Privacy Policy
Last updated: July 2, 2026
This Privacy Policy explains how Amend Solutions ("Amend," "we," "us," or "our") collects, uses, shares, and protects information in connection with our software platform, mobile applications, websites, and related services (collectively, the "Service"). Amend provides an AI-native operating system and CRM built for contractors and service businesses, including our AI assistant, "Mend."
Please read this Policy together with our Terms of Service, Acceptable Use Policy. By using the Service, you acknowledge the practices described here.
1. Scope & Our Roles
Amend serves businesses and, depending on the data involved, plays two different roles under privacy law.
- Customer Data (we are a "processor" / "service provider"). When a business customer ("Customer") subscribes to the Service and uses it to manage its operations, it uploads and generates data about its business, employees, clients, jobs, invoices, documents, and communications ("Customer Data"). With respect to Customer Data, the Customer is the "controller" / "business," and Amend acts as a "processor" / "service provider" that handles that data only on the Customer's behalf and under our agreement with them. Individuals whose personal information appears in Customer Data (for example, a Customer's own clients or staff) should direct privacy requests to the relevant Customer, and we will assist that Customer as required.
- Account & Website Data (we are the "controller"). For information we collect to create and administer accounts, bill for the Service, provide support, secure the platform, and operate our public websites, Amend is the controller and this Policy governs directly.
2. Information We Collect
2.1 Account & Contact Information
- Name, business name, email address, phone number, role, and login credentials.
- Company profile details you provide (address, trade/industry, service area, team members).
- Preferences and settings you configure within the Service.
2.2 Customer Data
- Content you and your team enter or upload into the Service: contacts and clients, leads and pipeline, jobs and schedules, estimates and invoices, documents and files, notes, messages, e-signatures, and similar business records.
- Any personal information about third parties (such as your customers or staff) that you choose to store in the Service is Customer Data, and you are responsible for having a lawful basis to provide it to us.
2.3 Usage, Log & Device Data
- Log data such as IP address, browser and device type, operating system, timestamps, referring pages, feature interactions, and error/diagnostic information.
- Content-free product analytics indicating that a feature was used, not the contents of what you typed or uploaded (see Section 12).
- Approximate location derived from IP address or, if you enable it in a field/mobile context, location you explicitly permit for job or check-in features.
2.4 Payment Information
- Billing contact details and subscription/plan information.
- Payment card and transaction data is processed by our payment provider, Stripe. Amend does not store full payment card numbers on our servers. We may retain limited billing metadata (for example, the last four digits, card brand, expiration, and a payment token) returned by Stripe to manage your subscription.
2.5 Communications
- Messages you send to us (support tickets, emails, chat, feedback) and our responses.
- Records of transactional emails and notifications we send you regarding your account and the Service.
3. How We Use Information
- Provide the Service — create and maintain your account, deliver features, sync data across web and mobile, and enable collaboration within your workspace.
- Operate AI features — power Mend and other AI-assisted capabilities you invoke (see Section 4).
- Secure the Service — authenticate users, detect and prevent fraud, abuse, and security incidents, and enforce our terms.
- Billing & payments — process subscriptions, invoices, and payments through Stripe.
- Support — respond to your questions, troubleshoot issues, and communicate about the Service.
- Improve the Service — understand aggregate, content-free usage patterns, diagnose problems, and develop new features.
- Legal & compliance — comply with applicable laws, respond to lawful requests, and protect the rights, property, and safety of Amend, our Customers, and the public.
4. AI Processing
Amend is AI-native. When you use an AI feature (such as asking Mend a question, drafting content, summarizing, or extracting information), your request together with the necessary workspace context is transmitted to one or more third-party AI model providers so a response can be generated and returned to you.
- Model providers. We currently rely on Google (Gemini) models, and may use other reputable model providers over time to deliver or improve AI features. These providers process your request under their applicable API terms strictly to return a response to us.
- What is sent. Only the request and the relevant workspace context needed to fulfill it are sent. We aim to send the minimum context required for the feature to work.
- No sale of data. We do not sell your personal information or Customer Data.
- No training on your data without consent. We do not use Customer Data to train our own foundation models, and we do not authorize our AI providers to train their foundation models on Customer Data submitted through the Service, without your consent. We rely on providers' enterprise/API terms that exclude API-submitted content from training by default where such terms apply.
5. How We Share Information
We share information only in the limited circumstances below. We do not sell your personal information.
- Service providers & subprocessors. We use trusted vendors to run the Service — including cloud hosting and object storage, payment processing (Stripe), AI model providers (Google and others), transactional email delivery, and content-free analytics. These vendors may process data only to provide services to us and are bound by confidentiality and data-protection obligations. See Section 6.
- Within your workspace. Customer Data is accessible to authorized users in your organization according to the roles and permissions your administrators configure.
- Legal & safety. We may disclose information if required by law, subpoena, or legal process, or where we believe in good faith that disclosure is necessary to protect the rights, property, or safety of Amend, our Customers, or others, or to prevent fraud or security threats.
- Business transfer. If Amend is involved in a merger, acquisition, financing, reorganization, or sale of assets, information may be transferred as part of that transaction, subject to this Policy or a successor policy with comparable protections.
- With your direction or consent. We share information when you ask us to or otherwise consent.
