Privacy Policy

Last updated: May 12, 2026

1. Overview

We operate a multi-tenant SaaS platform for real estate investments, properties, lending, subcontractors, project management, and accounting integrations ("Service"). This Privacy Policy describes how we collect, use, store, share, and protect information when you use the Service.

2. Information We Collect

  • Account Information: name, email, password hash, MFA factors, and tenant membership.
  • Business Data: property, land, loan, project, subcontractor, buyer, document, and accounting records you or your tenant create.
  • Billing Data: when your tenant subscribes, our payment processor stores card and billing details. We receive subscription status, plan, seat counts, and invoice metadata — never raw card numbers.
  • Connected Service Data: when an admin connects QuickBooks Online, we store OAuth tokens and your QuickBooks Realm ID and retrieve financial data on demand for read-only display.
  • Cookies & Local Storage: essential cookies for authentication and session, plus optional cookies for analytics and product improvement (only if you accept the cookie banner).
  • Usage Data: server logs, request paths, error traces, and (with consent) product analytics events used for security, troubleshooting, and improving the Service.
  • Email Activity: delivery, bounce, and unsubscribe status of transactional emails we send you.

3. How We Use Information

  • To provide and operate the Service and its multi-tenant features.
  • To authenticate users, enforce MFA, and apply role and module permissions.
  • To process subscription payments and manage seat allocations.
  • To send transactional emails (invitations, password resets, billing notices, alerts).
  • To display connected QuickBooks Online data to authorized administrators.
  • To diagnose issues, monitor security, prevent abuse, and improve the Service.

We do not sell or rent your personal information, and we do not share it with third parties for cross-context behavioral advertising.

4. Subprocessors & Third Parties

We rely on the following processors to operate the Service. Each is bound by their own privacy policy and applicable data-processing terms:

  • Lovable Cloud (database, authentication, file storage, edge compute) — primary infrastructure.
  • Stripe — subscription billing and payment processing.
  • Intuit (QuickBooks Online) — optional, read-only accounting data integration.
  • RentCast — optional property data and rent estimates.
  • Lovable AI Gateway (proxying providers such as Google and OpenAI) — for in-product AI assistance and analysis.
  • Email delivery providers — for transactional emails sent via the Service.
  • Optional analytics & error tracking — only loaded if you accept non-essential cookies.

5. QuickBooks Online Data

Our QuickBooks Online integration is read-only. We do not write, modify, or delete data in your QuickBooks company file. OAuth tokens are stored securely and are accessible only to administrator users and to backend services responsible for refreshing tokens and proxying API calls. You may disconnect QuickBooks at any time; doing so deletes the stored tokens.

6. Data Storage and Security

Data is hosted on managed cloud infrastructure with row-level security, encryption in transit (HTTPS/TLS) and at rest. Multi-factor authentication is required for all accounts. Access is restricted to authenticated users with appropriate roles and module permissions. While we apply industry-standard safeguards, no system is perfectly secure.

7. Data Retention

We retain your data for as long as your tenant account is active or as needed to provide the Service, comply with legal obligations, resolve disputes, and enforce agreements. When a tenant is deleted, associated business data is removed within 30 days, except where retention is legally required (e.g., financial records).

8. Cookies & Tracking

We use a small number of essential cookies required for login, session management, and security. With your consent, we also load optional cookies for product analytics and error monitoring. You can change your choice anytime by clearing this site's storage; the consent banner will reappear.

9. Your Rights (GDPR / CPRA)

Depending on your jurisdiction, you have the right to access, correct, port (export), restrict, or delete your personal information, and to object to certain processing. EU/UK residents may lodge a complaint with their local data-protection authority. California residents may opt out of "sharing" as defined under the CPRA — note that we do not sell or share personal information for cross-context behavioral advertising.

To exercise these rights, contact your tenant administrator or email us at the address below. We will respond within the period required by applicable law.

10. International Transfers

Our infrastructure providers may process data in regions outside your country of residence. Where required, transfers are governed by Standard Contractual Clauses or equivalent safeguards.

11. Children's Privacy

The Service is intended for business use and is not directed to children under 13. We do not knowingly collect information from children.

12. Changes to This Policy

We may update this Privacy Policy. The "Last updated" date above reflects the most recent revision. Material changes will be communicated through the Service.

13. Contact

For privacy questions, data requests, or to designate an EU/UK representative, contact your tenant administrator or email privacy@summitedgeventures.com.