Privacy Policy

Information We Collect

We collect information you provide directly when you create an account and use CloudCoord:

• Account information: Your name, email address, and brokerage name.
• Transaction data: Property addresses, closing dates, party names, contingency deadlines, and other transaction details you enter or upload through the CloudCoord interface.
• Documents: Purchase and sale agreements, addendums, disclosures, and other transaction-related documents you upload for AI-powered audit and extraction.
• Gmail data (when connected): When you connect your Gmail account via OAuth, we access email sender and recipient addresses, subject lines, email body content, and attachment metadata — limited to emails identified as transaction-related. We also create draft emails in your Gmail account for transaction communication purposes. We store your Gmail OAuth refresh token securely in our database to maintain your connection.
• Usage data: We collect basic session information such as pages visited and features used within CloudCoord. We use minimal, essential cookies required for authentication and session management. We do not use third-party tracking cookies, advertising pixels, or analytics platforms that track you across other websites.

How We Use Your Information

We use your information solely to provide and improve the CloudCoord service:

• Tracking transaction deadlines and milestones
• Drafting and routing transaction communications
• Auditing documents for compliance and completeness
• Sending notifications about upcoming deadlines or required actions
• Improving the accuracy and reliability of CloudCoord's features

We do not sell your data. We do not use your data for advertising. We do not use your data to train AI models.

AI Processing

Documents and transaction data you upload are sent to the Anthropic Claude API for processing, including document extraction, compliance auditing, and communication drafting. Under Anthropic's API terms:

• Anthropic does not train its models on data submitted through the API.
• Documents are processed transiently and are not retained by Anthropic after processing is complete.
• Data is encrypted in transit via TLS when sent to the Anthropic API.

CloudCoord uses AI processing solely to provide user-facing features within the application. Your data is never used to train generalized AI models or shared with AI providers for any purpose other than processing your specific requests.

Data Storage and Retention

Your data is stored on Supabase infrastructure (powered by PostgreSQL) with the following protections:

• Encryption at rest: All data stored in our database is encrypted at rest.
• Row-level security: Each user's data is isolated using PostgreSQL row-level security policies, ensuring that users can only access their own transactions and documents.
• Data retention: We retain your data for as long as your account is active. If you delete your account, we will delete your personal data and transaction records within 30 days. Encrypted backup copies may persist for up to 90 days before being automatically purged from our backup rotation.
• Data deletion requests: You may request deletion of your data at any time by contacting support@cloudcoordinator.io. Upon receiving a deletion request, we will remove your data within 30 days and confirm completion via email.

Data Sharing

We share data only with service providers necessary to operate CloudCoord:

• Supabase — Database hosting and authentication
• Vercel — Application hosting
• Anthropic — AI document processing via API
• Resend — Transactional email delivery (notifications and system emails)
• Stripe — Payment processing (Stripe receives only your payment information; Stripe does not receive your transaction data or documents)

We do not share, sell, or transfer your data to third parties for marketing, advertising, data brokering, or any purpose unrelated to providing the CloudCoord service. We do not transfer data to information resellers or use data to determine credit-worthiness.

Gmail Data

CloudCoord's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically:

• Access: We access Gmail data in read-only mode solely to identify and extract transaction-related emails (such as communications from attorneys, lenders, inspectors, and other transaction parties).
• Use: Gmail data is used only to update your CloudCoord transaction file and to create email drafts on your behalf for transaction communications. We do not use Gmail data for advertising, market research, or any purpose unrelated to providing CloudCoord's transaction coordination features.
• Storage: We store only the metadata and extracted content necessary to maintain your transaction record (such as sender, date, subject, and relevant transaction details). We do not store full copies of your emails.
• Sharing: We do not share, sell, or transfer your Gmail data to any third party, except as necessary for Anthropic to process transaction-related content as described in the AI Processing section above.
• No human access: CloudCoord employees do not read your Gmail data unless (a) you provide affirmative consent for technical support purposes, (b) it is necessary for security purposes such as investigating abuse, or (c) it is required by applicable law.
• No training: Gmail data is never used to train AI models, whether by CloudCoord or any third-party service provider.

Cookies and Tracking

CloudCoord uses only essential cookies required for:

• Authentication: Maintaining your logged-in session
• Security: CSRF protection and session integrity

We do not use advertising cookies, third-party analytics trackers, or cross-site tracking technologies. If we introduce analytics or advertising tools in the future, we will update this policy and notify users before any such tools are deployed.

Your Rights

You have the right to:

• Access your personal data stored in CloudCoord at any time through your account dashboard.
• Correct inaccurate personal data by contacting support@cloudcoordinator.io.
• Delete your personal data and account by contacting support@cloudcoordinator.io. Deletion will be completed within 30 days.
• Export your transaction data upon request.
• Revoke Gmail access at any time through your Google Account permissions page or within CloudCoord settings. Revoking access will stop CloudCoord from reading your Gmail data; previously extracted transaction data will remain in your CloudCoord file unless you request deletion.

We will respond to all data rights requests within 30 days.

Security

We implement industry-standard security measures to protect your data:

• TLS encryption for all data in transit between your browser and our servers
• Encryption at rest for all stored data
• Row-level security policies isolating each user's data at the database level
• OAuth 2.0 for Gmail integration with minimal required scopes
• Five-layer document security for uploaded PDFs, including input sanitization, injection pattern detection, and rate limiting
• Regular security reviews of our codebase and infrastructure

If you discover a security vulnerability, please report it to security@cloudcoordinator.io.

Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you via email or through a prominent notice within the CloudCoord application before the changes take effect. We encourage you to review this page periodically. Your continued use of CloudCoord after changes are posted constitutes acceptance of the updated policy.

Contact

For privacy questions or data requests: support@cloudcoordinator.io

For security concerns: security@cloudcoordinator.io