Trust

What we store. Who can see it.

Solo+small team. Real architecture. Honest about scope. This page is the plain-English version of our privacy policy.

Where your data lives

  • Production database: Supabase Postgres in us-west-1 (project qymtuyhswttvvwmrviru).
  • Row-Level Security on every user-data table — you can only read your own properties, appeals, and brief PDFs.
  • Static brief PDFs stored in Supabase Storage with bucket-level owner-folder ACLs.
  • No data warehouse, no Snowflake, no third-party analytics that ingest your data wholesale.

Who can access

  • You — via your authenticated session.
  • Houseproof ops team (currently 1 person — Feild Patten) — via admin role granted by profiles.is_admin = true. Reviews appeals before filing.
  • Sub-processors at the column level: Stripe sees email + payment data; Resend sees email + subject + body; Anthropic / OpenAI / Google see prompt text (which includes property address); Vercel sees the request URL; Supabase sees the row data.
  • Nobody else. No marketing partners, no contractor networks, no real-estate-agent referrals.

When things go wrong

  • Vercel Speed Insights + Web Analytics monitor every request. P95 latency is alerted on.
  • Stripe webhook delivery has retries. If a payment-confirmation email bounces, ops sees it in the Resend dashboard same day.
  • Outages are posted to status.pattenlabs.com (coming).
  • Security disclosure: feild@pattenlabs.com — direct line, 24h SLA on first response.

What we never do

  • Sell your contact info.
  • Resell your property data.
  • Use your appeal brief as marketing material without your written consent.
  • Allow contractors / real-estate agents / lawyers to scrape our user data.
  • Train an external model on your data.