Privacy Policy

1. Introduction

Estate Lookout ("we," "us," or "our") operates the estatelookout.com website and associated subdomains (the "Service"). This Privacy Policy describes how we collect, use, store, protect, and share your personal information when you use our Service.

By using the Service, you consent to the practices described in this Privacy Policy. If you do not agree, please do not use the Service.

2. Information We Collect

2.1 Information You Provide

• Account information: Name, email address, phone number, password, and business name when you create an account
• Business information: Company name, address, service area, logo, brand colors, and contact details for your organization
• Client information: Names, email addresses, phone numbers, and billing addresses of your clients that you enter into the platform
• Property information: Property addresses, descriptions, access instructions, emergency contacts, and occupancy details
• Visit and report data: Visit notes, observations, checklists, weather conditions, GPS check-in coordinates, and property issue details
• Photos and files: Images uploaded during property visits, documents, and generated PDF reports
• Financial data: Invoices, quotes, and payment records managed through the platform (payment card details are processed by Stripe and never stored on our servers)
• Communications: Messages sent through the platform's in-app messaging feature

2.2 Information Collected Automatically

• Usage data: Pages visited, features used, and interactions with the Service
• Device information: Browser type, operating system, and device identifiers
• Log data: IP addresses, access times, and referring URLs
• Cookies: Essential cookies for authentication and session management (see Section 8)

3. How We Use Your Information

We use the information we collect to:

• Provide, operate, and maintain the Service
• Process your transactions and manage your subscription billing
• Send transactional communications (visit reports, quote notifications, invoice emails, account alerts)
• Provide customer support and respond to your inquiries
• Enforce our Terms of Service and protect against fraud or abuse
• Improve the Service through aggregated, anonymized usage analytics
• Comply with legal obligations and respond to lawful requests

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

4. How We Store and Protect Your Data

We implement industry-standard security measures to protect your data:

• Encryption at rest: All personally identifiable information (PII) is encrypted using AES-256-GCM encryption at the application level before being stored in our database. Even in the event of unauthorized database access, PII cannot be read without the encryption keys.
• Encryption in transit: All data transmitted between your browser and our servers is protected by TLS (HTTPS) encryption.
• Multi-tenant isolation: Data is segregated at the database level using row-level security policies. Each organization's data is isolated and inaccessible to other organizations.
• Sensitive property codes: Property access codes (gate codes, alarm codes, etc.) are encrypted on your device using zero-knowledge encryption. We never see or store the plaintext values — only you can decrypt them with your password.
• Secure authentication: Passwords are hashed using bcrypt. Sessions are managed with secure, HTTP-only cookies.
• Audit logging: All data access and modifications are logged in an immutable audit trail for security and compliance purposes.

Despite these measures, no method of electronic storage or transmission is completely secure. We cannot guarantee the absolute security of your information, and you use the Service at your own risk.

5. Third-Party Service Providers

We use the following third-party services (subprocessors) to operate the Service. Each processes data on our behalf and is contractually obligated to protect your information:

We do not share your data with any party not listed above, except as required by law (see Section 7).

6. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. If you request account deletion:

• Your data will be permanently deleted within 30 days of the request
• Photos and files in cloud storage will be deleted as part of the purge
• Audit logs related to your organization may be retained for up to 90 days for compliance purposes, after which they are also purged
• Stripe billing records are retained by Stripe in accordance with their retention policies and applicable tax and financial regulations

7. Your Rights

Depending on your location, you may have the following rights regarding your personal information:

• Access: Request a copy of the personal information we hold about you
• Correction: Request that we correct inaccurate or incomplete personal information
• Deletion: Request that we delete your personal information (subject to legal retention requirements)
• Data portability: Request an export of your data in a machine-readable format (JSON)
• Objection: Object to certain types of processing of your personal information

To exercise any of these rights, please contact us at privacy@estatelookout.com or use the data management features in your account settings. We will respond to verified requests within 30 days.

7.1 California Residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• The right to know what personal information we collect, use, disclose, and sell
• The right to request deletion of your personal information
• The right to opt out of the sale of your personal information (we do not sell personal information)
• The right to non-discrimination for exercising your privacy rights

8. Cookies

We use cookies and similar technologies for the following purposes:

• Essential cookies: Required for authentication, session management, and multi-tenant organization context. These cannot be disabled as the Service will not function without them.
• Preference cookies: Store your display preferences and settings (e.g., theme, cookie consent choice).

We do not use third-party tracking cookies or advertising cookies. We do not participate in cross-site tracking.

9. Legal Disclosures

We may disclose your personal information if required to do so by law or in response to valid requests by public authorities (e.g., a court order, subpoena, or government agency request). We will attempt to notify you of such requests unless prohibited by law or where doing so would be futile, not reasonably feasible, or would create a risk of harm.

10. Children's Privacy

The Service is not directed to individuals under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete that information promptly.

11. International Data Transfers

Your data is processed and stored in the United States. If you are accessing the Service from outside the United States, please be aware that your data may be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your jurisdiction.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a prominent notice on the Service at least 30 days before the changes take effect. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.

13. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at:

Estate Lookout
Email: privacy@estatelookout.com