Cadastre Home, LLC ("Cadastre Home," "we," "us," or "our") operates cadastrehome.com. This Privacy Policy describes how we collect, use, share, and protect your personal information when you use our home documentation platform, and explains your rights regarding that information.
By creating an account or using the service, you acknowledge that you have read and understood this policy. If you do not agree, please do not use the service.
1. Information we collect
Information you provide directly
- Account information: email address, name, phone number, mailing address, and authentication credentials.
- Property data: addresses, room layouts, asset inventories, photos, video, and 360° media you upload to your vault.
- Billing information: processed entirely by Stripe. We receive a payment method token and last-four digits only — we never store full card numbers or CVV codes.
- Partner inquiries: contact details you submit when reaching out to agents or attorneys in our directory.
- Support communications: messages you send us, including support tickets and Concierge booking inquiries.
Information collected automatically
- Usage data: pages visited, features used, session duration, and interactions — collected only with your consent via our optional analytics (Google Analytics or Plausible).
- Device and log data: IP address, browser type, operating system, and referring URL collected for security and fraud prevention. Logs are retained for 90 days for server access logs.
- Cookies and local storage: see our Cookie Policy for full details.
2. How we use your information
We process your information on the following legal bases:
| Purpose | Examples | Legal basis (GDPR) |
|---|---|---|
| Service delivery | Vault storage, AI processing, PDF/Excel export, adjuster share links | Contract performance |
| Authentication & security | User login, session management, fraud detection, rate limiting | Legitimate interest / Legal obligation |
| Billing & subscriptions | Charge processing, invoice generation, subscription renewal | Contract performance / Legal obligation |
| Customer support | Responding to tickets, Concierge booking coordination | Contract performance / Legitimate interest |
| Directory lead forwarding | Sending your contact info to a partner agent or attorney you selected | Consent (opt-in form) / Legitimate interest |
| Service improvement | Optional analytics, A/B testing, feature usage patterns | Consent |
| Legal compliance | Tax records, fraud investigation, court orders | Legal obligation |
3. Sharing and access
We do not sell your personal information for money. The table below summarizes how your data may be accessed or shared:
| Mechanism | Who sees data | How to revoke |
|---|---|---|
| Agent share link | Anyone with the URL — read-only property summary | Dashboard → Property → Manage links |
| Adjuster claim token | Anyone with the URL — forensic claim portal view | Dashboard → Property → Revoke token |
| Directory contact form | Specific partner (name, email, phone only) | Enable Do Not Sell/Share before submitting |
| Subprocessors | See Section 7 — infrastructure and service providers only | Governed by data processing agreements |
| Law enforcement / legal process | Government or courts — only when legally required | We notify you when permitted by law |
4. Data storage and security
All data is stored in encrypted cloud infrastructure operated by Supabase and AWS in US regions. We apply row-level security (RLS) so that each user can access only their own records. Media files are stored in private, access-controlled buckets — files are never publicly accessible without a time-limited signed URL or a share link you explicitly create.
We implement industry-standard technical and organizational safeguards including TLS encryption in transit, AES-256 encryption at rest, regular security reviews, and access controls limited to authorized personnel. However, no system is completely secure — you are responsible for maintaining the confidentiality of your account credentials.
5. Data retention
- Account and vault data: Until you delete your account (30-day grace period before permanent purge).
- Billing records: Up to 7 years for tax and fraud prevention purposes.
- Contact and lead forms: 2 years for contact and partner inquiry records.
- Server access logs: 90 days for server access logs.
- Encrypted database backups: 30 days for encrypted database backups.
When retention periods expire, data is securely deleted or anonymized. You may request earlier deletion by scheduling account removal in your dashboard (Profile → Data & privacy).
6. International data transfers
Your data is stored and processed in the United States. If you access the service from outside the United States — including from the European Economic Area (EEA), United Kingdom, or Switzerland — your information is transferred to and processed in the US, which may have different data protection laws than your home country.
