Plain English Summary
- Your PDF never leaves your browser until you click Generate. Client-side extraction only.
- When you hit Generate, the text goes to Anthropic to power the AI report.
- Generated reports are stored in Vercel and auto-deleted after 30 days.
- We don't collect your email or ask you to create an account during the private beta.
- We never sell your data to anyone, ever.
What We Collect
During PDF Upload and Extraction
The PDF you upload is processed entirely in your browser using PDF.js. No copy is sent to our server at this stage.
When You Click Generate
To create your report, we send the extracted text from the disclosure to Anthropic's Claude API servers. This is the only information transmitted server-side. This includes:
- The raw text extracted from your disclosure PDF
- Property address and county (so we know which data sources to query)
- Your configuration choices (depth, style, audience, etc.)
Live Data Source Queries
Our servers query public records from FEMA, Cal Fire, USGS, DTSC, NOAA, DWR, CalGEM, county assessor/recorder offices, city building departments, school districts, and other agencies. These queries include only latitude/longitude coordinates, never your contact information or PII.
Anonymous Usage Tracking
We track:
- Report view count per share link (hashed IP address, not linked to identity)
- Total number of reports generated (public counter at /api/counter, no user data)
- Diff alerts stored by address hash (no personally identifiable information)
Q&A Sessions
When you use the AI Q&A feature at /api/ask, the question and packet excerpt you provide are sent to Anthropic's Claude Haiku model. These are processed for that session only.
Branding Preferences
If you set branding info (your name, email, firm, phone, DRE license), this is stored in your browser's localStorage. It is never sent to our server.
How We Use It
- Report Generation: PDF text and configuration are used to call Anthropic Claude API, which generates your report.
- Live Data Queries: County and coordinates are used to fetch current hazard maps, permits, environmental data, and school boundaries.
- Anonymous View Tracking: We count views per share link to gauge report popularity and user engagement.
- Anti-Abuse Rate Limiting: We use hashed IP addresses to prevent abuse and enforce fair-use limits during the beta.
Where Data Goes
Your data flows to the following third parties:
| Service |
Data Sent |
Purpose |
| Anthropic (Claude API) |
PDF text, configuration |
AI-powered report generation |
| Vercel (Hosting + Blob Storage) |
Generated report HTML, diff alerts (by address hash) |
Report hosting and auto-deletion after 30 days |
| Cloudflare (DNS) |
DNS queries |
Domain routing |
| FEMA, Cal Fire, USGS, DTSC, NOAA, DWR, CalGEM, ArcGIS REST APIs |
Latitude/longitude coordinates only |
Public hazard zone, environmental, and records lookups |
Data Retention
- Generated Reports: Stored in Vercel Blob with public-suffix URLs (e.g. /r/{id}). Automatically deleted after 30 days.
- PDF Text: Not retained after the API request completes. Anthropic processes per their data policy (not used for training).
- Rate Limit Buckets: Stored in-memory. Reset every 24 hours.
- Branding Preferences: Stored in your browser only. Never sent to our servers.
- Saved Reports Library: Stored in your browser only. Never leaves your device.
Your Rights
California (CCPA)
If you are a California resident, you have the right to:
- Know what personal information we collect, use, and disclose
- Delete personal information we have about you (subject to certain exceptions)
- Opt out of the sale or sharing of personal information (we do not sell or share data)
- Non-discrimination for exercising your privacy rights
To exercise these rights, email matt@matthewsmithrealty.com.
European Union (GDPR)
If you are in the EU, you have the right to:
- Access your personal data
- Correct inaccurate data
- Delete data (right to be forgotten)
- Restrict processing
- Data portability
- Object to processing
Email matt@matthewsmithrealty.com to submit a request.
Children
DisclosureIQ is not intended for use by anyone under 18 years old. We do not knowingly collect data from minors. If we learn that we have inadvertently collected data from a minor, we will take steps to delete it promptly.
Cookies
We do not set tracking cookies. Your browser's localStorage is used for:
- Your branding preferences (never sent to server)
- Your saved reports library (device-only, for convenience)
These are not cookies and are not shared with third parties.
How to Contact Us
If you have questions about this Privacy Policy or your data, contact:
Matt Smith
Matthew Smith Realty
matt@matthewsmithrealty.com
Changes to This Policy
We may update this policy from time to time. We will post the new policy on this page and update the "Last updated" date. Your continued use of DisclosureIQ after changes are posted constitutes your acceptance of the updated policy.