Privacy Policy
Last updated: July 6, 2026
1. Introduction
ManifestQ ("ManifestQ," "Company," "we," "us," or "our") provides operational intelligence services for collection systems to engineering firms, municipalities, utility districts, and other infrastructure operators. This Privacy Policy explains how we access, collect, use, process, share, retain, and protect information through manifestq.com and related websites (the "Site"), QConnect and other ManifestQ mobile applications (the "App"), and our cloud services, support channels, and connected field monitoring workflows (collectively, the "Services").
2. Developer and Privacy Contact
The developer and operator of the Services is ManifestQ. For privacy questions, data requests, account deletion requests, or Google Play user data inquiries, contact us at [email protected]. You may also request account or data deletion through our Account and Data Deletion page.
3. Scope and Customer-Controlled Data
This Privacy Policy applies to the Services. Many users access the App through an employer, municipality, utility, engineering firm, or other organization. In those cases, your organization may decide what data is collected, how projects are configured, who can access records, and how long records are retained. ManifestQ generally acts as a service provider or processor for that organization and handles organization-controlled data according to the organization's instructions and our contractual obligations.
4. Information We Collect
- Business contact information, such as name, organization, role, work email, work phone, and general location.
- Information you provide in forms, emails, meeting requests, support tickets, demos, or project discussions.
- Website usage information, such as pages visited, approximate location derived from IP address, browser type, device type, referring page, and similar diagnostics used to operate and improve the Site.
- Account and profile data, such as name, work email, organization, role, account status, and authentication-related records.
- Project and workflow content submitted through the App, including inspection forms, notes, photos, videos, attachments, measurements, and other operational records.
- Connected device data from field monitoring equipment, including device identifiers, sensor readings, device configuration, calibration settings, wireless connection status, diagnostic logs, and related site or project associations.
- Files and local storage data used when the App downloads, processes, queues, or uploads records from connected devices or field workflows.
- Device and app diagnostics, such as device model, operating system, app version, crash logs, performance logs, network status, and security logs.
- Approximate or precise location when you grant permission and use features such as maps, site tagging, asset association, route or inspection context, or location-based operational workflows.
- Camera, photo, video, and file access when you grant permission to capture or upload inspection media or attachments.
- Bluetooth, nearby device, local network, or wireless connection information when needed to connect to field monitoring equipment.
- Push notification tokens if you enable notifications.
- SMS alert enrollment details, such as phone number, opt-in status, alert preferences, and opt-out status, if your organization uses SMS operational alerts.
- Support communications and troubleshooting information when you contact us or your organization asks us to investigate an issue.
- We do not intentionally collect financial account numbers, payment card numbers, government identification numbers, phone contacts, SMS message contents, call logs, health data, or the inventory of other apps installed on your device.
- We do not sell personal or sensitive user data.
- We do not use App data for advertising personalization, cross-app tracking, or sale to data brokers.
- If your organization configures a workflow that causes sensitive information to be submitted in notes, photos, videos, attachments, or forms, we process that information only to provide the Services to you and your organization.
5. How We Use Information
- Provide, operate, maintain, and secure the Services.
- Create and manage accounts, authenticate users, and enforce access controls.
- Enable App features such as field inspections, device connectivity, media capture, site tagging, maps, alerts, uploads, and reporting.
- Process connected device readings, diagnostics, configuration, calibration, and monitoring data.
- Send operational notifications, push notifications, and SMS alerts requested by users or configured by an organization.
- Provide support, troubleshooting, training, maintenance, and customer communications.
- Monitor performance, prevent abuse, investigate security events, and protect users, organizations, ManifestQ, and the public.
- Comply with legal obligations and enforce contracts, policies, and terms.
- Improve reliability, usability, and functionality of the Services.
6. Sharing and Disclosure
- Your organization. If you use the Services through an organization, your account information, submitted content, activity, device records, alerts, and project data may be visible to authorized administrators and users within that organization.
- Service providers and subprocessors. Vendors may process information for hosting, cloud infrastructure, data storage, authentication, analytics, crash reporting, messaging, SMS delivery, customer support, security, monitoring, and similar services. They are permitted to use information only to provide services to ManifestQ or our customers.
- Connected workflow participants. Information may be shared with users or teams your organization authorizes for a project, inspection, report, asset, alert, or workflow.
- Legal, safety, and compliance. We may disclose information when required by law, regulation, subpoena, court order, governmental request, or to protect rights, safety, security, and service integrity.
