Privacy Policy

Last updated: July 3, 2026

TakaraWorks LLC ("TakaraWorks," "we," "us") provides an AI-powered platform for construction-monitoring professionals — document analysis, draw review, site-photo capture, and report generation — through our websites (takaraworks.com and related subdomains), web application, and mobile application (together, the "Service").

This Privacy Policy explains what information we collect, how we use and share it, and the choices you have. It applies to everyone who uses the Service or visits our websites.

TakaraWorks is a business tool

The Service is provided to businesses ("Customers") and used by people those businesses authorize ("users" or "you"). Access is by invitation only — there is no self-serve signup. This shapes how your data is handled:

  • Customer Content. Documents, site photos, voice recordings, notes, and other material uploaded or captured through the Service belong to the Customer organization you work with. We process Customer Content on that organization's behalf and under its instructions, as described in our agreement with them (including a Data Processing Agreement, where applicable). If you have questions about how a Customer organization handles content you contribute, contact that organization.
  • Account and usage information. Information about your account and your use of the Service, described below, is handled by TakaraWorks as described in this policy.

Information we collect

Information you or your organization provide

  • Account information. Your name and email address, your organization and role within it, and a password (stored only in hashed form). Accounts are created by invitation from an organization administrator or from us.
  • Documents. Files uploaded for analysis — for example payment applications, budgets, invoices, and related construction-finance documents — and the structured data and reports the Service derives from them.
  • Site photos and location. Photos captured or imported through the mobile app. If you grant the app location permission, photos are geo-tagged with precise GPS coordinates (latitude, longitude, altitude, and accuracy) and a derived street address, so reports can document where each photo was taken. Geo-tagging is controlled by your device's location permission and stops if you revoke it. The app also saves a backup copy of each captured photo to your own device photo library.
  • Voice recordings and transcripts. Voice notes and tags you record, the text transcripts generated from them, and structured details (such as trade, location, and condition observations) extracted from those transcripts.
  • Notes and messages. Field notes (text or voice, optionally geo-tagged), and messages you exchange with the Service's AI assistant.
  • Email you send to the Service. If your organization uses the email-to-notes feature, emails forwarded to your organization's intake address — including sender name and address, subject, body, and attachments — are stored so they can be triaged into project notes. Only senders who are members of the organization are accepted.

Information collected automatically

  • Service logs. We log use of the Service's AI features (which feature was used, when, by which account, and technical measurements such as processing time and computational usage) to operate the Service, monitor quality, and debug problems. The content portion of these logs is automatically deleted after 90 days; see Data retention.
  • Session information. We use cookies only to keep you signed in. We do not use advertising or analytics cookies.
  • Infrastructure logs. Our hosting providers keep standard, short-lived web server logs (such as IP address and browser type) to run and secure their networks.

What we do not collect

We do not use third-party analytics, advertising SDKs, session-recording tools, or cross-app tracking identifiers — on the web or in the mobile app. We do not collect payment information (billing is handled outside the Service). We do not sell personal information, and we do not share it for targeted advertising.

How we use information

We use the information described above to:

  • Provide the Service — including analyzing documents, transcribing and structuring voice notes, geo-tagging photos, generating reports, and syncing your work across devices;
  • Operate, secure, and improve the Service, including monitoring quality and troubleshooting;
  • Communicate with you about the Service (for example, invitations, password resets, and important notices); and
  • Comply with law and enforce our agreements.

AI processing

AI features are central to the Service. When you use them, relevant content is processed by our AI infrastructure providers:

  • Anthropic processes document content, transcripts, and related context to power extraction, validation, report generation, and the AI assistant.
  • OpenAI processes voice recordings to produce transcripts, and document text to produce embeddings used for search and retrieval.

Both providers process this content under API terms that prohibit using it to train their models. AI processing happens only to deliver the features you invoke — your content is not used to build models for other customers or third parties.

How we share information

We share information only with:

  • Subprocessors — the service providers listed below, who process it solely to provide their part of the Service;
  • Your organization — administrators of a Customer organization can see the content and activity of users in that organization;
  • Legal and safety recipients — when required by law or to protect the rights, safety, or property of TakaraWorks, our Customers, or others; and
  • A successor entity — if TakaraWorks is involved in a merger, acquisition, or sale of assets, in which case this policy continues to apply to information transferred.

Subprocessors

ProviderPurposeData involvedLocation
SupabaseDatabase, authentication, and file storageAll Service data at restUnited States (AWS us-west-2)
AnthropicAI document analysis and generationDocument content, transcripts, promptsUnited States
OpenAIVoice transcription and text embeddingsVoice recordings, document textUnited States
ResendTransactional and inbound emailAccount emails; forwarded email contentUnited States
VercelWeb application hostingData in transit through the web tierUnited States
RailwayAPI hostingData in transit through the API tierUnited States

We will update this list before adding a provider that processes Customer Content.

Data retention

  • Customer Content (documents, photos, recordings, transcripts, notes, emails) is retained until it is deleted by you or your organization, or until the Customer relationship ends and deletion is requested under our agreement with the Customer.
  • AI service logs: the content portion (prompts and responses) is deleted after 90 days; non-content metadata (feature, timing, and usage measurements) is retained for operations.
  • Search embeddings derived from chat and document-processing sessions are deleted after 90 days.
  • Account information is retained while your account is active and removed when your account is deleted.

Security

All data is encrypted in transit (TLS) and at rest. Every customer organization's data is isolated by database-enforced row-level security — isolation is enforced by the database itself on every table, not just by application code. End-user requests execute under the user's own identity, and administrative credentials are restricted to internal background processing. Access to production systems is limited to authorized personnel.

No system is perfectly secure, but security is engineered into the Service's foundation. Security questions are welcome at the contact address below.

Your rights and choices

  • Access, correction, deletion. You can review and edit your profile in the Service. Organization administrators can delete content and remove users for their organization. You may also contact us directly to request access to, correction of, or deletion of your personal information, and we will respond consistent with applicable law. Where your request concerns Customer Content, we may refer it to the Customer organization that controls it.
  • Device permissions. Camera, microphone, location, and photo-library access are each controlled by your device's permission settings and can be revoked at any time. Revoking a permission disables the corresponding feature (for example, revoking location stops photo geo-tagging) without disabling the rest of the app.
  • Email. Service emails are transactional (invitations, password resets, notices); we do not send marketing email to Service users.

Children

The Service is a professional business tool, is not directed to children, and may not be used by anyone under 18.

Changes to this policy

We may update this policy as the Service evolves. If we make material changes, we will notify users through the Service or by email before the changes take effect, and we will always show the "Last updated" date above.

Contact

TakaraWorks LLC 2450 Colorado Ave, Suite 100E Santa Monica, CA 90404 hello@takaraworks.com