Where required by law (e.g., GDPR Chapter V), we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) with our subprocessors. By using the service, EEA/UK residents acknowledge this transfer and our use of SCCs as a lawful transfer mechanism.
7. Subprocessors
We share data with the following third-party service providers under data processing agreements:
- Supabase (database & authentication — US regions)
- AWS (media storage & AI vision — US regions)
- Stripe (payment processing)
- Resend (transactional email)
- SerpApi (replacement cost lookups)
- Mapbox (service area maps)
- Google Analytics or Plausible Analytics (optional analytics — only with consent)
We will notify users of material subprocessor changes via email or an in-app notice at least 30 days before the change takes effect.
8. Cookies and tracking
We use essential cookies for authentication, session management, and theme preferences. Optional analytics cookies (Google Analytics or Plausible) load only after you opt in via our cookie banner.
For full details including specific cookie names, durations, and opt-out instructions, see our Cookie Policy.
9. Children's privacy
The service is intended for users who are 18 years of age or older. We do not knowingly collect personal information from children under 13. If we learn that we have inadvertently collected information from a child under 13, we will delete it promptly.
If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@cadastrehome.com.
10. Your privacy rights
Depending on where you live, you may have the following rights regarding your personal information. To exercise any of these rights, visit your dashboard (Profile → Data & privacy) or contact privacy@cadastrehome.com.
Rights available to all users
- Access: download a copy of your data from Profile → Data & privacy.
- Portability: JSON export of your account, inventory, and media manifest.
- Correction: update profile fields directly in your dashboard.
- Erasure: self-service account deletion with a 30-day grace period before permanent purge.
- Withdraw consent: opt out of analytics at any time via the cookie banner or Your Privacy Choices.
California residents (CCPA / CPRA)
We do not sell personal information for money. Directory lead forwarding may constitute "sharing" under the California Privacy Rights Act (CPRA). You may opt out via Your Privacy Choices or Profile → Data & privacy. We honor Global Privacy Control (GPC) signals as a valid opt-out of sharing.
You may also request: (a) disclosure of categories and specific pieces of personal information we hold about you; (b) deletion of your information; (c) correction of inaccurate information; and (d) information about automated decision-making. We will not discriminate against you for exercising these rights.
Virginia (VCDPA), Colorado (CPA), Texas (TDPSA), and Florida (FDBR)
Residents of Virginia, Colorado, Texas, and Florida have similar rights to those listed above, including the right to access, correct, delete, and obtain a copy of your personal data, and to opt out of processing for targeted advertising purposes. We do not engage in targeted advertising using your personal data. To exercise these rights, contact privacy@cadastrehome.com.
EEA, UK, and Switzerland (GDPR / UK GDPR)
In addition to the rights above, you have the right to object to or restrict certain processing, and the right to lodge a complaint with a supervisory authority. In the EU, you may contact your local Data Protection Authority (DPA). In the UK, you may contact the Information Commissioner's Office (ICO) at ico.org.uk.
We respond to all verified data subject requests within 30 days (extendable to 60 days for complex requests, with notice).
11. Global Privacy Control (GPC)
We honor browser-level Global Privacy Control (GPC) signals. If your browser or extension sends a GPC signal, we treat it as a valid Do Not Sell or Share request under California law. Your preference is recorded automatically — no additional action is required.
12. Changes to this policy
We may update this policy to reflect changes in our practices, technology, legal requirements, or for other business reasons. When we make material changes, we will notify you by:
- Sending an email to the address on your account at least 14 days before the change takes effect; or
- Displaying a prominent notice in the application upon login.
Non-material changes (such as typo corrections or clarifications) will be reflected by updating the "Last updated" date above. Continued use of the service after the effective date constitutes acceptance of the revised policy.
13. Governing law
This Privacy Policy is governed by the laws of the State of Louisiana, without regard to conflict of law principles.
14. Contact us
For privacy-related questions, data subject requests, or complaints:
- Email: privacy@cadastrehome.com
- General support: support@cadastrehome.com
- Contact form: cadastrehome.com/contact