Skip to content

Privacy

Last updated July 12, 2026

Draft—pending legal review before launch.

Scope

This draft policy describes how Midnight Datum Inc., operating Datumspec, handles information in the service.

Information collected

Datumspec may collect account and contact details; session IP address and user-agent information; organization and project records; scope, approvals, budgets, invoices, documents, project photos, support communications, and data from integrations a user chooses to connect.

How information is used

Information is used to operate, secure, and support Datumspec; provide requested project workflows; process subscriptions; send transactional email; and provide user-invoked AI assistance.

Project photos and materials

Private-property and construction-site materials may reveal addresses, interiors, people, possessions, or site conditions. Users and organizations are responsible for authority to upload and share them. Access follows organization and project permissions. Datumspec does not promise automatic redaction, metadata removal, or a fixed deletion period.

AI-assisted processing

When a user invokes an AI-assisted feature, requested project or document content may be sent to AI service providers such as Google/Gemini and, where enabled, OpenAI. Users must review generated outputs. Vendor retention and training practices are governed by their applicable terms and configurations.

Service providers

Datumspec uses Cloudflare for hosting and, where enabled, image or storage services; Neon for database services; Resend for email; Stripe for subscriptions; and Google/Gemini for requested AI features. OpenAI is used where enabled. Xero or QuickBooks receives data only when a user connects the applicable integration.

Essential cookies

Datumspec uses essential authentication and session cookies to sign users in, protect sessions, and maintain requested workspace context.

Payment data

Stripe handles card and payment details. Datumspec stores billing identifiers and subscription status, not full card numbers.

Retention and deletion

Information is retained as needed to operate and secure the service and meet legitimate or legal obligations. No fixed period is promised in this draft. Requests may be sent to support and can remain subject to account, security, backup, or legal constraints.

Cross-border processing

Service providers may process information outside a user’s province or country, where it may be subject to foreign laws.

Security

Datumspec uses reasonable safeguards and organization- and project-based access controls. No system can guarantee absolute security.

Your questions and rights

To ask about access, correction, deletion, or applicable Canadian privacy rights, including PIPEDA where applicable, email support@datumspec.com.

Changes

The last-updated date will change when this draft changes. It remains a draft until separately reviewed and approved.