Privacy Policy

1. Information We Collect

2. How We Use Your Information

We use the information we collect to: provide, operate, and maintain the Service; process your lease documents and deliver abstraction results; process payments and manage billing through Stripe; send administrative information, including updates and security alerts; respond to customer service requests and provide support; monitor and analyze usage trends to improve the Service; detect, prevent, and address technical issues and security vulnerabilities; and comply with legal obligations and enforce our Terms of Service.

3. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances: Service Providers — We share information with Stripe for payment processing and Supabase/AWS for cloud hosting. These providers are contractually obligated to protect your information. Legal Requirements — We may disclose information if required by law, court order, or government request, or to protect our rights, property, or safety. Business Transfers — In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. With Your Consent — We may share information with third parties when you explicitly consent.

4. Data Retention

We retain your personal information for as long as necessary to provide the Service and fulfill the purposes described in this Privacy Policy. Uploaded documents and generated abstracts are retained in your account until you delete them or close your account. After account termination, we provide a 30-day period for data download, after which Customer Data may be permanently deleted.

5. Data Security

We implement the following security measures to protect your information: Encryption — All data is encrypted at rest using AES-256 encryption and in transit using TLS 1.2 or higher. Infrastructure — Customer Data is hosted on Supabase, which runs on Amazon Web Services (AWS) infrastructure. Supabase maintains SOC 2 Type 2 certification. Database Security — We use PostgreSQL with Row Level Security (RLS) policies to isolate customer data. Authentication — User authentication is managed through secure token-based authentication. Backups — All data is automatically backed up daily with encrypted storage. However, no method of transmission over the Internet or electronic storage is 100% secure, and we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials.

6. Your Rights and Choices

You have the following rights regarding your personal information: Access — Request access to the personal information we hold about you. Correction — Request correction of inaccurate or incomplete information. Deletion — Request deletion of your personal information, subject to legal obligations. Data Portability — Request a copy of your data in a structured, machine-readable format. To exercise these rights, please contact us at support@leasestract.com.

7. Cookies

We use essential cookies required for authentication and session management. We do not use advertising cookies or third-party tracking. You can control cookies through your browser settings. Note that disabling cookies may affect Service functionality.

8. Third-Party Links

The Service may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies.

9. Children's Privacy

The Service is not intended for individuals under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately and we will take steps to delete such information.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We implement appropriate safeguards to protect your data in accordance with this Privacy Policy and applicable laws.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website with a new effective date. Your continued use of the Service after changes constitutes acceptance of the updated policy.

12. State Privacy Rights

13. Data Breach Notification

In the event of a data breach that compromises your personal information, we will notify you and any applicable regulatory authorities as required by law. Notification will be made without unreasonable delay and in accordance with applicable state and federal breach notification requirements.