Doc 02 of 04 · v1 draft

Privacy Policy.

Last revised May 2026 · v1 · counsel-review pending · CCPA / GDPR-aligned drafting

§1 What we collect

From homeowners

  • Account info — name, email, password hash, mobile number (optional, for 2FA).
  • Home info — address, closing date, builder name, square footage, build type.
  • Records — photos, descriptions, locations within the home, dates, AI verdicts you accept, warranty letters you draft and send.
  • Usage — pages viewed, features used, device type, IP address, approximate location.

From builders

  • Verification — state contractor license number, business EIN, domain ownership proof.
  • Account info — coordinator names, emails, roles, billing contact.
  • Responses — public response threads, private flags, internal notes.

From automated systems

  • AI provenance — model version, prompt hash, confidence range, timestamp for every classification.
  • Moderation logs — rule triggered, action taken, reviewer (human or automated), timestamp.
  • Standard logs — server, access, and error logs from Cloudflare and our application.

§2 How we use it

We use the data we collect to:

  • Operate and improve the Services (e.g., classify your photo, deliver your record).
  • Verify builder accounts and homeowner-to-home relationships.
  • Enforce our Terms and Acceptable Use Policy.
  • Generate the derived statistics that power Builder Data Tiers (see §4).
  • Communicate with you about your account, claims, and service updates.
  • Comply with legal obligations and respond to lawful requests.

§3 How data flows to builders

The single most important section of this policy. Builders never receive raw third-party homeowner records. What they see depends on which rung of the data ladder they are subscribed to, and the structure of every rung preserves homeowner authorship.

Rung 01 · Own homes (free, all verified builders)

Builders see complete records — photos, descriptions, AI verdicts, status, response threads — only for homes their license closed on. The homeowner's name, email, and contact information are not shared unless the homeowner explicitly initiates contact (e.g., by sending a warranty letter).

Rung 02 · Portfolio rollup (paid)

Aggregated statistics across the builder's own portfolio: defect rate by subdivision, by trade category (framing, drywall, plumbing, etc.), by quarter. No individual homeowner identifiers; no individual record details beyond what the builder already had access to under Rung 01.

Rung 03 · Anonymized regional cohort (paid add-on)

Statistical comparison to other builders in the same market segment. Builder names are not shared. Aggregation thresholds require at least 10 builders and 100 homes per cohort cell before any cell is reported. Cells failing the threshold are suppressed.

Rung 04 · Industry quarterly report (subscription)

Published quarterly: national and regional defect category trends, vendor-category trends (e.g., "sheetrock supplier complaints by region"), build-vintage trends. Individual builder identities are never disclosed; individual homeowner identities are never disclosed.

Rung 05 · Predictive + API (Tier L only, MSA required)

Statistical forecast outputs and aggregated API endpoints. Raw third-party records do not leave HBR's perimeter. API contracts include a use restriction prohibiting re-identification attempts.

§4 Aggregation & the data ladder

"Aggregated" or "anonymized" data, as used in this policy, means data that has been transformed such that an individual homeowner is not reasonably identifiable. Our minimum thresholds:

  • Geographic aggregation — MSA-level or coarser unless the aggregation cell has ≥10 builders and ≥100 homes.
  • Vendor category aggregation — category (e.g., "drywall subcontractor"), not specific vendor name, unless the vendor has consented or is the builder's own portfolio.
  • Time aggregation — weekly or coarser; never sub-daily.
  • K-anonymity — derived statistics aim for k≥10 across reported cells.

Aggregated data is not treated as personal data once the thresholds are met. We retain aggregated data indefinitely to support historical trend reporting; individual records are retained as described in §6.

§5 Service providers

We use third parties to operate the Services. Each is bound by a data-processing agreement limiting their use of data to the service they provide for us.

  • Cloudflare — hosting, CDN, edge functions, image storage.
  • Anthropic — AI vision and language model inference, on a no-training basis (inputs are not used to train upstream models).
  • Stripe (planned) — payment processing for builder subscriptions.
  • Postmark (planned) — transactional email delivery.
  • Sentry (planned) — error monitoring; PII scrubbed before transmission.

§6 Retention

  • Active records — retained as long as your account is active.
  • Deleted records — removed from search and public view immediately; purged from primary storage within 30 days; purged from encrypted backups within 90 days.
  • Moderation & AI provenance logs — retained 7 years to support statute-of-limitations questions on platform decisions.
  • Aggregated statistics — retained indefinitely, as anonymized.
  • Account info after closure — retained 12 months for fraud and dispute resolution, then purged except where required for legal hold.

§7 Security

We use reasonable administrative, technical, and physical safeguards to protect data, including: TLS in transit, AES-256 at rest, role-based access control, audit logging, vendor security review, and incident response procedures. No system is perfectly secure; in the event of a breach affecting your data, we will notify you and applicable regulators as required by law.

§8 Your rights

Subject to applicable law, you have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate data.
  • Delete your account and associated records (note: aggregated statistics cannot be reversed once individual records contribute to them).
  • Export your records in a structured format.
  • Opt out of marketing communications (transactional communications continue).
  • Object to certain processing (e.g., contribution to aggregated cohort statistics — see §9 for CCPA opt-out specifics).

§9 California (CCPA / CPRA)

California residents have additional rights under the CCPA as amended by the CPRA:

  • Right to know categories of personal information collected, sold, or shared.
  • Right to delete personal information (subject to exceptions).
  • Right to correct inaccurate personal information.
  • Right to opt out of "sale" or "sharing" of personal information. HBR does not sell personal information. Aggregated, de-identified data contributed to Builder Tiers 03–05 is not treated as personal information once the aggregation thresholds in §4 are met.
  • Right to limit use of sensitive personal information.
  • Right to non-discrimination for exercising any of these rights.

Submit California requests to [email protected] (to be confirmed at launch). We verify identity before fulfilling requests.

§10 EU / UK (GDPR)

If you are in the EU, UK, or other GDPR jurisdiction, our lawful bases for processing are: (a) contract for operating the Services you signed up for, (b) legitimate interest for security, fraud prevention, and analytics, (c) consent for marketing emails and any sensitive processing, and (d) legal obligation where applicable. Cross-border transfers rely on Standard Contractual Clauses or equivalent.

You may lodge a complaint with your supervisory authority. Our EU representative will be designated before EU launch.

§11 Children

The Services are not directed to children under 18 and we do not knowingly collect personal information from children. Photographs uploaded to the Service must not depict identifiable minors' faces; minors must be obscured before upload. If you believe we have collected data from a child, contact us and we will delete it.

§12 Contact