Privacy Policy

1. Introduction

AIM Consulting, LLC (“we,” “our,” or “us”) operates the MyDocksidePro web application (the “App”) at app.mydocksidepro.com and marketing site at mydocksidepro.com. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use the App. Please read this policy carefully. By using the App, you agree to the practices described here.

2. Who This Policy Applies To

Vendors (our direct customers)

If you are a marine service vendor who signs up for an account, AIM Consulting, LLC is the controller of your business information (business name, contact information, team roster, and the information you enter about your own customers). This policy describes how we handle that information.

End-customers of vendors

If you are a customer of a business that uses MyDocksidePro (for example, a boat owner whose marine mechanic uses our App), that business is the data controller of your personal information. MyDocksidePro processes your information as a service provider acting on that business's instructions. Please contact the business directly for questions about how your information is used. This is disclosed under the Vendor Data Processing Addendum described in Section 10.

3. Information We Collect

A. Information You Provide

• Business profile information (business name, address, phone number, email, logo)
• Team member names, roles, and optional email addresses
• Customer names, phone numbers, email addresses, and vessel details entered when creating jobs
• Job and work order details (service type, boat information, marina/dock location, line items, notes)
• Invoice and payment term information
• Photos uploaded to document job work
• Signed consent forms (signer name, typed initials, signed content, timestamp)

B. Information Collected Automatically

• Device GPS coordinates when creating or viewing nearby jobs (with your permission)
• Device identifiers used to link devices to your business account via a Link Code
• App usage data cached locally in browser storage (AsyncStorage) for offline access
• Basic technical diagnostics and error reports via Sentry (no message content, no PII in breadcrumbs)

C. Information We Do Not Collect

• We do not collect or store payment card numbers, CVVs, or banking information — Stripe handles all card entry directly (see Section 7)
• We do not collect Social Security numbers, tax IDs, or government-issued identity numbers
• We do not knowingly collect personal information from individuals under 13 years of age

4. How We Use Your Information

We use the information we collect to:

• Provide, operate, and maintain the App and its features
• Sync your business data across devices in real time
• Send job-related communications (scheduled reminders, estimate responses, invoice delivery, rating requests) — only where you have given us permission to do so
• Generate invoices and service records for your business
• Sort and display nearby open jobs based on GPS location
• Enable team members to access and update shared job data
• Process vendor subscription billing through Stripe
• Improve and develop new features for the App

We do not use your data for advertising. We do not sell your data to third parties.

5. Named Third-Party Service Providers (Sub-Processors)

We share information with the following service providers so they can perform services on our behalf. Each provider has its own privacy policy and is a sub-processor under our Data Processing Addendum (DPA) with vendors.

6. Google Calendar Data (Restricted OAuth Scope)

If you connect your Google Calendar to MyDocksidePro, we access your Google Calendar solely to create, update, and delete job events on your behalf. We do not store Google Calendar event data beyond what is necessary to manage the sync — specifically, the Google Calendar event ID associated with each job so we can update or delete that event later.

Google Calendar data is never used for advertising, analytics, machine-learning training, or any purpose other than the calendar sync feature you have authorized.

Google Calendar access tokens are stored server-side in an isolated Firestore collection that is unreadable by any client. You can revoke access at any time by clicking “Disconnect Google Calendar” in Settings → Integrations, or by revoking MyDocksidePro's access from your Google Account's Security page. Upon disconnection we delete both the access token and the refresh token and stop writing to your calendar.

MyDocksidePro's use and transfer of information received from Google APIs to any other app adheres to the Google API Services User Data Policy, including the Limited Use requirements.

7. Card Payment Processing (PCI)

When a customer pays an invoice through a Stripe payment link, card information is entered directly into Stripe's hosted checkout. Card numbers, CVVs, and full PANs never pass through MyDocksidePro servers or databases. We receive only a payment identifier (e.g. a Stripe Payment Intent ID) confirming that a payment was made. AIM Consulting, LLC qualifies for PCI DSS SAQ-A as a result of this design.

8. How We Store and Protect Your Information

Local Device Storage

Job and business data is cached locally in your browser using AsyncStorage for offline access. This data is scoped per business so it cannot leak between accounts on shared devices.

Cloud Storage

Data is synced to Google Firebase (Firestore and Firebase Storage), hosted in the United States (us-central1 region). Firebase is operated by Google LLC.

