Privacy Policy

Effective Date: March 1, 2026

Overview

At Olmsted (olmstedinfra.com), we respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, and safeguard your information when you visit our website and use our services.

What Data We Collect

Account Information

When you create an account, we collect your name, email address, company name, and password. You may optionally provide additional information like job title or phone number.

Project Data

When you create projects in Olmsted, we collect project details including name, location, type (solar, wind, etc.), capacity, and project-specific metadata. This information helps us provide permitting intelligence and regulatory pathway analysis.

Documents and Files

You upload documents and files to organize your permitting workflow. These files are stored securely and treated as your confidential data. We do not access, analyze, or retain copies of your documents beyond what is necessary to provide the service.

Usage Analytics

We collect anonymized usage data about how you interact with Olmsted — pages visited, features used, time spent, and errors encountered. This helps us improve the product and understand user behavior patterns, but we do not track individual actions in detail.

How We Use Your Data

  • Provide the Service: Deliver infrastructure permitting intelligence, document management, and collaboration features.
  • Improve the Product: Analyze aggregated usage data to identify which features are most valuable and where improvements are needed.
  • Communicate: Send product updates, security alerts, and account-related notifications. We may occasionally send educational content about permitting or new Olmsted features.
  • Comply with Law: Respond to legal requests, enforce our Terms of Service, and protect against fraud or abuse.

Third-Party Services

Supabase (Database & Authentication)

Olmsted uses Supabase for secure data storage and user authentication. Supabase is built on AWS and hosts all data in US-based servers with encrypted connections. Supabase implements row-level security policies to ensure that each team's data is isolated and only accessible to authorized users.

Cloudflare (CDN & Hosting)

We use Cloudflare for content delivery, DDoS protection, and website hosting. Cloudflare may see your IP address and basic request metadata, but does not have access to your project or account data.

Formspree (Email Capture)

We use Formspree to manage contact form submissions on our landing page. Email addresses submitted through forms are sent to Formspree and stored so we can respond to your inquiries. Formspree is a third-party service and has its own privacy policy.

Data Storage & Security

All personal and project data is stored on US-based servers via Supabase (AWS). We encrypt all data in transit using HTTPS and at rest using industry-standard encryption. Documents are served through time-limited signed URLs, ensuring that only authorized users can access them. However, we cannot guarantee absolute security, and you are responsible for maintaining the confidentiality of your password and account.

Your Data Rights

You have the right to:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate or incomplete data.
  • Deletion: Request deletion of your account and associated data. We will delete your account within 30 days of your request and remove all personal data from active systems.
  • Data Portability: Request a structured export of your data in a machine-readable format.

To exercise these rights, contact us at info@olmstedinfra.com.

Cookies & Tracking

Olmsted uses minimal cookies — only session cookies required for user authentication. We do not use tracking cookies, analytics cookies, or third-party advertising cookies. Your session is maintained securely until you log out or your session expires.

Data Retention

We retain your personal and project data as long as your account is active. If you request account deletion, all personal data will be deleted within 30 days. Document files may be retained for an additional 30 days in backup systems before permanent deletion. You may request data export at any time before deletion.

Children's Privacy

Olmsted is not intended for users under 13 years of age. We do not knowingly collect personal information from children under 13. If we become aware that a child under 13 has provided us with personal data, we will delete such information promptly.

Changes to This Policy

We may update this Privacy Policy occasionally to reflect changes in our practices, technology, or legal requirements. We will notify you of material changes by email or through the Olmsted platform. Continued use of Olmsted after such changes indicates your acceptance of the updated Privacy Policy.

Contact Us

If you have questions about this Privacy Policy or how we handle your data, please contact us at:

Email: info@olmstedinfra.com
Website: olmstedinfra.com