Legal

Privacy Policy

Last updated: July 6, 2026

1. Introduction

ManifestQ ("ManifestQ," "Company," "we," "us," or "our") provides operational intelligence services for collection systems to engineering firms, municipalities, utility districts, and other infrastructure operators. This Privacy Policy explains how we access, collect, use, process, share, retain, and protect information through manifestq.com and related websites (the "Site"), QConnect and other ManifestQ mobile applications (the "App"), and our cloud services, support channels, and connected field monitoring workflows (collectively, the "Services").

2. Developer and Privacy Contact

The developer and operator of the Services is ManifestQ. For privacy questions, data requests, account deletion requests, or Google Play user data inquiries, contact us at [email protected]. You may also request account or data deletion through our Account and Data Deletion page.

3. Scope and Customer-Controlled Data

This Privacy Policy applies to the Services. Many users access the App through an employer, municipality, utility, engineering firm, or other organization. In those cases, your organization may decide what data is collected, how projects are configured, who can access records, and how long records are retained. ManifestQ generally acts as a service provider or processor for that organization and handles organization-controlled data according to the organization's instructions and our contractual obligations.

4. Information We Collect

A. Website and sales/support interactions
  • Business contact information, such as name, organization, role, work email, work phone, and general location.
  • Information you provide in forms, emails, meeting requests, support tickets, demos, or project discussions.
  • Website usage information, such as pages visited, approximate location derived from IP address, browser type, device type, referring page, and similar diagnostics used to operate and improve the Site.
B. QConnect and other ManifestQ mobile apps
  • Account and profile data, such as name, work email, organization, role, account status, and authentication-related records.
  • Project and workflow content submitted through the App, including inspection forms, notes, photos, videos, attachments, measurements, and other operational records.
  • Connected device data from field monitoring equipment, including device identifiers, sensor readings, device configuration, calibration settings, wireless connection status, diagnostic logs, and related site or project associations.
  • Files and local storage data used when the App downloads, processes, queues, or uploads records from connected devices or field workflows.
  • Device and app diagnostics, such as device model, operating system, app version, crash logs, performance logs, network status, and security logs.
  • Approximate or precise location when you grant permission and use features such as maps, site tagging, asset association, route or inspection context, or location-based operational workflows.
  • Camera, photo, video, and file access when you grant permission to capture or upload inspection media or attachments.
  • Bluetooth, nearby device, local network, or wireless connection information when needed to connect to field monitoring equipment.
  • Push notification tokens if you enable notifications.
  • SMS alert enrollment details, such as phone number, opt-in status, alert preferences, and opt-out status, if your organization uses SMS operational alerts.
  • Support communications and troubleshooting information when you contact us or your organization asks us to investigate an issue.
C. Sensitive data
  • We do not intentionally collect financial account numbers, payment card numbers, government identification numbers, phone contacts, SMS message contents, call logs, health data, or the inventory of other apps installed on your device.
  • We do not sell personal or sensitive user data.
  • We do not use App data for advertising personalization, cross-app tracking, or sale to data brokers.
  • If your organization configures a workflow that causes sensitive information to be submitted in notes, photos, videos, attachments, or forms, we process that information only to provide the Services to you and your organization.

5. How We Use Information

We use information for purposes that are reasonably expected from the Services and disclosed here, including to:
  • Provide, operate, maintain, and secure the Services.
  • Create and manage accounts, authenticate users, and enforce access controls.
  • Enable App features such as field inspections, device connectivity, media capture, site tagging, maps, alerts, uploads, and reporting.
  • Process connected device readings, diagnostics, configuration, calibration, and monitoring data.
  • Send operational notifications, push notifications, and SMS alerts requested by users or configured by an organization.
  • Provide support, troubleshooting, training, maintenance, and customer communications.
  • Monitor performance, prevent abuse, investigate security events, and protect users, organizations, ManifestQ, and the public.
  • Comply with legal obligations and enforce contracts, policies, and terms.
  • Improve reliability, usability, and functionality of the Services.

6. Sharing and Disclosure

We do not sell personal information or personal and sensitive user data. We do not share App data with third parties for their own advertising or marketing. We may share information in the following limited circumstances:
  • Your organization. If you use the Services through an organization, your account information, submitted content, activity, device records, alerts, and project data may be visible to authorized administrators and users within that organization.
  • Service providers and subprocessors. Vendors may process information for hosting, cloud infrastructure, data storage, authentication, analytics, crash reporting, messaging, SMS delivery, customer support, security, monitoring, and similar services. They are permitted to use information only to provide services to ManifestQ or our customers.
  • Connected workflow participants. Information may be shared with users or teams your organization authorizes for a project, inspection, report, asset, alert, or workflow.
  • Legal, safety, and compliance. We may disclose information when required by law, regulation, subpoena, court order, governmental request, or to protect rights, safety, security, and service integrity.
  • Business transfers. Information may be transferred in connection with a merger, acquisition, financing, reorganization, or sale of assets, subject to appropriate confidentiality and notice protections.

7. App Permissions and Prominent Disclosures

The App requests runtime permissions only when needed for a feature. You can grant or deny permissions and later change them in your device settings. Some features may not work if the related permission is disabled. When required by Google Play policy or applicable law, the App will provide an in-app disclosure and obtain affirmative consent before accessing, collecting, using, or sharing personal and sensitive user data in a way that may not be reasonably expected.
  • Location permission supports maps, site tagging, asset association, and other location-enabled operational features when you choose to use them.
  • Camera, photos, videos, and files permissions support inspection media capture, upload, and attachment workflows.
  • Bluetooth, nearby device, local network, or wireless permissions support connections to field monitoring equipment.
  • Notifications support operational alerts, reminders, and workflow updates.

