Legal

Privacy Policy

Version 2.5 — July 2, 2026 StruxOS Inc., d/b/a MulchManagers Applies to: https://mulchmanagers.com

This Privacy Policy explains how StruxOS Inc., d/b/a MulchManagers ("StruxOS," "we," "us," or "our") collects, uses, shares, protects, and retains information when you visit our website, use the Platform, communicate with us, or otherwise interact with our Services.

1. Introduction

1.1 Who we are

StruxOS operates MulchManagers, a B2B procurement coordination platform for commercial landscaping services. This Privacy Policy applies to website visitors, Customers, Vendors, Users acting on behalf of Organizations, and people who communicate with us about the Platform.

1.2 Scope of this policy

This Privacy Policy covers information we collect online and offline in connection with the Platform and Services. It does not apply to information that Customers and Vendors exchange outside the Platform except to the extent that information is later submitted to or documented in the Platform.

1.3 Related documents

Our Customer Terms of Service, Vendor Participation Agreement, Acceptable Use Policy, and public Subprocessor List provide additional detail about how the Platform operates. If you access the Platform as part of an Organization, your use is also subject to the agreement that applies to that Organization.

2. Definitions

For purposes of this document, the following definitions apply:

2.1 "Bid"

"Bid" means a written offer submitted by a Vendor through the Platform in response to an approved CSOW or Quote Request, including pricing, schedule, deposit terms, payment terms, and related commercial terms.

2.2 "Content"

"Content" means information, data, documents, files, images, messages, photographs, and other materials submitted to, stored in, or generated through the Platform by a User or Organization.

2.3 "CSOW"

"CSOW" means the Commercial Scope of Work generated, approved, or managed through the Platform for a specific Project, including scope details, requirements, documentation standards, and any incorporated commercial terms.

2.4 "Customer"

"Customer" means an Organization that uses the Platform to request, compare, award, manage, or document commercial landscaping work for one or more Properties.

2.5 "Ops"

"Ops" means StruxOS personnel or authorized representatives who administer the Platform, onboard users, verify credentials, generate CSOWs, monitor Projects, and provide operational support.

2.6 "Organization"

"Organization" means the business entity, management company, ownership group, landscaping company, or other legal person on whose behalf a User accesses or uses the Platform.

2.7 "Personal Data"

"Personal Data" means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with an identified or identifiable person.

2.8 "Platform"

"Platform" means the MulchManagers website, applications, workflows, communications, and related services operated by StruxOS Inc., d/b/a MulchManagers, including the tools used to create Quote Requests, generate CSOWs, invite bidding, compare Bids, manage Projects, and maintain the system of record.

2.9 "Project"

"Project" means a specific landscaping job initiated through the Platform, from Quote Request through award, performance, documentation, acceptance, deficiency handling, and related closeout.

2.10 "Property"

"Property" means a physical site or asset record managed in the Platform for which a Customer seeks or manages services.

2.11 "Quote Request"

"Quote Request" means a request submitted through the Platform for commercial landscaping services at a Property, whether entered by a Customer directly or created by Ops on the Customer's behalf.

2.12 "Sensitive Data"

"Sensitive Data" means Personal Data that applicable law treats as sensitive, including government identifiers, financial account information, precise geolocation, biometric data, health data, and other categories designated by law.

2.13 "Services"

"Services" means the software, workflows, support, verification, documentation, and related functionality that StruxOS makes available through the Platform.

2.14 "StruxIQ"

"StruxIQ" means the Platform's intelligence layer, including weather-based risk analysis, normalized comparisons, benchmarks, and anonymized market insights derived from Platform data.

2.15 "User"

"User" means an individual authorized by an Organization to access or use the Platform on that Organization's behalf.

2.16 "Vendor"

"Vendor" means an Organization approved to participate in the Platform's credentialed vendor network and to submit Bids or perform Projects.

