Privacy Policy

Effective Date: August 11, 2025

1. Introduction

OpsYard, Inc. ("Company," "we," "us," or "our") operates Casa Compose, an AI-powered real estate listing platform. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our service.

2. Information We Collect

2.1 Personal Information You Provide

When you create an account or use our service, we collect:

• Account Information: Email address, first name, last name, password
• Contact Information: Phone number (if provided)
• Payment Information: Billing details processed through Stripe (we do not store credit card information)
• Property Information: Property addresses, descriptions, features, and details you enter
• Communications: Messages you send to us through support channels

2.2 Property and Content Data

• Property Details: Addresses, property types, square footage, bedrooms, bathrooms, pricing, and other property characteristics
• Images: Property photos you upload to our platform
• User-Generated Content: Additional notes, descriptions, and property features you provide

2.3 Automatically Collected Information

• Usage Data: How you interact with our service, features used, time spent on platform
• Device Information: IP address, browser type, operating system, device identifiers
• Location Data: Derived from property addresses for location intelligence features
• Analytics Data: Page views, clicks, session duration, and navigation patterns

2.4 Third-Party Data

• Google Places Data: Address validation, geocoding, and nearby amenities information
• OpenAI Processing: AI-generated descriptions and image analysis results
• Stripe Data: Payment processing information and transaction details

3. How We Use Your Information

3.1 Service Provision

• Create and manage your account
• Generate AI-powered property descriptions
• Analyze property images using computer vision
• Provide location intelligence and nearby amenities
• Process payments and manage subscriptions
• Create shareable public listing presentations

3.2 AI Processing

• Send property data to OpenAI for description generation
• Analyze uploaded images using OpenAI's vision models
• Aggregate analysis results for listing summaries
• Improve AI model performance through usage data

3.3 Communication and Marketing

• Send service-related notifications and updates
• Provide customer support
• Send marketing emails about new features and updates
• Retarget you with third-party advertising
• Conduct user research and gather feedback

3.4 Analytics and Improvement

• Monitor service performance and usage patterns
• Analyze user behavior to improve our platform
• Generate usage statistics and cost monitoring
• Detect and prevent fraud or abuse

4. Information Sharing and Disclosure

4.1 Third-Party Service Providers

We share your information with the following third-party services:

4.2 Public Sharing Features

When you create public listing URLs:

• Property information becomes accessible to anyone with the link
• URLs automatically expire after 30 days
• We track basic analytics (views, access times, IP addresses)
• You can disable public access at any time

4.3 Legal Requirements

We may disclose your information when required by law or to:

• Comply with legal processes or government requests
• Protect our rights, property, or safety
• Investigate potential fraud or violations of our Terms
• Respond to emergency situations

4.4 Business Transfers

If we are acquired, merge with another company, or sell assets, your information may be transferred as part of that transaction.

5. Data Retention and Deletion

5.1 Account Data

• We retain your account information while your account is active
• After account deletion, personal data is deleted within 10 business days
• Some data may be retained longer if required by law or for legitimate business purposes

5.2 Property and Content Data

• Property listings and AI-generated content are retained while your account is active
• Public listing URLs expire automatically after 30 days
• Unused shared listings (< 5 views) are disabled after 90 days
• Uploaded images are deleted when listings are removed

5.3 Analytics and Log Data

• Usage analytics and system logs are retained for operational purposes
• IP addresses and access logs are typically retained for 30-90 days
• Aggregated, anonymized data may be retained indefinitely for service improvement

6. Your Rights and Choices

6.1 Account Management

• Update your account information through your profile settings
• Change your password and security settings
• Cancel your subscription at any time

6.2 Communication Preferences

• Unsubscribe from marketing emails using the link in our emails
• Contact us to opt out of certain communications
• Manage notification preferences in your account settings

6.3 Data Access and Deletion

• Request information about the personal data we have collected
• Request deletion of your account and associated data
• Contact us at our support email for data-related requests

