Privacy Policy

Last Updated: May 22, 2026

1. Introduction

Spillwerx (“we,” “our,” or “us”) operates a hazardous materials spill response management platform that connects facilities, dispatchers, and certified cleanup contractors. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform, including our website, mobile applications, and SMS/text messaging services.

By using Spillwerx, you consent to the data practices described in this policy.

2. Information We Collect

2.1 Personal Information

We may collect the following personal information:

  • Contact Information: Name, email address, phone number, mailing address
  • Business Information: Company name, job title, contractor certifications, business licenses
  • Account Credentials: Username and password (encrypted)
  • Location Data: GPS coordinates for incident locations and contractor proximity tracking
  • Communication Records: SMS messages, emails, and in-app communications related to incident response

2.2 Incident & Operational Data

  • Incident details (spill type, tier classification, materials involved)
  • Facility information (location, emergency contacts)
  • Job assignment and dispatch records
  • Compliance documentation (DOT 5800 forms, state reports, EPA notifications)
  • Photos and documentation uploaded during cleanup operations

2.3 Automatically Collected Information

  • Device information (type, operating system, unique identifiers)
  • IP address and browser type
  • Usage data (pages visited, features used, timestamps)
  • Cookies and similar tracking technologies

3. SMS / Text Messaging

3.1 Messaging Purpose

Spillwerx uses SMS/text messaging to facilitate time-sensitive hazmat spill response operations, including:

  • Job Dispatch Notifications: Alerting contractors of new job assignments
  • Status Updates: Incident status changes, ETA confirmations, arrival notifications
  • Compliance Reminders: Deadline alerts for DOT, EPA, and state regulatory submissions
  • Emergency Communications: Critical safety alerts and urgent incident updates
  • Account Notifications: Verification codes and account security messages

For additional SMS terms, see our SMS Terms of Service.

3.2 Message Frequency

Message frequency varies based on your role and incident activity:

  • Contractors: 5–20 messages per month (varies with job volume)
  • Dispatchers: 10–50 messages per month
  • Facility Managers: 1–10 messages per month

3.3 Consent

By providing your mobile phone number and opting into SMS notifications, you expressly consent to receive text messages from Spillwerx. Consent is not a condition of purchase or use of any goods or services.

3.4 SMS Opt-In Data

We do not share or sell SMS opt-in data or phone numbers for the purpose of SMS. We do not sell, rent, or share your mobile phone number with third parties for their marketing purposes. SMS messages are used only for operational and account-related communications described in this policy.

3.5 Opt-Out Instructions

You may opt out of SMS messages at any time by:

  • Replying STOP to any message
  • Updating your notification preferences in your account settings
  • Contacting us at privacy@spillwerx.com

After opting out, you will receive a one-time confirmation message. Opting out of SMS may impact your ability to receive time-sensitive job notifications.

3.6 Carrier Disclaimer

Message and data rates may apply. Carriers are not liable for delayed or undelivered messages.

3.7 Help

For assistance with SMS, reply HELP to any message or contact support@spillwerx.com.

4. How We Use Your Information

We use collected information to:

  • Provide Services: Facilitate incident reporting, contractor dispatch, and job management
  • Communications: Send operational notifications, compliance alerts, and service updates
  • Safety & Compliance: Track regulatory deadlines and maintain compliance documentation
  • Improve Services: Analyze usage patterns to enhance platform functionality
  • Security: Protect against fraud, unauthorized access, and security threats
  • Legal Obligations: Comply with applicable laws and regulatory requirements

5. Information Sharing

We may share your information with:

5.1 Service Partners

  • Dispatchers & Contractors: Contact information shared as necessary for incident response
  • Client Organizations: Incident reports and compliance documentation
  • Facilities: Contractor arrival notifications and job status updates

5.2 Service Providers

Third-party vendors who assist with:

  • Cloud hosting and data storage
  • SMS and communication delivery services
  • Payment processing
  • Analytics and performance monitoring

5.3 Legal Requirements

We may disclose information when required by:

  • Law enforcement requests
  • Court orders or legal process
  • Regulatory agencies (DOT, EPA, state environmental agencies)
  • Protection of rights, safety, or property

5.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, user information may be transferred to the acquiring entity.

We do not sell your personal information to third parties.

6. Data Retention

We retain your information for:

  • Active Accounts: Duration of your account plus 7 years
  • Incident Records: 10 years (regulatory compliance requirement)
  • Compliance Documents: As required by DOT, EPA, and state regulations (typically 5–10 years)
  • SMS Logs: 2 years for operational reference

You may request deletion of your personal information, subject to legal retention requirements.

7. Data Security

We implement industry-standard security measures including:

  • Encryption of data in transit (TLS) and at rest (AES-256)
  • Multi-factor authentication options
  • Role-based access controls
  • Regular security audits and penetration testing
  • Secure data centers with SOC 2 compliance
  • Multi-tenant data isolation (each organization’s data is logically separated)

8. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access: Request a copy of your personal information
  • Correction: Update inaccurate or incomplete data
  • Deletion: Request removal of your personal data (subject to legal retention requirements)
  • Portability: Receive your data in a structured, machine-readable format
  • Opt-Out: Unsubscribe from marketing communications and SMS notifications
  • Restrict Processing: Limit how we use your data in certain circumstances

To exercise these rights, contact us at privacy@spillwerx.com.

9. Children’s Privacy

Spillwerx is designed for business use and is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children.

10. Third-Party Links

Our platform may contain links to third-party websites or services. We are not responsible for the privacy practices of these external sites.

11. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes via:

  • Email notification
  • In-app notification
  • Posted notice on our website

Your continued use of Spillwerx after changes constitutes acceptance of the updated policy.

12. Contact Us

For questions about this Privacy Policy or our data practices:

Spillwerx
Email: privacy@spillwerx.com
Support: support@spillwerx.com
Phone: [SUPPORT PHONE NUMBER]
Address: [BUSINESS ADDRESS]
Website: www.spillwerx.com

13. California Residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information is collected
  • Right to know whether personal information is sold or disclosed
  • Right to opt out of the sale of personal information
  • Right to request deletion of personal information
  • Right to non-discrimination for exercising CCPA rights

To submit a CCPA request, email privacy@spillwerx.com with “CCPA Request” in the subject line.

14. International Users

Spillwerx primarily operates in the United States. If you access our services from outside the U.S., your information may be transferred to and processed in the United States, where data protection laws may differ from your jurisdiction.