Privacy Policy

1. What we collect

Account data: name, email, password hash, OAuth identifiers if you sign in with Google. Deal data: property addresses, rent rolls, financing assumptions, lease abstracts, and any documents you upload. Operational data: pages visited, errors, billing events. We use Cloudflare Web Analytics (cookieless, privacy-respecting) and Stripe for payment processing.

2. How we use it

To run the underwriting engine on your inputs, generate reports, deliver email notifications you've opted into, prevent abuse, comply with law, and improve the product. We do not sell your identifiable deal files.

3. AIU Comps opt-in (Underwriter Consensus)

You own your uploaded deal data. With your consent, we may anonymize and aggregate selected deal, bid, and outcome data to improve benchmarks and product quality. Aggregation uses k-anonymity at k=5 for deal-level aggregates and k=25 for bid-level aggregates. The opt-in default is off — sharing is enabled only after explicit consent in settings. Geographic data is coarsened by 0.5 miles before storage, and sponsor, contact, exact address, tenant name, and broker fields are stripped. A 30-day right-to-delete window applies: revocation in settings or by email triggers removal of your contributed records within 30 days. Revocation does not retroactively remove already-anonymized aggregates that have lost their identifying linkage.

4. AI processing

AI-generated narrative is produced through OpenRouter as our unified provider. OpenRouter routes individual requests to downstream models including DeepSeek, Z.ai/GLM, and Anthropic per the active model registry in code. We do not send your data to any AI provider for training purposes. OpenRouter and the underlying model providers may retain request payloads for the time periods stated in their published policies; we do not control that retention. To minimize exposure, prompts are scoped to engine outputs and to the specific document fragments you upload, and banned-phrase guards run before and after generation.

5. TRAIGA HB 149 disclosure (Texas residents)

AI use in this service does not constitute the making of a consequential decision under the Texas Responsible Artificial Intelligence Governance Act (HB 149). AI is not used for employment, lending, healthcare, education, housing, or insurance decisions about consumers. The service is sold for commercial-property investment analysis to business users; outputs are advisory drafts and are reviewed by the human underwriter before any decision is taken.

6. Sub-processors

Cloudflare (hosting, edge, analytics, Turnstile bot defense, Browser Rendering for PDF generation), Railway (Postgres database), Stripe (payments), Resend (transactional email), OpenRouter (AI memo generation when enabled), Mapbox (static map tiles in reports), Better-Auth (session management), GoHighLevel and HubSpot (CRM push when you connect them). Each receives only the data needed to perform its function.

7. Your rights

You can export or delete your account data from Account settings, or by emailing privacy@aiunderwriting.net or support@aiunderwriting.net. We respond within 30 days. EU/UK and California residents have additional rights under GDPR/CCPA respectively; the same email reaches the same humans.

8. Security

Sessions are signed with HMAC and stored in HttpOnly secure cookies. Database connections run through Cloudflare Hyperdrive over TLS. Passwords are hashed with Argon2. We log access to sensitive endpoints and review unusual patterns.

9. Retention and right to delete

We retain account and deal data while your account is active. User inputs (deal files, uploads, memo prompts) are retained for 24 months from last access unless you request earlier deletion via in-product privacy controls or by emailing support@aiunderwriting.net. Deleted deals are soft-deleted for 30 days then purged. Logs are retained for 90 days. Anonymized aggregates are retained indefinitely.

10. Contact

Privacy questions: privacy@aiunderwriting.net.