7. Security Measures

7.1 Data Protection

• Industry-standard encryption for data transmission and storage
• Secure authentication using BCrypt password hashing
• Regular security updates and vulnerability monitoring
• Limited access to personal data on a need-to-know basis

7.2 Infrastructure Security

• Secure hosting environment with AWS (production)
• Regular backups and disaster recovery procedures
• Network security measures and access controls
• SSL/TLS encryption for all data transmission

8. International Data Transfers

8.1 Data Processing Locations

Your information may be processed in:

• United States (primary data processing)
• Locations where our third-party service providers operate

8.2 Cross-Border Transfers

We ensure appropriate safeguards are in place when transferring data internationally, including:

• Standard contractual clauses with service providers
• Privacy Shield certification (where applicable)
• Adequate protection as determined by applicable law

9. Children's Privacy

9.1 Age Restrictions

Our service is not intended for children under 13. We do not knowingly collect personal information from children under 13.

9.2 Parental Consent

If you are between 13 and 18 years old, you represent that you have your parent or guardian's permission to use our service.

9.3 Discovery of Child Data

If we discover we have collected information from a child under 13, we will delete it immediately.

10. Cookies and Tracking Technologies

10.1 Cookies We Use

• Essential Cookies: Required for basic functionality and security
• Analytics Cookies: To understand how you use our service
• Performance Cookies: To optimize service performance
• Preference Cookies: To remember your settings and preferences

10.2 Third-Party Tracking

• Google Analytics for usage analytics
• Advertising partners for retargeting campaigns
• Social media platforms for sharing functionality

10.3 Cookie Management

You can control cookies through your browser settings, but disabling essential cookies may affect service functionality.

11. Rate Limiting and IP Tracking

11.1 Abuse Prevention

We implement rate limiting to prevent abuse:

• Track IP addresses and request patterns
• Monitor for suspicious activity
• Temporarily restrict access for excessive usage

11.2 Analytics Tracking

• Public listing views and access patterns
• User behavior analytics for service improvement
• Performance monitoring and error tracking

12. Changes to This Privacy Policy

12.1 Policy Updates

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Email notification to your registered email address
• Notice on our website or service
• In-app notifications for significant changes

12.2 Continued Use

Your continued use of our service after policy changes constitutes acceptance of the updated Privacy Policy.

13. State-Specific Privacy Rights

13.1 California Residents

If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA), including:

• Right to know what personal information we collect
• Right to request deletion of personal information
• Right to opt out of the sale of personal information
• Right to non-discrimination for exercising these rights

13.2 Other State Laws

Residents of other states may have additional rights under applicable state privacy laws. Contact us to learn more about your specific rights.

14. Contact Information

14.1 Privacy Questions

For questions about this Privacy Policy or our privacy practices, contact us:

14.2 Data Protection Officer

For data protection inquiries, contact our privacy team at our support email.

14.3 Response Time

We will respond to privacy-related inquiries within 30 days of receipt.

15. Data Breach Response

15.1 Incident Response Plan

In the event of a security incident involving personal data:

• We will contain and investigate the incident within 72 hours
• Affected users will be notified via email within 5 business days
• We will coordinate with law enforcement if criminal activity is suspected

15.2 User Notification

Breach notifications will include:

• Description of the incident and affected data types
• Steps we are taking to address the breach
• Recommended actions for affected users
• Contact information for questions

15.3 Regulatory Compliance

We will comply with applicable data breach notification laws while protecting our investigation and legal interests.

15.4 Limitation of Liability for Breaches

• Our liability for any data breach is limited to the amount you paid us in the 12 months preceding the breach
• We are not liable for breaches of third-party services (OpenAI, Stripe, AWS, Google)
• You acknowledge that no security system is 100% secure

16. Effective Date and Jurisdiction

This Privacy Policy is effective as of the date listed above and is governed by the laws of the State of New York.

---

Last Updated: August 11, 2025