At HomeInsightCore, we respect your privacy and are committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your data when you use our website, API, or services (collectively, the "Service"). By accessing or using the Service, you agree to the terms of this Privacy Policy.
1. Information We Collect
We may collect the following categories of information:
Personal Information: When you register, subscribe, or contact support, we may collect your name, email address, company name, phone number, and billing information.
Technical Data: Automatically collected data such as your IP address, browser type, operating system, device identifiers, and referring URLs.
Usage Data: Information about how you interact with our API, including API endpoints accessed, call frequency, response codes, error logs, and integration metadata.
Payment Information: Processed securely via Stripe; we do not store credit card details directly.
2. How We Use Your Information
We use your information for the following purposes:
To provide, maintain, and improve our API and related services.
To process subscriptions, invoices, and payments through Stripe.
To authenticate API access and prevent unauthorized usage.
To monitor system performance, detect abuse, and ensure network and data security.
To communicate with you about service updates, outages, or policy changes.
To comply with legal obligations, including tax, anti-fraud, and audit requirements.
To enforce our Terms of Service, including investigation of violations.
3. Legal Basis for Processing (GDPR)
If you are located in the European Economic Area (EEA), our processing is based on one or more of the following lawful bases under the GDPR:
Consent: When you explicitly agree to this Privacy Policy or opt into communications.
Contractual Necessity: To fulfill our obligations under the agreement when you use our Service.
Legitimate Interests: For security, fraud prevention, service optimization, and business operations.
Legal Compliance: To meet applicable laws, regulations, or government requests.
4. Data Sharing & Disclosure
We do not sell, rent, or monetize your personal data. We may share your information only in the following circumstances:
Service Providers: Trusted third parties who assist us in operating our Service, including Stripe (payments), AWS (cloud hosting), and email delivery platforms (e.g., Resend).
Data Partners: CoreLogic, our licensed data provider, may receive anonymized usage logs for license compliance, audit, and anti-abuse purposes.
Legal & Regulatory Authorities: If required by law, court order, subpoena, or to protect our rights, users, or the public.
Business Transfers: In connection with a merger, acquisition, or sale of assets, subject to confidentiality obligations.
5. Data Retention
We retain your personal data only for as long as necessary:
Account Data: Until you request deletion or close your account.
API Logs: Up to 12 months for security monitoring, debugging, and compliance.
Payment Records: Retained for 7 years to comply with tax and financial regulations.
You may request deletion of your personal data at any time, subject to legal exceptions.
6. User Rights (CCPA & GDPR)
Depending on your jurisdiction, you may have the following rights:
Access: Request a copy of the personal data we hold about you.
Correction: Update inaccurate or incomplete information.
Deletion: Request erasure of your personal data.
Restriction: Limit how we process your data in certain cases.
Portability: Receive your data in a structured, machine-readable format.
Objection: Object to processing based on legitimate interests.
Withdraw Consent: At any time, without affecting prior processing.
CCPA-Specific: Right to opt out of "sales" or "sharing" of personal information (we do not sell data).
To exercise any of these rights, contact us at support@homeinsight.cloud. We will respond within 30 days.
7. Data Security
We implement industry-standard security measures to protect your data, including:
End-to-end encryption via TLS 1.3 for all data in transit.
Secure API key authentication with rate limiting and IP allowlisting (Enterprise).
Role-based access controls and audit logs for internal systems.
Regular penetration testing and vulnerability scanning.
Data encryption at rest using AES-256 on AWS infrastructure.
Despite these efforts, no electronic transmission or storage system is completely secure. We cannot guarantee absolute security.
8. Childrenƒ?Ts Privacy
Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from minors. If we become aware of such collection, we will take steps to delete the data promptly.
9. International Data Transfers
Your information may be transferred to and processed in the United States, where our servers are hosted (AWS, Virginia). If you are located in the EU, UK, or other regions with data protection laws, we rely on approved transfer mechanisms such as:
Standard Contractual Clauses (SCCs) approved by the European Commission.
Processor agreements with subprocessors that meet GDPR requirements.
You may request a copy of these safeguards by contacting us.
10. Cookies and Tracking Technologies
Our website uses essential cookies to maintain session state and functionality. We do not use third-party advertising or tracking cookies. API usage is logged for operational purposes but does not involve persistent identifiers.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. Any material changes will be communicated via email to registered users or posted prominently on our website. Continued use of the Service after such changes constitutes acceptance of the updated policy.
12. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us at: