PRIVACY
Aviat Group / Privacy Policy

Legal

Privacy Policy

Vernier.io by Aviat Group, LLC · Effective Date: April 4, 2026 · Last Updated: April 2026

Aviat Group, LLC operates Vernier.io, an AI-powered construction estimating and bid management platform. This policy explains what information we collect when you use Vernier, how we process it (including through AI), and how we protect it. We do not sell your personal information. We do not share it with advertisers. Your construction data is never shared with other Vernier customers.

Section 01

Overview

Aviat Group, LLC ("Aviat Group," "we," "us," or "our") is a Washington State limited liability company operating the Vernier.io platform. Our principal address is PO Box 668, Onalaska, WA 98570.

This Privacy Policy applies to the Vernier platform at vernier.io, including the client portal, marketing pages, and all API endpoints. By creating an account or using Vernier, you agree to the practices described here.

This policy does not cover third-party websites, platforms, or services that we integrate with. Those are governed by their own privacy policies, which are disclosed in Section 5.

Section 02

Information We Collect

We collect information in three categories: account data you provide, construction data you upload, and data collected automatically.

Account information you provide:

  • Registration — name, email address, company name, and password when you create a Vernier account.
  • Organization profile — company address, phone, contractor license numbers, trade specialties, market area, and bidding preferences.
  • Payment information — billing details processed through Stripe. We do not store credit card numbers on our servers. See Stripe's privacy policy at stripe.com/privacy.
  • Two-factor authentication — if enabled, we store a TOTP secret for generating verification codes. No phone numbers are collected for 2FA.

Construction data you upload:

  • Plans and specifications — PDF and image files of construction drawings, specifications, and bid documents uploaded for AI analysis.
  • Project data — project names, locations, estimated values, bid amounts, schedules, and scope descriptions.
  • Subcontractor and contact data — names, companies, phone numbers, emails, and trade information for your CRM contacts.
  • Credentials — contractor license numbers, insurance policy details, bonding capacity, and expiration dates.
  • Financial data — bid amounts, job cost tracking, change order values, and payment application details.
  • Business card scans — images uploaded for OCR contact extraction are processed and not permanently stored as images.
  • Company training data — historical project data, labor rates, and bid history uploaded during onboarding for AI calibration.

Information collected automatically:

  • Server logs — IP address, browser type, pages visited, and timestamps for security and performance monitoring.
  • Authentication logs — login attempts (successful and failed) with IP address and timestamp for security auditing.
  • Token usage — AI processing token consumption per request for billing and usage tracking.
  • Cookies and local storage — see Section 6 for full detail.

Section 03

How We Use Your Information

We use the information we collect for the following purposes only:

  • Providing the Vernier platform — to generate AI-powered construction estimates, plan reviews, bid analysis, and all other Vernier modes.
  • AI document processing — to send your uploaded documents to our AI provider for analysis and structured data extraction. See Section 4 for full details on how AI processing works.
  • Account management — to authenticate users, manage subscriptions, track token usage, and enforce tier limits.
  • Notifications — to send bid deadline reminders, credential expiration alerts, and system notifications.
  • Billing — to process subscription payments through Stripe and manage account status.
  • Security — to detect unauthorized access, rate-limit login attempts, and maintain audit logs.
  • Platform improvement — to analyze anonymized, aggregated usage patterns to improve the platform. Individual company data is never used to train AI models or shared across accounts.

We do not use your information for behavioral advertising, retargeting, or profiling. We do not sell or rent your data.

Section 04

AI Document Processing

Vernier uses Anthropic's Claude AI to analyze construction documents and generate estimates. Understanding how your data flows through this process is important:

What is sent to the AI:

  • Text extracted from uploaded PDFs (via server-side text extraction)
  • Images of plan pages, business cards, and insurance certificates (via the Vision API)
  • Project metadata (name, location, trade, type) for context
  • Your organization's credential data for bid qualification comparison
  • Company-specific skill files generated from your training data (if onboarded)

What is NOT sent to the AI:

  • Your password, authentication tokens, or payment information
  • Other customers' data — each API call contains only your organization's data
  • Raw uploaded files — only extracted text and individual page images are sent

Anthropic's data handling:

  • Anthropic does not use data sent through their API to train their AI models (per their commercial API terms).
  • API inputs and outputs may be temporarily cached by Anthropic for up to 30 days for trust and safety monitoring, after which they are deleted.
  • We use Anthropic's prompt caching feature, which caches system prompts (not your data) to reduce costs and latency.

