Privacy Policy
Effective date: April 18, 2026
Introduction
Sanilog ("we", "us", "our") is a cloud-based field service management platform for portable sanitation businesses. We operate the sanilog.io website, the app.sanilog.io web application, and the Sanilog mobile application (collectively, "the Service"). This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you use the Service. By using Sanilog, you agree to the practices described in this policy.
Data Controller
Sanilog is the data controller for the personal data processed through the Service. For any questions about data processing, you can reach our data protection team at privacy@sanilog.io.
Information We Collect
We collect information in the following categories: Account Information: When you create an account, we collect your name, email address, phone number, company name, and billing address. Billing Information: When you subscribe to a paid plan, we collect payment details (credit card number, expiration date, billing address). Payment processing is handled by our third-party payment processor; we do not store full credit card numbers on our servers. Service Data: Data you and your team enter into the Service, including client records, site locations (GPS coordinates), contract details, unit serial numbers, job records, invoices, photos (proof-of-service images captured by drivers), and notes. Driver App Data: When drivers use the mobile app, we collect GPS location data (for route tracking and site tagging), device information, photos taken as proof of service (which include embedded GPS coordinates and timestamps), and job completion data. Location data is collected only while the app is actively in use. Usage Data: We automatically collect information about how you interact with the Service, including pages visited, features used, actions taken, browser type, operating system, IP address, referring URLs, and session duration. Waitlist and Early Access: If you submit your email address on our waitlist form before the Service is publicly available, we collect that email address solely to notify you when the Service launches. We process this data based on your consent. You may withdraw consent at any time by emailing privacy@sanilog.io. Waitlist email addresses are stored by our email service provider, Resend, and are deleted within 90 days of public launch. Cookies and Similar Technologies: We use essential cookies to maintain your session and preferences. We do not use third-party advertising cookies. See the Cookies section below for details.
How We Use Your Information
We use the information we collect for the following purposes: Service Delivery: To provide, maintain, and improve the Service, including processing transactions, managing subscriptions, generating invoices, optimizing routes, and enabling team collaboration. Communication: To send service-related communications such as account confirmations, billing receipts, security alerts, and support responses. We may also send product updates and feature announcements, which you can opt out of at any time. Analytics and Improvement: To understand how the Service is used, identify trends, diagnose technical issues, and improve functionality and user experience. Security: To detect, prevent, and respond to fraud, abuse, security incidents, and other harmful activity. Legal Compliance: To comply with applicable laws, regulations, legal processes, or enforceable governmental requests.
Legal Bases for Processing (GDPR)
If you are in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data under the following legal bases: Contract Performance (Article 6(1)(b)): Processing necessary to provide the Service you subscribed to, including account management, billing, and core functionality. Legitimate Interests (Article 6(1)(f)): Processing for purposes such as improving the Service, ensuring security, and preventing fraud, where our interests do not override your data protection rights. Consent (Article 6(1)(a)): Processing based on your explicit consent, such as for optional marketing communications. You may withdraw consent at any time. Legal Obligation (Article 6(1)(c)): Processing necessary to comply with legal requirements, such as tax reporting and regulatory obligations.
Data Sharing and Third-Party Processors
We do not sell, rent, or trade your personal information to third parties. We may share data with the following categories of service providers who help us operate the Service: Cloud Infrastructure: Hosting and data storage providers (servers located in the European Union). Payment Processing: Third-party payment processors for handling subscription billing and transactions. Email Services: Transactional email providers for sending receipts, notifications, and support communications. Mapping Services: Map and geocoding providers for route optimization and site location features. Analytics: Privacy-respecting analytics tools to understand Service usage patterns. All third-party processors are bound by data processing agreements and are required to protect your data in accordance with applicable data protection laws. We may also disclose your information when required by law, court order, or governmental request, or when necessary to protect our rights, property, or safety.
International Data Transfers
Our primary servers are located in the European Union. If data is transferred outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission, or other legally recognized transfer mechanisms.
