Privacy Policy for PropTech Metrics

Introduction

PropTech Metrics (the “Service”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, share, and safeguard personal information in connection with the Service. It also outlines your rights regarding your personal data. By using the Service, you agree to the data practices described in this Policy.

1. Information We Collect

Personal Information You Provide

We collect personal information that you voluntarily provide to us when registering for an account, requesting API access, contacting us, or using our Service. This may include:

• Contact Data: Your name, email address, phone number, mailing address, company/organization name, or other contact details.
• Account Credentials: Username and password that you create for account registration (stored in encrypted form).
• Payment Information: If you make a purchase or subscribe to a paid plan, we may collect billing details such as billing address. Payment card information (e.g. credit card number) is not stored on our servers; it is handled securely by our payment processor (e.g. Stripe).
• Communications: Any personal information you provide when you contact us (for example, when you send support inquiries or feedback).

We do not intentionally collect any sensitive personal information such as Social Security numbers, driver’s license numbers, financial account numbers, or biometric data. If you choose to provide such sensitive data, we will treat it securely but we discourage submitting it as it’s not needed for our Service.

Information Collected Automatically

When you use our website or AI assistant, certain data is collected automatically about your device and usage:

• Usage and Log Data: We log details about how you interact with the Service, such as pages or endpoints accessed, queries run, date and time of access, and referring website. For example, if you use the AI assistant or make API calls, our servers may record the request details and results for logging and rate-limiting purposes.
• Device/Browser Information: We collect technical information about your device, browser and operating system, such as your IP address, device type, browser type, screen size, and operating system version. This may also include general location information inferred from your IP (e.g. city or region). This data helps us with debugging, analytics, and preventing fraud.
• Cookies & Tracking Technologies: We use cookies and similar technologies to remember your preferences and track your use of our Service. Cookies are small text files stored on your browser. For instance, we may use cookies to keep you logged in, or to collect aggregate analytics about site traffic. You can configure your browser to refuse cookies, but some features of the Service may not function properly without them.

Information from Public Records and Third Parties

In order to provide our real estate data services, we collect property-related information from public sources and third-party data providers. This includes public data property records (e.g. assessor and recorder data) containing property addresses, parcel numbers, property characteristics (size, bedrooms, etc.), tax assessments, sales history, and ownership information (property owner names). These records are lawfully obtained from government databases or open data sources. Most of this data pertains to properties, not individuals; however, owner names and similar details may be considered personal information. Because this information is publicly available by law, we include it in our Service to offer comprehensive property metrics. We may also obtain supplemental data from reputable third-party vendors to enrich our database (for example, updated property characteristics or market analytics). Any such third-party data will be used in accordance with applicable data licenses and privacy laws.

2. How We Use Your Information

We use the collected information for the following purposes:

• Providing and Improving the Service: We process your information to deliver the features you request – for example, returning property data for your queries, or enabling API functionality. We also use data to maintain and improve the Service’s performance, accuracy, and usability. This includes using usage data and feedback to debug issues, train algorithms (in aggregated/anonymized form), and develop new features.
• Account Management and Customer Support: Personal info you provide (like contact details and account credentials) is used to create and manage your account, authenticate you, and communicate with you. For example, we use your email to send account confirmations, important service announcements, or to respond to inquiries you send us.
• Payments and Transactions: If you make purchases or subscribe to paid plans, we use your information to process those transactions (via our third-party payment processor) and to manage billing (e.g. sending invoices or receipts). Payment card data is processed securely by our payment partner and not stored by us.
• Communications and Marketing: We may send you service-related communications (such as system updates or security alerts). If you are an account holder or have subscribed to updates, we may occasionally send newsletters or product announcements that we believe are of interest to you. You can opt out of marketing emails at any time by using the unsubscribe link provided. We will only send you promotional communications in accordance with applicable law (for example, for EU users, we rely on your consent to send marketing emails).
• Analytics and Product Development: We use aggregated usage data, cookies, and analytics tools (like Google Analytics) to understand how our Service is used. This helps us analyze user behavior, measure the effectiveness of features, and optimize user experience. For example, we might analyze which questions are commonly asked to improve the AI’s responses, or see overall traffic patterns to plan infrastructure needs. Where possible, we use anonymized or aggregated data for these purposes rather than personal data.
• Security and Fraud Prevention: Your information (especially technical and log data) is also used to protect the Service and its users. We monitor for suspicious activity, enforce our terms of use, prevent abuse (such as scraping or excessive usage), and attempt to detect and prevent fraud or unauthorized access. For instance, IP addresses may be used to rate-limit requests or block malicious actors.
• Legal Compliance: We may process and retain your information as needed to comply with applicable laws, regulations, legal processes or governmental requests. For example, to respond to a subpoena or to fulfill financial record-keeping obligations. We also may use or disclose information to enforce our agreements or protect our rights (or the rights of other users) in the event of a dispute or legal issue.

