Privacy Policy
Upkeep ("the Service") is a private, invite-only maintenance tracking application operated by John Howard. This policy explains what personal data we collect, why, and what we do with it. We collect the minimum we need to make the Service work, and we do not sell, rent, or share it with advertisers.
1. Information we collect
- Account information: name, email address, and (optionally) phone number — provided by you directly, or by an administrator who invites you.
- Content you create: tasks, trackers, equipment/upkeep entries, service logs, photos you upload, and notes.
- Session information: a session token stored as a cookie so you stay signed in, plus your last login time.
- Standard web logs: IP address, user agent, and request times in server logs, retained for debugging and security for up to 90 days.
2. How we use it
- To authenticate you and show you your information.
- To allow administrators to share trackers and tasks with specific helpers they have invited.
- To send in-app push notifications when an administrator assigns you a task or tracker, if you've granted notification permission to the installed app.
- To detect and prevent abuse.
We do not use your data for advertising, marketing, profiling, or any kind of analytics beyond basic service health. We do not send SMS — the Service uses Web Push notifications via the installed Progressive Web App instead. Phone numbers stored in user profiles are contact information only.
3. Who can see your information
Each user sees only their own data, plus anything an administrator has shared or assigned to them. Administrators see the users they have invited, and the trackers, tasks, and logs in their account. No one outside your account has access.
4. Push notifications
Notifications are delivered via the Web Push standard. The browser/OS push service (Apple, Google, or Mozilla, depending on your device) routes encrypted messages from our server to your device. We send only what's needed to render the notification (a short title and body, an icon URL, and a deep-link path). You can revoke notification permission at any time in your browser or OS settings.
5. Storage and security
Your data is stored in a private MySQL database on a server under our control. Passwords are stored hashed with bcrypt — we never see them in plaintext. The application is served over HTTPS.
6. Retention
We keep your account data for as long as your account is active. If your account is removed, your personal information (name, email, phone) is deleted along with the account. Content you created (tasks, logs, photos) is removed at the same time. Standard web logs are rotated out within 90 days.
7. Your choices
- Ask your administrator to remove your account at any time.
- Revoke push notification permission in your browser or OS settings to stop receiving notifications without deleting your account.
- Edit your profile information inside the application.
8. Children
The Service is not intended for children under 13 and we do not knowingly collect personal information from them.
9. Changes
If we update this policy, we'll change the "Last updated" date at the top. Material changes will be surfaced in the application or via email where practical.
10. Contact
Privacy questions or requests: hello@softwerks.pro.