Privacy Policy

1. What Data We Collect

When you use LeaseGuard, we may collect the following information:

• Lease document text — extracted from the PDF you upload
• Location information — the state and city you select for your analysis
• Email address — if you create an account or subscribe (optional for free scan)
• Payment information — processed securely through Stripe; we never store your credit card details on our servers
• Usage data — page views, feature usage, and interaction patterns collected via Microsoft Clarity
• Session recordings — Microsoft Clarity may record anonymized sessions (mouse movements, clicks, scrolls) to help us improve the user experience. These recordings do not capture passwords, payment details, or personally identifiable information
• Feedback — if you rate an analysis as helpful or not helpful, that rating and any optional comment you provide

2. How We Use Your Data

• AI analysis — your lease text is processed by AI systems (Google Gemini for free scan, Anthropic Claude for full analysis) to generate risk assessments, tenant rights information, and related outputs
• Semantic matching — your lease text may be converted to numerical embeddings (via Jina AI) to match against our database of known risky clause patterns
• Service improvement — we use anonymized, aggregated data and user feedback to improve analysis accuracy and quality
• Communication — if you provide your email, we may use it to send password reset emails or important service updates

3. Third-Party Data Processing

We share data with the following third-party providers as necessary to operate the service:

• Google Gemini AI — your lease text is sent to Google's Gemini API for the free scan analysis. Google processes this data in accordance with their API terms of service
• Anthropic Claude AI — your lease text is sent to Anthropic's API for the full AI analysis. Under Anthropic's commercial API terms, your data is not used to train their models. Privacy policy
• Jina AI — short text snippets are sent to Jina's API to generate embeddings for semantic clause matching. Privacy policy
• Stripe — payment processing is handled by Stripe. Your payment information is sent directly to Stripe; we never store your credit card number. Privacy policy
• Supabase — our database provider. Lease text, analysis results, and account data are stored on Supabase's infrastructure with encryption at rest. Privacy policy
• Resend — sends transactional emails (password reset). Only your email address is shared with Resend. Privacy policy
• Microsoft Clarity — collects anonymized usage analytics, heatmaps, and session recordings to help us improve the user experience. Clarity does not collect passwords or payment information. Privacy policy

We do not sell your personal information to any third party.

4. Cookies and Tracking

LeaseGuard uses the following cookies and tracking technologies:

• Session cookie (lg_session) — an HttpOnly, Secure cookie used to maintain your login session. This cookie cannot be accessed by JavaScript and is only sent over HTTPS.
• Microsoft Clarity — sets first-party cookies to track anonymized user sessions for heatmaps and session recordings. No personally identifiable information is collected.

We do not use advertising cookies or cross-site tracking.

5. Data Retention

• Lease text and analysis results — automatically deleted after 30 days
• Payment records — retained as required by applicable tax and financial regulations
• Account information — retained until you request deletion
• Feedback ratings — retained indefinitely in anonymized form for service improvement

6. Your Rights

For All Users:

• Right to know — you can request details about what personal information we have collected
• Right to delete — you can request that we delete your personal information
• Right to non-discrimination — we will not discriminate against you for exercising your rights

For California Residents (CCPA):

• Right to opt-out of sale — we do not sell your personal information. No opt-out action is required.
• Right to know categories — you may request the categories of personal information collected, the sources, the business purposes, and the third parties with whom it is shared

For EU/EEA Residents (GDPR):

• Legal basis — we process your data based on contractual necessity (providing the service you requested) and legitimate interest (improving the service)
• Right to portability — you may request a copy of your data in a machine-readable format
• Right to restrict processing — you may request we limit how we use your data

To exercise any of these rights, please contact us at privacy@leaseguard.net. We will respond within 30 days.

7. Security Measures

We implement reasonable technical and organizational security measures to protect your data, including:

• 256-bit TLS encryption for all data in transit (HTTPS)
• Encryption of stored lease data at rest (Supabase)
• HttpOnly, Secure session cookies (not accessible via JavaScript)
• CSRF protection on all mutating API requests
• Rate limiting on authentication and analysis endpoints
• Automatic deletion of lease data after 30 days
• Content Security Policy (CSP) headers

No method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

8. Children's Privacy

LeaseGuard is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us and we will delete it promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated effective date. We encourage you to review this policy periodically.

10. Contact

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at privacy@leaseguard.net.

Note: Email address will be updated once our custom domain is configured.