We implement reasonable administrative and technical safeguards including:

• Encryption in transit (TLS) and at rest
• Strict Firestore security rules scoping data access by business ID
• Isolation of OAuth tokens (Google Calendar, Square, QuickBooks) in server-only collections unreadable to clients
• Cloud Functions that validate caller identity before writing
• Application-level monitoring via Sentry with PII scrubbing

No method of transmission over the internet is 100% secure. We will notify affected Florida residents within 30 days of discovering a reportable breach as required by the Florida Information Protection Act.

9. Communications, SMS & Email Consent

We send transactional SMS (appointment confirmations, rating requests tied to completed work, approval-gate messages) and transactional email (invoices, estimates, consent forms, team invitations) on behalf of vendors.

We do not send SMS to an end-customer unless the end-customer has given written consent. Consent is captured explicitly on the consent form a vendor sends before service begins. Consent is not a condition of service — a customer who does not opt in can still work with the vendor and will receive email instead.

End-customers can opt out of any SMS at any time by replying STOP to the message. Message and data rates may apply. Frequency is limited to the transactional events listed above.

All marketing email includes our physical mailing address and an unsubscribe link per the CAN-SPAM Act. Transactional email (invoices, estimates) always includes the sender business's name, contact information, and AIM Consulting, LLC's mailing address.

10. Vendor Data Processing Addendum (DPA)

When a vendor uses MyDocksidePro to store information about their customers, AIM Consulting, LLC acts as a data processor and the vendor acts as the data controller. The Vendor Data Processing Addendum governs this relationship and is available to every vendor during onboarding and at any time in Settings → Legal.

The DPA covers data types processed, purpose and duration of processing, the list of sub-processors (same as Section 5), security obligations, breach notification obligations (within 72 hours of discovery), and deletion on termination.

11. Location Data

The App requests access to your device's GPS location to:

• Attach coordinates to job records when creating or editing a job
• Sort open jobs by proximity on the Nearby Jobs screen
• Confirm geofenced clock-in/out for hourly employees where enabled by the vendor

Location access is optional and only used when the relevant features are active. You may deny or revoke location permissions at any time through your browser or device settings. Denying location access will not prevent you from using core App features.

12. Camera and Photo Library

The App requests access to your camera and photo library to allow you to:

• Attach photos to job records as documentation
• Upload a business logo to your business profile
• Capture vessel and safety documentation for consent forms

Photos are uploaded to Firebase Storage and associated with your business account. You may deny camera and photo access at any time through your browser or device settings.

13. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We disclose your information only in the following circumstances:

• With your consent or at your direction
• To named sub-processors listed in Section 5, strictly to perform their service function
• To comply with applicable law, regulation, legal process, or governmental request
• To protect the rights, property, or safety of AIM Consulting, LLC, our users, or the public
• In connection with a merger, acquisition, or sale of all or a portion of our assets, subject to continued protection under this policy

14. Data Retention & Deletion

We retain data while your account is active. After account termination:

• Business profile and job records: deleted or anonymized within 90 days unless longer retention is required by law
• Signed consent forms: retained for 7 years to preserve the signed record (enforceability under the ESIGN Act and UETA)
• Backups: overwritten on the rolling 30-day Firestore backup schedule
• Google Calendar tokens: deleted immediately upon disconnection
• Square / QuickBooks tokens: deleted immediately upon disconnection

You may request earlier deletion of eligible data by writing to privacy@mydocksidepro.com.

15. Your Privacy Rights

Depending on where you live, you may have the right to access, correct, delete, or port your personal information. Contact us at privacy@mydocksidepro.com to exercise these rights. Specific jurisdictional rights (including California under CCPA/CPRA) will be published in a separate California Privacy Notice when applicable; MyDocksidePro currently serves a Florida-based vendor base and will add California-specific disclosures before onboarding the first California vendor.

16. Children's Privacy

The App is not directed to children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us and we will promptly delete it.

17. International Users

The App is designed for users in the United States. If you access the App from outside the U.S., you consent to the transfer and processing of your information in the U.S.

18. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify vendors by updating the “Last updated” date and the version number at the top of this page and, where a change materially affects your rights, by displaying a notice in the App. Continued use of the App after changes are posted constitutes your acceptance of the updated policy.

19. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

AIM Consulting, LLC
300 N. Center Street, Casper, WY 82601
Email: privacy@mydocksidepro.com
Website: https://mydocksidepro.com