Privacy Policy
This Privacy Policy describes how RoofSig LLC ("RoofSig," "we," "us," or "our") collects, uses, discloses, and protects information in connection with:
- The RoofSig website(s), dashboards, and services (the "Platform")
- RoofSig's business customers ("Business Clients") who use RoofSig to manage calls, messaging, and automations
- Mobile messaging (SMS/MMS) and interactive voice response (IVR) services delivered through or on behalf of RoofSig and its Business Clients ("Mobile Messaging Services")
This Policy applies to processing conducted in the United States and Canada.
1. Roles and Responsibilities
1.1 RoofSig as Service Provider / Processor
For data processed on behalf of Business Clients (e.g., their lead and customer information, call logs, SMS transcripts), RoofSig acts primarily as a service provider or processor.
Business Clients determine which individuals are contacted, what content is sent, and the legal basis for such communications.
1.2 Business Clients as Controllers
Business Clients are the "businesses" or "controllers" with respect to their leads and customers' personal information.
Business Clients are responsible for: obtaining consent, providing required notices, honoring opt-outs, and complying with applicable laws (e.g., TCPA, CASL, state privacy laws).
RoofSig's services and this Privacy Policy are designed to support compliance with applicable telecommunications and privacy regulations, including the Telephone Consumer Protection Act (TCPA), the CAN-SPAM Act, the Canadian Anti-Spam Legislation (CASL), and relevant state privacy laws. However, Business Clients remain solely responsible for their own compliance with all applicable legal requirements for their messaging programs.
1.3 RoofSig as Controller
RoofSig is a controller for limited categories of data (e.g., account registration data for Business Clients, usage logs for security and billing, and direct communications with RoofSig).
2. Scope of This Policy
This Policy covers:
- Data about Business Clients and their authorized users (e.g., owners, staff, administrators)
- Data about End Users (e.g., homeowners or customers) who call, receive SMS/MMS, interact with IVR, or receive review requests via systems operated by RoofSig
- Data collected via the Platform, APIs, dashboards, and Mobile Messaging Services
It does not override or replace any separate agreements or data processing addenda in place between RoofSig and a Business Client. In the event of a conflict, the executed agreement or addendum governs to the extent of the conflict.
3. Information We Collect
3.1 Business Client and Account Data
Collected from Business Clients and their authorized users:
- Identification and contact details: name, business name, business address, email, phone number
- Account credentials: username, hashed passwords or SSO identifiers
- Billing information: payment method tokens (via payment processor), invoicing details, tax-related data as required
- Business configuration: service areas, business hours, escalation numbers, preferences, and settings saved in RoofSig
3.2 End User and Lead Data
Collected or processed when End Users interact with a Business Client via RoofSig:
- Contact details: mobile phone number, other phone numbers, name (if provided), address or service location (if provided)
- Lead and appointment details: date and time of inquiries, appointment preferences, selected service types (e.g., inspection, repair), job notes
- Communications content:
- SMS/MMS message content and metadata
- IVR keypresses (DTMF) and associated selections
- Transcripts and summaries of calls or voicemails where implemented
- Technical and routing data: call start/stop times, call status (answered, missed, abandoned), carrier information, IP addresses (where applicable to web/chat)
3.3 Platform and Usage Data
Collected when Business Clients and authorized users access the Platform:
- Log data: IP address, browser type, device information, pages visited, timestamps, and activities within the dashboard
- Configuration changes: audit logs of changes to business hours, call flows, toggles, and settings
- Error and performance logs: system events required to monitor and troubleshoot reliability and security
3.4 Cookies and Similar Technologies
On RoofSig's website and dashboards, we may use:
- Cookies, local storage, or similar technologies for session management, authentication, and basic analytics
- Third-party analytics tools to measure usage patterns on the Platform
Where required by law, we will provide appropriate cookie notices and limited controls.
