PropProofs Privacy Policy

1. Introduction

This Privacy Policy describes how TND Labs LLC (“PropProofs,” “we,” “us,” or “our”) collects, uses, discloses, and safeguards information when you use our software and services (collectively, the “Service”).

By using PropProofs, you agree to the terms of this Privacy Policy. We collect only what’s necessary to operate and improve our Service, and we never sell or rent your data.

2. Information We Collect

A. Information You Provide

• Account Information: Name, email address, and authentication credentials (via Firebase).
• Organization Details: Contractor or company name, license information, and role (e.g., contractor, homeowner, inspector).
• Proof Data: Uploaded photos, documents, notes, timestamps, and digital attestations associated with Proof Records. (We do not collect or store geolocation data.)
• Payment Information: Collected and processed securely by Stripe. We never store full payment details on our servers.
• Communications: Support inquiries, feedback, and email correspondence (via Resend).

B. Information Collected Automatically

• Device & Usage Data: IP address, browser type, operating system, and usage activity.
• Cookies & Analytics: Session identifiers for authentication, error tracking, and performance analytics (via Firebase Analytics and Google Cloud).

C. Information from Third Parties

• Contractors or Project Managers: When you are invited to join a workspace.
• Payment Processors (Stripe): Confirmation of payment success or failure.

3. How We Use Your Information

• Operate and maintain the Service: Manage user accounts, Proof Records, and permissions.
• Verify identities and roles: Ensure accurate representation of project stakeholders.
• Process transactions: Manage billing, receipts, and payment verification via Stripe.
• Secure the platform: Prevent fraud, unauthorized access, and malicious activity.
• Improve the Service: Analyze anonymized usage to enhance performance and usability.
• Communicate with you: Send system updates, verification links, and support communications.
• Comply with legal obligations: Maintain immutable records for compliance, audits, and dispute resolution.

4. How We Share Information

We do not sell or trade user data. We only share information in the following cases:

A. Service Providers

• Firebase (Google LLC): Authentication, hosting, and database management.
• Stripe, Inc.: Payment processing.
• Resend: Email delivery.
• Google Cloud Platform: Secure infrastructure and analytics.

All service providers are contractually obligated to protect your data and use it only for the purposes we authorize.

B. Contractors and Property Owners

When you participate in a project, authorized users (e.g., homeowners, contractors, or inspectors) may view Proof Records, comments, and attachments relevant to that project.

C. Legal and Compliance

We may disclose data when required by law, regulation, subpoena, or court order — or to protect our rights, users, or property.

5. Data Retention

Proof Records and associated cryptographic hashes are retained indefinitely to maintain ledger integrity and auditability.

User Accounts and general personal data are retained for as long as you maintain an account. Upon account deletion, we remove all personally identifiable information (PII) from our active databases. However, Proof Records committed to the immutable ledger must be retained permanently for audit and integrity purposes. In such cases, we will pseudonymize or anonymize any PII within the ledger records to the extent technically feasible and legally permissible.

6. Security

We implement robust administrative, technical, and physical safeguards to protect your data, including: end-to-end encryption, role-based access control, and immutable ledger storage. However, no method of electronic transmission or storage is 100% secure.

7. Your Rights and Choices

Depending on your jurisdiction (e.g., U.S., EU, California), you have the following rights:

• Access & Portability: Request a copy of your data.
• Correction: Request corrections to inaccurate or incomplete data.
• Deletion/Right to Erasure: Request deletion of your personal data. We will fulfill this request by deleting your account data and pseudonymizing any PII contained within committed Proof Records to maintain the integrity of the audit trail, as required by the nature of the Service (GDPR Article 17 exemptions). We cannot delete the cryptographic hash or the record structure itself.
• Opt-Out: Disable marketing or system emails (excluding essential account communications).

To exercise your rights, contact us at privacy@propproofs.com.

8. Children’s Privacy

PropProofs is not directed at or intended for use by individuals under the age of 18. We do not knowingly collect personal information from minors.

9. International Data Transfers

Your data may be processed and stored in the United States or other jurisdictions where our service providers operate. We ensure all transfers comply with applicable privacy laws, including GDPR-approved safeguards (e.g., Standard Contractual Clauses).

10. Changes to This Policy

We may update this Privacy Policy from time to time. Any significant changes will be communicated via email or in-app notification before they take effect.

11. Contact Information

For privacy inquiries, requests, or concerns, contact: