Privacy Policy

This Privacy Policy applies to smartcomply.app, SmartComply websites, applications, customer workspaces, support experiences, demos, public portals, APIs, and related services that link to this policy.

SmartComply provides compliance management software for water, wastewater, stormwater, FOG, backflow, pretreatment, and related environmental programs. In many cases, the organization that licenses SmartComply controls the records in its tenant. For those records, SmartComply generally acts as a service provider or processor and handles information on the customer’s instructions.

This policy is not a substitute for any written customer agreement, order form, data processing addendum, business associate agreement, or government contract that expressly applies to a specific deployment. If a signed agreement conflicts with this website policy, the signed agreement controls for that customer relationship.

We collect information you provide directly, including name, email address, phone number, organization, role, account credentials, billing contact details, support messages, demo requests, uploaded files, form submissions, inspection information, compliance records, signatures, certifications, notices, comments, and other content submitted through SmartComply.

We collect customer tenant data such as facilities, regulated entities, industrial users, food service establishments, backflow assemblies, permits, monitoring schedules, test results, manifests, inspections, investigations, violations, reminders, reports, exports, user roles, task history, audit logs, and configuration settings.

We collect information from public and external portals when enabled by a customer, such as tester submissions, hauler manifests, industrial user reports, inspection responses, owner or facility contact details, certification records, supporting documents, e-signature events, IP address, timestamps, and workflow status.

We collect technical and usage information such as IP address, browser and device details, pages or screens viewed, referring page, approximate location derived from network data, cookie or consent choices, authentication/session data, log events, errors, performance metrics, and security telemetry.

We may receive information from service providers, payment processors, identity providers, email systems, analytics providers, integrations, APIs, imported files, customer administrators, and other users acting within a customer tenant.

SmartComply may process information that is sensitive because it relates to government compliance activity, facility operations, environmental permits, contact details, signatures, certifications, enforcement workflows, inspections, test results, or other records submitted by a customer or portal user.

Customers are responsible for deciding what information is appropriate to place in SmartComply, configuring their tenant, issuing required notices to their regulated community, and determining legal retention schedules for their program records.

Unless a written agreement says otherwise, do not submit protected health information, payment card numbers outside the hosted payment flow, government identifiers that are not needed for the workflow, or other highly sensitive information unrelated to the customer’s compliance program.

We use information to provide, operate, secure, maintain, and improve SmartComply; create and administer accounts; route users to the right tenant; process public portal submissions; generate reports; manage notices, reminders, tasks, signatures, and audit trails; deliver support; respond to sales inquiries; process payments; and communicate with you.

We use information to authenticate users, enforce permissions, prevent abuse, monitor reliability, debug errors, investigate security events, maintain logs, preserve evidence of workflow actions, and protect SmartComply, customers, public portal users, and the public.

We use aggregated or de-identified information to understand product usage, improve features, develop reporting and analytics, evaluate reliability, and market SmartComply. We do not treat aggregated or de-identified information as personal information when it cannot reasonably identify an individual.

We may use information to comply with law, enforce agreements, resolve disputes, respond to lawful requests, support procurement or audit processes, and protect legal rights.

SmartComply may include AI-assisted features for tasks such as support responses, report drafting, anomaly detection, QA review, CSV mapping, autofill suggestions, permit checks, and summarization. AI features are designed to assist users, not replace professional judgment or regulatory decision-making.

When AI features are enabled, relevant prompts, customer-provided content, context, metadata, and outputs may be processed by SmartComply and selected AI service providers solely to provide and improve the requested feature, subject to customer agreements and provider controls.

Customers and users are responsible for reviewing AI outputs before relying on them, submitting them to regulators, sending notices, certifying reports, or making enforcement decisions.

SmartComply uses essential cookies and browser storage for authentication, tenant routing, security, consent records, and core site functionality. Optional functional, analytics, and marketing storage is controlled through the cookie preference center.

Google Tag Manager is configured with Google Consent Mode. Analytics storage is denied until analytics consent is granted. Advertising storage, ad user data, and ad personalization are denied until marketing consent is granted.

When permitted, analytics and marketing tools may collect information about pages viewed, referral source, campaign attribution, device and browser details, approximate location, conversions, and site interactions. See the Cookie Policy for the current inventory and preference controls.

We share information with service providers and subprocessors that help us host, secure, deliver, analyze, support, communicate, bill, monitor, and improve SmartComply. These providers are authorized to process information for the services they provide to us.

We share information at the direction of a customer, such as when a customer invites users, configures public portals, exports records, sends notices, connects integrations, uses APIs or webhooks, requests support, or directs us to provide access to another party.

We may share information with payment processors to handle checkout, billing, invoicing, subscriptions, taxes, and payment-related communications. SmartComply does not intentionally store full payment card numbers.

We may disclose information when required by law, subpoena, court order, public records process, regulator request, or other legal obligation; to protect rights, safety, security, and service integrity; or in connection with a merger, financing, acquisition, reorganization, or sale of assets.

We do not sell personal information in the ordinary sense of exchanging it for money. If advertising or analytics laws treat certain cookie-based disclosures as a sale, sharing, or targeted advertising, you can control those activities through the cookie preference center.

Customer data belongs to the customer or the parties the customer represents. SmartComply does not decide whether a customer record is a public record, confidential record, exempt record, or regulatory submission; customers are responsible for those determinations.

If a member of the public, regulated entity, tester, hauler, inspector, employee, or other portal user submits information into a customer-controlled workflow, the customer may access, use, retain, export, disclose, or delete that information according to its legal obligations and program rules.

Requests relating to records controlled by a SmartComply customer should usually be directed to that customer first. We may refer requesters to the customer when the customer is the appropriate controller or public agency record custodian.

We retain personal information for as long as needed to provide SmartComply, comply with legal obligations, resolve disputes, enforce agreements, support security, maintain audit evidence, and meet customer instructions.

Customer compliance records, audit logs, reports, certifications, signatures, and workflow history may be retained for the period configured by the customer or required by applicable law, contract, litigation hold, procurement rule, or regulatory program.

Cookie preferences are retained until changed or browser storage is cleared. Security logs and diagnostic records are typically retained for shorter periods unless needed for investigation, legal compliance, or service integrity.

You may update account details, change cookie preferences, unsubscribe from marketing emails, and contact us about access, correction, deletion, export, objection, restriction, or other privacy requests.

Some requests may be limited by authentication requirements, customer instructions, legal retention obligations, audit-log preservation, security needs, or our inability to verify the requester’s authority.

Where we process information on behalf of a customer, we may forward your request to that customer or instruct you to contact the customer directly.

We use administrative, technical, and organizational safeguards designed to protect information, including tenant-aware access controls, encrypted transport, managed hosting, protected authentication cookies, audit logging, monitoring, least-privilege operational access where practical, and vendor security review.

No method of transmission, storage, or processing is perfectly secure. You are responsible for maintaining the confidentiality of your credentials, configuring user access appropriately, and promptly notifying us of suspected unauthorized access.

SmartComply is designed primarily for United States water, wastewater, stormwater, and environmental compliance programs. Service providers may process information in the United States and other locations where they or their infrastructure operate, unless a written customer agreement provides a different restriction.

By using SmartComply, you understand that information may be processed in jurisdictions with different privacy laws than where you are located.

SmartComply is a business and government compliance service and is not directed to children under 13. We do not knowingly collect personal information from children under 13 through the public website.

Privacy questions, requests, or notices can be sent to privacy@smartcomply.app. Security reports should be sent to security@smartcomply.app. Sales and general inquiries may be sent to sales@smartcomply.app.

We may update this policy from time to time. The Last updated date shows when the latest version was posted.