We will not use personal information for purposes that are incompatible with those above without your consent. If we need to use your data for a new purpose, we will update this Policy or obtain consent as required.

3. Legal Bases for Processing (EU/UK Users)

If you are located in the European Economic Area (EEA) or United Kingdom, we rely on the following legal grounds under GDPR for processing your personal data (note: our primary user base is U.S., but we include this for completeness):

• Performance of a Contract: We process personal information to provide the Service as per our contract with you (e.g. our Terms of Use). For example, when you request property data or use the AI assistant, we process your queries and account data to deliver results.
• Legitimate Interests: We may process data as needed for our legitimate business interests, such as improving the Service, securing our platform, and communicating with users. We balance these interests against your data protection rights.
• Consent: For certain optional uses, we rely on your consent. For instance, if you sign up to receive a newsletter or if we ever use cookies beyond essential purposes, we would seek consent. You have the right to withdraw consent at any time.
• Legal Obligation: In cases where we have a legal duty to retain or disclose data (e.g. for tax law or law enforcement), we process data to comply with those obligations.

4. How We Share and Disclose Information

We do not sell your personal information to third parties. However, we may share information in the following circumstances, to run our business and provide our services:

Service Providers

We share information with trusted third-party service providers who perform functions on our behalf under contractual agreements. This includes:

• Hosting and Infrastructure: Providers of cloud storage, databases, and servers (e.g. Amazon Web Services) that store or process our data.
• Payment Processors: For handling billing transactions (e.g. Stripe for credit card processing) – your payment data is transmitted securely to these processors.
• Analytics Services: Platforms like Google Analytics that help us understand usage of our Service. These services may set cookies or collect device identifiers to generate aggregate usage statistics. (You can opt out of Google Analytics as described in our Cookie Notice or via browser settings.)
• Email/Communication Tools: Services we use to send emails or support communications (for example, an email newsletter service or customer support ticketing system).
• AI/ML Service Providers: Artificial intelligence engines that power our AI assistant. Notably, when you interact with the PropTech Metrics AI assistant, your queries (which may include personal data you input) and the assistant’s responses are processed by third-party AI providers such as OpenAI. We share your prompts and necessary context with these providers in order to generate answers. These AI providers process the data under their own terms and privacy policies, which we ensure are compatible with our standards. Please do not include sensitive personal information in your AI queries.

All service providers are only given the information necessary to perform their functions, and they are contractually obligated to keep your information confidential and use it only for the specified purposes.

Business Transfers

If we are involved in a merger, acquisition, investment financing, due diligence, reorganization, bankruptcy, receivership, or sale of company assets, your information may be disclosed to or transferred as part of that transaction. Should such a transfer occur, the successor entity will be bound by terms that are at least as protective of your privacy as this policy.

Legal Compliance and Protection

We may disclose information about you if required to do so by law or in the good-faith belief that such action is necessary to (a) comply with legal obligations or respond to valid legal process (e.g., a court order, subpoena, or government demand); (b) protect our rights or property, or the safety of our users, ourselves, or others; or (c) investigate and defend against any third-party claims or allegations.

With Your Consent

We will share your personal information with others for purposes outside of the above only when we have your explicit consent to do so. For example, if you opt in to a feature that requires sharing data with a partner, we will disclose your information as needed with your permission.

