Skip to main content
PropFolioGet Early Access

Privacy Policy

Last updated: 2026-03-21 · Version 1.0

1. Data We Collect

We collect two categories of data:

Data about you (Account Information)

  • Account data: Name, email address, company name, job title, and billing information
  • Usage data: Pages visited, features used, session duration, and interaction patterns
  • Device data: Browser type, operating system, IP address, and device identifiers
  • Communications: Emails, support requests, and feedback you send us

Data you provide (Customer Data)

  • Deal documents: Offering memoranda, financial statements, rent rolls, appraisals, and other files you upload
  • Deal information: Property details, financial projections, notes, and analysis you enter
  • Intelligence outputs: Extracted data, analyses, and reports generated from your documents

Important distinction: Customer Data is processed solely to provide PropFolio's services. Account Information is used to operate, improve, and market our business.

2. How We Use It

We use Account Information to:

  • Provide, maintain, and improve the Platform
  • Communicate with you about your account and our services
  • Send product updates and marketing communications (with opt-out)
  • Analyze usage patterns to improve the Platform
  • Detect and prevent fraud or abuse
  • Comply with legal obligations

We use Customer Data exclusively to:

  • Deliver Intelligence features (document extraction, analysis, risk detection)
  • Generate reports and insights you request
  • Store and organize your deal information

We do not use Customer Data to train machine learning models, build advertising profiles, or for any purpose beyond delivering the Platform's services.

3. Intelligence Data Processing

When you use Intelligence features, your documents are processed as follows:

  1. Documents are encrypted and transmitted to our processing infrastructure
  2. AI models analyze the content to extract structured data and generate insights
  3. Results are returned to your account and stored encrypted
  4. Source documents are retained per your workspace retention settings
  5. Processing logs are retained for 90 days for debugging and quality assurance

Our AI processing partners (see Subprocessors below) do not retain your data beyond the processing window and do not use your data for model training.

4. Data Sharing

We do not sell your data. We share data only with:

  • Subprocessors who help us deliver the Platform (listed below)
  • Professional advisors (legal, accounting) under confidentiality obligations
  • Law enforcement when required by valid legal process
  • Successors in the event of a merger, acquisition, or asset sale

Subprocessors

| Provider | Purpose | Data Processed | |----------|---------|----------------| | Neon | Database hosting | Account and Customer Data | | Cloudflare R2 | Document storage | Uploaded documents | | Anthropic | AI document processing | Document content (not retained) | | OpenAI | AI document processing | Document content (not retained) | | Postmark | Transactional email | Email addresses, notification content | | Clerk | Authentication | Account credentials, session data |

5. Data Retention

  • Account Information: Retained while your account is active, plus 30 days after deletion
  • Customer Data: Retained per your workspace settings, deleted within 30 days of account termination
  • Usage data: Retained for 24 months in anonymized form
  • Processing logs: Retained for 90 days
  • Backups: Purged within 90 days of data deletion

6. Your Rights

For all users

You have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Export your data
  • Delete your account and data
  • Opt out of marketing communications

GDPR (European Economic Area)

If you are in the EEA, you additionally have the right to:

  • Restrict processing of your data
  • Object to processing based on legitimate interests
  • Data portability
  • Lodge a complaint with your supervisory authority

Our legal basis for processing is contract performance (Platform delivery), legitimate interest (security, improvement), and consent (marketing).

CCPA (California)

If you are a California resident, you have the right to:

  • Know what personal information we collect and how it is used
  • Request deletion of your personal information
  • Opt out of the sale of personal information (we do not sell personal information)
  • Non-discrimination for exercising your rights

To exercise any of these rights, contact privacy@propfolio.tech.

7. Children's Privacy

PropFolio is not directed to individuals under 18. We do not knowingly collect personal information from children. If we learn that we have collected data from a child under 18, we will delete it promptly.

8. Security

We implement industry-standard security measures including:

  • Encryption at rest (AES-256) and in transit (TLS 1.3)
  • Row-level security with tenant isolation
  • Regular security assessments and penetration testing
  • Access controls with role-based permissions
  • Audit logging for sensitive operations

No method of transmission or storage is 100% secure. If you discover a vulnerability, please report it to security@propfolio.tech.

9. Changes to This Policy

We will notify you of material changes to this Privacy Policy via email or in-app notification at least 30 days in advance. Non-material changes take effect upon posting.

Contact

For privacy inquiries, contact us at privacy@propfolio.tech.