SepticSync
Legal

Privacy Policy

Last updated: January 15, 2026

SepticSync, Inc. ("SepticSync," "we," "us," or "our") is committed to protecting the privacy of our users, including municipal administrators, service providers, homeowners, and other stakeholders who access our platform. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you use the SepticSync platform, website, and related services (collectively, the "Service").

By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.

1. Information We Collect

Account Information

When you register for an account, we collect information such as your name, email address, phone number, organization name, job title, and mailing address. For municipal accounts, we may also collect your official title, department, and jurisdiction details.

Property and Compliance Data

The Service processes property-related compliance data including parcel identification numbers, property addresses, septic system specifications, inspection reports, pumping records, lab test results, installation dates, permit numbers, and related documentation. This data may include photographs, GPS coordinates, and digitized forms submitted through the platform.

Usage Data

We automatically collect information about how you interact with the Service, including pages viewed, features used, search queries, time spent on pages, browser type, device information, IP address, and referring URLs.

Payment Information

If you subscribe to a paid plan, our third-party payment processor collects billing information including credit card numbers, billing addresses, and related financial data. SepticSync does not store full credit card numbers on our servers.

Communications

We retain records of communications you send to us, including support requests, feedback, and correspondence. We may also record information from phone calls for training and quality assurance purposes with appropriate notice.

2. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Service
  • Process compliance records, inspection reports, and regulatory filings on behalf of municipalities and service providers
  • Generate automated reminders for pumping schedules, inspection deadlines, and compliance renewals
  • Produce compliance reports, analytics, and dashboards for authorized municipal users
  • Facilitate communication between municipalities, service providers, and property owners
  • Process payments and manage subscriptions
  • Send administrative notifications, security alerts, and service updates
  • Respond to support requests and provide customer assistance
  • Improve, personalize, and expand the Service through analytics and usage patterns
  • Detect, prevent, and address technical issues, fraud, and security vulnerabilities
  • Comply with legal obligations and respond to lawful requests from public authorities

3. Data Sharing

We share your information only in the following circumstances:

Within the Platform

Property compliance data is shared among authorized stakeholders as defined by role-based access controls. For example, municipalities can view compliance records for parcels within their jurisdiction, and service providers can view records for properties they service. Homeowners can view records associated with their own parcels.

Service Providers

We share data with third-party service providers that help us operate the Service, including cloud hosting providers, payment processors, email delivery services, analytics providers, and customer support tools. These providers are contractually obligated to protect your information and use it only for the purposes we specify.

Legal Requirements

We may disclose your information when required by law, subpoena, court order, or other legal process. This includes responding to Freedom of Information Law (FOIL) requests directed at municipal data stored on the platform, where the municipality is the custodian of the records and responsible for determining FOIL compliance.

Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of the transaction. We will notify you before your information is transferred and becomes subject to a different privacy policy.

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

4. Data Security

We implement industry-standard security measures to protect your information, including:

  • Encryption of data in transit using TLS 1.3 and at rest using AES-256
  • Role-based access controls with multi-factor authentication options
  • Regular security audits, vulnerability assessments, and penetration testing
  • Automated backup and disaster recovery procedures with geographically distributed storage
  • Employee access controls with principle of least privilege
  • SOC 2 Type II aligned security practices
  • Comprehensive audit logging of all data access and modifications

While we strive to use commercially acceptable means to protect your information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

5. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request correction of inaccurate or incomplete personal information
  • Deletion: Request deletion of your personal information, subject to legal retention requirements
  • Portability: Request a machine-readable copy of your personal information
  • Restriction: Request that we limit processing of your personal information in certain circumstances
  • Objection: Object to processing of your personal information for certain purposes

To exercise any of these rights, please contact us at privacy@septicsync.com. We will respond to your request within 30 days. Note that certain data may be retained as required by law or for legitimate compliance purposes.

Municipal Data and FOIL Compliance

Compliance records maintained on behalf of municipalities remain public records subject to the New York State Freedom of Information Law (FOIL). Municipalities retain full control over FOIL responses for their data. SepticSync provides data export tools to facilitate timely responses to FOIL requests but does not independently respond to FOIL requests on behalf of municipalities.

PII Protection

We take special care to protect personally identifiable information (PII) within compliance records. Homeowner names, addresses, and contact information are separated from public-facing compliance data where possible. Sensitive fields such as Social Security numbers are never collected or stored by the platform.

6. Cookies and Tracking Technologies

We use cookies and similar technologies to maintain your session, remember your preferences, and understand how you interact with the Service. The types of cookies we use include:

  • Essential Cookies: Required for the Service to function, including authentication and session management. These cannot be disabled.
  • Analytics Cookies: Help us understand usage patterns and improve the Service. We use privacy-respecting analytics that do not track users across websites.
  • Preference Cookies: Remember your settings and display preferences across sessions.

You can control cookie preferences through your browser settings. Note that disabling essential cookies may prevent you from using certain features of the Service.

7. Data Retention

We retain your information for as long as your account is active or as needed to provide the Service. Specific retention periods include:

  • Account Data: Retained while your account is active and for 90 days after account closure to allow for reactivation
  • Compliance Records: Retained for the duration of the municipal subscription plus 7 years, or longer as required by applicable state and local regulations
  • Payment Records: Retained for 7 years as required by tax and financial regulations
  • Usage Logs: Retained for 2 years for analytics and security purposes
  • Support Communications: Retained for 3 years after resolution

When a municipality terminates its subscription, all compliance data is made available for export for a period of 90 days. After this period, data is securely deleted unless retention is required by law.

8. Children's Privacy

The Service is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child under 18, we will take steps to delete that information promptly. If you believe we have inadvertently collected information from a minor, please contact us at privacy@septicsync.com.

9. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by posting the updated Privacy Policy on our website and sending a notification to the email address associated with your account at least 30 days before the changes take effect.

Your continued use of the Service after the effective date of any changes constitutes your acceptance of the updated Privacy Policy.

10. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

  • Email: privacy@septicsync.com
  • Mail: SepticSync, Inc., Attn: Privacy Team, New York, NY
  • Phone: (845) 555-1234

For general inquiries, please visit our Contact page.