← Back

Placeholder · pending counsel review

Privacy Policy

Appraisal Report Audit, a Product of Edge Realty Advisors.

Effective date: pending. Last updated: 2026-05-30.

This Privacy Policy is a draft published for the invite-only beta of Appraisal Report Audit. It has not yet been reviewed by counsel. A counsel-reviewed version will replace this page before broader paid launch.

This Privacy Policy describes how Edge Realty Advisors LLC (“Company,” “we”) collects, uses, and shares information in connection with Appraisal Report Audit (the “Service”), a product of Edge Realty Advisors.

1. Information We Collect

  • Account information: name, email, phone, firm name, and (optional) state appraiser license number.
  • Interest-list (waitlist) information: if you join an interest list from our public site, we collect the email address you provide, any optional note you add, and, for security and abuse-prevention, your IP address and browser user-agent. We use this only to contact you about the product line you asked about.
  • Payment information: handled by Stripe; we do not store full payment-card numbers.
  • Customer Content: residential appraisal reports (PDF), MISMO XML data files, and metadata you upload for processing or voice training. These files routinely contain nonpublic personal information about borrowers, sellers, and other parties to the underlying real-estate transactions (collectively, “NPI”).
  • Usage data: pages visited, jobs submitted, critique feedback, timestamps, IP address.
  • Communications: emails between you and us about the Service.

2. How We Use Information

  • To provide and operate the Service, including processing your jobs, building your voice profile, and delivering output to you.
  • To bill you and process payments (via Stripe).
  • To improve the Service. Aggregated or de-identified patterns may be used to refine the base Service for all customers. We do not use Customer Content as training data for the underlying AI model. We do not share Customer Content between customers.
  • To respond to interest-list signups and notify you when the product line you asked about is available.
  • To send transactional emails (job complete, account changes, billing).
  • To respond to support requests and enforce these Terms.

3. Cookies and Tracking Technologies

We keep cookies to a minimum and we do not use advertising cookies or cross-site tracking. We do not “sell” personal information and we do not “share” it for cross-context behavioral advertising. We use two categories:

  • Strictly necessary. Set by our authentication provider (Clerk) to sign you in and maintain your session. The site cannot function without these, so they do not require consent and cannot be switched off through the banner.
  • Analytics (optional, off by default). If you opt in, we use privacy-friendly product analytics (PostHog) to understand how the Service is used so we can improve it. These are not loaded, and no analytics cookies are set, unless and until you choose “Accept all” in the cookie banner.

When you make a payment, checkout is handled on Stripe's own hosted pages. Stripe may set its own cookies there for fraud prevention; those are governed by Stripe's privacy policy, not this one. We do not run Stripe's scripts on our own pages.

You can change your choice at any time using the Cookie preferences link in the site footer, or by clearing cookies in your browser. Withdrawing consent is as easy as giving it.

4. AI Processing

The Service uses artificial intelligence systems to process Customer Content. AI inference is routed through the Vercel AI Gateway, which is configured to send requests only to model providers operating under zero-data-retention agreements (currently Anthropic, PBC and OpenAI, L.L.C.). Under those agreements, Customer Content is not used to train the providers' models and is not retained by the providers after the response is returned, except as required by law. The specific handling of API request content is governed by the providers' and the Gateway's then-current terms.

5. Data Sharing

We share data with our infrastructure vendors, each bound by a data processing agreement: Anthropic and OpenAI (model processing, via the Vercel AI Gateway), Vercel (web hosting and AI gateway), Railway (background worker compute), Stripe (payments), Clerk (authentication), Cloudflare R2 (file storage), Supabase (database), Resend (email), and Sentry & PostHog (monitoring). The current list is at /legal/subprocessors. Adding or removing a sub-processor triggers a Privacy Policy update with at least 14 days' notice.

Authorized Company personnel may access Customer Content, outputs, and critique feedback for the purposes described above; access is logged in an internal audit trail. We may disclose information if required by law, court order, or to protect our rights. In a merger, sale, or asset transfer, your data may be transferred to the successor entity, subject to this Policy.

6. Data Retention

  • Input PDFs and MISMO XML: 7 days after submission, then permanently deleted.
  • Output Word documents and structured findings JSON: 90 days from completion, then permanently deleted.
  • Training corpus and voice profile: life of the subscription, plus 60 days after termination, then deleted.
  • Account information: life of the account, plus 1 year after termination, then anonymized.
  • Critique feedback: life of the subscription, plus 60 days after termination, then deleted.

Retention is enforced by a nightly worker that deletes the underlying object storage records on schedule; deletions are logged.

7. Data Security

Appraisal reports routinely contain financial information about borrowers and other parties to the underlying transaction. We treat that information as sensitive by default and use commercially reasonable safeguards to protect it.

Those safeguards include encryption in transit (TLS) and at rest (using our hosting providers' default server-side encryption), role-based access controls for Company personnel, and time-limited signed download links rather than email attachments for files containing Customer Content. We log internal access to Customer Content for audit purposes.

No method of transmission or storage is completely secure, and we cannot guarantee absolute security. If we become aware of a security incident affecting your Customer Content, we will notify you in accordance with applicable law.

8. Your Rights

Depending on your state of residence, you may have rights with respect to personal information we hold about you, including rights to access, correct, delete, or port your information.

California residents have these rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (“CCPA/CPRA”). We do not “sell” personal information and do not “share” personal information for cross-context behavioral advertising as those terms are defined under California law. We do not knowingly process sensitive personal information for purposes that would require providing a right to limit under the CPRA.

Residents of other states with comprehensive privacy laws (including Virginia, Colorado, Connecticut, Utah, Texas, Oregon, and Florida) may have similar rights. We honor verified requests from residents of all U.S. states with comprehensive privacy laws on substantially equivalent terms.

Visitors outside the United States. The Service is operated from the United States and intended for U.S. users. If you access it from another country, including the EEA or the United Kingdom, your information is processed and stored in the United States. Where we rely on consent (for example, optional analytics or joining an interest list), you may withdraw it at any time using the Cookie preferences link or by emailing us; this does not affect processing carried out before withdrawal.

To exercise any of these rights, email privacy@appraisalreportaudit.com. We will verify your identity before processing the request and will respond within the timeframe required by your state's law (typically 30 to 45 days). You have the right not to be discriminated against for exercising any of these rights.

9. Children

The Service is intended for professional users. We do not knowingly collect information from anyone under 18.

10. Changes

We may update this Policy. Material changes will be communicated by email and posted on the Service at least 14 days before they take effect.

11. Contact

Questions about this Policy: privacy@appraisalreportaudit.com.