XRoof

Privacy Policy

Last updated: April 7, 2026

1. Introduction

XRoof (“we,” “us,” or “our”) operates the XRoof platform at xroof.io. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services.

2. Information We Collect

Account Information: When you create an account, we collect your name, email address, phone number, company name, and service area.

Business Data: Information you enter into the platform including customer names, addresses, job details, estimates, contracts, invoices, and photos.

Payment Information: Payment processing is handled by Stripe. We do not store credit card numbers on our servers. Stripe's privacy policy governs payment data.

Usage Data: We automatically collect information about how you interact with the platform, including pages visited, features used, and device information.

Communications: Messages sent through the customer portal, SMS messages sent via Twilio, and emails sent via Resend are processed through third-party services.

3. Homeowner Data Collected Through Contractor Landing Pages

XRoof provides a landing page builder that roofing contractors use to collect leads from homeowners. When a homeowner submits a form on a contractor's landing page, we collect the homeowner's name, phone number, email address (if provided), property address, city, ZIP code, and project type.

Data Controller: The roofing contractor who created the landing page is the data controller for homeowner data collected through their pages. The contractor determines how this data is used and is responsible for complying with all applicable data protection and communication laws.

Data Processor: XRoof acts as a data processor, storing and transmitting homeowner data on behalf of the contractor. We process this data solely to operate the Service — storing leads, notifying the contractor, and enabling the contractor to follow up.

No Sale of Data: XRoof does not sell, rent, or share homeowner data with any third parties beyond what is necessary to operate the Service (see Section 5 below).

Deletion Requests: Homeowners may request deletion of their personal data by contacting support@xroof.io. We will process deletion requests within 30 days.

4. How We Use Your Information

  • To provide and maintain the XRoof platform
  • To process transactions and send related information (estimates, invoices, contracts)
  • To send automated follow-up emails and SMS on your behalf
  • To provide customer support
  • To send service-related announcements and updates
  • To monitor platform usage and improve our services
  • To detect and prevent fraud or abuse

5. Data Sharing and Sub-Processors

We do not sell your personal information. We share data only with the following service providers (sub-processors):

  • Supabase: Database hosting, authentication, and storage of all platform data including homeowner lead data collected through contractor landing pages
  • Stripe: Payment processing for contractor subscriptions
  • Resend: Email delivery for contractor communications and automated follow-ups, including emails sent to homeowner leads
  • Twilio: SMS delivery for contractor notifications and automated messages, including SMS sent to homeowner leads
  • Google Maps/Satellite: Satellite imagery for roof measurements
  • Vercel: Application hosting

We may also disclose information if required by law or to protect the rights and safety of our users.

6. Data Security

We implement industry-standard security measures including encrypted connections (HTTPS/TLS), authenticated API access with JWT tokens, and role-based access controls. However, no method of electronic transmission or storage is 100% secure.

7. Data Retention

We retain your account data for as long as your account is active. Business data (jobs, estimates, invoices) is retained for the duration of your subscription plus 90 days after cancellation. You may request deletion of your data at any time by contacting us.

8. Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Export your data in a portable format
  • Opt out of marketing communications
  • Revoke SMS consent at any time by replying STOP to any text message you receive. To opt back in, reply START. For help, reply HELP or email support@xroof.io.

9. Cookies

We use essential cookies for authentication (Supabase session tokens stored in localStorage). We do not use third-party tracking cookies or advertising cookies.

10. Children's Privacy

XRoof is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the “Last updated” date.

12. Contact Us

If you have questions about this Privacy Policy, please contact us at support@xroof.io.