hounTerms of Service

Privacy Policy

Effective Date: March 5, 2026

1. Introduction

This Privacy Policy describes how CH McGill Corporation (“Houn,” “we,” “us,” or “our”) collects, uses, stores, shares, and protects your information when you use the Houn platform (“Service”) at houn.ai.

By using the Service, you consent to the collection, use, and sharing of your information as described in this Privacy Policy. If you do not agree, do not use the Service.

This Privacy Policy is incorporated into and forms part of our Terms of Service.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Full name
  • Email address
  • Password (stored using industry-standard cryptographic hashing; we never store or have access to your plaintext password)
  • Organization name
  • Phone number (if provided)

2.2 Organization and Project Information

GC users provide:

  • Company name and address
  • Project details (name, address, county, dates, contract value)
  • Subcontractor contact information (company name, email, trade, contract value)
  • Compliance template configurations and custom requirements

2.3 Compliance Documents

Subcontractor users upload compliance documents including but not limited to:

  • Certificates of insurance (COIs)
  • Public Works Contractor Registration certificates (PWCRs)
  • Business registration certificates
  • Apprentice certifications and experience documentation
  • Affirmative action documentation
  • EEO compliance documentation

These documents may contain sensitive business information including company names, policy numbers, coverage amounts, expiration dates, and other business details.

2.4 Payroll Information

Users may enter certified payroll data including:

  • Worker names
  • Last four digits of Social Security Numbers
  • Work classifications and trade designations
  • Hours worked (regular and overtime)
  • Hourly wage rates and overtime rates
  • Deduction amounts
  • Fringe benefit information

We do not collect or store full Social Security Numbers. Only the last four digits are collected, as required for certified payroll reporting purposes. If a user inadvertently enters a full Social Security Number, the Service is designed to store only the last four digits; however, we cannot guarantee interception in all cases and users are solely responsible for not submitting full SSNs.

2.5 Usage Data

We automatically collect:

  • Log data (IP address, browser type, operating system, pages visited, timestamps, referring URLs)
  • Actions taken within the Service (uploads, approvals, status changes, confirmations) for audit trail purposes
  • Error reports, crash logs, and performance data via our error monitoring service (Sentry)
  • Device identifiers and general geolocation data (country/region level)

2.6 Communication Data

We collect the content of communications you send to us, including support requests and feedback.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Providing the Service: Creating and managing your account, processing and storing compliance documents, generating dashboards, notifications, and reports
  • AI Processing: Extracting data from uploaded documents using AI-powered tools (see Section 4)
  • Validation: Comparing extracted and user-entered data against project requirements and published prevailing wage rates
  • Communications: Sending email notifications regarding document expirations, submission deadlines, account activity, and service updates
  • Audit Trail: Maintaining records of all actions taken within the Service for compliance and accountability purposes
  • Support: Responding to your support requests and communications
  • Security: Detecting, preventing, and addressing technical issues, security threats, fraud, and abuse
  • Improvement: Analyzing aggregated, de-identified usage patterns to improve the Service (we do not use individual documents or data for this purpose)
  • Legal Compliance: Complying with applicable legal obligations, legal process, or governmental requests

4. AI Document Processing

4.1 How It Works

When a document is uploaded to the Service, it may be sent to a third-party AI service for automated data extraction. The AI service processes the document to extract structured data fields such as names, dates, amounts, and policy numbers. We currently use Anthropic’s Claude API for this purpose, but we reserve the right to change AI providers at any time.

4.2 What Is Sent

Document images or text content are transmitted to the AI service provider via encrypted API connections for the sole purpose of data extraction. We send only the document content necessary for extraction. We do not send your account credentials, passwords, or unrelated personal information to the AI provider.

4.3 Third-Party Data Handling

Documents sent to our AI provider are processed in accordance with that provider’s API data usage policies. As of the effective date of this Privacy Policy, Anthropic’s API terms state that API inputs and outputs are not used to train their models. However, third-party policies may change, and we encourage you to review the current privacy policy and API terms of our AI providers. We are not responsible for changes to third-party data handling practices.

4.4 Extracted Data Storage

Data extracted by AI is stored within the Service and associated with the relevant document and evidence slot. Extracted data is subject to user review and confirmation before it is treated as verified within the Service. Both the raw AI extraction results and user-confirmed values are retained.

