Privacy Policy
WorkHorse FS LLC
Effective Date: May 27, 2026 | Last Updated: July 6, 2026
1. INTRODUCTION
This Privacy Policy describes how WorkHorse FS LLC ("WorkHorse," "we," "us," or "our") collects, uses, stores, shares, and protects information when you use our field service management software-as-a-service platform (the "Service"), our website at https://www.work-horse.org (the "Website"), and any related applications and services.
We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains what information we collect, how we use it, who we share it with, how long we keep it, and the rights and choices you have.
This Privacy Policy applies to all information collected through the Service and the Website, as well as any related sales, marketing, or support communications. By using the Service or the Website, you agree to the collection and use of information in accordance with this Privacy Policy.
2. DEFINITIONS
-
"Cookie": a small file placed on your device to enable certain features and functionality, remember preferences, or collect analytics information.
-
"Company" or "Customer": the field service business (organization or person) that subscribes to and administers the Service.
-
"End Customer": a customer of a Company — for example, a homeowner or business that the Company serves — whose information the Company stores in the Service (such as name, contact details, service addresses, invoices, and payment records).
-
"Employee": an individual added to the Service by a Company administrator, such as a technician, customer service representative, or administrator.
-
"Personal Data": any information that directly, indirectly, or in connection with other information allows for the identification of a natural person.
-
"Service": the software-as-a-service platform provided by WorkHorse FS LLC, including web and mobile applications.
-
"Website": WorkHorse FS LLC’s marketing website, accessible at https://www.work-horse.org, which is hosted on the Wix platform.
-
"Google User Data": information accessed from a Google account through Google APIs after a user grants authorization via Google OAuth (see Section 5).
-
"You": a person or entity that visits the Website or is registered to use the Service.
-
3. INFORMATION WE COLLECT
3.1 Personal Data You Provide
While using our Service, we may ask you to provide certain personally identifiable information that can be used to contact or identify you, including but not limited to:
-
Email address
-
First name and last name
-
Phone number
-
Address, State, Province, ZIP/Postal code, City
-
Company/business name and business details
-
Date of birth (collected during employee onboarding)
-
Payment method preferences (direct deposit or check) and, for direct deposit, limited banking details (we store only the last four digits of account numbers)
3.2 End Customer Data (Data You Store About Your Customers)
Companies use the Service to store information about their own End Customers, such as names, email addresses, phone numbers, service addresses, job history, estimates, invoices, and payment status. WorkHorse processes this End Customer Data on behalf of, and at the direction of, the Company. The Company is responsible for ensuring it has the right to store and use its End Customers’ information in the Service and for responding to its End Customers’ privacy requests. See Section 14 (Our Role in Processing End Customer Data).
3.3 Financial and Payment Data
Payment card and bank account information used to pay for the Service, or used by End Customers to pay invoices, is collected and processed directly by our payment processor, Stripe. We do not store full payment card numbers or full bank account numbers on our systems. We may receive limited information from Stripe (such as payment status, the last four digits of a card, card brand, and payout status) to operate the Service. See Section 7 (Payment Processing, Stripe, and Stripe Connect).
The Service also stores business financial records that Companies create or import, including invoices, estimates, payments, expenses, bills, journal entries, general ledger data, payroll records, and financial reports.
3.4 Usage Data
We may collect information about how the Service and Website are accessed and used ("Usage Data"). Usage Data may include your device’s Internet Protocol (IP) address, browser type and version, the pages you visit, the time and date of your visit, time spent on pages, unique device identifiers, operating system, and other diagnostic data.
3.5 Location Data
We use and store information about your location when you use our time clock feature ("Location Data"). Specifically, when Employees clock in or clock out using WorkHorse, we capture GPS coordinates to verify job site attendance and support field service management operations. Location Data is collected only at the moment of clocking in or out and is stored securely in our database. Employees may disable location services through their device settings, though this may affect the functionality of the time clock feature. Companies are responsible for providing their Employees with any legally required notices and obtaining any legally required consents for this collection.
3.6 Employee Onboarding Data
When a Company onboards an Employee, the Service may collect additional information from that Employee, such as home address, date of birth, tax form details, and direct deposit information (of which we store only limited, non-sensitive portions, such as the last four digits of account numbers).
3.7 Business Tax and License Information
Companies may choose to store business identifiers in the Service, including an Employer Identification Number (EIN) or other business tax identification number ("Tax ID") and contractor or professional license number(s). This information is provided voluntarily by the Company to support its business records and documents. Tax ID values are masked in the interface by default and can be revealed only after the user re-confirms their identity (for example, by re-entering their password). We recommend that Companies enter a business EIN rather than a personal Social Security Number. You are responsible for the accuracy of, and your authority to store, any tax or license information you enter.
