ROOFCORE is published by Building and Restoration Technology of New York (BRT NYC). Privacy questions can be sent to privacy@roofcore.app or, if that bounces, support@roofcore.app.
When you sign in, ROOFCORE receives the following from the OAuth provider and stores it in our backend database so we can recognize you the next time you open the app:
That is the entire user record. We do not collect a phone number, mailing address, date of birth, IP-based location, or device advertising identifier.
Site visits, condition ratings, core cuts, deficiencies, photos, leads, estimates, your company profile, your branding (logo, license number, address you put on PDFs), drafts, and the Issues punch list are stored locally on your device using AsyncStorage (iOS / Android local key-value storage). This data does not automatically upload to ROOFCORE servers in version 1.0. If your device is wiped, restored, or uninstalled without a backup, this data is gone.
Photos you capture inside the app, or pick from your library and attach to a report, are stored on your device. They are referenced by file URI inside the inspection record and are not uploaded to our backend in v1.0. When you choose to share a report — for example, by generating a PDF and emailing it from the system mail composer — the photos travel with the PDF you are knowingly sending. ROOFCORE does not write your photos to your camera roll unless you tap an explicit "save to library" action.
ROOFCORE only requests your device's GPS coordinates when you actively tap "Drop GPS pin" on a roof core, when you measure a roof using the satellite map tool (which centers the map on your current location), or when a feature explicitly asks for it. The coordinates that get captured are stored on the inspection record on your device, alongside the core cut or measurement they belong to. ROOFCORE does not track your location in the background, does not build a movement history, and does not sell or share location data.
Microphone access is requested when you use the dictation feature ("Dictate" mic icon next to a notes field) or the Voice Mode capture screen. Audio is converted to text by the device's on-platform speech recognizer and the resulting text is written into the field you were typing in. The audio recording itself is not retained by ROOFCORE. If you use Voice Mode to parse a free-form dictation into a structured report, the resulting transcript text (not the audio) is sent to our backend's AI service so it can extract structured fields — see Section 3.2.
The camera is opened only when you tap a "Take photo" action inside the app. We don't run the camera in the background and we don't access your existing photo library without you choosing a library photo through the picker UI.
If the app encounters an error, an entry is written to a local in-memory error log (capped at the 100 most recent entries). In v1.0 these logs are not transmitted off your device — you have to volunteer them via a "Send diagnostics" action that we can add at your request. We do not have a third-party crash reporter (Sentry, Firebase Crashlytics, etc.) wired into v1.0.
ROOFCORE v1.0 does not include third-party analytics (Google Analytics, Firebase Analytics, Mixpanel, Amplitude, PostHog, Segment, Adjust, AppsFlyer, or similar). It does not contain advertising SDKs. It does not track you across other apps or websites. It does not access your contacts, calendar, health data, or HomeKit. It does not use Apple's IDFA / advertising identifier. The Apple App Tracking Transparency (ATT) prompt is therefore not triggered.
The sign-in flow contacts our authentication backend so we can issue you a session token. This includes your OAuth provider's response (your name, email, OAuth ID, login method).
If you ask ROOFCORE to generate an executive summary for a report, or to parse a voice dictation into structured fields, the relevant text — the report data you assembled, or the transcript you spoke — is sent to our backend's LLM endpoint and the model's response is returned to your device. The text is processed to give you the response and is not used for ad targeting, sold, or shared with third parties beyond the LLM provider that runs that single inference. If you don't use these features, no inspection data leaves your device.
When you enter a property address in the report wizard, the address string is sent to Nominatim, an open-source geocoding service operated by OpenStreetMap, to convert it to latitude / longitude and to center the satellite map. Nominatim's privacy policy applies to that single request. We do not send your name, account ID, or device ID along with the lookup.
The satellite map view loads map tile imagery from a tile provider when you open a map screen. Standard web traffic (your IP address, the tile coordinates being requested) is visible to that provider as part of serving the imagery. This is the same exposure as opening any web map.
Photos, core-cut layer detail, condition checklists, deficiency lists, leads, estimates, your company branding, your inspection drafts, and your local error logs are not transmitted to our backend in v1.0 unless you explicitly share a generated artifact (e.g., email a PDF, hand off via the system share sheet). A future paid "cloud sync" tier will be opt-in only and will be covered by a separate addendum to this policy at the time it ships.
Account data lives in our managed database, hosted in the United States by our infrastructure provider. Access is restricted to BRT NYC personnel who need it for support and operations. We use industry-standard transport encryption (HTTPS / TLS) for all network traffic between the app and our backend. Inspection data, as noted above, is stored on your device and is governed by your device's own security model (passcode, biometrics, full-disk encryption).
Account records are retained for as long as your account is active. If you ask us to delete your account, we delete the user row from our database within 30 days of the request. Inspection data on your device is retained until you delete it or uninstall the app. We do not have a server-side copy to delete in v1.0.
ROOFCORE is a tool for commercial roofing trades and is not directed at children under 13 (or under 16 in the EEA / UK). We do not knowingly collect personal information from anyone under those ages. If you believe a child has signed up, contact privacy@roofcore.app and we will delete the account.
You can request a copy of your account data, request deletion of your account, or revoke the OAuth grant from your provider at any time by emailing privacy@roofcore.app. Because inspection data lives on your device, you control it directly: deleting a record in the app or uninstalling the app removes it. There is no separate "export from cloud" step in v1.0 because there is no cloud copy.
You have the right to know what categories of personal information we collect (covered above), the right to request deletion, and the right to non-discrimination for exercising these rights. We do not sell or share personal information for cross-context behavioral advertising, and there is no "Do Not Sell or Share" toggle to expose because the underlying activity does not happen.
The legal basis for processing your account data is contract performance — we need it to provide the app you signed in to. The legal basis for processing the inspection text you voluntarily send to the AI summary or voice parser is your explicit action of tapping that feature. You have rights of access, rectification, erasure, restriction, portability, and objection. ROOFCORE's controller is BRT NYC. We do not currently maintain an EU representative; if your jurisdiction requires direct correspondence in a local language, contact us and we will work with you in good faith.
Network traffic uses HTTPS / TLS. Session tokens are stored on the device using expo-secure-store (iOS Keychain / Android Keystore). Inspection data on the device is protected by the operating system's standard sandboxing and disk encryption. We do not currently offer end-to-end encryption of inspection data and do not claim to. No system is perfectly secure; if you discover a vulnerability, please report it to security@roofcore.app.
Our backend is operated from the United States. If you sign in from outside the US, your account data is transferred to the US for processing. Where required, we rely on standard contractual clauses with our service providers.
We do not embed Facebook, Google Analytics, TikTok, Amazon, or any advertising / behavioral tracking SDK.
This marketing site (the page you are reading) is static HTML on Cloudflare Pages. It does not set cookies, does not run analytics, and does not load fonts or scripts that fingerprint you beyond Google Fonts for the typefaces. There is no cookie banner because there is nothing to consent to.
If we add a feature that changes what data leaves your device — for example, opt-in cloud sync, push notifications, or a third-party crash reporter — we will update this page and bump the "Last updated" date at the top before the feature ships. Material changes that affect existing users will be announced in-app.
Privacy questions: privacy@roofcore.app
Security reports: security@roofcore.app
General support: support@roofcore.app
Mailing address available on request.