How PropertyGenome collects, uses, and protects your data.

Contents

We collect the following categories of personal information: Account Information: Your name, email address, password (stored as a one-way hash), role (investor, bank, homeowner), and subscription tier when you create an account. Property & Workflow Data: Addresses you analyze, Genome Scores generated, saved reports, Deal Tracker entries, notes, tags, reminders, skip trace results, and drip campaign data you create within the platform. Contact Data You Add: Phone numbers, email addresses, and owner names you enter or retrieve when using skip trace, outreach, or CRM features. You are responsible for ensuring you have a lawful basis to store and use this data. Usage Data: Pages visited, features used, session duration, and error logs, collected to improve the product and diagnose issues. Payment Data: Stripe processes all payment transactions. PropertyGenome does not store full credit card numbers or payment credentials on our servers. Third-Party Enrichment Data: Some property fields (parcel records, tax assessments, valuation context, rental estimates) are retrieved from third-party data providers (LightBox, ATTOM, RentCast, USPS) to enrich the user experience.

We use collected information to: • Provide and operate the PropertyGenome platform and its features • Process payments and manage your subscription • Deliver email alerts and notifications you have opted into • Improve and debug the product • Comply with legal obligations • Prevent fraud and abuse We do not sell your personal information to third parties. We do not share your contact data with other PropertyGenome users without your consent.

PropertyGenome's skip trace feature retrieves contact information from third-party providers (ATTOM Data, People Data Labs). This feature is subject to the following: Fair Credit Reporting Act (FCRA): PropertyGenome is not a consumer reporting agency. Skip trace results may not be used for credit, employment, insurance, tenant screening, or any other FCRA-regulated purpose. You must have a permissible purpose (such as a legitimate business transaction or investment inquiry) before running a skip trace. Driver's Privacy Protection Act (DPPA): You may not use skip trace results to retrieve or use driver's license or motor vehicle record information for unauthorized purposes. Do Not Call: If the doNotCall flag is returned for a contact, you are responsible for respecting applicable Do Not Call registry requirements before making contact. By using skip trace features, you confirm you have a lawful basis to retrieve and use the contact information.

If you use PropertyGenome's outreach tools (SMS, ringless voicemail, drip campaigns, direct mail), you are solely responsible for compliance with: Telephone Consumer Protection Act (TCPA): You must obtain prior express written consent from recipients before sending marketing or solicitation text messages or ringless voicemails. You must provide opt-out instructions in all messages. CAN-SPAM Act: Commercial emails must include a valid physical postal address, an opt-out mechanism, and accurate subject lines. State Laws: Additional consent and opt-out requirements may apply under California, Florida, and other state laws. PropertyGenome provides technical tools to send communications. We are not responsible for your compliance with applicable laws.

We may share your information with: Service Providers: Neon (database hosting), Stripe (payments), Resend (email delivery), Twilio (SMS/voice), Lob (direct mail), OpenAI (AI concierge), LightBox/ATTOM/RentCast/USPS (property data enrichment). Each provider operates under their own privacy policies and data processing agreements. Legal Requirements: We may disclose information if required by law, subpoena, or to protect the rights, property, or safety of PropertyGenome, its users, or the public. Business Transfers: In the event of a merger, acquisition, or sale of assets, user data may be transferred to the acquiring entity. We do not sell personal information.

If you are located in the European Economic Area (EEA) or the United Kingdom, the following lawful bases apply to our processing of your personal data under the General Data Protection Regulation (GDPR) and UK GDPR: Contract Performance (Art. 6(1)(b)): Processing your account information, subscription data, and platform usage data is necessary to provide and operate the services you have contracted for. Legitimate Interests (Art. 6(1)(f)): We process usage data, error logs, and aggregate analytics to improve product security, debug issues, and prevent fraud. These interests are balanced against your privacy rights and do not override them. Legal Obligation (Art. 6(1)(c)): We retain billing records, compliance audit logs, and outreach activity logs to fulfill legal obligations under applicable tax, financial, and telecommunications law. Consent (Art. 6(1)(a)): Where we send you optional email alerts or marketing communications, we rely on your opt-in consent. You may withdraw consent at any time. Special Categories: We do not process special-category personal data (health, biometric, racial, political, religious data). Data Transfers: PropertyGenome is based in the United States. If you are in the EEA or UK, your data may be transferred to and processed in the United States. We rely on Standard Contractual Clauses (SCCs) and data processing agreements with sub-processors (Neon, Stripe, Resend, etc.) to safeguard your data. To exercise GDPR rights (access, erasure, restriction, portability, objection) or to lodge a complaint with a supervisory authority, contact us at [email protected].