4. How We Use Information
4.1 Providing and Operating the Services
RoofSig uses collected information to:
- Route and handle inbound and outbound calls, SMS/MMS, IVR interactions, and review requests on behalf of Business Clients
- Create and manage leads, bookings, and related records in our systems
- Provide dashboards, reports, and metrics (e.g., lead counts, call capture rates) to Business Clients
- Configure and maintain automated workflows, call flows, and messaging sequences
- Authenticate authorized users and provide access to the Platform
4.2 Support, Maintenance, and Security
We use information to:
- Diagnose and resolve technical issues
- Monitor service health and error rates
- Detect and prevent fraud, abuse, or unauthorized access
- Maintain logs necessary for security and compliance
4.3 Billing and Account Management
We use Business Client data to:
- Process payments and invoices
- Track subscriptions, usage, and entitlements
- Communicate with Business Clients about account status, subscription changes, or service notices
4.4 Analytics and Service Improvement
We may use:
- Aggregated or de-identified data to analyze usage trends, improve features, and optimize system performance
- Limited individual-level usage information to troubleshoot problems and enhance user experience on the Platform
We do not use End User mobile messaging opt-in data to build unrelated marketing profiles.
4.5 Legal and Compliance
We may process information as necessary to:
- Comply with applicable laws, regulations, and legal processes
- Respond to lawful requests from public and governmental authorities
- Enforce our terms, prevent abuse, and protect our rights, property, and safety, or that of our users and the public
5. Mobile Messaging and IVR-Specific Practices
5.1 Consent and Opt-In
Business Clients are responsible for obtaining all legally required consent from End Users before sending them calls, SMS/MMS messages, or automated communications through RoofSig.
RoofSig may provide technical features to support consent capture, logging, and opt-out handling but does not verify the sufficiency of any consent.
5.2 Opt-Out and Preferences
End Users may typically opt out of SMS communications by replying with STOP or similar recognized keywords, as configured by the Business Client.
When RoofSig's systems detect a valid opt-out command, RoofSig will flag the associated number as opted out for that specific program and will not send further messages through that program except where required for confirmation or legal compliance.
Business Clients are responsible for aligning their use of RoofSig's tools with applicable opt-out obligations.
5.3 Content of Messages and Calls
The content of messages and IVR flows is determined by Business Clients.
RoofSig processes these communications as a service provider and does not routinely review all content.
RoofSig may access content and logs for troubleshooting, security, compliance checks, or as required by law.
6. Sharing and Disclosure of Information
6.1 Core Principle for Mobile Numbers and Messaging Consent
RoofSig follows this principle:
- No mobile information will be shared with or sold to third parties or affiliates for marketing or promotional purposes.
- Information may be shared with subcontractors and service providers strictly to support the Services (for example, telecommunications, hosting, or customer support).
- All other use case categories exclude text messaging originator opt-in data and consent; this information will not be shared with or sold to any third parties.
This principle applies to mobile numbers, opt-in status, and SMS/MMS consent data collected via RoofSig's Mobile Messaging Services. Any sharing is limited to service provisioning, compliance, and support operations.
6.2 Sharing with Business Clients
For End Users:
If you are an End User communicating with a Business Client, RoofSig may share your relevant communication details (e.g., phone number, message content, call logs, booking details) with that Business Client, because they are the party you are dealing with directly.
Business Clients control how they further use or disclose such information, subject to their own privacy policies and applicable laws.
6.3 Service Providers and Subcontractors
RoofSig may share information with service providers and subcontractors that perform functions on our behalf, such as:
- Telecommunications and messaging providers (e.g., carriers, Twilio)
- Cloud hosting and infrastructure providers
- Payment processors
- Customer support and ticketing systems
- Data storage, monitoring, and logging providers
These entities are authorized to use the information only as necessary to provide services to RoofSig and are contractually restricted from using mobile messaging originator opt-in data and consent for third-party marketing.
6.4 Affiliates
RoofSig may share data with its affiliates (if any) for internal operational purposes (e.g., technical support, billing, consolidated administration), subject to this Policy.
We do not share mobile messaging originator opt-in data with affiliates for their own marketing or promotional purposes.
6.5 Legal, Safety, and Compliance
We may disclose information:
- To comply with legal obligations or respond to lawful requests from public authorities
- To protect and defend our rights, property, or safety, or that of our Business Clients, End Users, or the public
- To investigate and prevent fraud, abuse, or security incidents
6.6 Business Transfers
If RoofSig is involved in a merger, acquisition, financing, reorganization, or sale of assets, information may be transferred as part of that transaction, subject to continued protection consistent with this Policy. Any successor entity will be bound by obligations at least as protective as those described here.
