GroundCut
Sign inStart free trial

Privacy policy

Last updated May 13, 2026

Overview

GroundCut (“GroundCut,” “we,” “us”) is a product of AI Prompt Enterprises LLC, a Georgia limited liability company. We provide quoting, booking, payment, dispatch, and accounting-sync software for lawn-care businesses. This policy explains what information we collect, how we use it, who we share it with, and the choices you have.

GroundCut is operated from and intended for users in the United States. Personal information is stored and processed in the United States. See Data location below.

Information we collect

  • Account information — name, business name, email, phone number, and (for password sign-ins) a hashed password for operators and crew members.
  • Google account information — when you sign in with Google, we receive your verified email address, name, and profile picture URL via the openid, email, and profile OAuth scopes. See Google Sign-In below.
  • Customer information — service address, contact details, and lawn polygons that operators or their customers enter to receive a quote.
  • Payment information — payment card and bank details, processed and stored by our payment processor (Stripe). We do not store full card numbers or bank account numbers on our servers.
  • Connected-service data — when you choose to connect QuickBooks Online, we store the OAuth tokens needed to read and write the data described in the QuickBooks Online integration section.
  • Usage data — log data, device information, browser type, approximate location derived from IP, and error reports used to operate and secure the service.

How we use information

We use the information we collect to operate the service: generating quotes, booking jobs, taking payments, dispatching crews, sending booking and job notifications, providing customer support, securing accounts against abuse, and improving the product.

Customer data is never used for advertising. Information operators or their customers enter through GroundCut — service addresses, lawn polygons, contact details, payment history, job records — is used only to operate the service. We do not share it with any advertising partner, ever, regardless of consent.

Limited marketing-site visitor data (the pages you visit on groundcut.com before signing up) may be shared with our advertising partner if, and only if, you affirmatively consent. See Advertising and the Meta Pixel below.

Advertising and the Meta Pixel

We run paid ads on Facebook and Instagram. To measure which ads bring people to our marketing site and to show relevant ads to people who have visited us, we use the Meta Pixel — a small script provided by Meta Platforms, Inc. that records page views and assigns the visitor a Meta-issued identifier.

Opt-in only. The pixel does not load and no data is sent to Meta unless you click Accepton the consent banner that appears on your first visit. If you decline, dismiss the banner, never respond, or your browser sends a Global Privacy Control signal, the pixel script is never loaded and no information is shared with Meta. This is the technical default — there is no “legitimate interest” or implied-consent fallback.

  • Where the pixel runs: only on our public marketing pages on groundcut.com— specifically the home page, feature pages (/polygon-quoting, /crew-app, /integrations, /alternatives/*, /for/*), and the signup pages (/register and /register/complete). The pixel is never loaded on the operator app (/admin, /operator), on the platform-admin console (/gca), on tenants’ branded booking pages, on quote, booking, invoice, or job-tracking flows, on the login or password-reset pages, or anywhere a customer of one of our operators would interact with GroundCut. Their data is never shared with Meta.
  • What is shared if you consent: page URL, referring URL, IP address, browser user-agent, screen dimensions, and a Meta-issued cookie identifier (_fbp). We do not send hashed email, phone number, name, or any other personally identifying information to Meta — advanced matching is disabled.
  • Limited Data Use:we set the Meta Limited Data Use flag globally so that Meta restricts use of the data according to CPRA and similar US state laws based on the visitor’s geolocation. This applies on top of (not instead of) the opt-in.
  • Global Privacy Control: if your browser sends the GPC signal, we treat it as an authoritative opt-out and the pixel is not loaded, regardless of any prior consent.
  • Changing your choice: click Your Privacy Choices in the marketing footer at any time to change your decision. If you withdraw consent, we clear the Meta cookies (_fbp, _fbc) on your next page load.
  • Meta’s own use of the datais governed by Meta’s privacy policy and Business Tools terms. We have no control over what Meta does with the data after it is collected, beyond setting Limited Data Use.

