DAERO Logo

Privacy Policy

Last updated on April 18th, 2025.

At DAERO, we prioritize protecting the personal and project-related information that you share with us. This Privacy Policy explains how we collect, use, share, and safeguard information through our website and through ZeroPunch, our iOS app, which enables construction professionals to capture photos, audio notes, and location markup on digital floor plans to instantly generate punch tasks and site documentation.


By using our Services, including the ZeroPunch app and any related software or tools (collectively, the “Services”), you consent to the practices described in this Privacy Policy.

Information Collection

We collect information in the following categories:

A. Information You Provide: Account details such as name, email, company, and role are collected when you register.

B. Project and Media Data: Content you upload through the app, such as photos, audio recordings, notes, and project-related information.

C. Location Markup: Coordinates that are marked directly onto floor plans by a user, and no GPS data is collected.

D. Technical Information:

  • Log and usage data: Includes IP address, device type, operating system, app version, and interactions within the app.
  • Crash reports and diagnostics to improve performance and troubleshoot issues.

E. Analytics: We utilize analytics tools within our app to analyze usage patterns and implement technical improvements to enhance the user experience.

Information Security

Database Security (Supabase):

All user accounts, project metadata, and associated logs are stored in a PostgreSQL database hosted via Supabase, which supports enterprise-grade encryption standards. Specifically:

  • Encryption at Rest: All database records are encrypted using AES-256 encryption, ensuring that data is unreadable without proper access credentials.
  • Encryption in Transit: All communication between our application and Supabase services is secured using TLS 1.2+, protecting data from interception during transfer.
  • Row-Level Security (RLS): We enforce fine-grained access controls using Supabase’s RLS policies, ensuring that users can only read or modify data that belongs to their authenticated account or team.
  • Access Control: Database access is strictly limited to authorized application endpoints and administrators with multi-factor authentication (MFA).

Media Storage Security (AWS S3):

All image and audio content captured in ZeroPunch is stored in Amazon Web Services (AWS) S3 buckets, a trusted and widely-used platform for secure object storage. Our media storage policies include:

  • Private Buckets by Default: Uploaded media is stored in non-public buckets, meaning files cannot be accessed via URL unless specifically authorized by our app.
  • Access Tokens & Signed URLs: ZeroPunch uses time-limited, signed URLs to grant access to media files for authenticated users, ensuring that even temporary access is secure.
  • AES-256 Encryption: AWS S3 automatically encrypts data at rest using AES-256, and all data in transit to and from AWS is encrypted with SSL/TLS.

Data Isolation & Organizational Controls:

All user data is logically isolated per organization and account. Each company using ZeroPunch can only view and manage its own data. Any media, notes, or task data captured in-app remains strictly scoped to that user’s organization / user group.

Incident Response:

We monitor our systems for unusual activity and maintain protocols to investigate and respond promptly to security issues. Users will be notified if their data is ever at risk due to a verified incident.

Contacting us

For questions, data access, or deletion requests, please contact us by email at team@daerogroup.com