PRIVACY POLICY

PRIVACY POLICY

Last Updated: March 07, 2025




1. OUR COMMITMENT TO YOUR PRIVACY

Our Privacy Policy tells you what personally identifiable information DealWorthIt may collect from you, how DealWorthIt may process your personally identifiable information, how you can limit DealWorthIt's use of your personally identifiable information, and your rights to obtain, modify, and/or delete any personally identifiable information we have collected from you.


2. INFORMATION WE COLLECT

2.1 Information You Provide DealWorthIt
DealWorthIt collects personal information when you request information about our services or otherwise voluntarily provide such information through our site.

2.2 Information Collected Automatically
When you use our site, we automatically collect certain information by the interaction of your mobile device or web browser with our platform.

2.3 Cookies & Tracking Technologies
DealWorthIt may use cookies, web beacons, behavioral advertising, or similar technologies to track your use of its website. Cookies are small data files placed on your device that help us provide a high-quality site experience. You can manage your cookie preferences through your browser settings.


3. HOW INFORMATION IS USED

3.1 Information DealWorthIt Processes with Your Consent
Through certain actions when otherwise there is no contractual relationship between us, such as when you browse our site or request information, you provide your consent for us to process information that may be personally identifiable.

3.2 Legally Required Releases of Information
DealWorthIt may be legally required to disclose your personally identifiable information if such disclosure is (a) required by law or other legal process; (b) necessary to assist law enforcement officials or government agencies; (c) necessary to investigate violations of or otherwise enforce our Legal Terms; or (d) necessary to protect us from legal action or claims.


4. DATA SECURITY & PROTECTION MEASURES

4.1 Encryption & Secure Storage
We use industry-standard encryption and secure storage mechanisms to protect user data. Your information is stored in encrypted databases and secure cloud environments.

4.2 Access Controls
Only authorized personnel have access to user data, and role-based restrictions prevent unauthorized access.

4.3 Data Breach Notification
In the event of a data breach, we will notify affected users as required by law and take necessary actions to mitigate risks.


5. WHO WE SHARE YOUR INFORMATION WITH

5.1 Third-Party Integrations & Service Providers
To provide our services, we may share your information with trusted third-party service providers, such as payment processors, analytics providers, and hosting services. These providers are contractually bound to handle your data securely.

5.2 Cross-Border Data Transfers
If data is transferred outside of your jurisdiction, we comply with applicable data protection laws, including Standard Contractual Clauses (SCCs) for international data transfers.

5.3 Law Enforcement & Legal Compliance
DealWorthIt will cooperate with law enforcement requests from within or outside your country of residence where required by law.

5.4 No Sale of Personal Data
DealWorthIt shall not sell, share, rent, or otherwise deal in your personal information with third parties unless you provide explicit consent.


6. USER RIGHTS & DATA MANAGEMENT

6.1 Access to Your Personal Information
You may request a copy of the personal information we maintain about you by contacting us.

6.2 Remove or Modify Your Information
If you wish to remove or modify your personally identifiable information, you may contact us or use available tools on our site.

6.3 Data Retention & Deletion
We retain your information only as long as necessary to fulfill the purposes outlined in this policy. After this period, we delete or anonymize your data unless legally required to retain it.


7. COOKIES & TRACKING PREFERENCES

You can manage cookies through your browser settings or opt out of tracking by adjusting preferences in our Cookie Policy.


8. CHILDREN'S PRIVACY

DealWorthIt does not knowingly collect or process data from individuals under the age of 18. If we become aware that a minor has provided us with personal information, we will take steps to delete such data.


9. LEGAL JURISDICTION & DISPUTE RESOLUTION

This Privacy Policy is governed by the laws of Delaware. Any disputes arising from this policy will be resolved through arbitration or the courts in the relevant jurisdiction.


10. CHANGES TO OUR PRIVACY POLICY

DealWorthIt reserves the right to change this privacy policy at any time. Changes will be posted on our site to keep users informed.


