Legal
Privacy Policy
How SalesTrak collects, uses, shares, and protects information across our website and our web and mobile apps.
Last updated: July 16, 2026
1. Overview & scope
SalesTrak is a customer-relationship-management (CRM) platform built for roofing sales teams. It is operated by Bartlett Roofing ("SalesTrak," "we," "us," or "our"). This Privacy Policy explains how we handle information in connection with:
- our marketing website at salestrak.io and its subdomains;
- the SalesTrak web application (the CRM you sign in to from a browser); and
- the SalesTrak mobile apps for iOS and Android — the map-first tool field reps use to work leads and jobs in the field.
We refer to all of these together as the "Services." By using the Services, you agree to this Privacy Policy and to our Terms of Service.
2. Who controls your data
SalesTrak is business software used by organizations ("Workspaces"). When your employer, company, or team signs up for a Workspace and invites you to it, that organization is the party that decides what information goes into SalesTrak and how it is used. In that context:
- Your organization is the controller of the CRM content in its Workspace — leads, jobs and projects, customer names and property addresses, notes, photos, and other entities. We process that content on the organization's behalf as a service provider.
- We are the controller of the information needed to run the Services generally — for example, account and login information, billing details, and basic usage and diagnostic data.
If you are an end user in a Workspace you did not create, requests about the CRM content in that Workspace (such as access or deletion) are usually best directed to your organization's SalesTrak administrator, and we will support them in responding.
3. Information we collect
Account and profile information
When you register, accept a Workspace invitation, or manage your account, we collect your name, email address, and a password (stored only in hashed form). Your profile may also include the Workspaces and teams you belong to and your role within them.
Content you create in the CRM ("Customer Data")
The Services exist to store the information your team enters. Depending on how your Workspace uses SalesTrak, this can include:
- leads, jobs, projects, and their pipeline stage and status;
- customer and property information — names, street addresses, and geographic coordinates / map pins for the properties you work;
- notes, activity and visit logs, and custom fields your Workspace defines;
- media attachments — photos, videos, PDFs, and documents attached to a project's notes or to a photo field.
This content often describes people other than you (for example, homeowners). Your organization is responsible for having an appropriate basis to collect and store it — see our Terms of Service.
Location information (mobile apps)
The mobile apps are map-first. With your permission, we use your device's location to:
- show your current position on the map and center it on your projects; and
- capture coordinates when you create a new project at your current location.
The apps request "while in use" location access only — we do not track your location in the background. You can grant, deny, or revoke this permission at any time in your device settings; if you deny it, the map still works, but it cannot center on you or drop a project pin at your current position.
Camera, microphone, and photo library (mobile apps)
With your permission, the mobile apps use your camera to take photos and videos, your microphone when recording a video, and your photo library to select existing images and videos — in each case so you can attach that media to a project's notes. We access these only when you actively use the corresponding feature, and you can revoke any of these permissions in your device settings.
Device, log, and usage information
When you use the Services, we automatically collect standard technical information such as device type, operating-system version, app version, IP address, and log and diagnostic data (for example, error reports and timestamps of requests). We use this to operate, secure, and improve the Services.
Cookies and local storage
The web app and website use cookies and browser storage that are necessary to keep you signed in and to remember basic preferences. The mobile apps store data on your device to keep you signed in and to work offline, including:
- Authentication tokens, held in the platform secure store (Apple Keychain on iOS; encrypted storage backed by the Android Keystore on Android).
- An offline cache of Workspace data you have already loaded (map pins, project details, activity, and pending changes you made while offline), so the app stays usable without a signal and syncs when you reconnect.
We use these strictly to operate the Services. We do not use analytics or advertising cookies, and we do not use cookies to track you across other websites.
4. Mobile app permissions
For clarity, here is every sensitive permission the iOS and Android apps may request, and why:
- Location (while in use) — show you on the map and set coordinates for projects you create in the field.
- Camera — take photos and videos to attach to a project's notes.
- Microphone — record audio while capturing a video.
- Photo library — attach existing photos and videos to a project's notes.
All of these are optional and are requested only when you first use the relevant feature. Denying a permission disables that feature but does not otherwise prevent you from using the app. You can change your choices at any time in iOS Settings or Android app settings.