4.5 Limitations

AI extraction is an assistive feature and may produce errors, omissions, or inaccuracies. We make no guarantee regarding the accuracy of AI-extracted data. See Section 4 of our Terms of Service for full disclaimers.

5. How We Store and Protect Your Information

5.1 Infrastructure

The Service is hosted on Vercel (frontend application) and Supabase (database, authentication, and file storage). Your data is stored in data centers located in the United States (US West — Oregon region).

5.2 Encryption

  • All data transmitted between your browser and the Service is encrypted using TLS (HTTPS)
  • All data stored in the database is encrypted at rest using AES-256 encryption
  • Uploaded documents are stored in encrypted storage buckets
  • SSN last-four values are additionally protected using application-level authenticated encryption

5.3 Access Controls

  • Row-level security (RLS) policies enforce data isolation at the database level
  • Each organization’s data is isolated from all other organizations
  • Subcontractor users cannot access data belonging to other subcontractors
  • GC users can only access data for projects within their organization
  • Subcontractor documents shared with a GC are accessible only within the context of assigned projects
  • Administrative access to production systems is limited to authorized personnel

5.4 Audit Logging

All significant actions within the Service (including document uploads, data confirmations, status changes, and overrides) are logged with timestamps, user identification, and action details. These logs are maintained for audit trail purposes and are accessible to authorized users within the relevant organization.

5.5 Security Measures

We implement security measures including but not limited to rate limiting on authentication endpoints, security headers, input validation, and CSRF protection. However, no method of transmission over the internet or method of electronic storage is 100% secure, and we cannot guarantee absolute security of your data.

5.6 Breach Notification

In the event of a data breach that affects your personal information, we will notify affected users via email within a commercially reasonable timeframe and in accordance with applicable law.

6. How We Share Your Information

6.1 Within the Service

Your information is shared with other users of the Service only as necessary for the Service to function:

  • When a subcontractor uploads a document to fulfill a project requirement, the associated GC can view that document and its extracted data
  • GC administrators can view all project data, subcontractor submissions, and user activity within their organization
  • Subcontractors can only see their own data and the projects to which they are assigned

6.2 Third-Party Service Providers

We share information with the following third-party service providers who assist us in operating the Service:

ProviderPurposeData Shared
SupabaseDatabase hosting, authentication, file storageAll Service data
VercelApplication hosting, deployment, analyticsUsage data, server logs
AnthropicAI document processing (see Section 4)Document content for extraction
StripePayment processingPayment method details (collected directly by Stripe; we do not store credit card numbers)
ResendEmail deliveryEmail addresses, notification content
SentryError monitoring and performance trackingError logs, stack traces, anonymized usage context

These providers process your information on our behalf and are contractually obligated to use your information only for the purposes of providing their services to us. We do not control and are not responsible for the privacy practices of these third-party providers.

6.3 Legal Requirements

We may disclose your information if required to do so by law, regulation, subpoena, court order, or other legal process. We may also disclose information if we believe in good faith that disclosure is reasonably necessary to: (a) protect our rights, property, or safety; (b) protect your safety or the safety of others; (c) investigate or prevent fraud; (d) respond to a government request; or (e) enforce our Terms of Service.

6.4 Business Transfers

If Houn or CH McGill Corporation is involved in a merger, acquisition, bankruptcy, dissolution, reorganization, or sale of some or all of its assets, your information may be transferred as part of that transaction. We will use reasonable efforts to notify you via email or prominent notice on the Service before your information becomes subject to a different privacy policy.

6.5 What We Do Not Do

  • We do not sell your personal information or document data to third parties
  • We do not share your data with advertisers or ad networks
  • We do not use your document content for marketing purposes
  • We do not provide your data to other Houn customers except as described in Section 6.1
  • We do not use individual user documents or data to train AI models

7. Data Retention

7.1 Active Accounts

We retain your data for as long as your account is active and as necessary to provide the Service. Cancellation of a subscription or expiration of a free trial does not result in deletion of your data. Your data remains intact and accessible until you request account termination.

