Privacy, identity, and data-handling overview for PropDB.

Scope

This privacy overview explains what information PropDB processes when you use the product.

By creating an account, signing up, or continuing to use PropDB, you acknowledge this Privacy Policy and agree to the related Terms.

It is intended to be readable by operators and end users, and it complements any enterprise DPA.

If you need a formal Data Processing Addendum (DPA) or subprocessors list, contact support.

Information We Process

• Account information (email, Auth0 subject identifier, roles/entitlements).
• Signup and policy-acceptance context, including timestamps and authentication metadata where available.
• User-generated content (saved areas, names, tags, descriptions, geometry).
• Operational outputs (analysis results, reports, exports, workflow runs, pipeline runs).
• Usage and diagnostic data (request ids, timestamps, error metadata, audit log events).
• Configuration data for automations (stored encrypted where secrets are required).
• Support communications (tickets, emails) when you contact us for help.
• Security signals (rate limit counters, blocked-user flags) used to protect the platform.

Sensitive Data

PropDB is not designed for storing special category personal data (e.g., health, biometric identifiers).

Do not upload sensitive personal data into saved area names, notes, automation inputs, or report fields.

If you believe sensitive data was inadvertently uploaded, contact support for remediation.

How We Use Information

• To provide analysis results and keep saved areas available across sessions.
• To enforce security controls, rate limiting, and authorization boundaries.
• To power audit trails and operational troubleshooting.
• To improve reliability, performance, and dataset coverage.
• To support enterprise administration and billing operations where applicable.
• To detect and prevent fraud, abuse, and security incidents.
• To communicate service notices and product updates (where applicable).

Legal Bases (High Level)

• Contract: to deliver the product you request (analysis, reports, workflows).
• Legitimate interests: to secure, operate, and improve the platform.
• Consent or acknowledgement: where required for optional communications, certain tracking features, and policy acceptance during signup.
• Legal obligation: where records must be retained for compliance or lawful requests.

Security Controls

• JWT verification with issuer/audience validation.
• Role-aware access control; server-side authorization enforcement.
• Request size limits and rate limiting to reduce abuse and accidental overload.
• Encryption for stored secrets used by automation credentials.
• Audit logging for privileged actions and workflow events.
• Least-privilege access for operational staff and protected admin interfaces.
• Structured logging with request identifiers to support incident response without over-collecting data.

Retention

• Saved areas and analyses are retained to support ongoing workflows and refresh operations.
• Audit logs are retained according to configured retention policy (may vary by plan).
• Backups may retain data for a limited period as part of disaster recovery.
• Enterprise customers may request custom retention and export policies.
• Retention may differ by category (logs vs. analysis outputs vs. billing records).

Cookies & Local Storage

• PropDB may use cookies/local storage for session continuity, UI preferences, consent choices, and security features.
• Authentication is handled through Auth0 flows which may set cookies in accordance with Auth0 policies.
• Optional consent choices may be recorded with browser metadata and a hashed IP address for audit, security, and product-interest measurement.
• When you are logged in, cookie consent may be associated with your PropDB account.
• Newsletter signups and homepage feedback are stored so we can communicate product updates and improve PropDB.
• If you block cookies, some login/session behaviors may not work as expected.

Subprocessors & Third Parties

• Auth0 (identity), hosting infrastructure, and selected intelligence providers may process limited data to deliver features.
• Third-party dataset usage is subject to provider terms and may vary by region.
• We aim to minimize shared data and use provider integrations only when required for functionality.
• When AI providers are used, prompts and outputs may be processed to deliver responses; avoid sending sensitive information.

International Transfers

• Depending on your deployment region and providers, data may be processed in multiple jurisdictions.
• Enterprise customers can request region-pinned deployments where supported.
• We apply security controls intended to protect data in transit and at rest.

Your Choices

• You can delete saved areas you own and manage workspace-level visibility.
• You can request exports of reports and intelligence outputs where entitled.
• You can request assistance with deletion or access issues via support@propdb.ai.
• Workspace administrators may handle account deletion and access removal for team members.

Children

PropDB is intended for business use and is not directed to children.

If you believe a child has provided personal data, contact support for deletion.

Contact

Privacy and support requests: support@propdb.ai.

Include the affected workspace, area id, and approximate time window when contacting us.

If you are an enterprise customer, include your account manager or contract reference if available.

Last Updated

June 9, 2026.