5. How we use information
We use the information described above to:
- provide, maintain, and operate the Services, including storing and displaying your Workspace's CRM content;
- authenticate you, keep your session active, and secure your account;
- enable field features such as maps, project pins, media capture, and offline sync;
- provide support and respond to your requests;
- monitor, troubleshoot, secure, and improve the Services, and develop new features;
- send service and administrative communications (for example, invitations, password resets, and important notices); and
- comply with legal obligations and enforce our Terms of Service.
We do not sell your personal information, and we do not use your Workspace's Customer Data to build advertising profiles.
6. How we share information
We share information only as described here:
- Within your Workspace. Content you create is visible to other members of your Workspace according to the roles and permissions your organization configures.
-
Service providers (subprocessors). We use vetted third parties to host and run the
Services on our behalf. They may process information only to provide services to us and are bound by
confidentiality and data-protection obligations. Our current subprocessors are:
- Amazon Web Services (AWS) — cloud hosting, databases, and storage of files and media attachments.
- Google Maps and Apple Maps — displaying maps and converting between addresses and coordinates in the mobile apps; these providers process location and address queries to return map data.
- Google (Gmail / Google Workspace) — sending account and service emails, such as invitations and password resets.
- Legal and safety. We may disclose information if required by law or to protect the rights, property, or safety of SalesTrak, our users, or the public.
- Business transfers. If SalesTrak is involved in a merger, acquisition, financing, or sale of assets, information may be transferred as part of that transaction, subject to this Policy.
7. Data retention
We retain account information for as long as your account is active. We retain your Workspace's Customer Data for as long as the Workspace exists or as your organization directs. When an account or Workspace is deleted, we delete or de-identify the associated information within a commercially reasonable period, except where we are required to retain it to comply with legal obligations, resolve disputes, or enforce our agreements. Offline data cached on a mobile device is removed when you sign out or uninstall the app.
8. Security
We use reasonable administrative, technical, and physical safeguards designed to protect information, including encryption of data in transit, hashed passwords, scoped access tokens stored in the device secure store, and Workspace-level access controls. No method of transmission or storage is completely secure, so we cannot guarantee absolute security. Please use a strong, unique password and keep your login credentials confidential.
9. Your choices & rights
Depending on where you live, you may have rights to access, correct, delete, or export your personal information, or to object to or restrict certain processing. You can:
- review and update your profile information from within the app;
- manage device permissions (location, camera, microphone, photos) in your device settings;
- request access to or deletion of your personal information by contacting us (see Contact us). Where the request concerns Customer Data in a Workspace you don't administer, we may direct you to, or coordinate with, your organization's administrator.
We will not discriminate against you for exercising these rights. To make a request, contact us at the address in Contact us; we may need to verify your identity before responding.
California privacy rights
If you are a California resident, the California Consumer Privacy Act, as amended by the CPRA, gives you the right to:
- know and access the personal information we have collected about you and how we use and share it;
- request correction of inaccurate personal information;
- request deletion of your personal information; and
- not be discriminated against for exercising these rights.
We do not sell your personal information, and we do not share it for cross-context behavioral advertising, as those terms are defined under California law. We collect precise geolocation (in the mobile apps), which is considered "sensitive personal information," and we use it only to provide the map features you request — not to infer characteristics about you — so it is not used or disclosed in a way that would trigger a right to limit its use. You may exercise your California rights by contacting us as described in Contact us.
10. Children's privacy
The Services are intended for business use by adults and are not directed to children. We do not knowingly collect personal information from children under 13. If you believe a child has provided us personal information, please contact us and we will delete it.
11. Third-party links
The Services may link to third-party websites or services that we do not control. This Policy does not apply to those sites, and we are not responsible for their privacy practices. Review the privacy policies of any third-party services you use.
12. U.S. processing
SalesTrak is operated from the United States, and information submitted to the Services is collected, processed, stored, and disposed of in accordance with applicable U.S. law. If you access the Services from outside the United States, you understand your information will be processed in the United States.
13. Changes to this policy
We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date above and, for material changes, provide additional notice through the Services. Your continued use of the Services after an update means you accept the revised Policy.
14. Contact us
If you have questions about this Privacy Policy or our data practices, contact us at:
Bartlett Roofing
Attn: SalesTrak Privacy
370 N Mitchell St.
Boise, ID 83704
Email: blake@bartlettroofs.com
Phone: (208) 286-4187