7. Data Retention
7.1 General Retention
RoofSig retains information for as long as reasonably necessary to:
- Provide the Services to Business Clients
- Maintain records of communications, consent, and opt-out events for legal and operational reasons
- Comply with legal, tax, accounting, or regulatory requirements
- Resolve disputes, enforce agreements, and protect our rights
7.2 Business Client-Controlled Retention
Where technically feasible, RoofSig may provide configuration options that allow Business Clients to adjust retention periods for certain categories of data (e.g., leads, transcripts).
Business Clients remain responsible for their own retention policies and obligations under applicable law.
7.3 Deletion and Anonymization
When data is no longer needed, RoofSig may delete or anonymize it in production systems, subject to backup and archival constraints and legal obligations.
Backup copies may persist for a limited time before being overwritten or destroyed in the ordinary course of operations.
8. Security
8.1 Measures
RoofSig implements commercially reasonable technical and organizational measures to protect information, including:
- Access controls and authentication for Platform access
- Encryption in transit where appropriate (e.g., HTTPS for dashboard access)
- Logical separation of customer environments and data
- Monitoring and logging of key systems
- Regular review of core infrastructure and dependencies
8.2 Limitations
No system can guarantee perfect security. Business Clients are responsible for:
- Securing their own systems, devices, and networks
- Managing access to their RoofSig accounts and credentials
- Configuring integrations and access controls appropriate to their risk profile
9. Children's Privacy
The Services are intended for business use and for communications with adult customers of Business Clients. RoofSig does not knowingly collect or process personal information from children under the age of 13 in the United States or under the age of 16 in Canada.
If RoofSig becomes aware that it has unintentionally collected such information without appropriate consent, RoofSig will delete it or take other appropriate steps.
10. Regional Information: United States and Canada
10.1 Geographic Focus
RoofSig provides services for Business Clients operating in the United States and Canada. Data is generally processed in data centers located in these regions or in other locations used by our infrastructure providers, subject to contractual safeguards.
10.2 State and Provincial Privacy Laws
Certain US states or Canadian provinces may grant additional rights regarding personal information (e.g., access, correction, deletion). When RoofSig acts as a service provider/processor, such requests must generally be directed to the relevant Business Client (the controller). RoofSig will support Business Clients' efforts to respond, where feasible and required by contract or law.
11. Rights and Choices
11.1 End Users
End Users who receive communications through RoofSig's systems should generally exercise their privacy and communication rights by contacting the relevant Business Client, because they are the primary controller of the data.
End Users may:
- Opt-out of marketing or other SMS/MMS communications using STOP or similar supported commands
- Contact the Business Client directly to exercise rights of access, correction, or deletion where applicable
RoofSig will support Business Clients in honoring these rights when technically and legally feasible.
11.2 Business Clients and Authorized Users
Business Clients and their authorized users may:
- Update account and profile information via the Platform
- Request account closure and data export for their own Customer Data, subject to contractual and legal limitations
- Contact RoofSig using the contact details below for privacy-related questions specific to RoofSig's role
12. Cookies and Tracking Technologies
12.1 Use
RoofSig may use cookies, local storage, and similar technologies on its websites and dashboards to:
- Maintain user sessions and authentication
- Remember user preferences and settings
- Collect basic analytics about usage patterns
12.2 Control
Users of the Platform may control certain cookie behaviors through browser settings. Disabling cookies may limit functionality of the Platform.
13. Third-Party Links and Sites
The Platform and communications sent through RoofSig may contain links to third-party websites or services. These third parties operate independently and are not controlled by RoofSig. Their privacy practices are governed by their own policies.
Business Clients are responsible for ensuring that any external links they include in communications are appropriate and compliant.
14. Changes to This Privacy Policy
RoofSig may update this Privacy Policy from time to time. When changes are made:
- The "Last updated" date at the top of this document will be revised
- Material changes may be communicated through the Platform, by email to Business Clients, or by posting a prominent notice on the RoofSig website
Continued use of the Services after the effective date of any changes constitutes acceptance of the revised Policy, subject to applicable law.
15. Contact Information
For questions or concerns about this Privacy Policy or RoofSig's privacy practices:
Email: privacy@roofsig.com
Mailing address:
RoofSig LLC
30 N Gould St Ste N, Sheridan
Sheridan County, WY 82801
United States