Last updated: May 30, 2026
GumTape is designed with data ownership in mind. You can bring your own database, keeping your data on infrastructure you control. We do not access, sell, or share your organizational data.
GumTape collects only the information necessary to provide its work order management functionality. This includes user accounts (name, email, role), work order details, comments, attachments, time entries, and audit logs. All data is stored locally in your database.
All data is stored in your chosen database (SQLite or Turso). No data is transmitted to external services unless explicitly configured by the deploying organization (e.g., email notifications via SMTP).
GumTape uses role-based access control to ensure users only access data relevant to their role. Coordinators, technicians, and reporters each have distinct permission boundaries enforced at the application level.
Every change within GumTape is logged with comprehensive audit records including the user, timestamp, and before/after values. This provides full traceability for compliance and accountability purposes.
Uploaded photos and attachments are stored on the local filesystem of your deployment. No files are sent to third-party cloud storage unless you configure an external storage driver.
As the deploying organization, you have full control over all data. You may export, modify, or delete any data at any time through the application or directly through the database.
GumTape follows security best practices including password hashing, CSRF protection, input validation, and parameterized database queries. We recommend deploying behind HTTPS and keeping the application updated.
For questions about privacy and security, please reach out through the Request Demo page.