Privacy Policy

What we collect

• Account data: email address and an encrypted password (or OAuth identifier from your sign-in provider). Stored in Supabase.
• Deal inputs: the property address, financial figures, and notes you submit. Used only to produce a verdict for your workspace.
• Run artifacts: tool outputs, the generated verdict, the audit trail, and timestamps.
• Billing data: name, billing address, and last 4 digits of card. Held by Stripe — we never see the full card number.
• Operational logs: per-request id, route, workspace id, and outcome. Retained 30 days for debugging.

What we don't do

• We do not sell your data. Ever.
• We do not use your deal inputs to train a foundation model. Period. The language models we call (via the AI Gateway) operate under no-retention terms.
• We do not share your run history with other workspaces. Workspaces are isolated by row-level security at the database level.

Subprocessors

• Vercel — hosting and request routing
• Supabase — Postgres database and authentication
• Stripe — payment processing
• AI inference providers reachable via the Vercel AI Gateway, all under zero-retention agreements

Data residency

Application data is stored in the United States. Stripe billing data follows Stripe's residency policy. We are not currently SOC 2 certified — that ships with the Operator tier.

Your rights

You can export or delete your account at any time. Email privacy@lonestardealcloser.example to request a data export, ask us to delete a specific run, or close your account. We respond within 30 days.

Cookies

We use first-party cookies only — for authentication and session continuity. No third-party tracking, no advertising cookies. Stripe sets its own cookies on its hosted checkout domain, governed by Stripe's privacy policy.

Contact

Privacy questions: privacy@lonestardealcloser.example