Trust
What we store. Who can see it.
Solo+small team. Real architecture. Honest about scope. This page is the plain-English version of our privacy policy.
Where your data lives
- →Production database: Supabase Postgres in us-west-1 (project qymtuyhswttvvwmrviru).
- →Row-Level Security on every user-data table — you can only read your own properties, appeals, and brief PDFs.
- →Static brief PDFs stored in Supabase Storage with bucket-level owner-folder ACLs.
- →No data warehouse, no Snowflake, no third-party analytics that ingest your data wholesale.
Who can access
- →You — via your authenticated session.
- →Houseproof ops team (currently 1 person — Feild Patten) — via admin role granted by profiles.is_admin = true. Reviews appeals before filing.
- →Sub-processors at the column level: Stripe sees email + payment data; Resend sees email + subject + body; Anthropic / OpenAI / Google see prompt text (which includes property address); Vercel sees the request URL; Supabase sees the row data.
- →Nobody else. No marketing partners, no contractor networks, no real-estate-agent referrals.
When things go wrong
- →Vercel Speed Insights + Web Analytics monitor every request. P95 latency is alerted on.
- →Stripe webhook delivery has retries. If a payment-confirmation email bounces, ops sees it in the Resend dashboard same day.
- →Outages are posted to status.pattenlabs.com (coming).
- →Security disclosure: feild@pattenlabs.com — direct line, 24h SLA on first response.
What we never do
- →Sell your contact info.
- →Resell your property data.
- →Use your appeal brief as marketing material without your written consent.
- →Allow contractors / real-estate agents / lawyers to scrape our user data.
- →Train an external model on your data.