We strive to limit the personal data we share and will anonymize or aggregate data before sharing it whenever feasible (for instance, sharing aggregated usage statistics that do not identify individuals).

5. Cookies and Tracking Technologies

As noted, we use cookies and similar tracking technologies to enhance user experience and gather analytics. When you visit our site or use the Service:

• Cookies: We may place a few cookies in your browser. For example, a session cookie to keep you logged in, preference cookies to remember settings, and analytics cookies to track usage. These cookies do not contain sensitive personal info, but they may uniquely identify your browser. You can delete or block cookies via your browser settings; however, some features (like staying logged in) might not work without them.
• Do Not Track: Your browser or device may allow you to send a "Do Not Track" signal. Currently, there is no universal standard for handling DNT signals, and our site does not respond to these signals. We treat all users equally, and will update this policy if an industry standard for DNT is established in the future.
• Third-Party Tracking: Third-party services (like Google Analytics) may use cookies or pixels on our site to collect information about your online activities across this and other sites, for analytics and sometimes ad personalization. You can generally opt-out of Google Analytics data collection using the Google Analytics Opt-out Browser Add-on. For other third-party advertising or tracking, refer to the specific company’s opt-out methods. We do not share personally identifiable information with advertisers, nor do we serve targeted ads at this time, but analytics providers may automatically receive certain technical data as described above.

6. AI and Automated Decision-Making

Our Service includes AI-powered features (such as the custom GPT assistant). When you use these features, the content you input (questions, prompts, etc.) will be processed by machine learning algorithms to generate responses.

Use of AI Services

We utilize third-party AI providers (e.g., OpenAI’s language models) to power these features. This means that your inputs and the AI’s outputs may be transmitted to and temporarily stored by these providers. We ensure such providers have appropriate data safeguards and adhere to privacy requirements. The AI processing is automated; responses are generated without human review, so please do not rely on the AI for advice that should be provided by a licensed professional. We do not use AI to make legally significant decisions about individuals – the AI is simply a tool for information retrieval and analysis.

We may log AI interactions for the purposes of improving our services, but any personal data in those logs is handled per this Policy. By using the AI features, you agree not to input personal or sensitive information that is not necessary for your query, and you accept that your input may be seen by our AI service provider purely for the purpose of returning the answer.

7. Data Retention

We retain personal information for as long as necessary to fulfill the purposes outlined in this Policy, unless a longer retention period is required or permitted by law. For example:

• Account information (like your registration details) is kept for as long as you maintain an account with us. If you delete your account or it becomes inactive, we will remove or anonymize this data after a reasonable period, except for information we are required to keep for legal compliance or legitimate business purposes.
• Transaction records (payments, invoices) are retained as long as needed for financial reporting and audits.
• Log data and backups are typically rotated and deleted periodically (for instance, server logs might be kept for a few months for security analysis and then purged).
• Property record data (public real estate data) is updated periodically and retained indefinitely for our service accuracy (since it’s non-user-provided reference data). Personal information contained in those public records (e.g. historical owner names) may be retained as part of those records in accordance with the law’s allowances for publicly available data truevault.com.
• If you communicate with us (e.g., email support), we may retain those communications as long as needed to address your issue and improve our services.

When we have no ongoing legitimate need or legal obligation to keep your personal information, we will securely delete it or anonymize it. If deletion is not immediately feasible (e.g., stored in backups), we will isolate and securely store the data until deletion is possible.

8. Data Security

We take reasonable measures to protect your information from unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of sensitive data in transit (TLS/HTTPS encryption for all interactions with our website and API) and at rest where applicable.
• Secure cloud infrastructure with firewalls and access controls. For example, our databases are secured and accessible only by authorized processes.
• Regular software updates and security patches to mitigate vulnerabilities.
• Internal policies to limit access to personal data: only employees or contractors with a need to know (for example, for support or development) can access user data, and they are bound by confidentiality obligations.
• Monitoring for security incidents and having incident response plans in place.

However, please note no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your personal data, we cannot guarantee absolute security. You should also take precautions, such as keeping your account credentials confidential and logging out after use. If you suspect any unauthorized access to your account or data, contact us immediately.

