Privacy Policy

At Compliarch ("we," "us," or "our"), we are committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website at compliarch.com and our AI-powered building code and regulation lookup service (collectively, the "Service"). Please read this policy carefully. By using the Service, you agree to the practices described in this Privacy Policy.

1. Information We Collect

Account Information

When you create an account, we collect your name, email address, and profile picture through our authentication provider, Clerk. If you sign up using a third-party OAuth provider (such as Google), we receive the information you authorize that provider to share with us.

Payment Information

When you subscribe to a paid plan, payment information is collected and processed by Stripe. We do not store your credit card numbers or full payment details on our servers. We receive limited billing information from Stripe, such as the last four digits of your card, card brand, and billing address, to display on your account page.

Property and Search Data

When you use the Service to look up building codes, we collect the property addresses you search for, the search results returned, and any projects you save. This data is stored in our database to provide you with your search history and saved projects.

AI Chat Conversations

When you interact with our AI chatbot to ask questions about building regulations, we collect the content of your queries and the responses generated. These conversations are processed by OpenAI and may be stored to improve your experience and provide conversation history.

Usage Metrics

We track usage data such as the number of regulation lookups you perform and your subscription tier. This information is used to enforce plan limits and improve our Service.

Technical Data

We automatically collect certain technical information when you visit our website, including your IP address, browser type, operating system, device information, referring URLs, and pages visited. This data is collected through server logs and cookies.

2. How We Use Your Information

We use the information we collect for the following purposes:

• To provide, maintain, and improve the Service, including delivering building code search results and AI-powered regulation guidance.
• To process transactions and manage your subscription.
• To authenticate your identity and secure your account.
• To resolve property addresses to geographic coordinates for accurate regulation lookup.
• To communicate with you about your account, service updates, and support requests.
• To monitor usage patterns and enforce subscription plan limits.
• To detect, prevent, and address technical issues, fraud, or abuse.
• To comply with legal obligations and enforce our terms of service.

3. How We Share Your Information

We do not sell, rent, or trade your personal information to third parties. We share your information only with the following categories of service providers who assist us in operating the Service:

• Clerk — Provides authentication and user management. Clerk processes your email address, name, profile picture, and OAuth tokens.
• Stripe — Handles payment processing. Stripe processes your payment methods and billing information. Compliarch does not store your full card numbers.
• Neon (PostgreSQL) — Our database provider that stores your account data, project information, search history, and usage counts.
• OpenAI — Powers our AI chatbot. User queries are sent to the OpenAI API for processing and response generation.
• Mapbox — Provides geocoding services. Addresses you enter are sent to Mapbox to resolve geographic locations for accurate regulation lookup.
• Vercel — Hosts our application. Vercel may process server logs and IP addresses as part of standard web hosting operations.

We may also disclose your information if required to do so by law, or if we believe in good faith that such disclosure is necessary to comply with a legal obligation, protect our rights or safety, investigate fraud, or respond to a government request.

4. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you with the Service. If you delete your account, we will delete or anonymize your personal data within 30 days, except where we are required to retain it for legal, regulatory, or legitimate business purposes (such as resolving disputes or enforcing our agreements).

Search results and project data associated with your account will be deleted when your account is removed. Aggregated, anonymized data that cannot be used to identify you may be retained indefinitely for analytics and service improvement purposes.

5. Your Rights

For All Users

Regardless of your location, you have the right to:

• Access the personal information we hold about you.
• Request correction of inaccurate or incomplete data.
• Request deletion of your account and associated data.
• Opt out of non-essential communications.

For European Union Users (GDPR)

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR), including:

• Right to data portability — You can request a copy of your data in a structured, machine-readable format.
• Right to restrict processing — You can ask us to limit how we use your data in certain circumstances.
• Right to object — You can object to our processing of your personal data for direct marketing or based on legitimate interests.
• Right to withdraw consent — Where we rely on your consent, you can withdraw it at any time.
• Right to lodge a complaint — You can file a complaint with your local data protection authority.

Our legal bases for processing your data include: performance of a contract (providing the Service), legitimate interests (improving and securing the Service), and consent (where applicable).

For California Users (CCPA)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with the following rights:

• Right to know — You can request details about the categories and specific pieces of personal information we have collected about you.
• Right to delete — You can request that we delete the personal information we have collected from you.
• Right to opt out of sale — We do not sell your personal information. However, you have the right to direct us not to sell your information.
• Right to non-discrimination — We will not discriminate against you for exercising any of your CCPA rights.

To exercise any of these rights, please contact us at jaime@compliarch.com. We will respond to your request within the timeframe required by applicable law.

6. Children's Privacy

The Service is not intended for use by individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete that information as promptly as possible. If you believe that a child under 16 has provided us with personal information, please contact us at jaime@compliarch.com.

7. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States, where our service providers operate. These countries may have data protection laws that differ from the laws of your country.

When we transfer personal data from the EEA, UK, or Switzerland, we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission, or reliance on the service provider's certification under recognized data transfer frameworks. By using the Service, you acknowledge that your data may be processed in these locations.

8. Security

We take the security of your personal information seriously and implement appropriate technical and organizational measures to protect it. These measures include encryption of data in transit (TLS/SSL), secure authentication through Clerk, and access controls on our database systems. Payment data is handled exclusively by Stripe, a PCI DSS-compliant payment processor.

However, no method of transmission over the internet or method of electronic storage is completely secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security. If you have reason to believe that your interaction with us is no longer secure, please contact us immediately at jaime@compliarch.com.

9. Cookie Policy

We use cookies and similar tracking technologies to maintain your session, remember your preferences, and analyze how the Service is used. Cookies are small text files stored on your device by your browser.

We use the following types of cookies:

• Essential cookies — Required for authentication and core functionality of the Service. These cannot be disabled.
• Analytics cookies — Help us understand how visitors interact with the Service so we can improve it.
• Preference cookies — Remember your settings and preferences for a better experience.

You can control cookies through your browser settings. For more detailed information about the cookies we use, please visit our Cookie Policy.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will notify you by updating the "Last updated" date at the top of this page and, where appropriate, by sending you an email notification or displaying a prominent notice within the Service.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of the Service after any changes to this policy constitutes your acceptance of the updated terms.

11. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Email: jaime@compliarch.com

We will make every effort to respond to your inquiry within a reasonable timeframe.