- Business transfers. Information may be transferred in connection with a merger, acquisition, financing, reorganization, or sale of assets, subject to appropriate confidentiality and notice protections.
7. App Permissions and Prominent Disclosures
- Location permission supports maps, site tagging, asset association, and other location-enabled operational features when you choose to use them.
- Camera, photos, videos, and files permissions support inspection media capture, upload, and attachment workflows.
- Bluetooth, nearby device, local network, or wireless permissions support connections to field monitoring equipment.
- Notifications support operational alerts, reminders, and workflow updates.
8. SMS / Text Messaging Policy
- Water level threshold alerts.
- Sensor offline or connectivity status.
- Rain event detection and increased monitoring notices.
- System-generated operational notifications tied to configured alert rules.
Opt-in workflow screenshot:

9. Sensitive Permissions and Minimum Scope
- Photos, videos, and files. Where practical, the App uses system pickers or scoped file access so you choose the specific media or files to upload. We do not use broad all-files access unless a future core feature cannot work with narrower Android storage options and the use is disclosed and approved where required.
- Location. Location is used only for location-enabled operational features such as maps, site tagging, asset association, or inspection context. We prefer foreground and minimum-scope location access. We do not use location solely for advertising or analytics, and we do not sell location data.
- Contacts. The App is not designed to upload your phone contacts or broadly access your address book. If a future feature needs contact selection, we will use a minimum-scope method, such as a system contact picker, where practical.
- SMS and Call Logs. The App is not designed to request Android SMS or Call Log permissions, read SMS message contents, or access call history.
- Installed apps. The App is not designed to request broad installed-app inventory access or use QUERY_ALL_PACKAGES for advertising, analytics monetization, or profiling.
- Accessibility, VPN, package installation, alarms, and full-screen intents. The App is not designed to use AccessibilityService, VpnService, REQUEST_INSTALL_PACKAGES, USE_EXACT_ALARM, or USE_FULL_SCREEN_INTENT unless a future core feature requires it and we provide the required disclosures, consent, Play Console declarations, and policy updates.
- Health and body sensor data. The App is not designed to request body sensor permissions or Health Connect data. We do not use health data for advertising, analytics profiling, or sale.
10. Advertising ID, App Set ID, and Analytics
We do not use the Android Advertising ID or App Set ID for advertising personalization or ads measurement. If analytics, crash reporting, or diagnostic tools collect app or device identifiers, they are used to operate, secure, troubleshoot, and improve the Services and must be disclosed consistently in our Google Play Data safety form.
11. Data Security
We use administrative, technical, and organizational safeguards designed to protect information against unauthorized access, disclosure, alteration, and destruction. Personal and sensitive user data is transmitted using modern cryptography, such as HTTPS/TLS, where it leaves the device or browser. Access to production systems is limited to authorized personnel and service providers who need access to operate, support, secure, or improve the Services. No security measure is perfect, but we work to maintain safeguards appropriate to the nature of the data and the Services.
12. Data Retention and Deletion
- Organization-controlled project, inspection, monitoring, and device records are retained according to the organization's settings, instructions, contract, or operational needs.
- Diagnostic logs and security records are generally retained for a limited period unless needed for security, support, legal, or compliance purposes.
- SMS opt-in, opt-out, and alert records are retained as needed to honor messaging preferences, demonstrate consent, and comply with messaging rules.
- When an account or data deletion request is approved, we delete or de-identify associated personal information unless we must retain certain records for legal, security, fraud prevention, backup, dispute, regulatory, or legitimate business reasons.
13. Your Rights and Choices
14. Children
The Services are intended for business, infrastructure, and utility operations and are not directed to children. We do not knowingly collect personal information from children under 13, and the App is not designed for child-directed services.
15. International Transfers
ManifestQ is based in the United States. If you access the Services from outside the United States, your information may be transferred to and processed in the United States or other countries where we or our service providers operate. We use appropriate safeguards where required by applicable law.
16. Data Safety and Third-Party Code
Our Google Play Data safety disclosures must match this Privacy Policy and the actual behavior of the App, including data accessed, collected, used, shared, retained, or processed by third-party SDKs and service providers. We review third-party code used in the App and require that it support policy-compliant purposes, such as service functionality, analytics, diagnostics, security, messaging, or support.
17. Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated effective date. If changes materially affect how we handle personal and sensitive user data, we will provide additional notice where required by law or platform policy.
18. Contact Us
ManifestQ privacy contact: [email protected].