Privacy Policy
Effective date: June 4, 2026 · Last updated: June 4, 2026
1. Introduction
This Privacy Policy explains how Sturdy, LLC (“Sturdy,” “we,” “us,” or “our”) collects, uses, discloses, and protects information in connection with the Sturdy geotechnical document platform available at app.sturdy.com and related services (collectively, the “Service”).
Sturdy is a business-to-business service used by engineering and consulting organizations to convert, edit, manage, and export geotechnical documents such as bore logs and laboratory data. By accessing or using the Service, you agree to this Privacy Policy. If you do not agree, please do not use the Service.
2. Information We Collect
Account information
When you sign in, we collect your email address and name. We use passwordless authentication (a one-time “magic link” or code sent to your email), so we do not collect or store account passwords. We also store authentication identifiers, email-verification status, and sign-in timestamps.
Organization and role information
The Service is organized around companies (organizations) and projects. We store your membership in one or more organizations and your assigned role (for example, admin, editor, or viewer), which determines what you can access.
Content you provide
We collect and store the content you upload to or create in the Service, including:
- Uploaded files such as PDF field logs and Excel templates;
- Extracted and edited document data (bore logs, laboratory data, material descriptions, samples, and field notes);
- Project metadata such as project names, project numbers, and locations;
- Geographic information associated with documents, including location descriptions and latitude/longitude coordinates; and
- Document version and edit history, including which user made a change.
Usage and device information
We automatically collect certain information about how you interact with the Service, such as pages viewed, features used, performance metrics and web vitals, approximate device and browser characteristics, and event timestamps. Some of this is collected through cookies and similar technologies (see Section 6).
3. How We Use Information
We use the information described above to:
- Provide, operate, and maintain the Service, including authentication and access control;
- Process uploaded documents, including AI-assisted data extraction and material-description rewording (see Section 4);
- Store, render, and export your documents, including deterministic PDF and Excel exports and map visualizations;
- Monitor, debug, secure, and improve the performance and reliability of the Service;
- Communicate with you about your account, security, and support requests; and
- Comply with legal obligations and enforce our Terms of Service.
4. AI Processing of Document Content
The Service uses third-party artificial-intelligence providers to extract structured data from uploaded documents and to reword material descriptions. To do this, the relevant document content is transmitted to these providers for processing and the results are returned to the Service. Today these providers are Google (Gemini) and, as a fallback, OpenAI.
We send document content for the purpose of providing the Service to you. We do not authorize these providers to use your content to train their models, and we rely on their applicable enterprise/API terms that prohibit such training. AI-generated output may contain errors and must be reviewed and verified by a qualified professional before use (see our Terms of Service).
5. How We Share Information
We do not sell your personal information. We share information only as described below.
Service providers (subprocessors)
We use trusted third parties to operate the Service. These providers process information on our behalf and are bound by obligations to protect it:
| Provider | Purpose | Data involved |
|---|---|---|
| Supabase | Database, authentication, and file storage | Account data, organization/project data, document content, uploaded files |
| PostHog | Product analytics and session replay | User identifier (email, name, organization), usage events, performance metrics |
| Google (Gemini) | AI document extraction and rewording | Document content submitted for processing |
| OpenAI | Fallback AI document extraction and rewording | Document content submitted for processing |
| Mapbox | Map rendering and geocoding | Location/coordinate data from your documents |
| Trigger.dev | Asynchronous document-processing jobs | Uploaded files and job metadata |
| Vercel | Application hosting and delivery | Request and technical data necessary to serve the app |
Within your organization
Content and activity within an organization are accessible to other authorized members of that organization according to their roles.
Legal and safety
We may disclose information if required by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of Sturdy, our users, or others.
Business transfers
If we are involved in a merger, acquisition, financing, or sale of assets, information may be transferred as part of that transaction, subject to this Privacy Policy.
6. Cookies and Similar Technologies
We use cookies and similar technologies to:
- Keep you signed in and maintain your authenticated session (authentication cookies);
- Remember your active organization and preferences; and
- Measure and improve product usage and performance (analytics cookies, including session replay via PostHog).
You can control cookies through your browser settings. Disabling some cookies may affect core functionality, such as the ability to stay signed in.
7. Data Retention and Security
We retain personal information and content for as long as your account or organization remains active, as needed to provide the Service, and as required to comply with our legal obligations, resolve disputes, and enforce our agreements.
We use technical and organizational safeguards designed to protect information, including encryption in transit (TLS), encryption at rest through our storage provider, access controls, and time-limited signed URLs for file access. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.
8. Your Choices and Rights
You may access and update certain account information within the Service. Organization administrators can manage members and content within their organization. To request access to, correction of, or deletion of personal information, or to ask questions about your data, contact us at support@sturdy.com. We will respond consistent with applicable law. Note that some content may be controlled by your organization rather than by you individually.
9. Ownership of Customer Data
As between you and Sturdy, your organization retains ownership of the documents and data it uploads to or creates in the Service. We process that content to provide the Service and as otherwise described in this Privacy Policy and our Terms of Service.
10. Children's Privacy
The Service is intended for use by businesses and professionals and is not directed to individuals under 18. We do not knowingly collect personal information from children. If you believe a child has provided us personal information, please contact us so we can delete it.
11. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will update the “Last updated” date above and, where appropriate, provide additional notice. Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.
12. Contact Us
If you have questions about this Privacy Policy or our privacy practices, contact us at support@sturdy.com.