Privacy Policy

Account information. When you register, we collect your email address and password (stored as a secure hash). If you provide it, we also collect your name and phone number for SMS alerts.

Organization and property data. We collect the information you enter about your organization, properties, compliance services, inspection events, maintenance tasks, and uploaded documents. This data is central to providing the Service.

Payment information. Subscription payments are processed by Paddle. We do not store your payment card details. We receive and store a customer ID and subscription ID from Paddle to manage your subscription status.

Usage data. We automatically collect certain information about how you interact with the Service, including pages visited, features used, and timestamps of activity. This helps us improve the product.

Device and browser information. We may collect your IP address, browser type and version, operating system, and device identifiers for security and analytics purposes.

Communications. If you contact our support team, we retain those communications to help resolve your issue and improve our service.

We use the information we collect to:

• Create and manage your account and organization.
• Provide, operate, and improve the Service.
• Send compliance alerts, maintenance reminders, and weekly digest emails you have opted into.
• Send SMS notifications if you have enabled them and provided a phone number.
• Process subscription payments and manage billing.
• Communicate important updates about the Service, including changes to these policies.
• Detect, investigate, and prevent fraud, abuse, or security incidents.
• Comply with our legal obligations.

We do not sell your personal information to third parties. We do not use your property data for advertising purposes.

Storage location. Your data is stored on Supabase (a managed PostgreSQL database platform) hosted on cloud infrastructure in the United States. Document files are stored in Supabase Storage.

Row-level security. Our database enforces row-level security (RLS) policies so that each account can only access its own data. Authenticated API calls are scoped to the requesting user’s organization by design.

Encryption. Data is encrypted in transit using TLS 1.2 or higher. Data at rest is encrypted by our infrastructure provider.

Access controls. Access to production systems is restricted to authorized personnel. We use least-privilege principles for all internal access.

Despite these measures, no system is completely secure. We cannot guarantee the absolute security of your information and encourage you to use a strong, unique password for your account.

We use the following third-party service providers to operate the Service:

• Supabase — Database and file storage. Data is processed in accordance with Supabase’s Privacy Policy.
• Paddle — Payment processing and subscription management. Paddle processes payment card information under their own privacy policy and PCI-DSS compliance.
• Vercel — Application hosting and edge infrastructure.
• Email / SMS provider — Used to send compliance alerts and account notifications.

We share only the minimum information necessary with each provider to fulfill the stated purpose.

Authentication cookies. We use session cookies to keep you logged in. These are essential for the Service to function and cannot be disabled.

Analytics. We may use privacy-respecting analytics tools to understand aggregate usage patterns. We do not use advertising trackers or fingerprinting.

You can control cookies through your browser settings. Disabling cookies may prevent you from logging into the Service.

We retain your account and property data for as long as your account is active or as needed to provide the Service. When you cancel your subscription:

• Your data remains accessible until the end of your paid billing period.
• After access expires, your data is retained for an additional 30 days before being permanently deleted.
• You may request earlier deletion by contacting us at support@prop-compliance.com.

We may retain certain information longer if required by law or to resolve disputes.

Depending on your location, you may have the following rights regarding your personal data:

• Access. Request a copy of the personal data we hold about you.
• Correction. Request correction of inaccurate or incomplete data.
• Deletion. Request deletion of your account and associated data. You can initiate this from Settings → Delete Account, or by contacting us.
• Portability. Request an export of your data in a machine-readable format.
• Opt-out of communications. Unsubscribe from non-essential emails at any time via your notification preferences or the unsubscribe link in any email.

To exercise any of these rights, contact us at support@prop-compliance.com. We will respond to your request within 30 days.

The Service is not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have inadvertently collected such information, please contact us and we will promptly delete it.

Your data may be processed in the United States or other countries where our service providers operate. By using the Service, you consent to the transfer of your data to these countries, which may have different data protection laws than your home country.

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or via a notice within the Service at least 14 days before the changes take effect. The “Last updated” date at the top of this page reflects the most recent revision.

Your continued use of the Service after the effective date of the revised Privacy Policy constitutes your acceptance of the changes.

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

PropCompliance
Email: support@prop-compliance.com

For residents of the European Economic Area, you also have the right to lodge a complaint with your local data protection authority.