3. Information We Collect

3.1 Information you provide directly

Depending on how you use the Platform, we may collect:

  • Account and profile details such as name, email address, phone number, company name, role, and Organization affiliation
  • Property information such as property names, addresses, property types, notes, and related site details
  • Business documents such as insurance certificates, business licenses, W-9 forms, workers compensation records, and related credential files
  • Transaction data such as Quote Requests, CSOWs, Bids, bid inquiries and responses, award records, project status changes, invoice records, acceptance records, and deficiency records
  • Project documentation such as photographs, video (when supported), delivery receipts, completion records, and related supporting materials
  • Communications you send to us through the Platform, email, or support channels

3.2 Information collected automatically

When you use the Site or Platform, we may automatically collect certain technical and usage information, including:

  • IP addresses used for security, legal acceptance audit trails, and fraud prevention
  • Device, browser, and session information
  • Authentication and account session data provided through our identity provider
  • Error and performance telemetry collected through monitoring tools, with PII redaction enabled where configured
  • System logs and security events

3.3 Information derived from your data

We may derive information from the information you provide, including:

  • Geocoded coordinates derived from Property addresses for weather-based risk analysis and location-dependent features
  • Normalized bid comparisons, vendor benchmarks, seasonal patterns, and similar StruxIQ outputs
  • Anonymized, non-identifiable aggregate insights used for market intelligence, analytics, and product improvement

3.4 Information from third parties

We may receive information from third parties, including:

  • Basic authentication and profile information from Google when a User chooses Google OAuth sign-in
  • Credential or communication metadata from the service providers listed in our Subprocessor List
  • Administrative or onboarding information provided by an Organization or Ops about its authorized Users

3.5 Information we do not intentionally collect

At launch, we do not intentionally collect Social Security numbers, payment card numbers, bank account numbers, biometric data, or health data through the Platform. We do not knowingly collect Personal Data from children under 18. If integrated payments are activated, payment card and bank account details will be collected and held by our payment processor, not by StruxOS; we will receive payment metadata such as amounts, status, timing, and tokenized or truncated identifiers. When our mobile applications are released (a field application for Vendor crews and a mobile experience for Customers), the Vendor field application may collect location-verified milestone documentation data (for example, photo geofencing at project start and completion), timestamps, and photo and video documentation of work performed, which may be treated as precise geolocation under applicable law. Location data collected during active project sessions is used for site-presence verification, is visible to StruxOS operations personnel, and is shared with Customers only as presence-window confirmations (arrival and departure), not as continuous location tracking; the Customer mobile experience displays project information and documentation and is not expected to collect precise geolocation.

4. How We Use Information

We may use Personal Data and related information to:

  • Provide, operate, secure, and support the Platform and Services
  • Create Quote Requests, generate and manage CSOWs, coordinate bidding, and maintain project records
  • Verify Vendor credentials and administer the credentialed Network
  • Deliver StruxIQ features such as weather-based risk analysis and normalized comparisons
  • Send transactional communications such as invitations, welcome emails, project updates, award notices, deficiency notices, and support responses
  • Monitor performance, diagnose errors, investigate incidents, prevent fraud, and improve reliability
  • Enforce our agreements and policies
  • Comply with law, respond to lawful requests, and protect rights and safety
  • Develop, analyze, and improve the Platform using anonymized, non-identifiable aggregate information

At launch, our communications are transactional only. We do not currently send marketing newsletters through the Platform.

5. How We Do Not Use Information

We do not:

  • Sell Personal Data to third parties
  • Share Personal Data with advertisers
  • Use Personal Data for targeted advertising
  • Share Vendor pricing data with competing Vendors
  • Use identifiable Customer or Vendor data to train AI models without explicit consent
  • Knowingly publish aggregate insights in a form that identifies, or is reasonably likely to identify, a specific user, vendor, customer, or transaction

6. Data Ownership

6.1 Ownership and system of record

Customers own Customer data. Vendors own Vendor data. The Platform is the system of record for transactions conducted through it. StruxOS may use Customer and Vendor data as needed to operate, secure, support, and improve the Platform, and may aggregate and use anonymized, non-identifiable data for market intelligence, benchmarking, analytics, and product improvement. StruxOS does not acquire ownership of identifiable Customer or Vendor data by hosting or processing it.