4. COOKIES AND TRACKING TECHNOLOGIES
4.1 Cookies on Our Website (Wix)
Our marketing Website is hosted on the Wix platform. Wix places cookies and similar technologies on visitors’ devices to make the Website function, remember preferences, measure traffic, and provide security and analytics. These may include:
-
Essential cookies: required for the Website to function (for example, security and load balancing). These cannot be disabled.
-
Functional cookies: remember your preferences and settings.
-
Analytics and performance cookies: help us and Wix understand how visitors use the Website (for example, pages visited and time on site).
For more information on the cookies Wix uses, please review the Wix Privacy Policy at https://www.wix.com/about/privacy and the Wix Cookie Policy. Where required by law, the Website will present a cookie consent banner allowing you to accept or manage non-essential cookies.
4.2 Cookies and Local Storage in the Service
The Service uses cookies and browser storage strictly as needed to keep you signed in, maintain your session securely, and remember application preferences. We do not use the Service to serve third-party advertising, and we do not allow third-party behavioral tracking within the Service.
4.3 Managing Cookies
Most browsers allow you to refuse or delete cookies through browser settings. If you disable essential cookies, parts of the Website or the Service may not function properly.
5. GOOGLE USER DATA AND GOOGLE API SERVICES
The Service offers an optional integration that allows a Company to connect its Google account (via Google OAuth) so the Service can send business emails — such as invoices, estimates, payment receipts, and payment reminders — to the Company’s End Customers directly from the Company’s own Gmail address.
5.1 What Google User Data We Access
If you choose to connect a Google account, we request only the following:
-
Gmail send permission (gmail.send): the ability to send email messages on your behalf from your Gmail address. This scope does not allow us to read, browse, modify, or delete the contents of your mailbox.
-
Basic profile information (email address / OpenID): the email address of the connected Google account, used to display which account is connected and to correctly address messages.
5.2 How We Use Google User Data
-
Solely to send business emails (invoices, estimates, receipts, and payment reminders) that you or the Service initiate, from your connected Gmail address to your End Customers.
-
To display, within the Service, which Google account is connected.
-
We store the OAuth tokens (including refresh tokens) needed to send email on your behalf. Tokens are stored securely with restricted access and are used only for the purposes described here.
5.3 What We Do NOT Do With Google User Data
-
We do not read, scan, or analyze the contents of your mailbox.
-
We do not sell Google User Data, and we do not share it with third parties except as necessary to provide the sending functionality itself.
-
We do not use Google User Data for advertising of any kind.
-
We do not allow humans to read Google User Data, except (a) with your affirmative consent for a specific message or issue (for example, a support request you initiate), (b) as necessary for security purposes (such as investigating abuse), or (c) as required to comply with applicable law.
-
We do not transfer Google User Data to third parties except as necessary to provide or improve the user-facing sending feature, for security purposes, or to comply with applicable law.
5.4 Limited Use Disclosure
WorkHorse’s use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
5.5 Revoking Access
You may disconnect your Google account at any time from within the Service settings, which revokes and deletes the stored tokens. You may also revoke WorkHorse’s access directly from your Google Account security settings at https://myaccount.google.com/permissions. After revocation, the Service can no longer send email from your Gmail address.
6. HOW WE USE YOUR INFORMATION
WorkHorse FS LLC uses the collected information for the following purposes:
-
To provide, operate, and maintain the Service
-
To process subscription payments and, through Stripe Connect, to enable Companies to accept payments from their End Customers
-
To send transactional and operational communications, such as account emails, password resets, employee invitations, staff notifications, invoices, receipts, and payment reminders
-
To notify you about changes to the Service, these terms, or this Privacy Policy
-
To provide customer support and respond to your requests
-
To monitor usage of the Service and gather analysis to improve it
-
To detect, prevent, and address technical issues, fraud, abuse, and security incidents
-
To verify Employee attendance and job site location via the time clock GPS feature
-
To comply with legal obligations and enforce our agreements
-
To fulfill any other purpose for which you provide information, or any other purpose with your consent
7. PAYMENT PROCESSING, STRIPE, AND STRIPE CONNECT
7.1 Subscription Payments
We use Stripe, Inc. (“Stripe”) to process subscription payments for the Service. Your payment card details are provided directly to Stripe and are not stored on our systems. Stripe’s use of your personal information is governed by the Stripe Privacy Policy at https://stripe.com/privacy. Stripe adheres to PCI-DSS standards.
7.2 Stripe Connect (Payments Between Companies and Their End Customers)
The Service integrates Stripe Connect so that Companies can accept online payments from their End Customers (for example, an End Customer paying an invoice through a secure payment link). In connection with Stripe Connect:
-
When a Company sets up payments, Stripe collects information about the Company and its business directly (which may include legal business name, tax identification details, representative identity information, and bank account details for payouts). This information is provided to and held by Stripe, subject to Stripe’s Privacy Policy and the Stripe Connected Account Agreement.
-
When an End Customer pays an invoice, their payment card or bank details are provided directly to Stripe on Stripe-hosted payment pages. We do not receive or store full payment credentials.
-
We receive limited transaction information from Stripe (such as payment status, amounts, and payment identifiers) to update invoices, record payments in the Company’s books, and send receipts.
Stripe acts as an independent controller of the personal information it collects for payment processing, fraud prevention, and compliance. We encourage all users and End Customers to review the Stripe Privacy Policy.
8. EMAIL COMMUNICATIONS AND SERVICE PROVIDERS
8.1 Platform Emails (Resend)
We use Resend, Inc. (“Resend”) as our transactional email provider to send platform emails such as password resets, employee invitations, account and security notifications, deletion confirmations, and internal staff notifications. To deliver these emails, recipient email addresses and message content are processed by Resend on our behalf. Resend’s privacy practices are described at https://resend.com/legal/privacy-policy.
8.2 Company-to-End-Customer Emails (Gmail)
When a Company connects its Google account (Section 5), customer-facing emails such as invoices, receipts, and payment reminders are sent from the Company’s own Gmail address via the Gmail API. The content of those emails (for example, invoice details) is generated by the Service at the Company’s direction.
9. SHARING YOUR INFORMATION
We do not sell, trade, rent, or otherwise transfer your Personal Data to outside parties for marketing or advertising purposes. We share information only in the following circumstances:
9.1 Service Providers (Sub-processors)
We share information with third-party service providers who assist us in operating the Service, subject to confidentiality and data protection obligations. Our current service providers include:
-
Supabase (database, authentication, and file storage; built on Amazon Web Services infrastructure) — https://supabase.com/privacy
-
Stripe (payment processing and Stripe Connect) — https://stripe.com/privacy
-
Google (Gmail API email sending, only for Companies that connect a Google account) — https://policies.google.com/privacy
-
Resend (transactional email delivery) — https://resend.com/legal/privacy-policy
-
Wix (marketing Website hosting and its associated cookies) — https://www.wix.com/about/privacy
-
Vercel (application hosting and delivery) — https://vercel.com/legal/privacy-policy
We may update this list from time to time as our infrastructure evolves; material changes will be reflected in an updated Privacy Policy.
9.2 Business Transfers
If WorkHorse FS LLC is involved in a merger, acquisition, financing, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will provide notice before your Personal Data is transferred and becomes subject to a different privacy policy.
9.3 Legal Requirements
We may disclose your Personal Data in the good faith belief that such action is necessary to: comply with a legal obligation; protect and defend the rights or property of WorkHorse FS LLC; prevent or investigate possible wrongdoing in connection with the Service; protect the personal safety of users of the Service or the public; or protect against legal liability.
10. DATA RETENTION
We retain Personal Data only for as long as necessary for the purposes set out in this Privacy Policy, including to provide the Service, comply with our legal obligations, resolve disputes, and enforce our agreements.
-
Account and profile data: retained while your account is active and for a limited period afterward as described in Section 11 (Deletion).
-
Business financial records (invoices, payments, journal entries, payroll records, and reports): retained while the Company’s account is active. Following account or company deletion, financial records may be retained in de-identified form (with personal identifiers removed) to preserve the integrity of accounting data and to satisfy record-keeping, audit, tax, dispute-resolution, and legal requirements.
-
Usage Data: generally retained for a shorter period, except where used for security or Service improvement.
-
Google OAuth tokens: retained until you disconnect the integration or delete your account, at which point they are revoked and deleted.
-
Business tax identifiers and license numbers: retained while the Company's account is active and handled in accordance with Section 11 (Deletion). Tax ID values are masked in the interface and access to the full value is restricted.
11. ACCOUNT DELETION, COMPANY DELETION, AND YOUR CHOICES
11.1 How Deletion Works
The Service provides two deletion options:
-
Individual account deletion: any user may request deletion of their own account. This deletes the individual’s account and personal information; the Company and its data continue to exist.
-
Company deletion: only the Company’s designated owner may delete the entire company, including its data. Company deletion also cancels the associated subscription.
11.2 Grace Period and Recovery
Deletion requests are subject to an approximately 30-day grace period. During the grace period, access is suspended but the deletion can be cancelled using the recovery link provided (including by email), and the account or company will be fully restored. After the grace period expires, deletion is processed and cannot be undone.
11.3 What Is Deleted and What Is Retained
-
After the grace period, personal identifiers (such as names, email addresses, phone numbers, and addresses) are deleted or anonymized.
