Legal
Privacy Policy
Last updated: April 2, 2026
TL;DR (the human version)
We collect what we need to make the software work. We don't sell your data. We don't share it with anyone who isn't helping us run Canopy. We don't do creepy ad targeting. Your financial data is yours — we just help you understand it. If you leave, you can take your data with you. That's it. The rest of this page is the lawyer version of exactly that.
What We Collect
- Account info — name, email, company name, role. The basics so we know who you are.
- Financial data — budgets, overhead rates, estimates, proposals, job costs. This is the whole point of the software. We store it to run calculations and show you reports.
- Usage data — which pages you visit, what you click, how long you spend on reports. We use this to make the product better, not to sell you things.
- Payment info — if/when we charge for this, your payment details go through Stripe. We never see or store your card number.
(Translation: we collect what we need and nothing we don't. We're a small team — we don't have time for data hoarding.)
What We Don't Do
- We don't sell your data. Not to advertisers, not to competitors, not to anyone. Ever.
- We don't share your financial data with other Canopy customers. Your numbers are yours.
- We don't do behavioral advertising. No tracking pixels from Facebook on your overhead file.
- We don't train AI models on your proprietary data. Your estimates and budgets are not training data.
(Translation: your pricing strategy is safe with us. Frank Ross would haunt us if we leaked your overhead rates.)
Who Can See Your Data
- Your team — people you invite to your Canopy account, based on roles you set.
- Canopy support — if you ask us for help, we may look at your account to debug issues. We ask first.
- Infrastructure providers — our servers run on cloud infrastructure. Your data is encrypted at rest and in transit.
(Translation: you, your people, and us if you need help. That's the whole list.)
Data Retention
We keep your data as long as your account is active. If you cancel, we'll keep it for 90 days in case you change your mind, then delete it. You can request a full export of your data at any time — it's yours.
(Translation: we're not that ex who won't give your stuff back.)
Cookies
We use a session cookie to keep you logged in and localStorage to remember your preferences (dark mode, time range, etc.). That's it. No third-party tracking cookies. No cookie consent banner because we're not doing anything that needs one.
(Translation: one cookie, and it actually does something useful.)
Security
Passwords are hashed with bcrypt. Data is encrypted in transit (HTTPS everywhere) and at rest. We use JWT tokens for authentication. We're a small team that takes this seriously — not because a compliance officer told us to, but because your financial data deserves it.
Changes
If we change this policy, we'll email you and update the date at the top. We won't sneak changes in — that's a garbage move and we don't do those.
Contact
Questions about your data? Email privacy@canopylm.com and a human will respond. Probably the same human who wrote this page.