Depending on your location, you may have the following rights regarding your personal data: Right to Access: Request a copy of the personal data we hold about you. Right to Delete: Request deletion of your personal data. You can initiate this from your account settings, or by emailing [email protected]. Right to Correct: Request correction of inaccurate personal data. Right to Opt Out of Sale (CCPA § 1798.120): California residents have the right to opt out of the sale of personal information. PropertyGenome does not sell personal information to third parties. If you would like to formally invoke this right, email [email protected] with subject "CCPA Do Not Sell Request." Right to Data Portability (GDPR Art. 20 / CCPA § 1798.100): Download a machine-readable JSON export of all personal data we hold for you by visiting Account → Settings → Download My Data, or by calling GET /api/account/export while authenticated. Stripe billing records are held by Stripe and are not included; request those separately via your Stripe billing portal. Right to Non-Discrimination: Exercising your privacy rights will not result in denial of service or different pricing. California "Shine the Light" (Cal. Civ. Code § 1798.83): California residents may request, once per calendar year, a list of the categories of personal information PropertyGenome disclosed to third parties for their direct marketing purposes during the preceding calendar year, along with the names and addresses of those third parties. To make a Shine the Light request, email [email protected] with the subject line "Shine the Light Request" and include your full name and the email address associated with your account. We will respond within 30 days. Note: PropertyGenome does not share personal information with third parties for their direct marketing purposes. To exercise any of these rights, contact us at [email protected]. We will respond within 45 days for CCPA requests and 30 days for GDPR requests (extendable by 30 days if necessary with notice).

We retain your account and workflow data for as long as your account is active. Right to Erasure (GDPR Art. 17 / CCPA § 1798.105): You may request permanent deletion of your account and all associated personal data at any time by visiting Account → Settings → Delete Account, or by emailing [email protected] with the subject "Data Erasure Request." We will complete verified erasure requests within 30 days. Exceptions: billing transaction records may be retained for up to 7 years for tax compliance (26 U.S.C. § 6001) and are held by our payment processor Stripe; anonymized, non-identifiable aggregate statistics may also be retained. Skip trace results and outreach logs are retained for 24 months to support dispute resolution and compliance audits, then purged.

PropertyGenome uses session cookies for authentication (HttpOnly, SameSite) and does not currently use third-party advertising trackers or analytics cookies beyond functional operation of the platform. If we add analytics or advertising tools in the future, we will update this policy and provide consent mechanisms as required.

We use industry-standard security practices including HTTPS/TLS encryption in transit, PBKDF2-SHA512 password hashing (100,000 iterations), HttpOnly/SameSite session cookies, rate limiting on authentication endpoints, and security headers (CSP, HSTS, X-Frame-Options). No security measures are perfectly foolproof; if you believe your account has been compromised, contact us immediately at [email protected]. Data Breach Notification: In the event of a security incident that results in unauthorized access to, disclosure of, or loss of personal data, PropertyGenome will notify affected users without undue delay and no later than 72 hours after we become aware of the breach (GDPR Art. 33). We will also comply with applicable US state breach notification laws (Cal. Civ. Code § 1798.82; N.C. Gen. Stat. § 75-65; and equivalents). Notifications will be sent by email to the address on file and, where required, to applicable supervisory authorities.

PropertyGenome is not directed to children under 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact us at [email protected] and we will delete it promptly.

We may update this Privacy Policy from time to time. We will notify registered users of material changes by email or in-product notification at least 14 days before changes take effect. Your continued use of the platform after changes take effect constitutes acceptance of the updated policy.

For privacy questions, data requests, or complaints, contact us at: PropertyGenome Email: [email protected] Website: https://propertygenome.ai/contact

Legal Disclaimer