Privacy Policy

Last updated: May 7, 2026

1. Introduction

Westpoint Inspections (“Westpoint”, “we”, “us”) operates an internal data portal (the “Service”) used by Westpoint owners and staff to consolidate operational and financial data. This Privacy Policy describes how we collect, store, and use information in connection with the Service.

2. Information We Process

  • Account information — the email address used to sign in via magic link.
  • Operational and financial records imported from systems you have authorized, including but not limited to: QuickBooks Online (invoices, customers, items, accounting metadata), Google Calendar (inspection bookings), Bigin CRM (client and contact records), Dropbox (inspection report PDFs), HomeGauge (structured report data), and uploaded spreadsheets.
  • Authorization tokens — OAuth access and refresh tokens issued by connected third-party systems, stored encrypted at rest and used only to read data on your behalf.

3. Why We Process This Information

We process the information solely to provide the Service to authorized Westpoint personnel: presenting consolidated dashboards, enabling search across historical inspection records, and generating analytics and reports for internal operational use.

4. How We Store It

Data is stored in a managed PostgreSQL database (Supabase) and an object-storage bucket (S3-compatible) hosted in the United States. Network traffic is encrypted in transit (TLS 1.2+). Access tokens and personally identifying data are encrypted at rest. Access controls restrict reads and writes to authenticated Westpoint personnel and our server-side service role.

5. Sharing

We do not sell, rent, or share data processed by the Service with third parties. Data flows are limited to:

  • The source-of-record platforms you have authorized (read-only).
  • Cloud infrastructure providers strictly necessary to deliver the Service (Vercel for application hosting, Supabase for database and authentication).

6. Retention

We retain data for as long as the corresponding source-of-record is authorized. When a connection is revoked, you may delete the associated synchronized data from the database; retention beyond that is solely for backup recovery and is governed by Supabase's standard retention period.

7. Disconnect and Data Removal

You can disconnect any third-party integration at any time from the Settings page of the Service, which immediately revokes our access tokens at the source platform and stops further synchronization. See the disconnect information page for details.

8. Your Rights

As an authorized user of an internal Westpoint Service, you may request the deletion of your data at any time by contacting info@westpoint-inspections.com.

9. Security

We use industry-standard security practices including: HTTPS / TLS for all traffic; encrypted secrets via the deployment platform's environment-variable store; row-level security on the database; magic-link authentication (no plaintext passwords); and segregation of public-anonymous, authenticated, and service-role access tiers.

10. Changes to This Policy

Material changes to this Privacy Policy will be reflected on this page with a new “Last updated” date.

11. Contact

Questions about this Privacy Policy can be sent to info@westpoint-inspections.com.