Scope
This policy applies exclusively to the Cavanagh Connect mobile application and its backend services hosted in Palantir Foundry. Palantir Foundry is a data integration and analytics platform that enables businesses to automate decision-making in complex environments. This Privacy Policy reflects the data types disclosed in our App Store Connect submission, including Contact Info, Identifiers, Location Data, User Content, and Sensitive Information.

1. Introduction
Cavanagh Connect (“we,” “us,” or “our”) is a secure mobile application for Cavanagh Construction employees. This Privacy Policy explains what data we collect, how we use it, how long we retain it, and your rights.

2. Data We Collect
User Account & Profile: Corporate email address, full name, job title, department, physical address, and profile photo (pulled from Microsoft Single Sign-On or “SSO” and stored in Palantir Foundry).
Authentication Logs: Timestamp of each SSO login, IP address.
Location Data: GPS coordinates (latitude/longitude) captured at timecard submission and punch-in/punch-out events. This data is used only for in-app functionality and not for tracking, advertising, or sharing with third parties.
Sensitive Information: May include employee ID numbers, union affiliation, or shift history as required for HR or operational use.
Application Data: Notes and comments you create in the app. Future (optional): uploaded documents, photos, or files if enabled.
No analytics, crash-reporting, or third-party SDKs are currently integrated within the app.

3. How We Use Your Data
Account Management: Recognizes the user’s identity via Microsoft SSO and displays their profile.
In-App Functionality: Store and retrieve your notes/comments, location data, sensitive info, and any future uploads.
Security & Auditing: Make sure that only the right people can see or change things in Foundry, and keep a record of who did what and when.
4. In-App Disclosure
You can access the Privacy Policy from the app’s Settings menu (link to be added in a future release).

5. Data Sharing
We do not sell or rent your data. We share only when required:

Service Providers: Trusted partners under strict confidentiality.
Legal Compliance: To comply with laws, subpoenas, or safety/security investigations.
Location data is not shared with third parties and is not used for advertising, tracking, or profiling purposes.

6. Data Retention
Foundry Datasets: Retain only the most recent three transaction records per dataset; automatically delete any transaction older than 30 days.
Foundry Ontology Data: No automatic deletion; data may only be removed by authorized users.
Account & Profile Data: While active + 12 months after deactivation; then permanently deleted.
Authentication Logs: Retain for 6 months, then automatically purged.
Location Data: Retain for 6 months, then automatically purged.
Notes & Comments: Retain for 12 months after deletion or account deactivation; then permanently deleted.
Uploaded Documents (if enabled): Retain for 12 months after deletion or account deactivation; then permanently deleted.
Crash Reports & Diagnostics (if enabled): Retain for 90 days, then purged.
If you request deletion of your account or data, we will complete removal of personal data within 30 days, except where retention is required by law.

7. Security Measures
Encryption in Transit: All connections with Foundry use TLS 1.2 or higher.
Encryption at Rest: Each file in the Foundry filesystem is encrypted with a unique symmetric data encryption key (DEK) using AES-256-CTR.
Access Controls: Role-based permissions enforced by Cavanagh within Foundry.
Multi-factor Authentication (MFA): Enforced via your Microsoft SSO configuration.
8. Children’s Privacy
Cavanagh Connect is for Cavanagh Construction employees only. Users must be of legal employment age. We do not knowingly collect data from minors under legal working age.

9. Jurisdiction & Governing Law
This policy is governed by the laws of the Province of Ontario and the federal laws of Canada applicable therein.

10. Your Rights & Contacts
Access, Correction, Deletion: You may request access to, correction of, or deletion of your personal data.

Contact: [email protected]

11. Audit Logging
Cavanagh Connect keeps track of important user and system actions in Foundry – like who did what, when, and where – and saves that information in a secure log that is updated every hour and only visible to authorized personnel.

Retention: only the most recent three records are kept; entries older than 30 days are deleted.

12. Device-Local Storage
Cavanagh Connect stores certain data on your device, including:

Authentication Tokens: Stored securely in the device’s Keychain (iOS) or secure storage (Android); deleted upon logout or uninstall.
Offline Notes & Comments: Temporarily stored for offline access; synced and then cleared after sync or account deletion.

13. Device Permissions
Cavanagh Connect may request access to certain device features in order to function properly:

Location Services: To verify your location when you punch in or submit a timecard.
Photos / Camera (future feature): For uploading images or documents, if enabled.
You can manage these permissions in your device settings. Disabling them may limit some app functionality.

14. Policy Updates Notification
We may revise this Privacy Policy from time to time. If we make material changes, we will notify you via an in-app banner and update the “Last Updated” date at the top of this document.