Privacy Policy

Effective Date: December 2, 2025
Last Updated: December 2, 2025

1. Introduction

LAVT Supply ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AV Management Suite platform (the "Service").

This Privacy Policy applies to all users of the Service and covers both personal information of individual users and business data uploaded by our customers.

2. Information We Collect

2.1 Information You Provide Directly

Account Information:

  • Email address, name, phone number
  • Company/organization name
  • Job title, department, employee number
  • Payment information (processed through Stripe)
  • Authentication credentials (Microsoft ID via Azure AD)

Business Data:

  • Project information (names, descriptions, dates, budgets, status)
  • Customer and vendor data (company names, contacts, addresses, tax IDs)
  • Bills of Materials (BOMs) with part numbers, quantities, pricing
  • Timesheet data (time entries, labor codes, locations)
  • Service ticket information (descriptions, priorities, resolutions)
  • Inventory data (part numbers, quantities, specifications)
  • Purchase orders and financial information
  • Documents, files, and attachments uploaded to the Service
  • Employee information (names, roles, labor rates)

2.2 Information Collected Automatically

Usage Information:

  • IP address, browser type, and version
  • Device information and operating system
  • Pages visited, features used, and actions taken
  • Date and time of access
  • Referring URLs and pages
  • Location data (for mobile timesheet features with GPS)

Audit and Log Information:

  • All data changes (old and new values) via database triggers
  • User actions and timestamps
  • API endpoints accessed
  • System errors and performance metrics

2.3 Information from Third-Party Sources

  • Authentication data from Azure AD / Microsoft
  • Payment information from Stripe
  • Documents from SharePoint, OneDrive, and Google Drive integrations
  • Electronic signature status from Adobe Sign

3. How We Use Your Information

We use the information we collect to:

3.1 Provide and Maintain the Service

  • Create and manage your account
  • Process your transactions and manage billing
  • Provide customer support and respond to inquiries
  • Enable collaboration features (real-time BOM editing, user presence)
  • Facilitate integrations with third-party services
  • Store and manage your business data

3.2 Improve and Optimize the Service

  • Analyze usage patterns and trends
  • Develop new features and functionality
  • Monitor and improve performance
  • Troubleshoot technical issues
  • Conduct quality assurance and testing

3.3 Security and Compliance

  • Detect and prevent fraud, abuse, and security incidents
  • Maintain audit trails for compliance requirements
  • Enforce our Terms of Service
  • Comply with legal obligations

3.4 Communications

  • Send transactional emails (account notifications, billing, system alerts)
  • Provide product updates and new feature announcements
  • Send marketing communications (with your consent, opt-out available)

4. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

4.1 Service Providers (Subprocessors)

We engage third-party companies and individuals to facilitate our Service. These service providers have access to your information only to perform specific tasks on our behalf and are obligated not to disclose or use it for any other purpose.

See our Subprocessor List for details.

4.2 Business Transfers

If we are involved in a merger, acquisition, or asset sale, your information may be transferred. We will provide notice before your information is transferred and becomes subject to a different privacy policy.

4.3 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., court orders, subpoenas, or government investigations).

4.4 With Your Consent

We may share your information with third parties when we have your explicit consent to do so.

4.5 Within Your Organization

Your business data is shared with other users within your tenant account according to the access permissions configured by your tenant administrator.

5. Data Security

We implement industry-standard security measures to protect your information:

  • Multi-Tenant Isolation: PostgreSQL Row-Level Security (RLS) ensures complete data isolation between tenant accounts
  • Encryption in Transit: All data transmitted to and from the Service is encrypted using TLS/SSL
  • Encryption at Rest: Sensitive data including OAuth credentials and integration tokens are encrypted in our database
  • Access Controls: Role-based access control (RBAC) with granular permissions
  • Audit Logging: Comprehensive audit trails track all data access and modifications
  • Infrastructure Security: Hosted on secure cloud infrastructure with regular security updates
  • Authentication: Secure authentication via Azure AD with support for multi-factor authentication
  • Rate Limiting: Protection against brute force and DDoS attacks

While we strive to protect your information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

6. Data Retention

We retain your information for as long as necessary to provide the Service and fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

  • Active Accounts: Data is retained while your account is active
  • After Cancellation: You have 30 days to export your data before it may be deleted
  • Audit Logs: Retained for compliance purposes (typically 7 years)
  • Backup Data: May be retained in backups for up to 90 days after deletion
  • Legal Holds: Data may be retained longer if required for legal proceedings

7. Your Privacy Rights

Depending on your location, you may have certain rights regarding your personal information:

7.1 General Rights

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request correction of inaccurate or incomplete information
  • Deletion: Request deletion of your personal information (subject to legal obligations)
  • Data Portability: Request your data in a structured, machine-readable format
  • Opt-Out: Unsubscribe from marketing communications

7.2 GDPR Rights (European Users)

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR):

  • Right to restriction of processing
  • Right to object to processing
  • Right to lodge a complaint with a supervisory authority
  • Right to withdraw consent at any time

7.3 CCPA Rights (California Users)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information is collected, used, shared, or sold
  • Right to delete personal information
  • Right to opt-out of the sale of personal information (we do not sell personal information)
  • Right to non-discrimination for exercising CCPA rights

7.4 Exercising Your Rights

To exercise any of these rights, please contact us at legal@lavtsupply.com. We will respond to your request within 30 days (or as required by applicable law).

8. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to track activity on our Service and hold certain information. See our Cookie Policy for details.

Types of cookies we use:

  • Essential Cookies: Required for the Service to function (authentication, security)
  • Functional Cookies: Remember your preferences and settings
  • Analytics Cookies: Help us understand how the Service is used
  • Performance Cookies: Monitor and improve Service performance

9. International Data Transfers

Your information may be transferred to and maintained on servers located outside of your state, province, country, or other governmental jurisdiction where data protection laws may differ.

If you are located outside the United States and choose to provide information to us, we transfer your information to the United States and process it there.

For transfers from the EEA to the United States, we rely on appropriate safeguards such as Standard Contractual Clauses approved by the European Commission.

10. Children's Privacy

Our Service is not intended for use by children under the age of 18. We do not knowingly collect personal information from children under 18. If you become aware that a child has provided us with personal information, please contact us, and we will take steps to delete such information.

11. Third-Party Links

Our Service may contain links to third-party websites or services that are not operated by us. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

12. Data Processing Agreement

For customers in the European Economic Area or who otherwise require GDPR compliance, we offer a Data Processing Agreement (DPA). See our DPA page for more information and to request a signed copy.

13. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by:

  • Posting the new Privacy Policy on this page
  • Updating the "Last Updated" date
  • Sending you an email notification for material changes
  • Displaying a prominent notice on our Service

You are advised to review this Privacy Policy periodically for any changes. Changes are effective when posted on this page.

14. Contact Us

If you have any questions about this Privacy Policy, please contact us:

Data Protection Officer

LAVT Supply

Email: legal@lavtsupply.com

Subject Line: Privacy Inquiry - AV Management Suite

This Privacy Policy was last updated on December 2, 2025.