Privacy Policy

Introduction

Welcome to Lead-Based Paint Inspection Report Generator ("we," "our," or "us"). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our web application and services.

By accessing or using our services, you agree to the terms of this Privacy Policy. If you do not agree with this policy, please do not use our services.

Information We Collect

Personal Information You Provide

When you use our services, we collect the following personal information:

• Account Information: Email address, name, and profile photo provided through Google OAuth authentication
• Business Profile Information: Business name, inspector name, business address, phone number, email address, and professional certifications
• CSV Data Files: Lead-based paint inspection data uploaded by you, including test results, property addresses, timestamps, and instrument calibration data
• Certification Files: Professional licenses, insurance certificates, and other certification documents you choose to upload (PDF, JPG, PNG formats)

Information Collected Automatically

• Usage Information: Pages visited, features used, time spent on the platform, and interaction patterns
• Device Information: Browser type, operating system, IP address, and device identifiers
• Cookies and Similar Technologies: Session cookies for authentication (via NextAuth.js) and functional cookies required for service operation

Information from Third Parties

• Google OAuth: We receive your email address, name, and profile photo from Google when you sign in using Google authentication

How We Use Your Information

Service Delivery

• Authentication: Verify your identity and maintain secure access to your account
• Report Generation: Process CSV files and generate professional PDF inspection reports
• File Storage: Store uploaded CSV files and generated reports for download
• Certification Management: Attach your certification files to generated reports

Service Improvement

• Performance Monitoring: Analyze usage patterns to improve application performance and user experience
• Feature Development: Understand user needs to develop new features and enhancements
• Error Detection: Identify and resolve technical issues and bugs

Communication

• Service Updates: Send important notifications about service changes, maintenance, or security issues
• Support: Respond to your inquiries and provide customer support

Legal and Security

• Compliance: Comply with legal obligations and regulatory requirements
• Fraud Prevention: Detect and prevent fraudulent activity or abuse of our services
• Rights Protection: Enforce our Terms of Service and protect our legal rights

Data Storage and Retention

Storage Infrastructure

• Database: User profiles and metadata are stored in PostgreSQL databases hosted by Supabase
• File Storage: Uploaded CSV files and generated PDF reports are stored in Cloudflare R2 (S3-compatible object storage)
• Geographic Location: Data is stored in data centers located in United States (US-East)

Retention Periods

• Active User Data: Profile information is retained while your account is active
• Uploaded Files: CSV files and generated PDF reports are automatically deleted after 7 days
• Certification Files: Stored until you delete them or close your account
• Authentication Data: Session data is retained for the duration of your session
• Deleted Account Data: Within 30 days of account deletion, all personal information is permanently removed from our systems

How We Share Your Information

We do not sell your personal information to third parties. We may share your information in the following limited circumstances:

Service Providers

We share information with trusted third-party service providers who assist in operating our services:

• Google (Google OAuth): For authentication services
• Supabase: For database hosting and management
• Cloudflare (R2): For file storage and delivery
• Stripe (future): For payment processing and subscription management
• Vercel: For application hosting and deployment

These providers are contractually obligated to protect your information and use it only for the services they provide to us.

Legal Requirements

We may disclose your information when required by law or in response to:

• Valid legal processes (subpoenas, court orders, warrants)
• Government or regulatory requests
• Protection of our rights, property, or safety
• Prevention of fraud or illegal activity

Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control of your personal information.

With Your Consent

We may share your information with other parties when you provide explicit consent to do so.

Data Security

We implement industry-standard security measures to protect your information:

Technical Safeguards

• Encryption in Transit: All data transmitted between your browser and our servers is encrypted using TLS/SSL
• Encryption at Rest: Stored files and database information are encrypted at rest
• Access Controls: Role-based access controls limit employee access to personal information
• Authentication Security: OAuth 2.0 protocol for secure authentication

Organizational Safeguards

• Security Training: Regular security training for employees with data access
• Incident Response: Documented procedures for responding to security incidents
• Third-Party Audits: Regular security assessments of our infrastructure and practices

Despite our efforts, no security system is impenetrable. We cannot guarantee the absolute security of your information.

Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal information:

Access and Portability

• Right to Access: Request a copy of the personal information we hold about you
• Right to Portability: Receive your data in a structured, machine-readable format

Correction and Deletion

• Right to Correction: Update or correct inaccurate personal information
• Right to Deletion: Request deletion of your personal information (subject to legal retention requirements)

Control and Restriction

• Right to Restrict Processing: Limit how we use your information
• Right to Object: Object to certain processing activities
• Right to Opt-Out: Opt out of non-essential communications

How to Exercise Your Rights

To exercise any of these rights, contact us at:

• Email: support@leadinspectionreports.com
• Response Time: We will respond to your request within 30 days

For GDPR requests, we will respond within the timeframe required by applicable law.

Cookies and Tracking Technologies

Essential Cookies

We use essential cookies that are necessary for the operation of our services:

• Session Cookies: Maintain your authenticated session (NextAuth.js)
• Security Cookies: Prevent cross-site request forgery (CSRF) attacks
• Functional Cookies: Remember your preferences and settings

These cookies are required for the service to function and cannot be disabled without impacting your ability to use the platform.

Analytics and Performance

Currently, we do not use third-party analytics or advertising cookies. If this changes in the future, we will update this policy and provide opt-out options.

Managing Cookies

Most browsers allow you to control cookies through their settings. However, disabling essential cookies will prevent you from using our services.

Third-Party Services

Our application integrates with the following third-party services, each with their own privacy policies:

Google OAuth

• Purpose: Authentication services
• Data Shared: Email address, name, profile photo
• Privacy Policy: https://policies.google.com/privacy

Supabase

• Purpose: Database hosting
• Data Shared: User profiles, application metadata
• Privacy Policy: https://supabase.com/privacy

Cloudflare R2

• Purpose: File storage and delivery
• Data Shared: Uploaded CSV files, generated PDF reports
• Privacy Policy: https://www.cloudflare.com/privacypolicy/

Stripe (Planned)

• Purpose: Payment processing and subscription management
• Data Shared: Payment information, billing details
• Privacy Policy: https://stripe.com/privacy

We encourage you to review the privacy policies of these third-party services to understand how they handle your information.

Children's Privacy

Our services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete that information promptly.

California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

Your Rights

• Right to Know: Request information about the categories and specific pieces of personal information we collect
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out: Opt out of the sale of personal information (we do not sell personal information)
• Right to Non-Discrimination: Receive equal service and pricing even if you exercise your privacy rights

How to Exercise Your Rights

Contact us at support@leadinspectionreports.com with "California Privacy Rights" in the subject line. We will verify your identity before processing your request.

European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR):

Legal Basis for Processing

We process your personal information based on:

• Contractual Necessity: To provide the services you requested
• Legitimate Interests: To improve our services and prevent fraud
• Legal Obligations: To comply with applicable laws
• Consent: When you provide explicit consent (e.g., for optional features)

Your Rights

In addition to the rights listed above, you have:

• Right to Withdraw Consent: Withdraw consent at any time (without affecting prior processing)
• Right to Lodge a Complaint: File a complaint with your local data protection authority

International Data Transfers

Your information may be transferred to and processed in countries outside the EEA. We ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes:

• Notification: We will update the "Last Updated" date at the top of this policy
• Material Changes: For significant changes, we will notify you via email or prominent notice on our website
• Your Continued Use: Your continued use of our services after changes become effective constitutes acceptance of the updated policy

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

Email: support@leadinspectionreports.com

Response Time: We aim to respond to all inquiries within 5 business days.

For data protection inquiries specific to GDPR, you may also contact our Data Protection Officer at: support@leadinspectionreports.com

Jurisdiction-Specific Information

United States

This Privacy Policy is governed by the laws of New York, United States, without regard to its conflict of law provisions.

European Union

For users in the EU, the data controller responsible for your personal information is Lead Inspection Reports LLC, located at [Address to be provided upon business registration].

Other Jurisdictions

If you are accessing our services from outside the United States or European Union, please be aware that your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate.