Introduction
Grounda ("we", "us", or "our") respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your data when you use our Service.
Your Rights: You have the right to access, correct, delete, or export your personal data at any time. Contact us at privacy@grounda.ai to exercise your rights.
1. Information We Collect
1.1 Information You Provide
- Account Information: Email address, name (optional), phone number (optional)
- Property Information: Address, property details (square footage, bedrooms, bathrooms, year built)
- Authentication: Email verification codes, Google OAuth data (name, email, profile picture)
- Communications: Messages, feedback, support requests
1.2 Automatically Collected Information
- Usage Data: Pages visited, features used, time spent, actions taken
- Device Information: Browser type, operating system, device type, screen resolution
- Log Data: IP address, access times, error logs
- Cookies: Session cookies, authentication tokens, preferences
1.3 Third-Party Data
- Public Property Records: Assessment values, tax history, property characteristics from County Appraisal Districts (HCAD, FBCAD, etc.)
- Google Maps: Geocoding data, address suggestions
- Google OAuth: Profile information (if you choose Google login)
2. How We Use Your Information
We use your information for the following purposes:
- Service Delivery: Provide property tax information, calculate estimates, generate neighbor comparisons
- Account Management: Create and maintain your account, authenticate users, manage preferences
- Communication: Send verification codes, reminders, updates, and service notifications
- Improvement: Analyze usage patterns, improve features, fix bugs, enhance user experience
- Security: Detect fraud, prevent abuse, secure our systems
- Legal Compliance: Respond to legal requests, enforce our Terms of Service
3. Cookies and Tracking Technologies
We use cookies and similar technologies for:
| Cookie Type | Purpose | Duration |
|---|
| Essential | Authentication, session management, security | Session / 60 days |
| Functional | Remember preferences, saved properties | 1 year |
| Analytics | Usage statistics, feature usage, performance monitoring | 2 years |
Managing Cookies: You can control cookies through your browser settings. Note that disabling essential cookies may affect Service functionality.
4. How We Share Your Information
We do NOT sell your personal information.
We may share your information with:
4.1 Service Providers
- Supabase: Database and file storage
- Google: Maps API, OAuth authentication
- Resend: Transactional email delivery
- Vercel: Hosting and serverless functions with built-in logging
4.2 Legal Requirements
We may disclose information if required by law, court order, subpoena, or to:
- Comply with legal process
- Enforce our Terms of Service
- Protect our rights, property, or safety
- Prevent fraud or illegal activity
4.3 Business Transfers
If we are involved in a merger, acquisition, or sale of assets, your information may be transferred. You will be notified of any such change.
5. Data Security
We implement industry-standard security measures to protect your data:
- Encryption: HTTPS/TLS for data in transit, AES-256 for data at rest
- Authentication: Passwordless magic codes, JWT tokens with short expiry
- Access Controls: Role-based access, principle of least privilege
- Security Headers: CSP, X-Frame-Options, HSTS
- Monitoring: Error tracking, intrusion detection, audit logs
- Regular Updates: Security patches, dependency updates
Note: No method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.
6. Data Retention
We retain your information for as long as necessary to provide the Service and comply with legal obligations:
- Account Data: Until you delete your account + 30 days
- Property Information: Until you remove saved properties
- Verification Codes: 15 minutes (auto-expiry)
- Access Tokens: 1 hour (auto-expiry)
- Refresh Tokens: 60 days (auto-expiry)
- Audit Logs: 90 days (security requirement)
- Cached Property Data: 7 days (performance optimization)
7. Your Privacy Rights
Under applicable privacy laws (GDPR, CCPA, Texas Data Privacy and Security Act), you have the right to:
Access
Request a copy of your personal data
Correction
Correct inaccurate or incomplete data
Deletion
Request deletion of your data (right to be forgotten)
Portability
Export your data in a machine-readable format
Opt-Out
Opt out of marketing communications
Object
Object to processing of your data
How to Exercise Your Rights: Contact us at privacy@grounda.ai with your request. We will respond within 30 days.
8. Children's Privacy
Age Restriction: The Service is not intended for users under 18 years of age. We do not knowingly collect data from children. If you believe we have collected data from a minor, contact us immediately.
9. California Privacy Rights (CCPA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):
- Know what personal information we collect and how it's used
- Request deletion of your personal information
- Opt-out of the "sale" of personal information (we don't sell data)
- Non-discrimination for exercising your CCPA rights
10. International Data Transfers
Our servers are located in the United States. If you access the Service from outside the U.S., your information will be transferred to and processed in the U.S. By using the Service, you consent to this transfer.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last Updated" date. Material changes will be communicated via email or prominent notice. Your continued use after changes constitutes acceptance.
12. Contact Us
For questions, concerns, or to exercise your privacy rights: