Last updated: March 27, 2026
This Privacy Policy describes how AY4LA LLC, doing business as TrussBooks (“TrussBooks,” “we,” “us,” or “our”), collects, uses, and protects your information when you use our construction financial management platform at trussbooks.com (“the Service”).
Account information: When you sign up, we collect your name, email address, and company name. Team members invited to your organization provide the same.
Project data: You create and upload project budgets, invoices, purchase orders, change orders, subcontracts, pay applications, vendor records, and related financial documents. This data belongs to you.
Device and usage information: When you use the Service, we automatically collect your IP address, browser type and version, operating system, device identifiers, pages visited, features used, and timestamps. This data is collected through server logs and analytics tools.
Cookies and similar technologies: We use essential cookies required for authentication and session management. We use analytics cookies (anonymized) to understand how the Service is used. We do not use advertising or tracking cookies. You can control cookie preferences through your browser settings.
Information from third parties: If you connect your QuickBooks Online account, we receive vendor names, bill data, and payment information as authorized through your OAuth connection. We only access the data scopes you explicitly approve.
For transparency, here are the categories of personal data we process:
We process this data for the following purposes: providing the Service, processing transactions, sending transactional notifications, maintaining security, and improving the product.
We use your information to provide and maintain the Service, process transactions, send transactional emails (invoice approvals, budget alerts, team invitations), and improve the product. We do not sell your data to third parties. We do not use your project data for advertising or marketing purposes.
We do not sell, rent, or trade your personal data to third parties for monetary or other valuable consideration. We do not share your personal data with third parties for their own marketing purposes.
We use the following third-party services to operate TrussBooks:
We will notify account owners via email at least 30 days before adding a new sub-processor that handles personal data or replacing an existing one. If you object to a new sub-processor, you may terminate your subscription before the change takes effect.
Essential cookies: Required for authentication, session management, and security. These cannot be disabled while using the Service.
Analytics cookies: We use anonymized analytics to understand usage patterns and improve the Service. These do not track individual users for advertising purposes.
No advertising cookies: We do not use advertising cookies, retargeting pixels, or cross-site tracking technologies.
All data is encrypted in transit (TLS) and at rest. Each company’s data is isolated using row-level security policies — users in one organization cannot access another organization’s data. File uploads (invoices, documents) are stored in private storage buckets accessible only to authenticated members of your organization via time-limited signed URLs.
In the event of a data breach that affects your personal data, we will notify affected account owners via email within 72 hours of confirming the breach. Our notification will include the nature of the breach, the types of data affected, steps we have taken in response, and recommended actions you can take to protect yourself.
Your data persists for as long as your account is active. You may export your data at any time. If you cancel your subscription, your data remains accessible for 30 days. After 30 days, data is permanently deleted from our systems and backups.
You have the right to:
To exercise any of these rights, contact us at hello@trussbooks.com. We will respond to verified requests within 45 days.
If you are a Texas resident, you have the following rights under the Texas Data Privacy and Security Act:
We do not sell your personal data. We do not process your personal data for targeted advertising. We do not engage in profiling that produces legal or similarly significant effects.
To exercise your rights, contact us at hello@trussbooks.com. We will respond to verified requests within 45 days. If we decline your request, you may appeal by replying to our response. If your appeal is denied, we will provide instructions for filing a complaint with the Texas Attorney General.
We recognize and process Global Privacy Control (GPC) signals as valid opt-out requests in accordance with TDPSA Section 541.055(e).
If you are a California resident, you have the right to know what personal data we collect and how we use it, request deletion of your personal data, opt out of the sale of your personal data (we do not sell personal data), and not be discriminated against for exercising your privacy rights.
To exercise these rights, contact us at hello@trussbooks.com.
We honor Global Privacy Control (GPC) signals. When we detect a GPC signal from your browser, we treat it as a valid opt-out request for the sale of personal data and targeted advertising. We do not currently respond to browser-level “Do Not Track” signals, as there is no industry standard for compliance.
The Service is not directed to individuals under the age of 18. We do not knowingly collect personal data from children. If we learn that we have collected personal data from a child under 18, we will promptly delete that information. If you believe a child has provided us with personal data, please contact us at hello@trussbooks.com.
TrussBooks acts as a data processor on behalf of your organization (the data controller) for project and financial data you upload to the Service. For account and usage data, TrussBooks acts as the data controller. Enterprise customers requiring a formal Data Processing Agreement (DPA) may request one by contacting hello@trussbooks.com.
TrussBooks is based in the United States. If you access the Service from outside the United States, your data will be transferred to and processed in the United States. By using the Service, you consent to this transfer. We ensure that our sub-processors maintain appropriate data protection standards.
We may update this privacy policy from time to time. We will provide at least 30 days’ notice for material changes via email to account owners. The “Last updated” date at the top reflects the most recent revision. Continued use of the Service after changes take effect constitutes acceptance of the updated policy.