Addwell — Privacy Policy

Who we are

Addwell (“Addwell,” “we,” “us”) is a software platform based in Colorado, USA. The platform provides tools for residential builders, designers, and homeowners to manage construction projects, product selections, change orders, and related workflows. This policy describes what data we collect when you use the platform at addwell.design, app.addwell.design, and related subdomains.

What data we collect

When you sign in

• Google sign-in: if you choose “Sign in with Google,” we receive your name, email address, and profile picture from Google. We do not receive your Google password and we do not access any other Google services (Gmail, Drive, Calendar, etc.).
• Magic link sign-in: you provide an email address. We send a one-time link to that address; clicking it signs you in.
• Password sign-in (fallback): if used, your password is stored hashed by our authentication provider (Supabase). We never see your plaintext password.

When you use the platform

• Project data you create or upload: project names, addresses, products, selections, photos, documents, change orders, schedules, contacts, notes.
• Organization membership: which company (“org”) you belong to, your role (admin/member/collaborator), and which projects you have access to.
• Activity records: approvals, comments, signatures, and audit-log entries you generate while using the platform.

Automatically

• Session cookies to keep you signed in across page loads. These are first-party, scoped to the .addwell.design domain, and contain a short-lived session token issued by Supabase. We do not use cookies for advertising or cross-site tracking.
• Basic request metadata (IP address, browser type, timestamps) that any web server receives, used for security, debugging, and rate-limiting.
• Privacy-friendly analytics via Vercel Web Analytics, which does not use cookies, does not track individuals across sites, and is GDPR-compliant by default.

How we use it

• To authenticate you and keep you signed in.
• To provide the features of the platform — saving your projects, sharing them with your team or homeowner, sending email notifications you have asked for (deadline reminders, invitations, etc.).
• To investigate security or abuse issues (e.g., reviewing request logs after a suspected compromise).
• To improve the product. We may look at aggregate usage patterns (which features are used, where users encounter errors). We do not sell your data and we do not share individual usage data with advertisers.

Where it's stored

• Database + authentication: Supabase, hosted in the United States. Encrypted at rest. Access is restricted via row-level security policies tied to your organization.
• File storage (photos, PDFs, plan drawings): Supabase Storage and Cloudflare R2. Files are served via short-lived signed URLs.
• Web hosting: Vercel.
• Transactional email: Resend, used to send invitations, deadline reminders, and other product emails to addresses you or your collaborators provide.
• AI assistance: when you use the URL-paste wizard or screenshot-extract feature, the page content or image is sent to Anthropic's Claude API to parse product details. Anthropic does not retain that content for training (per Anthropic's API terms).

We do not transfer your data outside these providers, and we do not sell or rent it to anyone.

Who can see your data

• You — everything in your account.
• Your organization's members, according to their role. Admins see everything in the org; members see projects they are assigned to; designer collaborators see only the projects they were invited to.
• Homeowners you invite see only the project you shared with them, via a token-based portal that does not require an account.
• Addwell staff may access your data when necessary to operate the service, debug an issue you reported, or respond to a legal request. We treat this access as sensitive and log it.

Your rights

• Access: you can view all your data inside the app. If you need an export, email us.
• Correction: you can edit your profile, your projects, and your selections at any time.
• Deletion: you can request deletion of your account and associated personal data by emailing us. We will delete your account within 30 days. Project data shared with an organization may be retained by the organization owner unless they also request deletion.
• Withdrawal of consent: you can sign out at any time and stop using the platform. Uninstalling the companion Chrome extension is covered separately at addwell.design/extension-privacy.

Children

Addwell is a tool for construction professionals and the homeowners they work with. It is not directed at children under 13 and we do not knowingly collect data from them. If you believe a child has provided data to us, email us and we will delete it.

Security

We use HTTPS for all traffic, encrypt data at rest, and rely on well-established infrastructure providers (Supabase, Vercel, Cloudflare). No system is perfectly secure, and we cannot guarantee absolute protection against every threat. If we discover a breach that affects your data, we will notify you and the relevant authorities as required by law.

Changes to this policy

We will update this policy when we materially change how we handle data. The “Last updated” date at the top reflects the most recent change. For substantial changes affecting account holders, we will also notify you by email.

Contact

Questions, deletion requests, or anything else? joshua@addwell.design.

Addwell
Colorado, USA