9. Children’s Privacy

Our Service is not intended for children under the age of 18, and we do not knowingly collect personal information from anyone under 13 years of age. If you are under 18, you should not use this Service or submit personal information. In the event we learn that we have inadvertently collected data from a child under 13, we will promptly delete such information. Parents or guardians who believe we might have information about a minor may contact us to request deletion.

10. Your Privacy Rights

Depending on your jurisdiction, you have certain rights regarding your personal information:

California Residents

If you are a California resident, you are protected by the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA). Subject to verification of your identity, you have the right to:

• Know/Access: You can request details about the personal information we have collected about you and how we use and share it.
• Delete: You can request that we delete personal information we have collected from you (with some exceptions, such as information we are legally required or allowed to maintain – for example, records from public sources may be exempt from deletion requests truevault.com).
• Correct: You can request correction of inaccurate personal information that we hold about you.
• Opt-Out: You can opt-out of the “sale” or “sharing” of your personal information. Note: We do not sell personal data to third parties for monetary value, and we do not share personal data for cross-context behavioral advertising. If in the future we considered doing so, we would provide a clear opt-out mechanism.
• Non-Discrimination: We will not discriminate against you for exercising any of these rights (e.g., denying service or charging different prices).

To exercise California rights, you (or an authorized agent acting on your behalf) can send us a request via the contact methods below. We will verify your identity through your account or by requesting additional information. Once verified, we will respond within the timeframe required by law. For certain requests, we may decline or limit the response as permitted by law (for example, if we cannot verify you or if the information is exempt). We will explain any denial or exemption.

California "Shine the Light": California Civil Code §1798.83 permits users who are California residents to request information about our disclosures of certain categories of personal data to third parties for their direct marketing purposes in the preceding year. As noted, we do not disclose personal data for third-party direct marketing. Still, if you wish to make an inquiry, you may contact us as described below.

Other U.S. State Residents

Several other states (such as Colorado, Virginia, Connecticut, Utah, etc.) have privacy laws that provide consumers with rights to access, delete, or correct personal information, and to opt-out of certain data uses. We extend similar core rights to all users in these states. If you are a resident of these states, you can request access to your data or deletion of your data, and opt-out of any targeted advertising or sale of data (again, we do not currently engage in these practices). We will honor such requests in line with applicable state laws.

EU/UK Residents

If GDPR applies, you have the right to request access to the personal data we hold about you, to request correction or erasure of your data, to object to or restrict our processing of your data, and the right to data portability. Where our processing is based on your consent, you have the right to withdraw consent at any time (which will not affect the lawfulness of processing before withdrawal). You may also lodge a complaint with your local data protection authority if you believe we have infringed your rights.

Exercising Your Rights

To exercise any applicable privacy rights, please contact us using the information in the “Contact Us” section below. Please describe your request clearly, including your name, contact information, and the specific right you wish to exercise. We may need to verify your identity before fulfilling the request (to protect your privacy, we need to ensure it’s you). For example, if you have an account, we may verify through your login, or we might ask for additional information that matches our records. If you use an authorized agent, we may require proof of authorization. We will respond within the timeframe required by law (generally within 30-45 days for most requests).

Appeal Process: If we decline to take action on a request you submit (for instance, if an exemption applies), we will inform you of our decision. In certain states (like Colorado or Virginia), you may have the right to appeal our decision. To do so, you can send us an email within a reasonable time frame with the subject “Appeal” and detailing why you believe the response was inadequate. We will review your appeal and respond within the timeframe required by law, explaining our decision. If your appeal is ultimately denied, you may have the right to contact your state’s attorney general or regulatory body.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational reasons. When we update the policy, we will revise the “Last Updated” date at the top. If changes are significant, we may provide a more prominent notice (such as by email notification to registered users or a notice on our website). We encourage you to review this Policy periodically to stay informed about how we protect your information. Your continued use of the Service after any update constitutes your acceptance of the revised Policy.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us at:

PropTech Metrics
Email: contact@proptechmetrics.com

We will gladly assist with any inquiries. Your privacy is important to us, and we welcome feedback on our data practices.