← BACK TO INHITCH
Privacy Policy
Last updated: June 2, 2026
1. Who we are
InHitch ("we", "us") provides a rotation-tracking application for field workers and the companies that employ them. This policy explains what we collect, how we use it, and your rights.
2. Information we collect
- Account information: name, email, profile photo, and the identity provider you use (Apple, Google, or email magic link).
- Hitch and schedule data: rotation pattern, start dates, jobsite and home addresses, travel days, expenses, schedule requests (time-off, swaps, cover), and notes you choose to log.
- Certifications: the cert or training name, issuer, credential ID, issue and expiry dates, and notes you add so you and your manager can see what is current and what is lapsing.
- Uploaded files: photos or PDFs you (or your manager, on your behalf) attach - certification cards/documents, expense receipts for reimbursables, and photos attached to crew or shift logs.
- Precise location (only if you grant it): when you tap "use my location" or allow the permission, we use your coordinates to estimate driving time to a jobsite. The resulting jobsite and home addresses you save are stored and shared with your managers. We do not track your location in the background. You can revoke this anytime in iOS Settings.
- Push notification tokens: we store the push token for your device(s) and, when you start a Live Activity, the per-activity token, so we can deliver alerts and keep your Dynamic Island / Live Activity day counter current even when the app is closed. Turn push off anytime in iOS Settings.
- Device and diagnostics data: coarse device type, operating system, app version, and crash/error diagnostics. The web dashboard reports errors through Sentry to help us fix bugs.
- Usage analytics: first-party, feature-usage events (an event name, basic properties, and a session ID) linked to your account so we can understand how the app is used and improve it. These events are not sold or shared with advertising or data-broker networks.
- Organization data: if you join or create an organization, your manager (and any sub-managers they delegate to) may see your assignments, jobsite, travel, certifications, team logs, and approval requests. See Section 5.
3. How we use it
- To run your rotation calendar, countdowns, and reminders.
- To sync your data across iOS, web, and watchOS clients.
- To deliver push notifications and Live Activity / Dynamic Island updates.
- To let your organization manage assignments, fleets, certifications, schedule requests, and approvals.
- To estimate travel time to a jobsite when you grant location access.
- To respond to support requests sent to support@inhitch.com.
- To improve the product through first-party feature-usage analytics and crash diagnostics.
4. Where your data lives
User accounts, hitch data, certifications, expenses, team logs, and analytics events are stored in Supabase (PostgreSQL) on infrastructure hosted in the United States. Uploaded files are stored in Supabase Storage buckets: cert-docs (certification documents), team-events (crew/shift log photos), and expense-receipts (receipts). These buckets are public-read at long, unguessable URLs - anyone with the exact link can open the file, so treat those links as private. Within the app, certification documents are visible to the worker and their organization's managers, and team-event photos are visible to the team and their managers. Authentication is handled by Supabase Auth and the providers you choose (Apple, Google). The mobile app also caches data locally on your device for offline use.
5. What your managers can see
If you belong to an organization, the account that owns it (and any sub-managers they delegate scoped authority to) can see your assignments, jobsite and travel details, certifications and their uploaded documents, expense receipts you submit, crew/shift logs and their photos, and your schedule requests, and can approve or deny those requests. Managers do not see your personal pay or earnings configuration. A sub-manager's access ends when their account is deleted.
6. Sharing and processors
We share data with the minimum number of processors needed to run the service:
- Supabase - database, auth, and file storage (cert-docs, team-events, expense-receipts buckets)
- Vercel - web hosting
- Apple and Google - sign-in
- Apple Push Notification service (APNs) - push and Live Activity delivery
- Resend - transactional email (sign-in links, account notices)
- Sentry - crash and error diagnostics for the web dashboard
7. Data retention and deletion
You can view and edit your data from the Settings screen in the iOS app, and you can permanently delete your account in-app (Settings → Delete Account) or by emailing support@inhitch.com. Deleting your account removes your profile, hitches, expenses, certifications and their uploaded documents, team logs you authored, push notification tokens, and your other personal data within 30 days.
One important exception: if you are a manager or organization owner, deleting your account does not delete the shared organization or the workers' and crew's data you oversee - that data belongs to the business and the people it is about, and is preserved for another administrator to manage. Your own personal data is still removed. Some records may be retained longer where law requires (e.g. financial records).
One important exception: if you are a manager or organization owner, deleting your account does not delete the shared organization or the workers' and crew's data you oversee - that data belongs to the business and the people it is about, and is preserved for another administrator to manage. Your own personal data is still removed. Some records may be retained longer where law requires (e.g. financial records).
8. Security
Data is encrypted in transit (TLS) and at rest. Access to production systems is limited to authorized maintainers. As noted above, files in public-read storage buckets are reachable by anyone holding the exact unguessable URL. No system is perfectly secure - if you believe your account is compromised, contact us immediately.
9. Children
InHitch is not directed to children under 13 and we do not knowingly collect data from them.
10. Changes
We may update this policy. Material changes will be announced on this page and, where appropriate, by email or in-app notice.
11. Contact
Questions, requests, or complaints: support@inhitch.com