Google Sign-In

GroundCut offers Google as an optional sign-in method. When you choose “Continue with Google,” we receive only the information you authorize Google to share: your verified email address, your name, and your Google profile picture URL (scopes openid, email, profile). We do not request access to any other Google service — no Gmail, no Drive, no Calendar, no Contacts.

Limited Use commitment.GroundCut’s use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We use your Google account information only to authenticate you, create or update your GroundCut account, and operate the service. We do not transfer Google user data to third parties except as necessary to provide and improve the service, comply with applicable law, or as part of a merger, acquisition, or sale of assets where the recipient is bound to equivalent protections. We do not use Google user data for advertising, and we do not allow humans to read Google user data except (a) with your affirmative consent, (b) for security, (c) to comply with law, or (d) where data has been aggregated and anonymized.

QuickBooks Online integration

GroundCut offers an optional one-way sync to QuickBooks Online (QBO) that operators can connect from their admin settings. When you connect QBO, we receive an OAuth access token and refresh token from Intuit that authorize GroundCut to act on your QBO company. These tokens are stored encrypted at rest using pgsodium symmetric encryption inside our database (in addition to the database’s own at-rest encryption).

Data we read from QBO: customer records (to deduplicate against GroundCut customers), invoice and payment IDs we previously created (for idempotency).

Data we write to QBO: customer records, invoices, and payment records corresponding to GroundCut jobs you choose to sync. We do not delete or modify records that GroundCut did not create.

Disconnection. You may disconnect QuickBooks at any time from /admin/bookkeeping in GroundCut, or from the “My Apps” page inside QBO. In either case we revoke the refresh token with Intuit and delete the stored tokens and connection record within minutes. QBO data already written to your QBO company remains in QBO and is not affected by disconnection.

QuickBooks data is not shared with any other vendor or third party.

Subprocessors and third-party services

We do not sell your information, and we do not share it for marketing or promotional purposes. We share information with vendors who help us operate the service, and only to the extent they need it to perform their function. Current vendors:

VendorPurposeInformation shared
SupabaseManaged Postgres database, file storage, and authentication. Hosted in the United States.All account, customer, and job data described above.
VercelApplication hosting and cookieless web analytics / Core Web Vitals.IP address, browser type, page URL. Vercel Analytics does not set cookies and does not collect personally identifying information.
GoogleOptional Google Sign-In (OAuth 2.0).Email, name, profile picture URL — only when you choose to sign in with Google.
StripePayment processing for customer bookings (Stripe Connect) and operator subscriptions. PCI DSS Level 1 service provider.Payment card and bank account information, billing details, transaction amounts.
QuickBooks (Intuit)Optional accounting sync, only when an operator connects their QBO account.Customer, invoice, and payment records you choose to sync.
TwilioSMS notifications to operators, crew, and customers.Mobile phone number and message content.
ResendTransactional email (booking confirmations, invoices, account verification, etc.).Email address and message content.
MapboxGeocoding, satellite map tiles, polygon drawing, and routing.Service addresses (for geocoding) and IP address (Mapbox usage telemetry).
SentryError tracking and observability.IP address, browser type, URL paths, and error stack traces. Personal identifiers are filtered out of error reports where feasible.
Meta (Facebook/Instagram)Advertising measurement and audience building on Facebook and Instagram — only with your consent, only on the marketing site.Marketing-site URL, referrer, IP address, browser type, and a Meta-issued cookie identifier. Never customer, booking, or operator-app data.

We may also disclose information when required by law, to protect our rights, to investigate fraud or abuse, or in connection with a merger, acquisition, or sale of assets where the recipient is bound to equivalent privacy protections.

Cookies and similar technologies

GroundCut uses a small number of cookies. We do not load advertising or product-analytics cookies on the operator app, the platform-admin console, or the branded booking pages tenants serve to their customers. The Meta Pixel cookies described above load only on the marketing site and only after you affirmatively consent.

Strictly necessary — set by GroundCut

Set on groundcut.com and on tenant booking subdomains. Required for the service to function; not gated by the consent banner.