Your construction documents are processed through the AI for analysis only. They are not stored by Anthropic, not used to train AI models, and not accessible to any other Vernier customer.

4.5 — How We Use AI to Process Your Data:

  • Your construction plans, specs, and project data are processed solely to deliver the AI services you request — nothing else.
  • All AI processing is handled in isolated, ephemeral sessions — data is not persisted by the AI provider after the request completes.
  • Your plans are NEVER used to train AI models — not by us, not by our AI providers.
  • Uploaded files are automatically deleted 30 days after project closure, or immediately upon your request.
  • All data is protected with encryption at rest (AES-256) and in transit (TLS 1.3).
  • Access is limited to authorized personnel only — no Vernier employee accesses your files without a documented support reason.
  • Your data is not sold, rented, or shared with third parties for any purpose beyond delivering the service.
  • AI-generated estimates, bid packages, and analysis are stored in your account until you delete them.
  • You can request a complete data export or deletion at any time by contacting us.

AI Providers We Use:

  • Anthropic (Claude) — Primary AI provider. Anthropic's usage policy prohibits using API inputs for training.
  • Processing occurs on US-based servers only.

Section 05

Sharing & Disclosure

We do not sell, rent, or trade your personal information or construction data. We share data only with the following service providers, each bound by their own privacy commitments:

Provider Purpose Data Shared
Anthropic (Claude API) AI-powered document analysis, estimating, and plan review Extracted document text, page images, project metadata
Stripe Subscription billing and payment processing Email, company name, payment method (card details handled by Stripe directly)
Nominatim (OpenStreetMap) Geocoding office and project locations for the bid map Address strings only — no account or personal data
DigitalOcean Cloud hosting infrastructure All platform data is stored on DigitalOcean servers (encrypted at rest)
Legal requirements When required by law or to protect rights Response to a court order, subpoena, or regulatory request
Business transfer In the event of a merger, acquisition, or sale of assets We would notify affected customers before any transfer of data

Your bid amounts, subcontractor data, cost history, and competitive intelligence are never shared with other Vernier customers, competitors, or third parties.

Section 06

Cookies & Tracking

Vernier uses minimal cookies and browser storage. We do not use Google Analytics, Facebook Pixel, or behavioral advertising trackers.

  • Authentication token — stored in browser localStorage (vernier_token) to maintain your logged-in session. This token expires after 7 days of inactivity. Clearing your browser data will log you out.
  • User profile cache — stored in localStorage (vernier_user) for displaying your name and role in the portal. Contains no sensitive data.
  • Offline data cache — Vernier is a Progressive Web App (PWA) that caches API responses in IndexedDB for offline access. This data stays on your device and is not transmitted elsewhere.
  • Service worker — caches the application shell (HTML, JS, CSS, fonts) for fast loading and offline support. No tracking is performed.
  • Cloudflare — if served through Cloudflare, a security cookie (__cf_bm) may be set. This is a functional security measure, not a tracking cookie.

You can disable cookies and clear localStorage in your browser settings. Doing so will log you out of the portal and clear cached offline data, but will not affect your ability to browse the marketing site.

Section 07

Construction Data Handling

Construction data is the core of what Vernier processes. We treat it with the highest level of care:

Plan and specification documents:

  • Uploaded PDFs are stored on our servers in organization-specific directories.
  • Text is extracted server-side for AI processing. Original files are retained for re-analysis.
  • Plan images may be split into individual pages for the plan viewer and AI review.
  • Documents are accessible only to authenticated users within your organization.

Subcontractor and contact data:

  • CRM contacts (subcontractors, suppliers, architects, engineers) are stored per-organization.
  • Business card scans are processed through AI Vision for contact extraction. The original image is not permanently stored after processing.
  • RFQ email content is generated but sent through your own email client — we do not send emails on your behalf through the platform.

Financial and bid data:

  • Bid amounts, cost breakdowns, job cost tracking, and change order values are stored in your organization's database partition.
  • Bid results and competitor data you enter are used only within your organization.
  • Company training data (historical costs, labor rates, bid win/loss history) is used solely to calibrate AI estimates for your organization.

Data isolation:

  • All data is scoped to your organization ID. No cross-organization data access is possible through the API.
  • Company-specific AI skill files are loaded only for your organization's requests.
  • Anonymized, aggregated platform data (e.g., regional pricing trends) may be compiled in the future, but individual company data will never be identifiable.

