Privacy
Last updated July 12, 2026
Draft—pending legal review before launch.
Scope
This draft policy describes how Midnight Datum Inc., operating Datumspec, handles information in the service.
Information collected
Datumspec may collect account and contact details; session IP address and user-agent information; organization and project records; scope, approvals, budgets, invoices, documents, project photos, support communications, and data from integrations a user chooses to connect.
How information is used
Information is used to operate, secure, and support Datumspec; provide requested project workflows; process subscriptions; send transactional email; and provide user-invoked AI assistance.
Project photos and materials
Private-property and construction-site materials may reveal addresses, interiors, people, possessions, or site conditions. Users and organizations are responsible for authority to upload and share them. Access follows organization and project permissions. Datumspec does not promise automatic redaction, metadata removal, or a fixed deletion period.
AI-assisted processing
When a user invokes an AI-assisted feature, requested project or document content may be sent to AI service providers such as Google/Gemini and, where enabled, OpenAI. Users must review generated outputs. Vendor retention and training practices are governed by their applicable terms and configurations.
Service providers
Datumspec uses Cloudflare for hosting and, where enabled, image or storage services; Neon for database services; Resend for email; Stripe for subscriptions; and Google/Gemini for requested AI features. OpenAI is used where enabled. Xero or QuickBooks receives data only when a user connects the applicable integration.
Payment data
Stripe handles card and payment details. Datumspec stores billing identifiers and subscription status, not full card numbers.
Retention and deletion
Information is retained as needed to operate and secure the service and meet legitimate or legal obligations. No fixed period is promised in this draft. Requests may be sent to support and can remain subject to account, security, backup, or legal constraints.
Cross-border processing
Service providers may process information outside a user’s province or country, where it may be subject to foreign laws.
Security
Datumspec uses reasonable safeguards and organization- and project-based access controls. No system can guarantee absolute security.
Your questions and rights
To ask about access, correction, deletion, or applicable Canadian privacy rights, including PIPEDA where applicable, email support@datumspec.com.
Changes
The last-updated date will change when this draft changes. It remains a draft until separately reviewed and approved.