6. Subprocessors
We engage third-party subprocessors to help operate the Service. The following is an illustrative list of key subprocessors and the functions they perform. This list may change as our operations evolve; we will maintain a current list and provide reasonable notice of material changes.
| Subprocessor | Purpose |
| Stripe | Payment processing and subscription billing |
| Google | AI model provider (Gemini) for AI features |
| Cloudflare | Hosting, content delivery (CDN), and object storage |
| Resend (or a comparable email provider) | Delivery of account, transactional, and notification emails |
| Content-free analytics | Aggregate, pseudonymized product usage measurement (no message or file contents) |
7. Data Retention & Deletion
- We retain Customer Data for as long as your account is active or as needed to provide the Service, and thereafter as instructed by the Customer or as required by law.
- Account and billing records are retained as needed to operate our business, meet legal, tax, and accounting obligations, resolve disputes, and enforce our agreements.
- Upon termination of an account, we will delete or return Customer Data in accordance with our agreement with the Customer and applicable law, subject to reasonable backup retention windows and legal-hold obligations. Residual copies may persist in backups for a limited period before being overwritten.
- You may request deletion of your personal information as described in Section 9.
8. Security
We take the security of your data seriously and apply administrative, technical, and organizational safeguards, including:
- Per-tenant encryption at rest — sensitive Customer Data is encrypted at rest with per-tenant keys so tenants' data is cryptographically isolated.
- Encrypted connections — data in transit is protected with industry-standard TLS encryption.
- Signed, expiring sessions — authenticated sessions use signed tokens that expire, reducing the risk of stale or hijacked access.
- Access controls — role-based permissions, least-privilege access, and internal controls limit who can access data.
No method of transmission or storage is 100% secure. While we work hard to protect your information, we cannot guarantee absolute security. Please safeguard your credentials and notify us promptly of any suspected unauthorized access at [email protected].
9. Your Rights & Choices
Subject to applicable law and your relationship with us, you may:
- Access the personal information we hold about you.
- Correct inaccurate or incomplete information.
- Export a copy of your data in a portable format.
- Delete your personal information, subject to legal and contractual retention needs.
- Opt out of non-essential and marketing emails via the unsubscribe link or your account settings. We may still send essential transactional and service messages related to your account.
If your personal information is contained in a Customer's workspace as Customer Data, please contact that Customer directly; we will support them in responding. To exercise rights where Amend is the controller, contact [email protected]. We may need to verify your identity before acting on a request.
10. GDPR (EEA / UK) Rights
If you are located in the European Economic Area, the United Kingdom, or Switzerland, you have rights under the GDPR / UK GDPR, including the rights to access, rectification, erasure, restriction of processing, data portability, and objection, and the right to lodge a complaint with your supervisory authority.
Legal bases. Where Amend is a controller, we process personal information on the following legal bases:
- Contract — to provide the Service you or your organization requested.
- Legitimate interests — to secure, maintain, and improve the Service, prevent fraud, and communicate about it, balanced against your rights.
- Legal obligation — to comply with applicable laws.
- Consent — where required, for example for certain communications; you may withdraw consent at any time.
Where Amend processes Customer Data on behalf of a Customer, we act as a processor and the Customer is the controller responsible for the legal basis.
International transfers. We and our subprocessors may process and store information in the United States and other countries. Where required, we rely on appropriate safeguards for cross-border transfers, such as the European Commission's Standard Contractual Clauses (and the UK Addendum) or other lawful transfer mechanisms.
11. CCPA / CPRA (California) Rights
If you are a California resident, you have the right to:
- Know the categories and specific pieces of personal information we collect, use, and disclose.
- Delete personal information we have collected, subject to exceptions.
- Correct inaccurate personal information.
- Opt out of the "sale" or "sharing" of personal information. Amend does not sell or share personal information as those terms are defined under the CCPA/CPRA, and we do not use or disclose sensitive personal information for purposes requiring a right to limit.
- Non-discrimination — we will not discriminate against you for exercising your privacy rights.
You may submit a request via [email protected]. You may use an authorized agent to make a request, and we may take steps to verify identity and authority. Where Amend acts as a service provider handling personal information on a business's behalf, requests should generally be directed to that business.
12. Cookies & Similar Technologies
- We use a strictly-necessary, signed session cookie to keep you logged in and to secure your session. This cookie is essential to operate the Service.
- We do not use third-party advertising cookies, ad networks, or cross-site behavioral tracking.
- Any analytics we perform is content-free and pseudonymized — it records that features are used, not what you typed, uploaded, or messaged.
- You can control cookies through your browser settings, but disabling the session cookie will prevent you from logging in and using the Service.
13. Children's Privacy
The Service is intended for business use by adults and is not directed to children. We do not knowingly collect personal information from children under 13 (or under 16 where a higher age applies). If you believe a child has provided us personal information, contact us and we will take appropriate steps to delete it.
14. International Users
Amend is operated from the United States. If you access the Service from outside the U.S., you understand that your information may be transferred to, stored, and processed in the United States and other countries where we or our subprocessors operate, which may have data-protection laws different from those in your jurisdiction. We take steps described in this Policy to protect your information wherever it is processed.
15. Changes to This Policy
We may update this Policy from time to time to reflect changes in our practices, technology, legal requirements, or the Service. When we make material changes, we will update the "Last updated" date above and, where appropriate, provide additional notice (such as by email or an in-product notice). Your continued use of the Service after an update takes effect constitutes acceptance of the revised Policy.
16. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, contact us at: