Legal · Kontracks

Privacy Policy

Effective June 15, 2026 · Applies to the Kontracks SaaS platform and the tenant businesses that send and receive messages through it.

1. Who we are

Kontracks is a multi-tenant SaaS platform operated by LWR Technologies, Inc., a Delaware C‑Corporation ("Kontracks", "we", "us"). The platform is used by United States home-improvement service businesses (roofing, siding, and decking contractors) to manage leads, proposals, jobs, invoices, and customer communications.

When you (the "Recipient") provide your phone number, email address, or other personal information to a business that uses Kontracks (a "Tenant Business") through one of that tenant's intake forms, proposal e‑signature flows, or in‑person estimates, the data is processed jointly by Kontracks and the Tenant Business. The Tenant Business is the controller of your customer relationship; Kontracks is the processor that provides the software and the messaging delivery rails.

2. Information we collect

Through the Kontracks platform, the following categories of information may be collected from Recipients:

  • Identity: first and last name, postal address, email address, mobile phone number
  • Property details (when relevant to the requested service): address of the service location, scope of work requested, photographs you choose to upload
  • Consent records: timestamp, source (online form, signed proposal, verbal estimate), and the exact text of the consent disclosure you accepted
  • Messaging activity: SMS and email conversations between you and the Tenant Business, opens, link clicks, and delivery receipts
  • Payment information (only when you elect to pay via the Tenant Business's invoice): processed through PCI‑DSS‑compliant providers (Stripe). Card numbers are never stored on Kontracks servers
  • Device + analytics: IP address, browser user agent, page-visit timing on tenant-hosted public links

3. How we use your information

We use the information collected to:

  • Deliver the service the Tenant Business is providing to you (estimates, proposals, scheduled appointments, invoices, warranty correspondence)
  • Send transactional SMS and email messages you consented to receive — appointment reminders, on-the-way alerts, job status updates, payment receipts, one-to-one replies from the Tenant Business's reps, and opt-in / opt-out confirmations
  • Authenticate your access to customer-facing portals (proposal e‑signature, invoice payment, photo upload)
  • Maintain audit records required by the Telephone Consumer Protection Act (TCPA), the FCC's 10DLC compliance regime, state-level marketing laws (FTSA, WCEMA, OTSA), and anti-fraud rules
  • Improve platform reliability, detect abuse, and respond to carrier complaints

4. How we share your information

We share information only as required to operate the platform:

  • The Tenant Business you contacted — they see and respond to your inquiry
  • Sub-processors bound by data-processing agreements that mirror this policy: Telnyx (SMS delivery), Resend and Gmail/Microsoft 365 (email delivery), Google Maps + Apple Maps (address geocoding), Stripe (payments), Vercel + Google Cloud (hosting), Anthropic + OpenAI + Google AI (AI features, only when you or the Tenant Business explicitly invokes them, and only with the redacted payload required to compute the result)
  • Regulators and carriers, on demand, in the event of a TCPA / 10DLC audit or consumer complaint
  • Successors in interest in the event of a merger, acquisition, or asset sale — bound by this policy

5. Mobile information and SMS opt-in data

The following commitments are made in compliance with the U.S. carriers' 10DLC privacy requirements and apply to every message sent through the Kontracks platform on behalf of a Tenant Business:

  • No information obtained as part of SMS consent will be shared with third parties or affiliates for marketing purposes.
  • Mobile phone numbers and the associated SMS opt-in data are never sold, rented, leased, or transferred to any third party for any marketing, advertising, or promotional purpose.
  • We do not share mobile opt-in data with affiliated companies for their own marketing or promotional use.
  • We do not include mobile phone numbers, SMS opt-in data, or consent records in any data feed, list rental, or third-party analytics product.
  • Mobile data is processed only to (a) deliver the transactional messages you consented to receive, (b) maintain consent + opt-out records required by law, and (c) respond to carrier or regulatory audit requests.

You may revoke SMS consent at any time by replying STOP, UNSUBSCRIBE, CANCEL, END, or QUIT to any message you've received. The platform processes the request within seconds and sends a confirmation reply.

6. Email opt-out

Every email sent through the Kontracks platform on behalf of a Tenant Business includes a one-click unsubscribe link in the footer. Clicking it suppresses your address on that Tenant Business's mailing list immediately. Transactional emails (invoice receipts, appointment confirmations) may continue when you have an active service relationship.

7. Google user data (Gmail integration)

Tenant Business users may optionally connect their own Gmail account so their email conversations with their customers appear inside Kontracks. When a user connects Gmail:

  • What we access: read-only access to Gmail messages and attachments (gmail.readonly) — used solely to import and display conversations between the connected user and contacts that already exist in their CRM — and send capability (gmail.send) to deliver messages the user personally composes. Email with anyone who is not one of the user’s CRM contacts is never stored.
  • What we never do: Google user data is never used for advertising, never sold, never used to train AI or machine-learning models, and never transferred to third parties except as required to provide the features above, for security, or to comply with law. Humans do not read connected mailbox data unless the user gives explicit permission (e.g. a support request), it is required for security or abuse investigation, or the law requires it.
  • Storage & revocation: OAuth tokens are stored encrypted (AES-256-GCM). Users can disconnect at any time inside Kontracks (Email Setup) or revoke access from their Google Account permissions page; imported conversation copies are deleted on request per Section 10.

Kontracks’ use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

8. Data retention

Personal information is retained while the Tenant Business maintains an active service relationship with you, plus the minimum period required to satisfy tax, warranty, and consent-record retention obligations (typically four years for invoices and seven years for TCPA consent records). You may request deletion at any time — see Section 9 below.

8. Security

The platform is hosted on Vercel and Google Cloud Platform, both SOC 2 Type II certified. All connections to the platform use TLS 1.2 or higher. Database backups are encrypted at rest. Tenant API keys for third-party providers (Stripe, AI providers) are encrypted at the column level with AES-256-GCM before being written to the database. Access to production data is restricted to LWR Technologies employees and contractors who have signed confidentiality and acceptable-use agreements.

9. Your rights

You may request that we (a) confirm what information we hold about you, (b) provide a copy, (c) correct inaccurate information, (d) delete information that is no longer required for the purposes above, and (e) restrict or object to certain processing. Requests are honored within 30 days. Send your request to privacy@kontracks.com with proof of identity sufficient to associate you with the record (typically the email address or phone number on file).

If you are a California resident, the California Consumer Privacy Act (CCPA) provides additional rights, including the right to opt out of "sale" or "sharing" of personal information. Kontracks does not sell or share personal information as those terms are defined in the CCPA.

10. International transfers

Kontracks is operated from the United States. If you submit information from outside the United States, you understand that the information is transferred to and processed in the United States. We rely on the Standard Contractual Clauses where required by GDPR for any incidental EU/UK data.

11. Children's privacy

The Kontracks platform is not directed to children under 16. We do not knowingly collect information from a child. If we learn that a child has provided personal information, we delete it.

12. Changes to this policy

We may update this policy. Material changes will be posted here with a new effective date. Continued use of the Kontracks platform after the effective date constitutes acceptance of the updated policy.

13. Contact

Privacy questions: privacy@kontracks.com.
Legal: legal@kontracks.com.
Mailing address: LWR Technologies, Inc. · 142 Concord Ave · Lexington, MA 02420 · United States.