1. Scope of This Policy

This Privacy Policy applies to all users of DrillerDB Services, including:

• Software Subscribers: Businesses using DrillerDB's DepthMap, Basic, or Enterprise plans for well drilling project management
• Contractor Directory Users: Contractors who claim, create, or manage business profiles through the Contractor Dashboard
• Marketing Subscribers: Businesses with Priority Listing subscriptions for enhanced visibility
• Website Visitors: Anyone browsing the DrillerDB website or contractor directory
• Well Owners & Property Owners: Individuals using our tools to research well data or find contractors

2. Information We Collect

2.1 Information You Provide Directly

Depending on how you use our Services, we may collect:

• Account Information: Name, email address, phone number, password, and company affiliation
• Business Profile Information: Company name, business address, service areas, services offered, business hours, certifications, licenses, insurance information, payment methods accepted, and business description
• Project & Customer Data: For software subscribers, information about drilling projects, customer contacts, proposals, invoices, work orders, field reports, and equipment inventory
• Payment Information: Billing address and payment method details (processed securely through Stripe; we do not store full credit card numbers)
• Communications: Messages you send through quote request forms, support tickets, or other contact methods
• User-Generated Content: Photos, project images, reviews, and review responses you upload or submit

2.2 Information Collected Automatically

When you access our Services, we automatically collect:

• Device Information: IP address, browser type and version, operating system, device identifiers, and user agent strings
• Usage Data: Pages visited, features used, click patterns, search queries, time spent on pages, and navigation paths
• Location Information: General geographic location derived from IP address; precise location only if you grant permission for location-based features
• Session Information: Login times, session duration, and activity timestamps
• Analytics Data: For contractor profiles, we track impressions (how often your listing appears in search results), page views, and click-through rates

2.3 Information from Third Parties

• Authentication Providers: If you sign in with Google, we receive your name, email, and profile identifier
• Public Data Sources: Well records and geological data from state agencies (such as the Wisconsin DNR) to enhance our mapping services
• Payment Processors: Transaction confirmations and subscription status from Stripe

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 Service Delivery

• Operate, maintain, and improve our software and services
• Process subscriptions and payments
• Display contractor profiles in our directory
• Facilitate quote requests between well owners and contractors
• Provide customer support and respond to inquiries

3.2 Personalization & Analytics

• Customize your experience based on your preferences and usage patterns
• Provide contractors with analytics about their profile performance
• Analyze usage trends to improve our Services
• Generate aggregated, de-identified statistics about service usage

3.3 Communications

• Send transactional emails (account confirmations, password resets, payment receipts)
• Notify you of quote requests, reviews, or messages
• Send service announcements and product updates
• With your consent, send marketing communications about new features or promotions

3.4 Security & Compliance

• Detect and prevent fraud, abuse, and security incidents
• Enforce our Terms of Service
• Comply with legal obligations and respond to lawful requests

4. Cookies & Tracking Technologies

We use cookies and similar technologies to operate our Services:

• Essential Cookies: Required for authentication, security, and core functionality. Our session cookie (“ddb_session”) has a 7-day lifetime and uses HttpOnly, Secure, and SameSite=Lax settings for security.
• Analytics Cookies: Help us understand how visitors interact with our site. We use Google Analytics and Microsoft Clarity to collect aggregated usage data.
• Marketing Cookies: Used by third-party services like Google Tag Manager and HubSpot to deliver relevant information about our services.

You can control cookie preferences through your browser settings. Disabling essential cookies may prevent you from using certain features requiring authentication.

5. How We Share Information

We do not sell your personal information. We may share information in the following circumstances:

5.1 Service Providers

We share information with trusted third-party providers who assist in operating our Services:

• Stripe: Payment processing and subscription management
• Google: Authentication (Google Sign-In), maps, geocoding, and analytics
• Mandrill/Mailchimp: Transactional email delivery and tracking
• Microsoft Clarity: User behavior analytics
• QuickBooks Online: Accounting integration (Enterprise plan subscribers only, with your authorization)
• OpenAI: AI-powered document processing (see Section 5.2 below)

These providers are contractually obligated to use your information only to provide services to us and in accordance with this Privacy Policy.