  • session — signed session cookie that keeps you logged in. Cleared on sign-out.
  • gc_consent — remembers your response to the marketing-site consent banner so we don’t ask again on every visit. Stores only your choice (accepted, denied, or no response).

Strictly necessary — set by Stripe on our pages

When a customer reaches the payment step on a tenant’s booking page, the Stripe.js library — embedded so that card details never touch our servers — sets two cookies as first-party cookies on the tenant’s subdomain for fraud detection (Stripe Radar). These are required to accept payments and load regardless of the consent banner response, because they are functionally necessary to complete a purchase.

  • __stripe_mid — persistent machine identifier used by Stripe Radar (expires in ~1 year).
  • __stripe_sid — per-session identifier used by Stripe Radar (expires in ~30 minutes of inactivity).

These cookies are governed by Stripe’s privacy policy. We do not read their contents and they are not used to identify you to GroundCut.

Third-party cookies set on vendors’ own domains

Some vendors set cookies on their own domains as a side effect of their service operating in your browser. These cookies are not readable by GroundCut. They are governed by each vendor’s privacy policy and your browser’s third-party cookie controls.

  • Mapbox (.mapbox.com) — Mapbox operates analytics on its own API endpoints to run and improve its mapping service. Loading map tiles, satellite imagery, or the geocoder may cause Mapbox to set cookies such as _ga, _gcl_au, _mkto_trk, ajs_anonymous_id, and a Mapbox sessioncookie on Mapbox’s own domain. We do not read these, cannot share them, and they are not joined to your GroundCut account. Governed by Mapbox’s privacy policy.
  • Stripe (.stripe.com) — in addition to the first-party cookies above, Stripe may set its own cookies on thestripe.com domain when its embedded payment iframes load or when a customer is redirected to a Stripe-hosted page. Governed by Stripe’s privacy policy.
  • Meta (.facebook.com) — only on the marketing site, and only after you click Accept. See Advertising and the Meta Pixel above.

What we don’t use

We do not run Google Analytics, Mixpanel, Segment, Heap, or any other product-analytics SDK on GroundCut. Web-vitals and basic traffic data come from Vercel Web Analytics, which is cookieless. We do not load advertising tags on the operator app, the platform-admin console, or any customer-facing booking, quote, invoice, or job-tracking page.

SMS messaging and consent

GroundCut uses SMS to send booking confirmations, job reminders, on-the-way notifications, payment receipts, and operational updates. We collect mobile numbers and consent in the following ways:

  • Operators opt in by entering their mobile number during account registration and agreeing to these terms, which authorize us to send service-related text messages.
  • Customersopt in by entering their mobile number on an operator’s booking page and confirming a booking. The booking form displays consent language stating that, by booking, the customer agrees to receive text messages from the operator and from GroundCut about their job.
  • Crew members opt in when added to a crew by their operator and acknowledged on first sign-in.

Message frequency varies based on activity (typically 1–10 messages per booking). Message and data rates may apply. Reply STOP to any message to opt out of further non-critical messages, and HELP for help. Opting out will not stop transactional receipts that are required to complete a transaction you initiated.

No mobile information is shared with third parties or affiliates for marketing or promotional purposes. Mobile numbers and SMS opt-in data are shared only with our SMS provider (Twilio) for the sole purpose of delivering the messages described above, and are not shared with any other vendor for any other purpose.

Data location

GroundCut is operated from the United States and intended for users in the United States. Personal information is stored in the United States by our database provider (Supabase) and hosting provider (Vercel, which runs on Amazon Web Services). We do not currently transfer personal information outside the United States. If you access GroundCut from outside the United States, your information will be transferred to and processed in the United States.

Data retention

We retain account and customer data for as long as your account is active and for a reasonable period after cancellation to comply with legal obligations, resolve disputes, and enforce our agreements. OAuth tokens for connected services (Google, QuickBooks) are deleted within minutes of disconnection. You may request deletion of your account at any time by contacting us using the email below.