11. CONTACT INFORMATION

For any privacy-related inquiries, please contact our Data Protection Officer at privacy@dealworthit.com


12. PROPERTY OWNER INFORMATION COLLECTION

12.1 Property Owner Information Collection
When you use our skip trace and property owner lookup features, we collect and process information related to property owners from various public and proprietary sources, including property records, tax assessments, utility records, and other publicly available information. This processing is conducted under legitimate interest grounds to provide our core property investment services.

12.2 Processing Categories & Legal Basis
For each category of data we collect, we maintain records of:
- Categories of personal data collected
- Purpose of processing
- Legal basis for processing (consent, contractual necessity, legitimate interest, or legal obligation)
- Data retention periods
- Categories of third-party recipients


13. DETAILED DATA CATEGORIES

13.1 Account Information
- Name, email address, phone number, company name, job title
- Login credentials (passwords are stored in encrypted format)
- Payment information (card details are processed by our payment processor and not stored directly by us)
- Subscription and billing history

13.2 Usage Data
- Service interaction data (features used, frequency, duration)
- Search history and saved properties
- Transaction history
- Communications with our team

13.3 Property and Owner Data
- Property addresses, parcel numbers, and legal descriptions
- Property characteristics (size, age, features)
- Transaction history (previous sales, listing history)
- Ownership information (names, contact details, ownership duration)
- Assessment and tax information
- Liens, encumbrances, and financial status


14. SOPHISTICATED DATA PROTECTION MEASURES

14.1 Technical Controls
- End-to-end encryption for sensitive data transmission
- Multi-factor authentication for account access
- Regular security audits and penetration testing
- Intrusion detection and prevention systems
- IP-based access restrictions for administrator accounts
- Data loss prevention measures
- Automated security scanning and vulnerability management

14.2 Administrative Controls
- Regular employee security training and awareness programs
- Written information security policies and procedures
- Vendor risk assessment and management program
- Incident response protocols with defined team responsibilities
- Designated Data Protection Officer oversight

14.3 Compliance Framework
We maintain compliance with multiple privacy frameworks:
- GDPR (General Data Protection Regulation)
- CCPA/CPRA (California Consumer Privacy Act/California Privacy Rights Act)
- VCDPA (Virginia Consumer Data Protection Act)
- CPA (Colorado Privacy Act)
- CTDPA (Connecticut Data Privacy Act)
- UCPA (Utah Consumer Privacy Act)
- Other state and international privacy regulations as applicable


15. AUTOMATED DECISION-MAKING & PROFILING

15.1 Property Valuation Algorithms
We employ automated algorithms to analyze property data and generate estimated values. These valuations use machine learning models trained on historical transaction data, property characteristics, market trends, and other relevant factors.

15.2 Investment Opportunity Scoring
Our platform automatically generates investment opportunity scores based on multiple data points, including:
- Property condition assessments
- Neighborhood market dynamics
- Comparable recent transactions
- Economic indicators
- Owner circumstances (when available)

15.3 User Rights Regarding Automated Processing
You have the right to:
- Obtain human intervention in any automated decision-making process
- Express your point of view regarding automated decisions
- Contest any decision based solely on automated processing
- Request an explanation of how the automated system reached its conclusion


16. DATA SUBJECT RIGHTS BY JURISDICTION

16.1 California Residents' Rights (CCPA/CPRA)
California residents have specific rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), including:
- Right to know what personal information is collected
- Right to know whether personal information is sold or disclosed
- Right to opt-out of the sale of personal information
- Right to access personal information
- Right to request deletion of personal information
- Right to non-discrimination for exercising privacy rights
- Right to correct inaccurate personal information
- Right to limit use and disclosure of sensitive personal information

16.2 European Residents' Rights (GDPR)
Under the General Data Protection Regulation (GDPR), European residents have the following rights:
- Right to be informed
- Right of access
- Right to rectification
- Right to erasure
- Right to restrict processing
- Right to data portability
- Right to object
- Rights related to automated decision making and profiling

16.3 Other Jurisdictions
We comply with privacy regulations in other jurisdictions where our users reside, including but not limited to Virginia, Colorado, Connecticut, Utah, Canada, and Brazil. Each jurisdiction may provide specific rights to its residents.


