Ludicro
Log inSign uporRequest a demo
Legal

Privacy Policy

Last updated: April 27, 2026Effective: April 27, 2026

This Privacy Policy explains how Byteshift Studios (“Byteshift,” “we,” “us”) collects, uses, shares, and protects information in connection with the Ludicroweb software-as-a-service product (“Ludicroweb” or the “Service”), including the marketing site at ludicro.app, the admin dashboard at app.ludicro.app, the customer portal at portal.ludicro.app, and our mobile applications.

1. Introduction

Byteshift Studios is the company behind Ludicroweb. We build software for pest control and home services businesses that need a single place to manage scheduling, dispatch, customer communication, and field operations.

Ludicroweb has three different kinds of users, and this policy treats them differently because the law treats them differently:

  • Subscribers are the businesses that pay for and operate Ludicroweb. Under privacy laws like the GDPR and CCPA, a Subscriber is the “data controller” for the information about its own customers.
  • Subscriber Users are the employees and contractors of a Subscriber (owners, managers, dispatchers, technicians, office staff) who log in to the admin dashboard or the mobile app to do their jobs.
  • End Users are the homeowners and businesses that a Subscriber serves. End Users may use the customer portal to view service history, pay invoices, or message their service provider, but they have no direct contractual relationship with Byteshift. They receive service from the Subscriber, and the Subscriber uses Ludicroweb to deliver it.

For Subscriber and Subscriber User information, we act as a data controller. For End User information, we generally act as a data processor on behalf of the Subscriber, and the Subscriber’s own privacy notice governs the relationship with the End User. If you are an End User and you want to exercise rights over your information, the fastest path is usually to contact the Subscriber that serves you. We will help the Subscriber respond.

This policy applies to all of the websites, applications, and services Byteshift operates under the Ludicroweb brand. It does not apply to third-party websites or services that we link to but do not control.

Last updated: April 27, 2026.

2. Information We Collect

We collect information from three sources: information that Subscribers and Subscriber Users give us directly, information that End Users give us (typically through the customer portal), and information that is generated automatically when someone uses the Service. We also receive a small amount of information from third parties such as Stripe.

2.1 Information Subscribers and Subscriber Users provide

  • Account information. Name, email address, phone number, hashed password, and role (such as owner, admin, manager, or rep).
  • Organization information. Business name, business address, tax identification number where applicable, and the payment method on file with our payment processor.
  • Operational data. Membership records, vehicles, log field configurations, service plans, route templates, and any other configuration the Subscriber sets up.
  • Audit log entries. Records of who did what and when inside the admin dashboard, used for security review and customer support.
  • Support and feedback. Messages sent to us through the in-app feedback drawer, support email, demo requests, and similar channels.

2.2 Information about End Users (collected by Subscribers, processed by us)

When a Subscriber uses Ludicroweb to serve its customers, the Subscriber loads information about those customers into the Service. We process that information on the Subscriber’s behalf. Categories include:

  • Customer profile. Name, company name, primary email, primary phone, and one or more service addresses with associated latitude and longitude coordinates.
  • Service history. Scheduled visits, completed visits, technician notes, photographs, electronic signatures, and log field values. Log field values may include sensitive operational information such as pesticide application records that the Subscriber is required by law to keep.
  • Communications. Inbound and outbound SMS message content sent through Twilio, and inbound and outbound email content sent through SendGrid, when those features are enabled by the Subscriber.
  • Payment information. Where the Subscriber accepts payments through the Service, payment is processed by Stripe under the Stripe Connect model. Byteshift does not store full payment card numbers.
  • Customer portal activity. Login activity, session tokens, and actions taken inside the customer portal at portal.ludicro.app.

2.3 Information collected from technicians using the mobile app

  • Location data. When a technician checks in or out of a route stop, the device’s location is recorded for that event. We do not continuously track technicians in the background outside of these check-in events.
  • Photos and signatures. Captured during a service visit at the technician’s direction.
  • Visit notes and log fields. Free-text notes and structured field entries written during a visit.

2.4 Information collected automatically

  • Device and connection information. IP address, browser type and version, operating system, device type, and approximate location derived from IP.
  • Usage information. Pages visited, links clicked, search queries inside the Service, timestamps, and similar interaction data.
  • Log files. Standard server logs from our hosting and CDN providers.
  • Cookies. Session and authentication cookies that keep you signed in and protect against cross-site request forgery. See Section 10.

2.5 Information from third parties

  • Stripe. When a Subscriber pays for the Service or when an End User pays a Subscriber through Stripe Connect, Stripe sends us webhook events with billing status, payment outcomes, and payout information. We do not receive full card numbers.
  • Email and SMS providers. Delivery status, bounce notifications, and similar metadata from SendGrid and Twilio.
  • Maps and geocoding providers. Coordinates and place metadata returned by Google Maps Platform when an address is entered.

3. How We Use Information

We use the information we collect for the following purposes:

  • Service delivery. Operating the admin dashboard, the customer portal, the mobile app, and all of the features they include, such as scheduling, dispatch, route optimization, customer messaging, and reporting.
  • Billing and account management. Charging Subscribers for the Service, processing End User payments through Stripe Connect on behalf of Subscribers, sending receipts, and managing renewals and cancellations.
  • Customer communications. Sending transactional emails (login links, password resets, invoices, service notifications), SMS messages a Subscriber sends to its End Users, and customer support responses.
  • Security, abuse prevention, and fraud detection. Detecting suspicious logins, rate-limiting abusive behavior, investigating incidents, preserving audit trails, and protecting our infrastructure.
  • Product improvement and analytics. Understanding which features are used and how, fixing bugs, and prioritizing roadmap work. We use aggregated and de-identified data wherever possible for this purpose.
  • AI-assisted features. When a Subscriber uses an AI-assisted feature (for example, draft generation), the relevant prompt content is sent to OpenAI to produce the response. We do not send End User personal information to OpenAI unless a Subscriber User explicitly enters it into a prompt.
  • Legal compliance. Responding to valid legal process, complying with applicable laws, and enforcing our agreements.

We do not use Subscriber Data or End User Data to train third-party AI models, and we do not sell personal information.

4. How We Share Information

We share information only as needed to operate the Service and as described below. We do not sell personal information, and we do not share personal information for cross-context behavioral advertising.

4.1 Subprocessors

We rely on a small number of trusted vendors (“subprocessors”) to host our infrastructure and deliver specific features. Each subprocessor is bound by a written agreement that requires it to protect the information it handles and to use it only for the agreed purposes.

SubprocessorPurposeData handled
Stripe, Inc. and Stripe Payments CompanyPayment processing for Subscriber subscriptions and End User payments via Stripe ConnectPayment card information (stored by Stripe, not by us), billing details, transaction history
Google Cloud Platform (Google LLC)Application hosting, MariaDB database, and Google Cloud Storage for filesAll Subscriber Data and End User Data, encrypted at rest
Google Maps Platform (Google LLC)Address autocomplete, geocoding, and map tilesAddress strings and latitude / longitude coordinates
Twilio Inc.SMS delivery and inbound message handling (only when SMS is enabled)Phone numbers, SMS message content, delivery and reply status
Twilio SendGridTransactional email deliveryEmail addresses and message content
OpenAI, L.L.C.AI-assisted features (only where the Subscriber uses them)Prompt content provided by the Subscriber User; we do not pass End User personal information to OpenAI unless the Subscriber User enters it
Vroom (open-source routing engine, self-hosted by us)Dispatch route optimizationJob latitude / longitude, vehicle home coordinates, and time windows. No personal information is passed to Vroom.
Vercel and CloudflareApplication hosting and content delivery for the marketing site and appsStandard web request logs, including IP addresses

Not every subprocessor applies to every Subscriber. For example, if a Subscriber never enables SMS, Twilio is not part of that Subscriber’s data flow. If a Subscriber never uses an AI-assisted feature, OpenAI is not part of that Subscriber’s data flow.

4.2 Service providers acting on our instruction

We may engage other vendors that help us run the business (for example, accounting, error monitoring, or document signing). When we do, those vendors are contractually required to protect the information and to use it only for the services they provide to us.

4.3 Legal compliance and safety

We may share information when we believe in good faith that it is necessary to: comply with applicable law or valid legal process; respond to a request from a government or law enforcement authority; enforce our Terms of Service; or protect the rights, property, or safety of Byteshift, Subscribers, End Users, or the public. When we receive a request for information that we hold on a Subscriber’s behalf, we will, where permitted by law, redirect the requester to the Subscriber.

4.4 Business transactions

If Byteshift is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of all or a portion of its business or assets, information may be transferred as part of that transaction. We will notify affected Subscribers before any transfer of personal information becomes subject to a different privacy policy.

4.5 Aggregated or de-identified data

We may create aggregated or de-identified data that cannot reasonably be used to identify a person and use or share that data for any lawful purpose, including improving the Service and publishing usage benchmarks.

