Privacy Policy

Data we collect

• Account identifiers from Clerk (user ID, primary email).
• Payment metadata from Stripe (customer ID, transaction IDs, amounts). We never see your card number.
• Addresses and BBLs you search for, to generate reports and prevent abuse.
• Standard server logs (IP, user-agent, timestamps) retained ≤30 days.

Sub-processors

• Clerk — authentication.
• Stripe — payments.
• Neon — Postgres database hosting.
• Vercel — application hosting + edge network.
• Sentry — error monitoring (PII is scrubbed before ingestion).
• Resend — transactional email.

Property records & owner inquiries

Property record data shown in reports — building violations, ownership entries, sales history, tax assessments — is sourced from public NYC datasets and is not personal data under most US privacy laws. Property data is cached for up to 6 hours from upstream NYC datasets. If you are a property owner who believes specific information is incorrect, please contact the originating agency (HPD, DOB, OATH, DOF, ACRIS) for correction; we will refresh from upstream within 6 hours of the agency update. We do not retain or publish data outside what NYC's open-data portals already make publicly available.

Your rights (account holders)

Account holders may request a copy of their account data or deletion of their account by contacting the address below. California (CCPA) and New York SHIELD Act rights are honored. We aim to respond within 30 days.

Cookies

We use essential cookies only (authentication session, locale preference, Stripe fraud prevention). We do not use advertising or cross-site tracking cookies. See our Cookie Notice (/legal/cookies) for the full list.