5.2 Artificial Intelligence & Document Processing

DrillerDB uses artificial intelligence (AI) services, including OpenAI, to extract and process information from well log documents and geological records. This helps us provide accurate well data, mapping features, and geological insights.

Documents processed by AI include:

• Well logs and drilling records from public government sources (such as state DNR databases)
• PDF documents voluntarily uploaded by DrillerDB software subscribers

How AI processing works:

• Documents are sent to OpenAI's API for text extraction and data parsing
• Extracted data (well depths, geological formations, locations) is stored in our database
• We cache extracted results locally to minimize repeated processing
• OpenAI processes data according to their API data usage policies, which state that API data is not used to train their models

Your choices:

• Software subscribers who upload documents consent to AI processing as part of using the service
• If you do not want documents processed by AI, do not upload them to DrillerDB
• Public records processed by AI contain publicly available information and do not include personal data

5.3 Public Directory Listings

If you create or claim a contractor profile, certain business information you provide (company name, address, phone, services, business hours, reviews) will be publicly visible in our contractor directory. You control what information is displayed through your Contractor Dashboard.

5.4 Quote Requests

When a well owner submits a quote request to a contractor, we share the requester's contact information (name, email, phone, project details) with the selected contractor to facilitate communication.

5.5 Legal Requirements

We may disclose information if required by law, court order, or governmental authority, or when we believe disclosure is necessary to:

• Comply with legal obligations
• Protect the rights, safety, or property of DrillerDB, our users, or the public
• Investigate potential violations of our Terms of Service
• Detect, prevent, or address fraud or security issues

5.6 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have regarding your information.

6. Data Security

We implement industry-standard security measures to protect your information:

• HTTPS encryption for all data transmission
• Secure, HttpOnly cookies with SameSite protection
• Password hashing for stored credentials
• Access controls limiting employee access to personal data
• Regular security assessments and monitoring
• Session management with automatic timeout
• CSRF (Cross-Site Request Forgery) protection
• Rate limiting to prevent abuse

While we strive to protect your information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

7. Data Retention

We retain your information for as long as necessary to:

• Provide our Services and maintain your account
• Comply with legal, accounting, or regulatory requirements
• Resolve disputes and enforce our agreements

When you delete your account or request data deletion, we will remove or anonymize your personal information within 90 days, except where retention is required by law or for legitimate business purposes (such as maintaining transaction records for tax compliance).

Contractor profiles that are claimed remain visible until you request removal. Unclaimed business listings derived from public records may remain in our directory as public information.

8. Your Rights & Choices

You have the following rights regarding your personal information:

• Access: Request a copy of the personal information we hold about you
• Correction: Update or correct inaccurate information through your account settings or by contacting us
• Deletion: Request deletion of your personal information, subject to legal retention requirements
• Portability: Request your data in a portable, machine-readable format
• Opt-Out: Unsubscribe from marketing emails using the link in any email, or adjust notification preferences in your account settings
• Withdraw Consent: Where processing is based on consent, you may withdraw it at any time

To exercise these rights, contact us at support@drillerdb.com. We will respond within 30 days and may request verification of your identity.

9. California Privacy Rights

California residents have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

• Right to Know: What personal information we collect, use, and disclose
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out: We do not sell personal information, so no opt-out is necessary
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights

To submit a verifiable consumer request, email support@drillerdb.com with the subject line “California Privacy Request.”

10. Children's Privacy

Our Services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If we learn that we have collected information from a child under 18, we will delete it promptly. If you believe we have collected information from a child, please contact us at support@drillerdb.com.

11. International Users

DrillerDB is based in the United States. If you access our Services from outside the United States, your information will be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your country. By using our Services, you consent to this transfer.

12. Third-Party Links

Our Services may contain links to third-party websites, including state agency portals, payment processors, and integration partners. We are not responsible for the privacy practices of these external sites. We encourage you to review the privacy policies of any third-party sites you visit.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a new “Last updated” date. For significant changes, we may also send an email notification. Your continued use of the Services after any changes constitutes acceptance of the updated Privacy Policy.

14. Contact Us

If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact us:

• Email: support@drillerdb.com
• Mail: DrillerDB, LLC, Attn: Privacy, at the postal address listed on our Contact page