Security

We protect your information using encryption in transit (TLS 1.2+ with HSTS), encryption at rest in the database, column-level encryption for sensitive credentials (such as QuickBooks OAuth tokens) using pgsodium, role-based access controls enforced at the database layer via row-level security, audit logging of significant state changes, and standard application-level safeguards including rate limiting and CSRF protections. No system is perfectly secure; if you suspect unauthorized access to your account, contact us.

US state privacy rights (California, Colorado, Connecticut, Virginia, Utah, and others)

Residents of US states with comprehensive privacy laws (including the California Consumer Privacy Act as amended by the CPRA, the Colorado Privacy Act, the Connecticut Data Privacy Act, the Virginia Consumer Data Protection Act, and the Utah Consumer Privacy Act) have the following rights regarding their personal information:

  • Right to know / access — request a description of the personal information we have collected about you, the sources, the purposes, and the categories of third parties with whom we have shared it.
  • Right to delete — request deletion of personal information we have collected, subject to legal-retention exceptions.
  • Right to correct — request correction of inaccurate personal information.
  • Right to portability — receive a copy of your personal information in a portable format.
  • Right to opt out of sale or sharing for cross-context behavioral advertising. We do not “sell” personal information for money. We do, however, share limited marketing-site visitor data with Meta for advertising purposes — which qualifies as “sharing” under California law — but only after you affirmatively consent. We operate on an opt-in basis: declining the consent banner, ignoring it, or sending Global Privacy Control is sufficient to prevent any sharing. You may withdraw consent at any time using the Your Privacy Choiceslink in the marketing footer, which also clears Meta’s cookies from your browser.
  • Right to limit use of sensitive personal information — we do not collect sensitive personal information for the purpose of inferring characteristics about you, so this right is not applicable, but we acknowledge it.
  • Right to opt out of profiling — we do not engage in profiling that produces legal or similarly significant effects.
  • Right of non-discrimination — we will not deny service, charge different prices, or provide a different level of service because you exercised any of these rights.
  • Right to appeal (Colorado, Connecticut, Virginia) — if we deny a privacy request, you may appeal by replying to our response email; we will provide a written decision within the time period required by your state’s law.

Categories of personal information we collect:identifiers (name, email, phone), commercial information (purchase history, booking history), internet activity (logs, IP, device data), approximate geolocation (derived from IP and from service addresses you enter), professional information (business name, role on a tenant’s team), and inferences drawn from the above strictly to operate the service.

Categories shared for cross-context behavioral advertising (only with Meta, only with your consent, only on the marketing site): online identifiers (IP, browser user-agent, Meta-issued cookie ID) and internet activity (URLs of marketing pages you viewed).

Global Privacy Control. We treat the GPC browser signal as a valid opt-out of sharing for cross-context behavioral advertising, applied automatically without requiring you to take any action. You do not need to log in or verify your identity for the GPC signal to be honored.

To exercise any other right, email groundcutadmin@aipromptenterprises.com with the subject line “Privacy request” and the state you reside in. We will verify your identity (typically by confirming ownership of the email on your account) and respond within 45 days as required by California law (and the shorter response windows required by other states, where applicable).

Children’s data

GroundCut is not directed to individuals under the age of 16, and we do not knowingly collect personal information from children. If you believe a child has provided us personal information, contact us using the email below and we will delete it.

Your choices

You may access and correct your account information at any time from within the app. To request deletion of your account or your data, email us at groundcutadmin@aipromptenterprises.com — we will respond within 30 days. You may opt out of non-essential SMS at any time by replying STOP, and out of marketing emails by using the unsubscribe link in the footer of any marketing message.

Changes

We may update this policy from time to time. Material changes will be communicated by email or in-app notice before they take effect. The “Last updated” date at the top of this page reflects the most recent revision.

Contact

AI Prompt Enterprises LLC
Email: groundcutadmin@aipromptenterprises.com
General inquiries: /contact