6.2 Operational license

Each Organization grants StruxOS a limited, non-exclusive, worldwide, revocable license to host, store, copy, process, transmit, and display its Content only as needed to provide the Platform, maintain security and audit trails, support Users, comply with law, enforce our agreements, and create anonymized, non-identifiable aggregate outputs.

6.3 Additional rights and export

We do not sell Personal Data, share it with advertisers, or use identifiable Customer or Vendor data for targeted advertising. We do not use identifiable Customer or Vendor data to train AI models without explicit consent. Upon account termination, an Organization may request an export of its data in a machine-readable format, subject to verification, legal retention requirements, and the rights of other parties in shared transaction records. Data practices are described throughout this Privacy Policy.

7. Data Sharing and Disclosure

7.1 Sharing within the Platform

We share information within the Platform as needed to support a transaction and keep the system of record complete. For example:

  • Before award, Vendors may see the Property identity and location information reasonably necessary to prepare a Bid
  • Customers may see the identities and submitted Bid details of Vendors responding to their requests
  • Competing Vendors do not see one another's bids or pricing
  • After award, Customers and Vendors may see the contact and project information needed to coordinate performance and documentation

7.2 Service providers and subprocessors

We use service providers to host, secure, authenticate, monitor, geocode, and support the Platform. Our current and planned subprocessors are listed at https://mulchmanagers.com/subprocessor-list. Those providers process data only as needed to perform services for us, subject to their contracts and applicable law.

7.3 Legal and safety disclosures

We may disclose information if we reasonably believe disclosure is required by law, court order, subpoena, regulation, or lawful governmental request, or if disclosure is reasonably necessary to protect the rights, property, safety, or security of StruxOS, our users, or others.

7.4 Business transfers

If StruxOS is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, information may be transferred as part of that transaction, subject to applicable law and any required notice.

7.5 Sharing with consent

We may share information for other purposes with your direction or consent.

8. Data Security

We use administrative, technical, and physical safeguards designed to protect information appropriate to the nature of the data and the Platform. These measures include:

  • Encryption in transit using TLS 1.2 or higher
  • Encryption at rest for core database and object storage systems
  • Role-based access controls and organization-level data segregation
  • Cross-organization isolation designed to avoid revealing whether records exist outside an authorized scope
  • Audit trails for legal acceptances, approvals, awards, and credential reviews
  • Automated backups and recovery tooling
  • Error monitoring with PII redaction enabled where configured
  • Soft-delete and retention workflows rather than immediate hard deletion in ordinary operations
  • Authentication controls such as SSO support, session management, and multi-factor authentication availability

No security program can guarantee absolute security, but we work to maintain reasonable and appropriate safeguards.

9. Data Retention

9.1 Active accounts and operational records

We retain Personal Data and business records for as long as needed to provide the Platform, maintain a reliable system of record, support ongoing Projects, and fulfill the purposes described in this Privacy Policy.

9.2 Standard retention periods

Unless a longer period is required by law or justified by a legitimate business need, we generally retain:

  • Transactional and accounting-related records for up to 7 years
  • Audit-trail records for the life of the Platform or as long as reasonably necessary to preserve legal and security history
  • Anonymized, non-identifiable aggregate data indefinitely
  • Support and security records for reasonable operational periods based on risk, system integrity, and dispute resolution needs

9.3 Terminated accounts and deletion timing

After account termination, we generally aim to delete or de-identify identifiable data within 90 days, subject to legal retention obligations, backup cycles, dispute resolution needs, fraud prevention, shared transaction records, and legitimate business purposes. Because we use soft-delete and archival workflows, some records may remain inaccessible but not immediately erased during the applicable retention window. Data that has been de-identified so that it can no longer reasonably be linked to an identified or identifiable person is no longer Personal Data and may be retained and used in that form.

