Privacy Policy

2.1 Information You Provide Directly

We collect information you provide when you register an account, subscribe to a plan, or interact with the Service, including:

• Account information: name, email address, password (encrypted), and company name.
• Billing information: payment card details and billing address (processed by Stripe; we do not store full card numbers).
• Profile information: professional background, investment focus, and preferences you optionally provide.
• User Data: property addresses, financial inputs, portfolio data, and other content you upload or enter into the platform.
• Communications: messages, support requests, and feedback you send to us.

2.2 Information Collected Automatically

When you use the Service, we automatically collect certain technical information, including:

• Log data: IP address, browser type, operating system, pages visited, timestamps, and referring URLs.
• Usage data: features accessed, searches performed, reports generated, and interaction patterns within the platform.
• Device information: device type, screen resolution, and hardware identifiers.
• Cookies and similar tracking technologies: session cookies, preference cookies, and analytics identifiers. See Section 8 for more detail.

2.3 Information from Third-Party Services

When you connect third-party services to the platform (such as bank accounts via Plaid, which is available in later platform phases), we may receive information from those services as authorized by you and subject to those services' own privacy policies. We collect only the minimum data necessary to provide the connected feature.

2.4 Information We Do Not Collect

We do not collect Social Security numbers, government-issued identification numbers, or consumer credit information. The Service is not a consumer credit product and is not governed by the Fair Credit Reporting Act from a data collection standpoint. Any distressed property signals or public records data surfaced by the platform are not used by the Company for consumer credit, insurance, or employment eligibility purposes.

4.1 Service Providers

We share information with trusted third-party service providers who assist us in operating the Service, subject to confidentiality obligations. These include:

• Stripe: payment processing. Stripe is PCI-DSS compliant and governed by Stripe's Privacy Policy.
• Clerk: user authentication and identity management.
• Resend: transactional email delivery.
• Cloudflare: infrastructure, content delivery, and security services.
• Supabase: database hosting and storage.
• Plaid (Phase 3): bank account data aggregation, when you optionally connect a financial account. Governed by Plaid's Privacy Policy.
• Data providers: ATTOM Data Solutions, RentRange, Rentometer, BatchLeads, and similar providers for property and market data.

4.2 Business Transfers

If the Company undergoes a merger, acquisition, reorganization, or sale of all or substantially all of its assets, your information may be transferred as part of that transaction. We will notify you by email and prominent notice on the Service at least 30 days before your information becomes subject to a materially different privacy policy, and you will have the opportunity to export or delete your data.

4.3 Legal Requirements

We may disclose your information if required to do so by law or in the good-faith belief that such disclosure is reasonably necessary to comply with a legal obligation, protect the rights or property of the Company, prevent fraud or illegal activity, or protect the personal safety of users or the public.

4.4 What We Do Not Do

We do not sell, rent, or lease your personally identifiable information to third parties for their marketing purposes. We do not share your User Data with data brokers or advertising networks.

7.1 General Rights

Depending on your jurisdiction, you may have rights including:

• Access: request a copy of the personal data we hold about you.
• Correction: request that we correct inaccurate or incomplete personal data.
• Deletion: request that we delete your personal data, subject to legal retention requirements.
• Portability: request your data in a machine-readable format.
• Opt-out: opt out of marketing communications at any time via the unsubscribe link in any marketing email.

7.2 California Residents (CCPA/CPRA)

California residents may have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), including the right to know what personal information is collected, the right to delete personal information, the right to opt out of the sale or sharing of personal information, and the right to non-discrimination for exercising these rights. To exercise these rights, contact us at [email protected].

7.3 Virginia, Colorado, and Other State Privacy Laws

Residents of Virginia, Colorado, Connecticut, and other states with applicable consumer privacy laws may have rights similar to those described above. To exercise any rights under applicable state law, contact us at [email protected].

7.4 How to Exercise Your Rights

To submit a privacy rights request, contact us at [email protected] with the subject line "Privacy Rights Request." We will respond within the timeframes required by applicable law (generally 45 to 90 days). We may ask you to verify your identity before processing your request.