================================================================================ PNT AUTO GLASS DISPATCH PRIVACY NOTICE Version 1.0 — [EFFECTIVE DATE] ================================================================================ >>> TEMPLATE NOTICE — NOT LEGAL ADVICE. Comprehensive starting template only. >>> Have a licensed attorney review and finalize this for your jurisdiction >>> (e.g., CCPA/CPRA, GDPR, state privacy laws) before you sell or distribute >>> the Software. Complete every [BRACKETED] placeholder. Verify the "outbound >>> data" section still matches the shipped software before each release. This Notice explains how the PNT Auto Glass Dispatch software (the "Software") handles data. It is written for the business that licenses and operates the Software (the "Operator", "you"). Pro Nova Technologies Inc. ("we", "us") makes the Software; we do not host it. -------------------------------------------------------------------------------- 1. SELF-HOSTED: WHERE DATA LIVES -------------------------------------------------------------------------------- The Software is installed on and runs on infrastructure YOU own or control. Your business data is stored in a local database and files on that infrastructure. In normal operation, WE DO NOT COLLECT, RECEIVE, OR HAVE ACCESS TO your operational data, and the Software does NOT send analytics, usage telemetry, or "phone-home" data to us. You are the controller/owner of the data in your installation. You are responsible for securing it, backing it up, setting retention, and honoring any requests or rights your own customers or employees may have under applicable law. -------------------------------------------------------------------------------- 2. WHAT DATA THE SOFTWARE STORES -------------------------------------------------------------------------------- Depending on how you use it, the Software stores, in your database on your server: * Customer records: business/person name, phone, email, addresses. * Vehicle records: year/make/model, color, VIN, license plate, MVA/rental reference, mileage. * Work orders: service details, purchase-order numbers, scheduling, pricing, status, technician notes, and any photos/video/signatures captured on a job. * User accounts for your staff: name, email, hashed password, role. * Application settings, including credentials you enter for email/SMS (stored encrypted) and any HTTPS certificate you upload. -------------------------------------------------------------------------------- 3. OUTBOUND DATA — THIRD-PARTY SERVICES THE SOFTWARE CONTACTS -------------------------------------------------------------------------------- To provide certain features, the Software (or the browser it runs in) sends limited data to third-party services. These are functional integrations, not data sharing with us: * VIN decode — the U.S. National Highway Traffic Safety Administration (NHTSA) vPIC API. A VIN you enter/scan is sent to confirm year/make/model. * Geocoding & maps — OpenStreetMap (Nominatim) and OpenStreetMap tile servers. A service address is sent to place it on a map. * Navigation — when a technician taps "Navigate", the destination address is opened in Google Maps in the technician's browser. * Email — if you configure email, notifications are sent through YOUR SMTP provider using the recipient address and message. * Text messages (SMS) — ONLY if you enable it, messages are sent through your Twilio account using the recipient phone number and message. Each third party processes that data under its own privacy policy and terms. You choose whether to use these features and, for email/SMS, supply your own provider accounts. -------------------------------------------------------------------------------- 4. HOW DATA IS USED -------------------------------------------------------------------------------- Data is used only to operate your dispatch system: managing customers, vehicles, work orders, scheduling, technician tools, reporting, and (if enabled) sending appointment/status messages to your customers. -------------------------------------------------------------------------------- 5. MESSAGING TO YOUR CUSTOMERS (EMAIL / SMS) -------------------------------------------------------------------------------- If you use the email or SMS features, YOU are responsible for having a lawful basis and any required consent to contact your customers, and for honoring opt-out requests, in compliance with applicable laws (for example, in the U.S., the CAN-SPAM Act for email and the TCPA for text messages). We do not send these messages; the Software sends them on your instruction through providers you configure. -------------------------------------------------------------------------------- 6. SECURITY -------------------------------------------------------------------------------- The Software includes security features such as HTTPS/TLS, password hashing (ASP.NET Core Identity), encryption of stored secrets (e.g., email/SMS credentials) via the platform data-protection system, session limits, and backup/restore tools. However, the overall security of your deployment — server hardening, network, certificates, OS updates, physical access, and account management — is your responsibility. -------------------------------------------------------------------------------- 7. RETENTION AND DELETION -------------------------------------------------------------------------------- You control retention. The Software provides tools to back up, restore, and to clear operational data. Deleting a record or clearing the database removes it from the active database; previously created backups you keep may still contain it until you delete those backups. -------------------------------------------------------------------------------- 8. CHILDREN -------------------------------------------------------------------------------- The Software is a business tool and is not directed to children. -------------------------------------------------------------------------------- 9. YOUR COMPLIANCE OBLIGATIONS -------------------------------------------------------------------------------- If you are subject to privacy or data-protection laws (for example, CCPA/CPRA, other U.S. state laws, or GDPR), you act as the business/controller for the data in your installation and are responsible for your own privacy notices to, and handling of rights requests from, your customers and staff. Because the Software is self-hosted and we do not access your data in normal operation, we generally do not act as your service provider/processor for that data; if we ever process data on your behalf (e.g., during paid support you request), that will be handled under a separate written agreement. -------------------------------------------------------------------------------- 10. CHANGES; CONTACT -------------------------------------------------------------------------------- We may update this Notice for new versions of the Software; the version accompanying your installed release applies to that release. Questions: Pro Nova Technologies Inc. — support@pronovatech.com. ================================================================================