7.2 After Account Termination

Upon account termination or cancellation:

  • Your data will be retained for 90 days to allow for data export
  • After the 90-day retention period, your data will be permanently deleted from our active systems
  • Backup copies may persist for up to an additional 30 days before being purged from backup systems
  • Audit log entries may be retained for up to 3 years as required for legal and regulatory compliance purposes

7.3 Document Retention

Uploaded documents and their associated extracted data are retained for the duration of the active account. Subcontractor vault documents persist independently of any individual project and are retained as long as the subcontractor’s account is active. When a subcontractor’s document has been shared with a GC project, the GC’s copy of the document data (but not the original file) may be retained as part of the GC’s project records even after the subcontractor’s account is terminated, to the extent necessary for the GC’s compliance record-keeping.

7.4 Anonymized Data

Aggregated, de-identified data that cannot reasonably be used to identify any individual or organization may be retained indefinitely for analytical and product improvement purposes.

8. Your Rights

8.1 Access and Export

You may request access to the personal information we hold about you at any time. GC users may export project data and reports. Subcontractor users may export their vault documents and profile data. To request a data export, contact us at chase@houn.ai. We will respond to export requests within 30 days.

8.2 Correction

You may update or correct your account information at any time through the Service. If you believe other information we hold about you is inaccurate, contact us and we will make reasonable efforts to correct it.

8.3 Deletion

You may request deletion of your account and associated data by contacting us at chase@houn.ai. Please note:

  • Deletion of a GC account will remove all project data, including subcontractor assignments and compliance tracking data for those projects
  • Deletion of a subcontractor account will remove the subcontractor’s vault documents and profile data. Document data that was shared with GC projects may be retained by the GC organization as part of their project records (see Section 7.3)
  • Audit log entries recording actions you took may be retained as described in Section 7.2
  • We may retain certain information as required by applicable law
  • Deletion requests will be processed within 30 days, subject to the retention periods described in Section 7.2

8.4 Opt-Out of Communications

You may not opt out of transactional notifications related to active project participation (such as document expiration alerts and submission reminders), as these are essential to the Service. You may opt out of non-essential or marketing communications at any time by contacting us at chase@houn.ai.

8.5 Do Not Track

The Service does not currently respond to “Do Not Track” browser signals.

9. Cookies and Tracking

9.1 Essential Cookies

We use cookies that are strictly necessary for the Service to function, including session cookies for authentication and security. These cannot be disabled without impairing the Service.

9.2 Analytics

We use Vercel Analytics for understanding how users interact with the Service. These tools collect anonymized usage data including page views, feature usage, and performance metrics. We use Sentry for error tracking, which may collect technical data about errors you encounter.

9.3 No Advertising Cookies

We do not use advertising cookies, tracking pixels, or retargeting technologies. We do not participate in ad networks.

10. Children’s Privacy

The Service is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected information from a child under 18, we will take steps to delete that information promptly. If you believe we have inadvertently collected information from a child under 18, please contact us at chase@houn.ai.

11. State-Specific Rights

11.1 New Jersey Residents

New Jersey residents may have additional rights under the New Jersey Data Privacy Act (NJDPA) and other state privacy laws, including the right to know what personal information is collected, the right to access your data, the right to request correction, the right to request deletion, and the right to opt out of the sale of personal information or targeted advertising. We do not sell personal information or engage in targeted advertising. To exercise any rights under applicable New Jersey law, contact us at chase@houn.ai.

11.2 California Residents

California residents may have rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), including the right to know, the right to delete, the right to correct, the right to opt out of the sale or sharing of personal information, and the right to limit use of sensitive personal information. We do not sell or share personal information for cross-context behavioral advertising. To exercise CCPA/CPRA rights, contact us at chase@houn.ai. We will not discriminate against you for exercising your privacy rights.

11.3 Other States

Residents of other states with applicable privacy laws (including but not limited to Colorado, Connecticut, Virginia, Utah, and Texas) may have similar rights. To exercise any applicable rights, contact us at chase@houn.ai.

12. International Users

The Service is hosted and operated in the United States. If you access the Service from outside the United States, your information will be transferred to, stored, and processed in the United States. By using the Service, you consent to the transfer of your information to the United States, which may have different data protection laws than your country of residence.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on the Service and by sending an email to the address associated with your account at least 30 days before material changes take effect. Non-material changes may take effect immediately upon posting. Your continued use of the Service after the effective date of any changes constitutes acceptance of the updated Privacy Policy.

14. Contact Us

If you have questions about this Privacy Policy, our data practices, or wish to exercise any of your rights described herein, contact us at:

CH McGill Corporation
Email: chase@houn.ai
Address: 3 Evergreen Ln, Califon, NJ 07830