Privacy Policy
McIntyre Field Service
Effective Date: February 3, 2026 · Last Updated: February 3, 2026
1. Introduction
McIntyre Group (“we,” “us,” or “our”) operates the McIntyre Field Service mobile application (the “App”). This Privacy Policy describes how we collect, use, store, and share your personal information when you use our App.
This App is a workforce management tool provided to field service technicians, supervisors, and administrators for managing work orders, documenting job site conditions, and coordinating field operations.
By using the App, you acknowledge that you have read and understood this Privacy Policy.
2. Information We Collect
2.1 Account Information
When your employer creates an account for you, we collect:
- Name (first name, last name)
- Email address
- Phone number (used for two-factor authentication)
- Role (technician, supervisor, or administrator)
2.2 Authentication and Security Data
To secure your account, we collect and store:
- Password (stored only as a cryptographic hash; we never store your plaintext password)
- Two-factor authentication codes (temporary, delivered via SMS)
- Login history (timestamps, success/failure status, IP address)
- Device trust tokens (to remember trusted devices and reduce repeated two-factor prompts)
- Biometric authentication tokens (if you opt in to fingerprint or face unlock; we store only a cryptographic token in your device’s secure enclave — we never access or store your actual fingerprint or facial data)
- NFC badge tokens (if your organization uses NFC badge login)
2.3 Device Information
When you use the App, we automatically collect:
- Device identifier (a unique ID generated by the operating system)
- Device name and model (e.g., “Pixel 6,” “iPhone 13”)
- Operating system and version
- App version
- IP address
2.4 Work Order Data
The App displays and manages work order information sourced from your organization’s enterprise resource planning (ERP) system. This includes:
- Work order numbers, descriptions, and status
- Customer names and job site addresses
- Scheduling information
- Job site coordinates (latitude/longitude from your organization’s records)
2.5 Photos and Media
When you use the App’s camera feature to document job sites, we collect:
- Photos you capture (categorized as pre-install, daily status, completion, damages, punch list, or safety)
- Photo metadata (file size, dimensions, timestamp, device model)
- Captions or notes you add to photos
- Location coordinates embedded in photos (only if your device’s location services are enabled for the camera)
2.6 Voice Notes
If you use the voice note feature, we collect:
- Audio recordings you create
- Duration and file size
- Associated work order information
2.7 Usage and Analytics Data
We collect information about how you use the App to improve performance and reliability:
- App events (e.g., screens viewed, features used, work orders accessed)
- Session replays (recordings of your interactions with the App interface, with passwords automatically masked)
- Error and crash reports (stack traces, device state at time of error)
- Sync activity (when data is synchronized between the App and our servers)
- Performance metrics (upload times, API response times)
2.8 Location Data
- We do not continuously track your location. The App does not request GPS permissions on its own.
- Photo location: If your device’s camera has location services enabled, photos you take may contain GPS coordinates.
- IP-based location: Your approximate location may be inferred from your IP address for security monitoring.
- Work order locations: Job site addresses and coordinates come from your organization’s ERP system, not from your device.
3. How We Use Your Information
| Purpose | Data Used |
|---|
| Authenticate your identity | Email, password hash, 2FA codes, device info, biometric tokens |
| Manage work orders | Account info, work order data |
| Document job site conditions | Photos, voice notes, captions |
| Improve App reliability | Crash reports, error logs, performance metrics |
| Improve user experience | Usage analytics, session replays |
| Prevent unauthorized access | Login history, IP addresses, device identifiers, rate limiting |
| Manage device trust | Device IDs, trust tokens, biometric tokens |
| Generate reports | Photos, work order data, user activity |
4. How We Share Your Information
We share your information only with the following categories of third parties, and only as necessary to operate the App:
4.1 Service Providers
| Provider | Purpose | Data Shared |
|---|
| Twilio | Delivering SMS two-factor authentication codes | Phone number |
| PostHog | App analytics and session replay | Usage events, device info, user identifiers |
| Sentry | Crash and error monitoring | Error details, device info, user identifiers (partially redacted) |
| Backblaze B2 | Cloud storage for photos and voice notes | Photo files, voice note files |
4.2 Your Employer
As a workforce management tool, your employer (the organization that provisioned your account) has access to:
- Your work order activity
- Photos and voice notes you upload
- Reports generated from your work
- Login and usage activity
4.3 Enterprise Systems
Work order data is synchronized with your organization’s NetSuite ERP system. This is a read-only integration; the App retrieves work order information but does not write personal data back to NetSuite.
4.4 Legal Requirements
We may disclose your information if required by law, legal process, or government request.
5. Data Storage and Security
5.1 Where Data Is Stored
- On your device: Authentication tokens are stored in encrypted storage using your device’s hardware-backed security (Android KeyStore or iOS Keychain). Photos are cached locally before upload.
- On our servers: Account data, work order records, and activity logs are stored in a PostgreSQL database hosted on our secured infrastructure.
- In cloud storage: Photos and voice notes are stored in Backblaze B2 cloud storage.
- With analytics providers: Usage analytics are stored by PostHog (US-hosted). Crash reports are stored by Sentry (US-hosted).
5.2 Security Measures
- All network communication uses HTTPS/TLS encryption
- Passwords are cryptographically hashed (never stored in plaintext)
- Authentication tokens are stored in hardware-backed encrypted storage on your device
- Biometric data never leaves your device’s secure enclave
- Rate limiting protects against brute-force login attempts
- Two-factor authentication is required for new devices
- Sessions expire automatically and can be revoked remotely
5.3 Data Retention
| Data Type | Retention |
|---|
| Account data | Retained while your account is active; archived when deactivated |
| Photos (on device) | Automatically cleaned up after 30 days |
| Photos (cloud) | Retained as part of work order records |
| Voice notes | Retained as part of work order records |
| Login history | Retained for security auditing |
| Analytics data | Subject to PostHog’s retention policy |
| Crash reports | Subject to Sentry’s retention policy |
| Device trust | Expires after 90 days; can be revoked at any time |
6. Your Rights and Choices
6.1 Access and Control
Through the App, you can:
- View your trusted devices and revoke trust at any time
- Disable biometric authentication in the App settings
- Log out of all sessions to invalidate active tokens
6.2 Data Requests
You may request:
- Access to the personal data we hold about you
- Correction of inaccurate personal data
- Deletion of your personal data (subject to legal and business record retention requirements)
To make a request, contact us at the address provided in Section 9.
6.3 Biometric Data
Biometric authentication is entirely optional. If enabled:
- Your fingerprint or face data is processed solely by your device’s operating system
- We receive only a cryptographic token confirming your identity
- You can disable biometric login at any time through the App settings
7. Children’s Privacy
The App is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will delete it.
8. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we make changes, we will update the “Last Updated” date at the top of this policy. We encourage you to review this policy periodically.
9. Contact Us
If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at:
McIntyre Group
Email: privacy@mcintyregrp.com
10. State-Specific Disclosures
California Residents (CCPA)
- Right to Know: You may request details about the categories and specific pieces of personal information we have collected.
- Right to Delete: You may request deletion of your personal information, subject to certain exceptions.
- Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.
- No Sale of Data: We do not sell your personal information to third parties.
Other States
If you reside in a state with consumer privacy legislation (Virginia, Colorado, Connecticut, Utah, or others), you may have similar rights to access, correct, delete, and opt out of certain data processing. Contact us to exercise these rights.