CheckIt
Sign Up / Sign In

Privacy Policy

Updated:

This Privacy Policy explains how CheckIT Technologies Inc., a Delaware corporation (“CheckIT,” “we,” “us,” or “our”), collects, uses, discloses, and protects personal information about visitors to our websites (including www.checkitapps.com), users of the CheckIT Platform™, and individuals who engage with our marketing or sales team.

If we process personal information on your behalf as a “service provider” or “processor,” our Data Processing Agreement (checkitapps.com/dpa) governs that processing. This Privacy Policy applies to our role as a “business” or “controller.”

Quick Summary

  • We collect contact, account, billing, usage, and document data to provide and improve our Service.

  • We do not sell your personal information.

  • We do not allow third-party AI providers to retain or train on Customer Data.

  • We honor the Global Privacy Control (GPC) opt-out signal.

  • You have rights to access, correct, delete, port, and limit certain uses of your personal information.

  • Submit privacy requests to help@checkitapps.com with subject "Privacy Request."

1. Scope

This Privacy Policy covers personal information collected when:

  • you visit our public websites (including cookies and similar technologies);

  • you use the CheckIT Platform and its applications;

  • you submit forms, request a demo, attend an event, or engage with our marketing emails or sales team; or

  • you contact us for support, sales, or other inquiries.

It does not apply to third-party websites or services that may be linked from or integrated with our Service.

2. Information We Collect

2.1 Information You Provide

  • Contact and Registration: name, business email, business phone, employer name, job title.

  • Account Credentials: username and password (stored as salted cryptographic hashes, never in plain text).

  • Uploaded Documents: invoices, purchase orders, quotes, RFQs, and supporting documents you submit through the Service. These may contain limited personal information about vendors, contractors, and your personnel.

  • Billing and Payment: billing address and the last four digits of your payment method. Full card numbers are stored by Stripe (PCI-DSS compliant); we do not store full card numbers.

  • Communications: support tickets, feedback, survey responses, and recordings or transcripts of meetings you agree to record.

2.2 Information We Collect Automatically

  • Technical Data: IP address, browser type, operating system, device identifiers, language.

  • Usage Data: pages viewed, links clicked, features used, API calls, error logs, session duration, referring/exit URLs.

  • Approximate Location: city/region level, inferred from IP address.

  • Cookies and Similar Technologies: see Section 5.

2.3 Information from Third Parties

  • Business Partners and Referrals: when a partner or existing customer refers you.

  • Data Enrichment Providers: services such as Clearbit, ZoomInfo, or Apollo, providing publicly available business contact and firmographic data.

  • Marketing Platforms: analytics and engagement data from HubSpot, LinkedIn, and Google.

2.4 Sensitive Personal Information

We do not knowingly collect Sensitive Personal Information (such as SSNs, financial account numbers, government IDs, biometric identifiers, precise geolocation, or health information) for profiling or any secondary purpose. If Sensitive Personal Information is incidentally collected through documents you upload, we process it only to provide the Service.

3. How We Use Personal Information

  • Provide and Improve the Service. Operate, maintain, develop, troubleshoot, and improve the CheckIT Platform and applications.

  • Account Management. Register users, authenticate logins, send service-related notices, and manage subscriptions.

  • Support and Training. Respond to inquiries, onboard customers, and provide documentation and training.

  • Security, Fraud Prevention, and Integrity. Detect, investigate, and prevent suspicious activity, security incidents, and abuse.

  • Marketing and Communications. Send newsletters, product updates, event invitations, and promotional communications. You may opt out at any time.

  • Analytics and Research. Generate aggregated and de-identified analytics for reporting and product development. We do not re-identify de-identified data.

  • Legal and Compliance. Comply with legal obligations, enforce our agreements, and protect our rights.

We do not sell personal information. OpenAI and Anthropic are contractually configured so that Customer Data is not retained by them and not used to train their general-purpose AI models. The CheckIT Engine™ is rules-based and we do not aggregate Customer Data across customers or use it to train any AI model.

4. How We Share Personal Information

  • Service Providers and Subprocessors. Microsoft Azure (hosting, OCR, compute), OpenAI and Anthropic (AI-assisted analysis; training disabled), Stripe (payments), Resend (transactional email), and HubSpot (marketing and CRM). Full list at checkitapps.com/subprocessors.

  • Professional Advisors. Lawyers, accountants, auditors, and insurers under confidentiality obligations.

  • Corporate Transactions. In connection with a merger, acquisition, financing, restructuring, or sale of all or part of our business.

  • Legal Requirements. When required to comply with applicable law, subpoena, court order, or regulatory request, or to protect rights, property, or safety.

  • With Your Direction. When you direct us to share information.

  • De-Identified or Aggregated Data. We may share de-identified or aggregated data that cannot reasonably be linked to you or any individual.

We do not sell personal information. We do not Share personal information for cross-context behavioral advertising as defined under the CCPA/CPRA.

