1. Texas Privacy Rights
Texas residents may have rights under the Texas Data Privacy and Security Act, including rights to know whether personal data is processed, access data in a readable format, correct inaccuracies, delete personal data, opt out of certain targeted advertising/sale/profiling uses, and avoid discrimination for exercising rights.
Source: https://www.oag.state.tx.us/consumer-protection/file-consumer-complaint/consumer-privacy-rights/texas-data-privacy-and-security-act
2. Request Process
Users may submit privacy requests through the in-app privacy request flow or by emailing `legal@completa.io`. Completa may verify identity and authority before fulfilling a request.
Completa will respond to verifiable consumer requests within 45 days, with one additional 45-day extension where reasonably necessary and disclosed within the initial 45-day response period, or within another timeframe required by applicable law. Completa must provide an appeal process where required. `legal@completa.io` is the launch privacy contact for privacy requests, appeals, and data-governance questions.
3. Categories of Personal Data
Completa processes account data, contact data, project data, property data, photos/videos, receipts/invoices, material records, payment metadata, tax/payout metadata, contractor credential data, background-check status metadata, insurance/license records, messages, support records, warranty/dispute evidence, device/log data, and legal acceptance records.
4. Sensitive Data
Sensitive data may include precise geolocation if retained from photos or service logistics, government IDs or background-check information where used for verification, financial/payment metadata, and other categories treated as sensitive under applicable law. Completa processes sensitive data only for disclosed and necessary platform, verification, safety, fraud, legal, payment, tax, or support purposes, or with consent where required.
5. Biometric Disclaimer
Completa does not currently use biometric identification, face recognition, voiceprint recognition, identity-recognition technology, or hand-geometry or face-geometry extraction from photos, audio, or video. Texas Business and Commerce Code Section 503.001 treats a retina or iris scan, fingerprint, voiceprint, or record of hand or face geometry as a biometric identifier. Project photos and videos may incidentally include faces, hands, bystanders, children, or other personal features. Completa's launch AI/OCR processing is configured for project understanding, scope, materials, dimensions, classification, quality, dispute, warranty, fraud/safety, support, and recordkeeping purposes, not biometric identification, face recognition, voiceprint recognition, identity recognition, or biometric capture for commercial purpose.
Users must not intentionally upload unnecessary photos or video of people, children, bystanders, or unrelated personal spaces. Where a project photo incidentally includes a person but is needed for project documentation, user may request face blurring, redaction, or an alternate upload path where operationally available before AI/OCR provider submission. Completa may redact or filter irrelevant faces, children's images, EXIF/GPS metadata, payment-card details, and bank-account details before provider submission where operationally available and consistent with the processing purpose. Completa does not create or store a separate biometric template, biometric identifier database, faceprint, voiceprint, or hand/face-geometry record from launch AI/OCR processing. If Completa later adds biometric capture, biometric identification, face recognition, voiceprint recognition, identity recognition, or hand/face geometry use for a commercial purpose, it must provide required notice, consent, retention, protection, and destruction controls before use.
6. Children and Age
The platform is intended for users age 18 or older. Completa does not knowingly collect personal data from children under 13. If Completa learns that a child under 13 has provided personal information without verifiable parental consent, Completa will promptly delete the information except as legally required to retain it, attempt to provide parental notice and review where Completa can identify a parent or guardian, and not condition participation in services on a child's disclosure of more information than reasonably necessary.
Completa does not knowingly create accounts for users under 18. If Completa learns that a Texas user is under 18, Completa applies required protections under applicable youth online-safety and privacy laws, including the Texas Securing Children Online through Parental Empowerment Act, Tex. Bus. & Com. Code Chapter 509, parental notice/consent, restrictions on targeted advertising or sale of data to known minors, and account-management features where legally required.
7. Data Portability and Export
Completa must provide a reasonably accessible method for users to request export of account, project, payment, SOW, change-order, warranty, and dispute records, subject to identity verification, third-party privacy, security, legal holds, and retention exceptions.
8. Retention and Deletion Exceptions
Completa does not promise immediate deletion of project, payment, tax, SOW, dispute, warranty, fraud, safety, security, audit, or legal records when a deletion request is submitted. Completa may retain records as needed for tax, accounting, payment processing, Stripe/payment-network reconciliation, contractor payout and 1099 support, sales/use tax support, dispute and warranty administration, fraud prevention, safety, legal compliance, audit, litigation, chargebacks, refunds, reserves, offsets, and unresolved claims.
The launch default is seven years for transactional tax/accounting support records. Entity formation records, EIN letters, tax returns, Texas sales/use tax permits, intercompany agreements, IP/license agreements, cap table/equity records, CPA tax memos, principal-versus-agent accounting memos, marketplace-provider taxability memos, state registration decisions, major settlement records, and records tied to unresolved audits, litigation, or major disputes may be retained longer or indefinitely.
9. Deidentified, Aggregated, and Pseudonymized Data
Completa may retain deidentified, aggregated, or pseudonymized data for analytics, pricing-engine improvement, quality controls, fraud prevention, and platform improvement if reasonable measures are used to prevent association with an identifiable individual where required by law.
10. Security Measures
Completa maintains administrative, technical, and organizational safeguards appropriate to the data processed, including access controls, least-privilege permissions, authentication controls, encryption in transit, encryption at rest for sensitive data including project photos, government IDs collected for verification, payment metadata, background-check information, and support records, encryption at rest for other data where supported by platform infrastructure, vendor review for processors, audit logging for legal acceptance and sensitive admin actions, and incident-response procedures.
11. Breach Notice
If a reportable security breach occurs, Completa must notify affected individuals and regulators without unreasonable delay and within the time required by applicable law. For Texas residents, Completa will provide individual notice not later than the 60th day after determining that a breach occurred where Tex. Bus. & Com. Code §521.053 requires notice, subject to legally permitted delay or investigation exceptions. Completa must document incident response, containment, investigation, and remediation.
12. Subprocessors and Transfers
Completa maintains subprocessor records for active launch providers, including Completa, Co., Stripe, approved AI/OCR processors Anthropic and OpenAI where configured, property/address enrichment providers RentCast and Repliers where configured, background-check or identity-verification providers, cloud hosting and database providers, communications providers, analytics providers, support tools, fraud/security vendors, and professional advisers under confidentiality obligations. Completa will provide current subprocessor information through the privacy request channel or a published subprocessor page when available.
At launch, Completa is configured for U.S. operations. Material international transfers, new processing regions, or broader state/international privacy-law coverage require legal review and updated disclosures or transfer mechanisms where required before expansion.