5. SMS Communications

Ludicroweb sends transactional SMS to End Users on behalf of Subscribers (the home-services businesses that use the platform). Messages are delivered through Twilio. SMS is only enabled for an End User after that End User has affirmatively consented through one of the channels described below.

Phone numbers and SMS consent metadata are not sold, rented, or shared with third parties for marketing purposes. They are used only to deliver the transactional messages the End User has consented to receive (such as appointment reminders, technician-on-the-way notifications, service completion confirmations, and review requests), and to operate the Service.

5.1 Consent collection

There are two opt-in channels, both default-off until the End User takes an affirmative action:

  • Rep-collected verbal consent. When a field rep signs an End User up for service, the rep reads a verbatim consent script aloud and only enables SMS when the End User says yes.
  • Self-service in the customer portal. End Users can opt in or out at any time through a switch on their profile at portal.ludicro.app, with the full disclosure text displayed directly beneath the switch.

5.2 Revocation

End Users can revoke SMS consent at any time. Reply STOP to any message to opt out (handled at the carrier layer by Twilio), toggle “Text message notifications” off in the customer portal, or contact the Subscriber that scheduled their service.

Message frequency varies. Message and data rates may apply. Consent is not a condition of purchase. For full program details, including the verbatim consent script, the portal disclosure text, and sample messages, see the SMS Notifications page.

6. Data Retention

We retain information for as long as we need it for the purposes described in this policy, and then we delete it or de-identify it.

  • Subscriber Data and End User Data. Retained for the duration of the Subscription, plus 30 days after cancellation or termination, to give the Subscriber a window to export data and to recover from accidental cancellation. After that window, we delete the data from active systems and remove it from routine backups within an additional 60 days.
  • End User Data at Subscriber direction. If a Subscriber instructs us to delete or anonymize specific End User records sooner (for example, in response to an End User’s deletion request), we will do so unless we are legally required to retain the records.
  • Application logs. Retained for up to 24 months for security, debugging, and abuse-prevention purposes.
  • Billing and tax records. Retained for the period required by applicable tax and accounting law (typically seven years in the United States), regardless of subscription status.
  • Backups. Encrypted backups roll off on a fixed schedule. Once a Subscriber’s active data is deleted, residual copies in backups are overwritten on schedule and are not restored.

7. Data Security

We take security seriously and try to be honest about what we do and do not have in place.

  • Encryption in transit. All connections to the Service use HTTPS with TLS. Internal service-to-service traffic on Google Cloud is protected by Google’s network controls.
  • Encryption at rest. Database storage and Google Cloud Storage buckets are encrypted at rest using keys managed by Google Cloud.
  • Role-based access control. Within Ludicroweb, access is governed by roles (owner, admin, manager, rep) and organization scoping. Subscriber Users see only data belonging to their organization.
  • Audit logging. Sensitive actions inside the admin dashboard are recorded in an audit log so a Subscriber can review who did what.
  • Private files use signed URLs. Files such as photos and signatures are stored in private buckets and served through short-lived signed URLs rather than public links.
  • Authentication. Subscriber User passwords are stored using bcrypt. We use access and refresh tokens with rotation. The customer portal uses email-based one-time passcodes rather than long-term passwords.
  • Internal access. Byteshift personnel access production data only when needed to operate or support the Service, under the principle of least privilege.

What we do not claim. Byteshift is a small company. We are not SOC 2 certified. We are not HIPAA compliant, and Ludicroweb is not designed to handle protected health information. We do not promise that the Service will be uninterrupted, error-free, or absolutely secure. No system is. If you require certifications or assurances we do not currently hold, please contact us before entrusting us with sensitive data.

8. International Data Transfers

Byteshift Studios operates from the United States, and our infrastructure is hosted primarily in the United States. If you access the Service from the European Economic Area, the United Kingdom, Switzerland, or another jurisdiction whose laws govern the transfer of personal information out of the country, your information will be transferred to and processed in the United States.

Where required, we rely on the European Commission’s Standard Contractual Clauses, the United Kingdom’s International Data Transfer Addendum, and equivalent mechanisms under Swiss law to provide appropriate safeguards for cross-border transfers. By using the Service, you understand that your information may be processed in the United States, which may have different data-protection rules than your country.

9. Your Privacy Rights

9.1 General rights available to most users

Depending on where you live, you may have some or all of the following rights with respect to your personal information:

  • The right to access the information we hold about you.
  • The right to correct information that is inaccurate or incomplete.
  • The right to delete information, subject to legal exceptions.
  • The right to receive a copy of your information in a portable format.
  • The right to object to or restrict certain types of processing.
  • The right to withdraw consent where processing is based on consent.