8. SMS / Text Messaging Policy

App SMS permissions. The App is not designed to read SMS message contents, write SMS messages, receive SMS messages, or access call logs. Operational SMS alerts are sent by ManifestQ systems or messaging service providers based on user or organization alert settings, not by using Android SMS or Call Log permissions on your device.
Use case and message types. ManifestQ sends account and operational alert text messages for infrastructure monitoring events, such as:
  • Water level threshold alerts.
  • Sensor offline or connectivity status.
  • Rain event detection and increased monitoring notices.
  • System-generated operational notifications tied to configured alert rules.
We do not send promotional or marketing messages by SMS.
Express opt-in. Users opt in through the ManifestQ web application or an organization-approved workflow when configuring alerts and must explicitly enable SMS notifications before receiving messages.
Opt-out. Reply STOP to opt out at any time.
Help. Reply HELP for assistance.
Message frequency. Varies based on event activity and user settings.
Costs. Message and data rates may apply.

Opt-in workflow screenshot:

ManifestQ SMS opt-in workflow

9. Sensitive Permissions and Minimum Scope

We request sensitive permissions only when they are necessary for a current, user-facing feature and use the minimum scope that reasonably supports that feature.
  • Photos, videos, and files. Where practical, the App uses system pickers or scoped file access so you choose the specific media or files to upload. We do not use broad all-files access unless a future core feature cannot work with narrower Android storage options and the use is disclosed and approved where required.
  • Location. Location is used only for location-enabled operational features such as maps, site tagging, asset association, or inspection context. We prefer foreground and minimum-scope location access. We do not use location solely for advertising or analytics, and we do not sell location data.
  • Contacts. The App is not designed to upload your phone contacts or broadly access your address book. If a future feature needs contact selection, we will use a minimum-scope method, such as a system contact picker, where practical.
  • SMS and Call Logs. The App is not designed to request Android SMS or Call Log permissions, read SMS message contents, or access call history.
  • Installed apps. The App is not designed to request broad installed-app inventory access or use QUERY_ALL_PACKAGES for advertising, analytics monetization, or profiling.
  • Accessibility, VPN, package installation, alarms, and full-screen intents. The App is not designed to use AccessibilityService, VpnService, REQUEST_INSTALL_PACKAGES, USE_EXACT_ALARM, or USE_FULL_SCREEN_INTENT unless a future core feature requires it and we provide the required disclosures, consent, Play Console declarations, and policy updates.
  • Health and body sensor data. The App is not designed to request body sensor permissions or Health Connect data. We do not use health data for advertising, analytics profiling, or sale.
If we add a feature that requires a new sensitive permission or a broader permission scope, we will update this Privacy Policy, the App's in-app disclosures, and the Google Play Data safety and permissions declarations as required before using that data for the new purpose.

10. Advertising ID, App Set ID, and Analytics

We do not use the Android Advertising ID or App Set ID for advertising personalization or ads measurement. If analytics, crash reporting, or diagnostic tools collect app or device identifiers, they are used to operate, secure, troubleshoot, and improve the Services and must be disclosed consistently in our Google Play Data safety form.

11. Data Security

We use administrative, technical, and organizational safeguards designed to protect information against unauthorized access, disclosure, alteration, and destruction. Personal and sensitive user data is transmitted using modern cryptography, such as HTTPS/TLS, where it leaves the device or browser. Access to production systems is limited to authorized personnel and service providers who need access to operate, support, secure, or improve the Services. No security measure is perfect, but we work to maintain safeguards appropriate to the nature of the data and the Services.

12. Data Retention and Deletion

We retain information only as long as reasonably necessary for the purposes described in this Privacy Policy, including to provide the Services, support customer workflows, maintain security, comply with legal obligations, resolve disputes, and enforce agreements.
  • Organization-controlled project, inspection, monitoring, and device records are retained according to the organization's settings, instructions, contract, or operational needs.
  • Diagnostic logs and security records are generally retained for a limited period unless needed for security, support, legal, or compliance purposes.
  • SMS opt-in, opt-out, and alert records are retained as needed to honor messaging preferences, demonstrate consent, and comply with messaging rules.
  • When an account or data deletion request is approved, we delete or de-identify associated personal information unless we must retain certain records for legal, security, fraud prevention, backup, dispute, regulatory, or legitimate business reasons.
To request deletion, email [email protected] or visit our Account and Data Deletion page. If you use the Services through an organization, we may direct your request to that organization or need the organization's authorization before deleting organization-controlled records.

13. Your Rights and Choices

Depending on your location and relationship to the Services, you may request access to, correction of, deletion of, or a copy of your personal information. You may also object to or request restriction of certain processing. To submit a request, contact us at [email protected]. If you use the Services through an organization, that organization may be responsible for responding to your request.

14. Children

The Services are intended for business, infrastructure, and utility operations and are not directed to children. We do not knowingly collect personal information from children under 13, and the App is not designed for child-directed services.

15. International Transfers

ManifestQ is based in the United States. If you access the Services from outside the United States, your information may be transferred to and processed in the United States or other countries where we or our service providers operate. We use appropriate safeguards where required by applicable law.

16. Data Safety and Third-Party Code

Our Google Play Data safety disclosures must match this Privacy Policy and the actual behavior of the App, including data accessed, collected, used, shared, retained, or processed by third-party SDKs and service providers. We review third-party code used in the App and require that it support policy-compliant purposes, such as service functionality, analytics, diagnostics, security, messaging, or support.

17. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated effective date. If changes materially affect how we handle personal and sensitive user data, we will provide additional notice where required by law or platform policy.

18. Contact Us

ManifestQ privacy contact: [email protected].