-
Business financial records may be retained in de-identified form as described in Section 10.
-
Authentication accounts are permanently deleted.
11.4 Export Before Deletion
Because businesses are generally required by law to retain their own financial, tax, and payroll records for a period of years, the deletion flow requires (or strongly prompts) an export of your data before deletion proceeds. You are solely responsible for retaining your own copies of your business records. See our Terms of Service for details.
12. TRANSFER OF YOUR PERSONAL DATA
Your information, including Personal Data, may be transferred to and maintained on computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those of your jurisdiction. If you are located outside the United States and choose to provide information to us, please note that we transfer the data, including Personal Data, to the United States and process it there. Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.
13. SECURITY OF YOUR PERSONAL DATA
The security of your Personal Data is important to us. We use Supabase as our database and authentication provider, which implements industry-standard encryption in transit and at rest, and we apply access controls including row-level security so that each Company’s data is isolated. Banking information collected during employee onboarding is stored only in limited form (last four digits of account numbers). OAuth tokens are stored with restricted, server-side-only access. However, no method of transmission over the Internet or method of electronic storage is 100% secure, and we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials.
14. OUR ROLE IN PROCESSING END CUSTOMER DATA
For information that Companies store in the Service about their own End Customers and Employees, the Company acts as the data controller (it decides what data to collect and why), and WorkHorse acts as a data processor / service provider acting on the Company’s instructions. If you are an End Customer or Employee of a Company that uses WorkHorse and you wish to access, correct, or delete information that the Company stores about you, please contact that Company directly. We will assist Companies in responding to such requests as appropriate, and if an End Customer or Employee contacts us directly, we may refer the request to the relevant Company.
15. DO NOT TRACK SIGNALS (CalOPPA)
In compliance with the California Online Privacy Protection Act (CalOPPA), we disclose how we handle Do Not Track (DNT) signals. WorkHorse FS LLC does not currently respond to Do Not Track signals from web browsers. We do not track users across third-party websites, and we do not allow third-party behavioral tracking within the Service.
16. CHILDREN’S PRIVACY
Our Service does not address anyone under the age of 18, and our Website does not address anyone under the age of 13. We do not knowingly collect personally identifiable information from anyone under the age of 13. If you are a parent or guardian and you are aware that your child has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from anyone under the age of 13 without verification of parental consent, we take steps to remove that information from our servers.
17. YOUR DATA PROTECTION RIGHTS
17.1 General Data Access and Deletion Rights
Regardless of your location, you can make the following requests:
-
Access Your Data: request a copy of the personal information we have about you in a structured, commonly used, and machine-readable format. The Service also provides a self-service data export.
-
Delete Your Data: request deletion of your personal information from our systems, unless there is a legal requirement or legitimate business record-keeping basis for us to retain it (see Sections 10 and 11).
-
Correct Your Data: request correction of inaccurate personal information, or update it yourself within the Service.
To submit a data access, correction, or deletion request, contact us at contact@work-horse.org. We will respond within 30 days. We may need to verify your identity before processing your request.
17.2 CCPA Privacy Rights (California Residents)
If you are a California resident, under the California Consumer Privacy Act (CCPA), you have the right to:
-
Know what personal information we have collected about you and how it is used and shared
-
Request deletion of your personal information
-
Opt out of the sale or sharing of your personal information (note: we do not sell or share your personal information as those terms are defined by the CCPA)
-
Non-discrimination for exercising your CCPA rights
We will respond to verified requests within 45 days as required by the CCPA. To exercise your California data protection rights, email contact@work-horse.org.
17.3 CalOPPA Compliance (California Residents)
In accordance with CalOPPA, we agree to the following: users can visit our Website anonymously; we link to this Privacy Policy on our home page; our Privacy Policy link includes the word “Privacy” and can easily be found; users will be notified of privacy policy changes via email and/or a prominent notice on the Service; and users can change their personal information by logging into their account or contacting us.
18. LINKS TO OTHER SITES
Our Service and Website may contain links to other sites that are not operated by us. If you click a third-party link, you will be directed to that third party’s site. We strongly advise you to review the privacy policy of every site you visit. We have no control over, and assume no responsibility for, the content, privacy policies, or practices of any third-party sites or services.
19. CHANGES TO THIS PRIVACY POLICY
We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the “Last Updated” date at the top. For material changes, we will provide notice via email and/or a prominent notice on the Service prior to the change becoming effective. You are advised to review this Privacy Policy periodically.
20. CONTACT US
If you have any questions about this Privacy Policy or our data practices, please contact us:
-
By email: contact@work-horse.org
-
By visiting our website: https://www.work-horse.org
-
By phone: (843) 284-6209
-
By mail: 7901 4th St N, Suite 300, St. Petersburg, FL 33702