5. Cookies and Tracking Technologies

  • Strictly Necessary. Site functionality, security, and authentication. These cannot be disabled.

  • Performance and Analytics. Google Analytics and product analytics (e.g., PostHog, Mixpanel).

  • Marketing. LinkedIn Insights, Google Ads, and Meta pixels. We do not use these for cross-context behavioral advertising.

You can manage your preferences via our cookie banner or browser settings.

5.1 Global Privacy Control (GPC)

We honor the Global Privacy Control (GPC) browser signal as a request to opt out of Sale and Sharing of personal information for residents of California, Colorado, Connecticut, Delaware, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, and Texas.

5.2 Do Not Track

Our websites do not respond to Do Not Track (DNT) signals. Use cookie settings or GPC instead.

6. Your Rights and Choices

  • Right to Know / Access. Confirm whether we process your personal information and request a copy.

  • Right to Correct. Correct inaccurate personal information.

  • Right to Delete. Request deletion of personal information, subject to legal exceptions.

  • Right to Portability. Receive a copy in a portable format.

  • Right to Opt Out of Sale or Sharing. We do not sell or share personal information; honored by default and via GPC.

  • Right to Opt Out of Targeted Advertising. We do not engage in targeted advertising as defined by most state laws.

  • Right to Opt Out of Profiling / ADMT. We do not use personal information for solely-automated decisions that produce legal or similarly significant effects.

  • Right to Limit Sensitive Personal Information. We use Sensitive Personal Information only to provide the Service.

  • Right to Appeal. Where required by state law, you may appeal a denied request by replying to our response.

6.1 California-Specific Disclosures (CCPA/CPRA)

  • Categories collected in the prior 12 months: identifiers; commercial information; internet/electronic activity; approximate geolocation; professional/employment-related information; inferences drawn from the above.

  • Sale/Share: we do not sell or share personal information.

  • Sensitive Personal Information: we do not use it to infer characteristics about consumers.

  • Shine the Light (Cal. Civ. Code § 1798.83): we do not disclose personal information to third parties for their own direct marketing purposes.

6.2 Other State-Specific Notes

  • Nevada: we do not engage in the sale of covered information.

  • Rhode Island: residents may request a list of specific third parties to whom we have disclosed personal information.

  • Texas (TDPSA): the disclosure required under Tex. Bus. & Com. Code § 541.102 is provided in this Privacy Policy.

6.3 How to Submit a Request

Email help@checkitapps.com with subject "Privacy Request" and include (a) the right you are exercising; (b) your state of residence; and (c) sufficient information to verify your identity. We will respond within 45 days (extendable by 45 days when reasonably necessary).

6.4 Authorized Agents

You may use an authorized agent to submit a request on your behalf, subject to verification of the agent’s authority.

6.5 Marketing Opt-Out

Opt out of marketing emails using the unsubscribe link in any marketing email or by emailing help@checkitapps.com. Transactional and service-related communications are not subject to opt-out while you have an active account.

7. Data Retention

We retain personal information only as long as necessary for the purposes described in this Policy, to comply with applicable law, resolve disputes, and enforce our agreements. When personal information is no longer needed, we delete or de-identify it.

8. Security

  • TLS 1.2+ encryption in transit; AES-256 encryption at rest.

  • Role-based access control and least-privilege provisioning.

  • Multi-factor authentication for administrative access.

  • Logging, monitoring, and incident-response procedures.

  • Annual penetration testing of the production environment.

  • Vendor security review for all subprocessors.

No system is 100% secure. If you suspect a security incident, contact help@checkitapps.com with subject "Security Report."

9. Children’s Privacy

The Service is not directed to individuals under 18. We do not knowingly collect personal information from individuals under 18. If you believe we have collected such information, contact us and we will delete it promptly.

10. International Users

The Service is hosted in the United States. If you access the Service from outside the U.S., your personal information will be transferred to, stored in, and processed in the U.S. We do not currently offer the Service to data subjects outside the United States.

11. Third-Party Links and Integrations

The Service may link to or integrate with third-party websites and tools. We are not responsible for the privacy practices of third parties.

12. Changes to This Policy

We may update this Policy from time to time. Material changes will be communicated by email and/or in-product notice at least 30 days before they take effect. Continued use of the Service after the effective date constitutes acceptance.

13. Contact Us

  • Email: help@checkitapps.com (subject “Privacy Request” or “Security Report” as applicable)

  • Mail: CheckIT Technologies Inc., 144 Via Bandolero, Arroyo Grande, CA 93420

If you believe we have not adequately addressed your concern, you may also contact your state’s attorney general or, for California residents, the California Privacy Protection Agency.

© 2026 CheckIT Technologies Inc. All rights reserved. CheckIT™, CheckIT Platform™, CheckIT Engine™, CheckIT Invoice™, and CheckIT RFQ™ are trademarks of CheckIT Technologies Inc.