retained for the duration of the subscription plus 30 days after termination. SMS conversation data is retained for compliance purposes and can be deleted upon request.

8. Your Rights

You may request access to, correction of, or deletion of your data by contacting us. You may export your data at any time through the platform. Where processing is based on consent, you may withdraw consent at any time.

9. Mobile App (iOS and Android)

The POG ERP mobile app is a thin wrapper around the same web platform. The mobile app collects and processes the following additional data on the device:

• Push Notification Tokens: When you allow notifications, the app receives a device token from Apple Push Notification service (APNs) or Firebase Cloud Messaging (FCM). We store this token on our servers solely to deliver app notifications (new lead alerts, appointment reminders, payment receipts). Tokens are linked to your user account, used only for notification delivery, and are not shared with third parties or used for tracking or advertising. You can disable notifications at any time in your device settings.
• Camera and Photo Library: The app accesses the camera only when you explicitly tap a capture or attach control to add photos of job sites, equipment, or receipts to estimates, invoices, and job records. Photos you capture or select are uploaded to our servers and tied to the corresponding job or transaction. We do not access the camera, photo library, or photo metadata in the background, and we do not share your photos with third parties.
• Biometric Authentication (Face ID / Touch ID): If you enable biometric unlock, the app uses your device's Face ID or Touch ID to authorize app sign-in and sensitive actions like refunds or record deletions. Biometric data is processed entirely by iOS or Android on your device through the Secure Enclave or equivalent secure hardware — your face or fingerprint is never transmitted to our servers and we never see, receive, or store biometric data. You can disable biometric unlock at any time in the app's settings.
• Crash and Error Reporting: The app reports crashes and unhandled errors to Sentry, our error-monitoring provider, so we can diagnose and fix bugs. These reports are anonymous diagnostics — stack traces, device model, OS version, and app build — with no personal information, business records, or photo content attached.
• Device Identifiers: The app uses Apple's and Google's standard device identifiers (APNs / FCM registration IDs) solely to deliver push notifications addressed to your account. We do not use the IDFA, Advertising ID, or any cross-app or cross-site tracking identifiers, and the app does not track you across other companies' apps or websites.

The mobile app does not collect location data, contacts, calendar, microphone audio, health data, or any data category not listed above. A full machine-readable privacy manifest is bundled inside the iOS app at PrivacyInfo.xcprivacy.

10. Contact

Email: management@potomacops.com