Your data stays yours
Every customer's data is isolated from every other customer's through row-level security, so one business's clients, work orders, invoices, and team information are not accessible to another business on TradelyHQ.
Security
Your work orders, client information, invoices, and field data deserve the same care your business does. We take that seriously at every layer.
Our promises
Every customer's data is isolated from every other customer's through row-level security, so one business's clients, work orders, invoices, and team information are not accessible to another business on TradelyHQ.
Every meaningful action, such as who created a work order, who marked an invoice paid, and who changed a permission, is recorded in a detailed, append-only audit log designed to resist tampering. If something needs investigating later, the history is there.
Customer-identifying information is handled with care across our systems. We follow the applicable US privacy laws that cover our customers, including the California CCPA and CPRA, and you can request your data be exported or deleted from your account settings at any time.
Our security posture is reviewed regularly, not just at launch. We run automated checks on every change we ship and carry out periodic security reviews to help keep the standard high.
Subprocessors
We don't run every piece of TradelyHQ ourselves. A handful of trusted services help us host the app, send emails, and keep the lights on. Here's the full list, what each one does, and what they see.
United States
Stores your database, handles sign-in, holds your uploaded files, and runs our back-end functions.
Sees: everything you save in TradelyHQ, including work orders, clients, invoices, attachments, and account info.
United States
Hosts the TradelyHQ website and the app itself.
Sees: the pages and requests that flow through the app, not the contents of your records.
United States
Handles the payment side, the credit card processing for your TradelyHQ subscription, so we never touch card numbers ourselves.
Sees: your billing details and card information.
United States
Sends the transactional emails we ship on your behalf, such as invoice reminders, password resets, and team invites.
Sees: the email addresses and contents of those messages.
France
Powers the in-app support chat, the little bubble in the corner.
Sees: only the email and chat messages of people who actually start a conversation. If you never open chat, Crisp sees nothing about you.
United States
Watches for errors so we can fix things before they pile up. Only active if you accept the "Analytics" cookie option.
Sees: error details and session replays, with anything you typed and any form values automatically blacked out.
European Union
Tells us if the app goes down and keeps the logs we use to diagnose problems.
Sees: our own service-health signals, such as uptime checks and back-end logs. No customer information.
United States
Stores some of the photos and media you upload, such as job-site pictures and attachments.
Sees: the files you upload. Nothing else about your account.
United States, optional
Only used if you choose to connect your QuickBooks account so invoices sync to your books. If you never connect it, it sees nothing.
Sees (if connected): the invoices, customers, and line items you sync over.
United States
Protects the signup form against bots and automated abuse.
Sees: signals from the signup page used to tell real people from automated abuse. Not your account records.
United States, optional
Powers the optional writing-assist, intake-autofill, and in-app translation features. Only runs when you choose to use one of them.
Sees (if used): only the work-order text, notes, or text to translate that you submit to that feature. We do not let it train its models on your content.
United States, optional
Turns voice notes into text when you use the optional voice-note feature.
Sees (if used): only the audio you record for transcription. We do not let it train its models on your content.
United States, optional
Deliver push notifications to your phone or browser, if you turn notifications on.
See (if enabled): a device push token and the notification we send you. Not your account records.
United States
Converts the site and customer addresses you enter into map coordinates, for route planning and sales-tax jurisdiction lookup.
Sees: the addresses you enter, sent for coordinate lookup. Not your full account records.
European Union
Fallback address-to-coordinate lookup when the Census geocoder returns no match.
Sees: the address looked up, only when the Census geocoder finds no match. Not your full account records.
This list is current as of June 3, 2026. We update this page whenever a subprocessor is added, changed, or removed.
Data encrypted in transit and at rest. Applicable privacy laws followed. We don't sell your information. The basics, done right.