1. Overview and our roles
Thorbis, Inc., a Delaware corporation (“Thorbis,” “we,” “us,” or “our”) provides software to service businesses. This Privacy Policy explains how we handle personal data across the Thorbis platform, websites, and related services (the “Service”).
Our role depends on the data. For personal data about a business's own end customers and employees, the business is the controller of that data and Thorbis acts as its processor — handling the data on the business's behalf and under its instructions (see the Data Processing Addendum at /legal/dpa). For account, billing, website, and marketing data, Thorbis is the controller. This policy explains both.
- “Customer” means the business that subscribes to the Service.
- “End Customers” means the homeowners, businesses, and other people a Customer serves and whose information the Customer processes through the Service.
- “Customer Data” means the data a Customer and its users submit to or generate in the Service.
2. Information we collect
Account and business information
When you create an account or set up your company, we collect information such as your name, email address, phone number, company details, and billing information. Payment card and bank details you provide for your subscription are handled by our payment processor and are not stored by Thorbis.
Customer Data the Customer submits
Customers submit records about their End Customers — including names, contact details, service addresses, job, estimate, and invoice records, and communication logs for SMS, calls, and email — as well as employee and payroll information such as hours, pay rates, and pay-run figures. The Customer controls this data; Thorbis processes it on the Customer's behalf.
Usage, device, log data, and cookies
We automatically collect usage, device, and log data when you use the Service — for example, IP address, browser and device information, pages and features used, and timestamps. We and our providers use cookies and similar technologies as described in our Cookie Policy at /legal/cookies.
Communications content
To deliver messaging, voice, and email features, we process the content of communications sent and received through the Service, including message text, call audio or transcripts where applicable, and email content.
Data from integrations
When a Customer chooses to connect a third-party service (for example, payment processing, banking, telephony, email, or mapping), we receive data from that integration as needed to provide the connected feature.
3. A note on sensitive data
The Customer controls what it enters into the Service. The Service does not require government identifiers such as Social Security numbers to operate payroll features, and Customers should not store unnecessary sensitive personal information in free-text fields.
4. How we use information
We use the information we collect to:
- provide, operate, secure, and support the Service;
- process billing and manage subscriptions;
- improve and develop features;
- communicate with Customers about their accounts, the Service, and (where permitted) marketing;
- detect, prevent, and respond to abuse, fraud, and security issues; and
- comply with legal obligations and enforce our agreements.
We do not sell personal information.
6. Data retention
We retain account data while the account is active. After termination, the Customer may export Customer Data for a limited window, after which we delete or anonymize it — generally within 60 days — unless applicable law requires us to retain it for longer.
7. International data transfers
The Service is primarily hosted in the United States. Where personal data is transferred internationally, we rely on appropriate safeguards such as Standard Contractual Clauses, as described in the Data Processing Addendum at /legal/dpa.
8. Security
We use reasonable technical and organizational measures to protect personal data (see our Security page at /security) and will notify affected parties of incidents consistent with applicable law. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.
9. Your choices and rights
Customers can access, correct, export, and delete data within the Service or by contacting us; manage cookie choices; and opt out of marketing communications.
Region-specific rights, including under the EU/UK GDPR and the CCPA/CPRA, are described at /legal/privacy-rights.
Because the business is the controller of its End Customers' data, End Customers should direct requests to the business they interacted with. Thorbis will assist and route such requests to the relevant business.
10. Children
The Service is for businesses and is not directed to children, and we do not knowingly collect personal data from children.
11. Text messaging
Thorbis sends service-related texts on behalf of the businesses that use it, only to people who provided their number and consented. Mobile information is not sold or shared with third parties for their marketing. Reply STOP to opt out. For details, see our Text Messaging Program & Consent at /legal/sms.
12. Changes to this policy
We may update this Privacy Policy from time to time. We will post updates here and, for material changes, provide notice (for example, by email or in the Service).
13. Contact
Privacy questions and data requests: privacy@thorbis.com (the “Privacy Contact”).
Thorbis, Inc., Pickens County, Georgia, United States. Mailing address available on request to legal@thorbis.com.
Related documents
- Terms of Service
- Acceptable Use Policy
- Payments & Money-Movement Terms
- AI Disclosure & Acceptable Use
- Your Privacy Rights (GDPR & CCPA/CPRA)
- Data Processing Addendum
Questions about this document? Email legal@thorbis.com. Privacy requests: privacy@thorbis.com.