Privacy Policy

Last Updated: March 21, 2026

1. Introduction

RoofMarshal (“we,” “our,” or “us”) operates a multi-tenant Software-as-a-Service (SaaS) platform designed for roofing contractors. Our platform provides AI-powered roof estimation tools, a customer relationship management (CRM) system, proposal and invoice generation, and project pipeline management.

This Privacy Policy explains how we collect, use, disclose, and protect information when you visit our website, fill out a contact or demo request form, or use our platform. By submitting your information or using RoofMarshal, you agree to the practices described in this policy.

2. Information We Collect

We collect the following categories of information:

  • Contact & Demo Request Data: When you submit our contact or demo request form, we collect your name, phone number, work email address, company name, job title, team size, current software tools, how you found us, and any message or requirements you provide.
  • Account Information: When your organization creates a RoofMarshal account, we collect administrator and user credentials including name, email address, and role. Passwords are stored as bcrypt hashes and are never stored or transmitted in plain text.
  • Usage Data: We log actions performed within the platform (such as creating estimates, proposals, and invoices) in an activity log for audit and accountability purposes. We may also collect server-side request logs including IP addresses and timestamps.
  • Customer & Project Data: Platform users input data about their own customers, projects, proposals, and invoices. This data belongs to the respective tenant organization and is processed on their behalf.
  • Property & Imagery Data: When using the AirRecon roof estimation feature, addresses are geocoded and satellite imagery may be retrieved from third-party providers (Mapbox, Google). No personally identifiable imagery is stored beyond what is necessary to generate the estimate.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • To respond to your inquiry or schedule a product demo
  • To provide, operate, and maintain the RoofMarshal platform
  • To send you relevant product updates, feature announcements, or service communications if you have consented
  • To improve the platform based on usage patterns and feedback
  • To enforce our Terms of Service and protect the security of the platform
  • To comply with legal obligations

We will only send marketing or promotional communications to individuals who have explicitly consented. You may withdraw consent at any time by using the unsubscribe link in any email or by contacting us directly.

4. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information to third parties.

We may share data only in the following limited circumstances:

  • Service Providers: We work with trusted third-party service providers who assist in operating the platform, including cloud hosting providers, transactional email services (such as Resend or SendGrid), mapping and imagery APIs (Mapbox, Google), and AI processing services (Anthropic). These providers are contractually bound to protect your data and may only use it to perform services on our behalf.
  • Legal Requirements: We may disclose information if required by law, court order, or governmental authority, or when we believe disclosure is necessary to protect the rights, property, or safety of RoofMarshal, our users, or the public.
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify affected users prior to any such transfer.

5. Data Retention

We retain contact and demo request data for up to 24 months, or until you request deletion. Platform account data is retained for the duration of the customer relationship and for a reasonable period after account termination to comply with legal obligations and resolve disputes.

Activity logs are retained for up to 12 months by default. Tenant organizations may configure shorter retention periods within the platform settings.

6. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request that inaccurate or incomplete information be corrected.
  • Deletion: Request that we delete your personal data, subject to our legal retention obligations.
  • Unsubscribe: Opt out of marketing communications at any time via the unsubscribe link in any email or by contacting us.
  • Portability: Request that your data be provided in a portable, machine-readable format where technically feasible.
  • Objection: Object to certain processing activities, including direct marketing.

To exercise any of these rights, contact us at privacy@roofmarshal.com. We will respond within 30 days.

7. Cookies

RoofMarshal uses only essential session cookies required for authentication and secure access to the platform. We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

Session cookies are temporary and are deleted when you close your browser. You may configure your browser to refuse cookies, but doing so will prevent you from logging in to the platform.

8. Security

We take the security of your data seriously. Our security practices include:

  • All data in transit is encrypted via TLS/HTTPS
  • Passwords are hashed using bcrypt with a strong work factor — plain-text passwords are never stored
  • Database access uses row-level isolation ensuring tenant data is strictly separated
  • API routes are protected by server-side authentication checks on every request
  • Role-based access control (RBAC) limits data visibility to authorized users within each organization
  • Environment secrets (API keys, database credentials) are stored in secure environment variables and never committed to source code

No method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.

9. Children's Privacy

RoofMarshal is a business-to-business platform intended for use by roofing professionals and their employees. We do not knowingly collect personal information from individuals under the age of 18. If you believe a minor has submitted information to us, please contact us immediately and we will take steps to remove it.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will post the updated policy on this page with a revised “Last Updated” date. For material changes, we will notify platform users via email or an in-app notice. Continued use of RoofMarshal after changes are posted constitutes your acceptance of the updated policy.

11. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

EMAIL privacy@roofmarshal.com
CONTACT roofmarshal.com/contact

© 2026 RoofMarshal. All rights reserved.