17. REAL ESTATE DATA ETHICS FRAMEWORK

17.1 Ethical Use Guidelines
We have established a Real Estate Data Ethics Framework that guides our collection, processing, and distribution of property and owner information:
- Accuracy: Commitment to data accuracy and currency
- Transparency: Clear disclosure of data sources and processing
- Fairness: Non-discriminatory practices in data collection and use
- Proportionality: Collecting only data necessary for legitimate purposes
- Security: Protecting data from unauthorized access and misuse

17.2 Fair Housing Compliance
We are committed to fair housing principles and prohibit the use of our services for discriminatory practices. Our platform does not collect or process protected class information such as race, color, religion, national origin, sex, disability, or familial status for property targeting purposes.

17.3 Data Minimization Practices
We apply data minimization principles by:
- Collecting only information necessary for our services
- Regularly purging unnecessary data
- Anonymizing data when full identity information is not required
- Aggregating data for analytics to remove individual identifiers


18. CROSS-BORDER DATA TRANSFERS

18.1 International Data Transfer Mechanisms
For transfers of personal data outside of the jurisdiction where it was collected:
- Standard Contractual Clauses (SCCs)
- Binding Corporate Rules
- Transfer Impact Assessments
- Privacy Shield certification (where applicable)
- Country-specific data transfer agreements

18.2 Data Localization Compliance
Where required by local law, certain data may be stored and processed only within specific geographic regions or countries.

18.3 Governmental Access Transparency
We maintain transparency regarding governmental access requests to user data and publish periodic transparency reports detailing:
- Number and types of government requests received
- Our response to such requests
- Number of users affected


19. VENDOR MANAGEMENT PROGRAM

19.1 Third-Party Risk Assessment
All vendors with access to personal data undergo a comprehensive risk assessment process:
- Security questionnaires and documentation review
- Contractual data protection requirements
- Regular compliance monitoring
- Audit rights and verification

19.2 Sub-processor Management
We maintain a current list of all sub-processors who may access personal data, including:
- Identity and contact information
- Location of processing
- Categories of data processed
- Purpose of processing

19.3 Vendor Security Requirements
Vendors must meet minimum security requirements, including:
- Encryption of data in transit and at rest
- Access controls and monitoring
- Security incident procedures
- Regular security assessments
- Data deletion/return procedures


20. PRIVACY BY DESIGN IMPLEMENTATION

We follow Privacy by Design principles in all our operations:
- Proactive not reactive; preventative not remedial
- Privacy as the default setting
- Privacy embedded into design
- Full functionality with positive-sum, not zero-sum
- End-to-end security with full lifecycle protection
- Visibility and transparency
- User-centric approach


21. MARKETING OPT-OUT SYSTEM

Users can select granular preferences for marketing communications:
- Email marketing frequency preferences
- SMS/text message marketing opt-out
- Postal mail marketing opt-out
- Telemarketing opt-out
- Targeted advertising preferences


22. DETAILED COOKIE MANAGEMENT

22.1 Cookie Categories
We categorize cookies used on our platform:
- Essential cookies (necessary for site functionality)
- Functional cookies (improve user experience)
- Analytics cookies (help us understand site usage)
- Marketing cookies (track users across websites for advertising)
- Third-party cookies (set by external services)

22.2 Cookie Consent Management
Our site implements a sophisticated cookie consent management tool that allows:
- Granular consent options by cookie category
- Periodic consent refreshing
- Easy consent withdrawal
- Cookie usage audit logs

22.3 Do Not Track Support
We honor Do Not Track (DNT) signals from browsers by automatically disabling non-essential tracking when such signals are detected.