Privacy Policy

Digital Change Orders is a web application that allows licensed contractors to create, send, and collect electronic signatures on change orders and time-and-materials documents. Our primary domain is digitalchangeorders.com. Inbound client email replies are routed through inbound.digitalchangeorders.com.

Contractors (account holders): When you create an account, we collect your name, email address, business name, contractor license number, phone number, and state. We also collect information you enter when creating change orders, including job names, addresses, original contract amounts, client names and contact details, document descriptions, line item details, and any notes you add.

Clients (signing recipients): When a client opens a signing link, we collect their IP address and device information (user agent) for the signing audit record. When a client signs a change order, we additionally collect their full name, signature, and the timestamp of signing. Clients do not create accounts.

Client email addresses: Clients may provide their email address when asking a pre-signature question through the Service. This email is stored and used to deliver the contractor's reply and to identify the client in subsequent email correspondence about the same change order.

Q&A messages: Pre-signature questions and contractor replies exchanged through the Service are stored in our database and associated with the relevant change order. This includes messages sent via the signing page form and replies sent via email.

Photos: Photos attached to change orders are uploaded by the contractor and stored in our file storage. They are included in the signed PDF and visible on the signing page.

Usage data: We collect standard server logs including pages visited and actions taken within the app. We use Google Analytics to understand how the marketing site is used, with IP addresses anonymised.

Each signed change order generates a tamper-evident audit record that includes: the signer's name, IP address, device and browser information, the exact timestamp of signing, the consent language displayed at the time of signing, the contractor's IP address and device at the time of sending (for comparison), and the time elapsed between sending and signing.

This audit record is stored in our database and in a separate log file in Cloudflare R2 object storage. It is designed to support the evidentiary integrity of the signature and may be used in legal proceedings.

• To provide the change order creation and signing service
• To generate legally compliant signed PDF documents
• To deliver signing links via SMS (Twilio) and email (Resend)
• To route client Q&A email replies to the correct change order thread
• To send transactional notifications (document signed, delivery failed, new message, etc.)
• To process payments via Stripe
• To sync signed documents to QuickBooks if you have connected the integration
• To maintain signing audit records for legal and evidentiary purposes
• To improve the product through aggregated usage analytics

We do not sell your data. We do not use your data for advertising.

Account and document data is stored in Supabase (PostgreSQL), hosted on AWS infrastructure. Document files, signed PDFs, photos, and signing audit logs are stored in Cloudflare R2 object storage. All data is encrypted in transit (TLS) and at rest.

Access to contractor data is restricted by row-level security policies — each contractor can only access their own records. Signing pages use a separate administrative access path that does not expose other contractors' data.

When a client replies to a contractor's email via the Service, the reply is received at inbound.digitalchangeorders.com, processed by a Cloudflare Worker, and delivered to the contractor. Email content is parsed in memory to extract the reply body and is not stored by Cloudflare. The extracted reply is then stored in our database as a Q&A message.

The reply-to address is generated per change order and is not a personal email address. It cannot be used to contact anyone outside the context of the specific change order it was issued for.

We use the following third-party services to operate the product:

• Supabase — authentication and database
• Cloudflare — file storage (R2), email routing, and application infrastructure
• Vercel — application hosting
• Stripe — payment processing
• Twilio — SMS delivery
• Resend — transactional email delivery
• Google Analytics — marketing site analytics (anonymised IP)
• Intuit QuickBooks — optional accounting integration

Each of these services has their own privacy policy governing how they handle data. We select providers that meet reasonable standards for data security and privacy.

If you connect QuickBooks, we store your QuickBooks access token, refresh token, company ID, and company name in our database. These are used solely to create invoices on your behalf when change orders are signed. We do not read, access, or store any QuickBooks data beyond what is necessary to create invoices. You can revoke this access at any time from Settings → QuickBooks.

Your account data and documents are retained for the lifetime of your account. If you delete your account, your personal information will be removed within 30 days. Signed documents may be retained in anonymised form to satisfy legal record-keeping requirements.

Signing audit records are retained indefinitely as they may be relevant to future legal proceedings relating to the signed documents.

Q&A messages are retained for the lifetime of the change order record.

You can export all your signed documents at any time from Settings → Export. This right is available on every plan, including after cancellation.

You have the right to access, correct, or delete the personal data we hold about you. To exercise these rights, contact us at the email below. We will respond within 30 days.

Note that signing audit records may be exempt from deletion requests where retention is required for legal compliance or to protect the integrity of a legally executed document.

We use cookies to maintain your login session and remember your preferences. We do not use advertising cookies. Google Analytics uses anonymised, non-identifying cookies on the marketing site only. You can opt out of Google Analytics tracking from the footer of any marketing page.

We may update this policy as the product evolves. Material changes will be communicated by email to account holders. The “Last updated” date at the top of this page reflects the most recent revision.

Questions about this policy: hello@digitalchangeorders.com