10. Your Rights

10.1 Rights requests

Subject to verification, applicable law, and legal exceptions, you may request that we:

  • Confirm whether we process your Personal Data
  • Provide access to the Personal Data we maintain about you
  • Correct inaccurate Personal Data
  • Request deletion of Personal Data, which we fulfill through deletion or de-identification consistent with Section 9.3 (the Platform uses retirement and de-identification workflows rather than immediate physical erasure, subject to legal retention and audit-trail obligations)
  • Export your Personal Data in a machine-readable format
  • Stop sending you non-essential communications

10.2 California-aware rights language

If you are a California resident, you may also have rights to know more detail about the categories, sources, uses, and disclosures of your Personal Data; to opt out of the sale or sharing of Personal Data; to correct inaccurate information; and to limit certain uses of Sensitive Data where applicable. At this time, we do not sell or share Personal Data for targeted advertising.

10.3 Sensitive Data and precise geolocation

Where we collect Sensitive Data, including precise geolocation in connection with future field-app functionality, we use it only for the purposes described in this Privacy Policy, to provide requested services, to maintain security and auditability, or as otherwise permitted by law.

10.4 How to exercise your rights

To submit a request, email privacy@mulchmanagers.com. We may ask for information needed to verify your identity and authority. We will respond to verified requests within 30 days unless a different period is permitted or required by law.

10.5 Non-discrimination

We will not unlawfully discriminate against you for exercising applicable privacy rights, although some Services and records cannot function if required data is deleted or no longer available.

11. Cookies and Tracking Technologies

11.1 Essential cookies and session technologies

We use essential cookies and similar technologies needed to authenticate users, maintain sessions, secure the Platform, and remember core settings. These technologies are necessary for the Platform to work.

11.2 Error monitoring and operational telemetry

We use monitoring and logging tools to diagnose problems, understand performance issues, and protect system integrity. Those tools are configured to minimize or redact personally identifiable information where reasonably practicable.

11.3 Analytics

At launch, we do not run live product analytics beyond essential operational logging and error monitoring. If we later activate analytics tools such as PostHog, we will update this Privacy Policy and provide any notice or choices required by law.

11.4 No advertising cookies

We do not use advertising or retargeting cookies.

11.5 Global Privacy Control

Where applicable, we treat a browser-based Global Privacy Control signal as a valid request to opt out of sale or sharing. Because we do not sell or share Personal Data for targeted advertising at this time, our current practices are already aligned with that signal.

12. Children's Privacy

The Platform is designed for business use by adults and business organizations. We do not knowingly collect Personal Data from children under 18. If we learn that we have collected such data without appropriate legal basis, we will take reasonable steps to delete it.

13. International Data

The Platform is hosted in the United States. If you access the Platform from outside the United States, you understand that your information will be transferred to, stored in, and processed in the United States. We do not currently market the Platform primarily to users outside the United States.

14. Modifications

StruxOS may update this document from time to time. If we make a material change, we will provide at least 30 days' notice by email to registered users, by notice on the Platform or Site, or both, unless a shorter period is required for legal, security, or operational reasons. The version number and effective date will be updated when a change is published. Continued use of the Platform after the effective date of an updated document constitutes acceptance of the updated document. For some material changes, we may require renewed clickwrap acceptance before continued use. Capabilities described in this document as future or upon-activation (such as integrated payments and mobile applications) take effect only when activated, and the provisions describing them apply from activation.

15. Contact Information

StruxOS Inc., d/b/a MulchManagers 997 Morrison Dr, Charleston, SC 29403 Privacy and legal: privacy@mulchmanagers.com Support: support@mulchmanagers.com Website: https://mulchmanagers.com

---