Privacy Policy

Effective: April 20, 2026

This Privacy Policy explains what information DealCaddie.ai (“DealCaddie,” “we,” “us,” “our”) collects, how we use it, and the choices you have. By using the service, you consent to the practices described here.

1. Effective Date

This policy is effective as of April 20, 2026.

2. Who We Are

DealCaddie.ai is an AI-powered real estate investment analysis service operated by DealCaddie.ai. You can reach us at support@dealcaddie.ai.

3. Information We Collect

We collect only what we need to deliver and improve the service:

  • Account data: email address, hashed password (bcrypt / PBKDF2), plan tier, account-creation and last-login timestamps.
  • Usage data: property addresses you analyze, your assumption templates, saved pipeline deals, notes, and status changes.
  • Payment data: handled entirely by Stripe. We do not store your card number, CVC, or bank account. We store your Stripe customer ID and subscription ID to look up billing status.
  • Technical data: IP address, user-agent string, cookies (see Section 5), and error logs captured by Sentry. Sentry events may include partial request context, minimized to exclude PII where possible.
  • Communications: emails or support messages you send us.

4. How We Use Information

  • To provide, operate, and improve the DealCaddie service;
  • To process payments through Stripe;
  • To send transactional emails (password resets, receipts, billing notices);
  • To send product updates and occasional marketing — you can opt out at any time;
  • To debug errors and diagnose performance issues through Sentry and server logs;
  • To enforce our Terms and prevent fraud or abuse.

5. Cookies

We use a small set of cookies:

  • dc_guest_id (90 days, Secure, SameSite=Lax) — a random UUID used to enforce the one free analysis per guest limit before signup.
  • Session cookie (HttpOnly, Secure) — keeps you logged in.

We do not use third-party advertising or behavioral-tracking cookies.

6. Third-Party Services

To deliver the service we share limited data with the following providers, each governed by its own privacy policy:

  • Stripe — payment processing. stripe.com/privacy
  • RentCast — rent and sales estimates for property addresses you analyze. rentcast.io/privacy-policy
  • Google Places & Street View — address autocomplete and property imagery. policies.google.com/privacy
  • AI model provider — property data and analysis inputs are sent to a third-party AI inference provider to generate deal narratives, Caddie's Take, and AI chat responses. Inputs may be processed by the provider under their terms; we do not name the provider here because it may change, but the scope of data is limited to the inputs you submit for analysis.
  • Sentry — error tracking and performance monitoring. sentry.io/privacy
  • Railway — hosting and database infrastructure. railway.com/legal/privacy

7. Data Sharing

We do not sell your personal data. We share it only with:

  • Service providers listed in Section 6, under contracts that restrict use to operating the service;
  • Law enforcement or regulators when required by valid legal process;
  • A successor entity in the event of a merger, acquisition, or sale of substantially all assets — in which case we will provide notice and your data will continue to be protected under a policy at least as protective as this one.

8. Data Retention

We retain account and usage data for as long as your account is active plus approximately 30 days after deletion, after which data is removed from our live systems. Encrypted database backups may retain data for up to 90 days. Sentry error events are retained per Sentry's default retention (typically 30–90 days). Deletion requests are processed within 30 days.

9. Your Rights

Depending on where you live, you may have rights under laws like the GDPR (EU/UK) or the California Consumer Privacy Act (CCPA). Regardless of where you live, DealCaddie lets you:

  • Access your data — email support@dealcaddie.ai and we will provide a copy.
  • Delete your account and associated data — email support or use any in-app delete option.
  • Opt out of marketing — every marketing email includes an unsubscribe link, or email support.
  • California users (CCPA): you have the right to know what personal information we have about you, to have it deleted, and to opt out of the sale of personal information. We do not sell personal information.

10. Children's Privacy

DealCaddie is not directed to children under 18 and we do not knowingly collect personal information from anyone under 18. If we learn that a minor has provided us personal information, we will delete it as promptly as possible.

11. Security

We use industry-standard safeguards including HTTPS everywhere, bcrypt / PBKDF2 password hashing, encrypted database connections, and least-privilege access controls. No system is 100% secure, and we cannot guarantee absolute security. If we become aware of a data breach affecting your information, we will notify you as required by applicable law.

12. International Users

DealCaddie is operated from the United States. Your data will be processed in the U.S. and in any country where our service providers operate. If you are accessing the service from outside the U.S., you consent to this transfer by using the service.

13. Changes

We may update this Privacy Policy from time to time. Material changes will be communicated by email or a prominent on-site notice. The “Effective” date at the top of this page reflects the most recent update.

14. Contact

Privacy questions? Email support@dealcaddie.ai.

Last updated: April 20, 2026 · support@dealcaddie.ai · Terms of Service