Section 08

Data Retention

We retain data for as long as necessary to provide the service and comply with legal obligations:

  • Active account data — all project, bid, contact, and document data is retained for the duration of your active subscription.
  • After cancellation — account data is retained for 90 days after subscription cancellation to allow for reactivation. After 90 days, we begin permanent deletion.
  • Authentication logs — login attempt records are retained for 1 year for security auditing.
  • Error logs — system error records are auto-pruned after 30 days (resolved errors) or 1 year (unresolved).
  • Token usage records — AI usage data is retained for the duration of the subscription for billing transparency.
  • Uploaded documents — retained for the duration of the subscription. You may delete individual documents at any time through the portal.
  • Backup copies — server backups may retain data for up to 30 days beyond deletion requests.

You may request immediate deletion of your account and all associated data at any time (see Section 9).

Section 09

Your Rights (GDPR & CCPA)

Regardless of your location, you have the following rights regarding your data:

  • Access — request a copy of all personal and construction data we hold about your organization.
  • Correction — request correction of inaccurate or incomplete information.
  • Deletion — request permanent deletion of your account and all associated data, subject to any legal retention obligations (e.g., contractor licensing records).
  • Export — request a machine-readable export of your project data, contacts, bids, and credentials.
  • Restriction — request that we stop processing your data while a dispute is resolved.
  • Opt out — opt out of non-essential communications at any time by replying "unsubscribe" to any email.

For GDPR (EU/EEA residents):

  • Our legal basis for processing is contract performance (providing the Vernier service you subscribed to) and legitimate interest (security, fraud prevention).
  • You have the right to lodge a complaint with your local data protection authority.
  • Data transfers outside the EU are covered by standard contractual clauses with our service providers.

For CCPA (California residents):

  • We do not sell personal information as defined by the CCPA.
  • You have the right to know what data we collect, request deletion, and opt out of any future sale (though we do not sell data).
  • We will not discriminate against you for exercising your CCPA rights.

To exercise any of these rights, contact us at or (855) 562-8428. We will respond within 30 days. We do not charge a fee for reasonable requests.

Section 10

Children's Privacy

Vernier is a business-to-business platform directed at construction professionals and companies. We do not knowingly collect personal information from anyone under the age of 16. If you believe we have inadvertently collected information from a minor, contact us at and we will promptly delete it.

Section 11

Security

We implement industry-standard security measures to protect your data:

  • Encryption in transit — all data is transmitted over HTTPS/TLS. API calls to Anthropic and Stripe use encrypted connections.
  • Authentication — token-based authentication with 7-day expiry. Optional two-factor authentication (TOTP) available.
  • Rate limiting — login attempts are rate-limited to prevent brute-force attacks (max 10 attempts per 15 minutes per IP).
  • Security headers — X-Frame-Options, X-Content-Type-Options, Referrer-Policy, and Permissions-Policy headers are set on all responses.
  • Input validation — all user inputs are validated and sanitized server-side. SQL injection is prevented through parameterized queries.
  • Access control — all data queries are scoped to the authenticated user's organization. Role-based access separates admin and user permissions.
  • Audit logging — all authentication events and administrative actions are logged with timestamps and IP addresses.

No method of transmission over the internet is completely secure. We cannot guarantee absolute security, but we will notify affected customers within 72 hours in the event of a data breach that is likely to result in risk to your rights or interests.

If you discover a security vulnerability, please report it to before disclosing it publicly. We appreciate responsible disclosure.

Section 12

Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last Updated" date at the top of this page. If we make material changes — particularly to how AI processes your data or how we share information with third parties — we will notify all active subscribers by email at least 30 days before the changes take effect.

Your continued use of Vernier after a policy update constitutes acceptance of the revised policy. If you disagree with a material change, you may cancel your subscription and request deletion of your data.

Section 13

Contact Us

For questions, data requests, or concerns about this Privacy Policy or your data, contact us through any of the following:

Mailing Address
Aviat Group, LLC
PO Box 668
Onalaska, WA 98570
Email
Phone
(855) 562-8428
Response Time
Within 30 business days

This policy is governed by the laws of the State of Washington, without regard to conflict of law principles.

Questions About
Your Data?

Reach out directly. We'll give you a straight answer — no legal runaround, no waiting 60 days. Email or call and we'll respond promptly.

Email Privacy Team

Or call: (855) 562-8428