For Subscribers and Subscriber Users, we respond to these requests directly. For End Users, we generally direct the request to the Subscriber that controls the data and support the Subscriber in responding.

9.2 California residents (CCPA / CPRA)

If you are a California resident, the California Consumer Privacy Act, as amended by the California Privacy Rights Act, gives you specific rights. The categories below describe what we collect:

  • Identifiers such as name, email, phone number, and IP address.
  • Customer records such as billing information and payment method metadata (no full card numbers).
  • Commercial information such as the products and services you have purchased from us.
  • Internet or other electronic network activity such as usage logs and cookies.
  • Geolocation data from technician check-ins and address geocoding.
  • Audio, electronic, visual, or similar information such as photos and signatures captured during a service visit.
  • Professional or employment-related information for Subscriber Users (role, organization).
  • Inferences drawn from the categories above for the limited purpose of operating the Service.

Sources. Directly from Subscribers and Subscriber Users, directly from End Users via the customer portal, automatically through cookies and logs, and from third parties such as Stripe.

Purposes. Operating the Service, billing, communications, security, compliance, and improving the product.

Third parties. The subprocessors listed in Section 4.1, plus service providers, legal authorities, and a successor in a business transaction.

Sale and sharing. We do not sell personal information, and we do not share it for cross-context behavioral advertising.

Your rights. You have the right to know, the right to correct, the right to delete, the right to limit the use of sensitive personal information, and the right to opt out of sale or sharing (which we do not do, so there is nothing to opt out of). You may exercise these rights by emailing privacy@ludicro.app. We will not discriminate against you for exercising any of these rights.

9.3 EU, UK, EEA, and Switzerland (GDPR / UK GDPR / FADP)

If you are in the European Economic Area, the United Kingdom, or Switzerland, the GDPR, UK GDPR, or Swiss Federal Act on Data Protection applies to our processing of your personal information. The legal bases on which we rely depend on the processing activity:

  • Performance of a contract for delivering the Service to Subscribers and processing End User payments.
  • Legitimate interests in operating, securing, and improving the Service, where our interests are not overridden by your rights.
  • Consent where required, for example for certain optional communications. You may withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal.
  • Legal obligation for tax, accounting, and similar requirements.

You have the right to lodge a complaint with your supervisory authority. We do not currently have a mandatory Data Protection Officer, but you can reach the privacy team at privacy@ludicro.app for any question about how we process your data.

9.4 How to exercise your rights

Send a request to privacy@ludicro.app. Tell us which right you want to exercise and the email or account the request relates to. We may need to verify your identity before responding. We will respond within 30 days, or within the time required by applicable law if shorter, and we will tell you if we need more time.

If you are an End User and your request relates to data that a Subscriber controls, we will forward your request to that Subscriber and help them respond.

10. Cookies and Tracking

Ludicroweb is a business application, not an ad-supported product, so our use of cookies and similar technologies is fairly modest. We use:

  • Strictly necessary cookies that keep you signed in, store your session, and protect against cross-site request forgery. The Service does not work without these.
  • Preference cookies that remember small UI choices, like a collapsed navigation panel.
  • Limited analytics on the marketing site at ludicro.app to understand which pages people read and how they arrived. We do not use cross-site advertising trackers, and we do not load tracking pixels on this Privacy Policy page or on the Terms of Service page.

You can clear or block cookies through your browser settings. If you block strictly necessary cookies, parts of the Service will not function.

11. Children’s Privacy

Ludicroweb is built for businesses and the people who work at them. It is not directed to children under 13 in the United States or under 16 in the European Economic Area, and we do not knowingly collect personal information from children. If you believe a child has provided us with information, please contact privacy@ludicro.app and we will delete it promptly.

12. Third-Party Links

The Service may link to websites and services we do not operate, such as a Subscriber’s public website, Stripe’s checkout pages, an app store listing, or a help-article URL. We are not responsible for the privacy practices of those third parties. When you leave Ludicroweb, please read the privacy notice of the destination site.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we make a material change, we will update the “Last updated” date at the top of this page and, for changes that meaningfully affect Subscribers or Subscriber Users, we will provide advance notice by email or by an in-app notice before the change takes effect. Your continued use of the Service after the effective date of an update means you accept the updated policy.

14. Contact Us

If you have questions, concerns, or requests about this policy, you can reach us at:

Byteshift Studios
8933 S Cobblegate Dr, Unit 207
Sandy, Utah 84094
United States
privacy@ludicro.app

We’re a small company. If you have questions about anything in this document, email privacy@ludicro.app and a real person will respond.

Back to ludicro.app