Data Retention
We retain your personal data for as long as your account is active or as needed to provide the Service. Specific retention periods: Account Data: Retained for the duration of your active subscription plus 30 days after account deletion to allow for reactivation. Billing Records: Retained for 7 years after the transaction date to comply with tax and accounting regulations. Service Data (client records, contracts, jobs, photos): Retained for the duration of your subscription. Upon account termination, you may export your data within 30 days; after that, it is permanently deleted within 90 days. Usage Logs: Retained for 12 months for security and analytics purposes, then anonymized or deleted. Driver Location Data: Retained for the duration of the associated job or route, then aggregated for analytics. Raw GPS data is deleted after 90 days.
Your Rights
Depending on your location, you may have the following rights regarding your personal data: GDPR Rights (EEA/UK/Switzerland): - Right of Access: Request a copy of the personal data we hold about you. - Right to Rectification: Request correction of inaccurate or incomplete data. - Right to Erasure: Request deletion of your personal data ("right to be forgotten"). - Right to Restriction: Request that we limit how we process your data. - Right to Data Portability: Request your data in a structured, machine-readable format. - Right to Object: Object to processing based on legitimate interests, including profiling. - Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent. - Right to Lodge a Complaint: File a complaint with your local data protection authority. CCPA/CPRA Rights (California Residents): - Right to Know: Request disclosure of the categories and specific pieces of personal information we collect. - Right to Delete: Request deletion of personal information we have collected. - Right to Opt-Out: Opt out of the sale or sharing of personal information. We do not sell personal information. - Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights. To exercise any of these rights, contact us at privacy@sanilog.io. We will respond within 30 days (or as required by applicable law).
Global Privacy Commitment
Regardless of where you are located, we treat all user data with the same level of care and protection as required by GDPR. Whether you operate in the EU, the United States, or anywhere else in the world, you have the right to: - Request access to, correction of, or deletion of your personal data at any time. - Have your data protected with the same encryption and security standards we apply for our EU-based users. - Be notified immediately in the event of a data breach that may affect your information. We believe privacy is a universal right, not a regional regulation. Your data is your data, and we will protect it at all costs.
Cookies
Sanilog uses only essential cookies that are strictly necessary for the Service to function. These include: Session Cookies: To maintain your authenticated session while using the app. Preference Cookies: To remember your language and display preferences. We do not use advertising cookies, tracking cookies, or third-party analytics cookies that track you across other websites. No cookie consent banner is required for strictly necessary cookies under GDPR, but we provide this disclosure for transparency.
Data Security
We implement industry-standard security measures to protect your data: - Encryption in transit (TLS 1.2+) and at rest (AES-256) - Regular security assessments and vulnerability testing - Role-based access controls within our organization - Secure authentication with password hashing - Regular encrypted backups with geo-redundancy - Incident response procedures with breach notification within 72 hours as required by GDPR No method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.
Industry-Specific Data
Sanilog processes certain data specific to the portable sanitation industry: GPS and Location Data: Service site locations are GPS-tagged for mapping and route optimization. Driver location is tracked during active use of the driver app for route management. This data is used solely for service delivery and is not shared with third parties for advertising. Proof-of-Service Photos: Drivers may capture photos at service sites as proof of work completion. These photos may contain GPS coordinates and timestamps embedded in metadata. Photos are stored securely and are accessible only to authorized users within your organization.
Children's Privacy
Sanilog is a business-to-business service and is not directed at individuals under 16 years of age. We do not knowingly collect personal information from children. If we learn that we have collected data from a child under 16, we will delete it promptly. If you believe a child has provided us with personal information, please contact us at privacy@sanilog.io.
Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. We will notify you of material changes by email or through a prominent notice in the Service at least 30 days before the changes take effect. Continued use of the Service after the effective date constitutes acceptance of the updated policy. The "Effective date" at the top of this page indicates when this policy was last revised.
Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, contact us at: Email: privacy@sanilog.io General inquiries: hello@sanilog.io Website: https://sanilog.io