Privacy Policy

NewOwnerIQ helps home-service businesses keep customers when properties change hands. To do that we store: your account credentials, your business profile, the property addresses you upload, ownership-change events we detect from public records, and the postcards you send. We do not sell this data. We use a small set of named subprocessors (listed below) to make the product work.

You can export every piece of data tied to your account from /settings/account, and you can delete the account from the same page. Deletion is immediate and irreversible.

• Account credentials: email address, password hash (bcrypt cost 12 — never the plaintext), optional TOTP secret, optional WebAuthn passkey public keys.
• Business profile: business name, service category, contact info, mailing address, logo (if uploaded), service ZIP codes, notification preferences.
• Property records: serviced addresses, customer names, service types, service tags, service notes, last service dates.
• Mailer content: postcard headlines, body copy, CTAs you write or accept from our AI generator.
• Payment method: handled entirely by Stripe (PCI SAQ-A). We never see your card data — we only store the Stripe customer + payment method IDs.

• Session metadata: IP address, user agent, device fingerprint for each session. Used for the new-device sign-in alerts and the active-sessions list at /settings/sessions.
• Admin access log: if you have isAdmin privileges, every /admin/* page render writes a row with IP, user agent, and timestamp.
• API telemetry: latency, success/failure, and cost (where measurable) for every external API call (Lob, Stripe, county tax-assessor APIs, Anthropic, SMTP2GO, geocoder). Used for operational monitoring at /admin/health.
• Rate-limit buckets: we track failed-attempt counters per IP and per email for login, signup, password reset, and 2FA challenge endpoints.

The core product monitors public county tax assessor data to detect ownership changes on the properties you've uploaded. We currently query:

• Jefferson County, AL — public ArcGIS REST API (gis.jccal.org)
• Shelby County, AL — public ArcGIS REST API (maps.shelbyal.com)
• Census Geocoder — fallback geocoding for rural Shelby parcels

This data is published openly by the counties. We cache results so we're not slamming the public APIs. The information (owner name, sale date, sale price, deed instrument, lot acreage, assessed value) is surfaced back to you for your monitored properties — the addresses you've registered with us because you previously did work there.

To deliver the product we rely on a small set of vendors. Each is contractually bound to handle data only on our behalf.

• Vercel — application hosting, edge functions, log retention
• Neon — managed PostgreSQL database hosting
• Stripe — payment processing and subscription management
• Lob — postcard printing and mail delivery
• SMTP2GO — transactional email delivery (sign-in alerts, mailer notifications, contact form, account deletion confirmation)
• Anthropic — AI-assisted postcard copy generation (Pro tier only, when you opt in by clicking "Generate")

We do not sell your data to advertisers, data brokers, or anyone else. We do not run third-party analytics or advertising scripts on the marketing site or the app.

We keep your data for as long as your account is active. When you delete your account at /settings/account, every row attached to your user — business, properties, mailers, leads, ownership-change events, sessions, passkeys, MFA secrets, billing events — is hard-deleted via database cascade. There is no soft-delete grace period.

Stripe retains a transactional record of payments made (for their own tax/compliance obligations). We can't purge their records on your behalf — contact Stripe directly for their retention policy.

• Access / portability: download a full JSON export of your data at /settings/account.
• Deletion: delete your account at /settings/account after providing your password and (if enabled) a current 2FA code.
• Correction: business profile, properties, and mailer content are all editable through the app.
• Communication preferences: manage at /settings/notifications. Security-relevant emails (new-device alerts, account deletion confirmation, admin-grant notifications) are not user-toggleable.

Passwords are bcrypt-hashed (cost 12). Sessions use HTTP-only, secure cookies with sliding 7-day expiry and HMAC-signed device fingerprints. Two-factor authentication (TOTP) and WebAuthn passkeys are available and required for admin accounts. New-device sign-ins trigger an email alert with a one-click revoke link. Every external API call and cron run is logged for operational visibility.

No system is unbreakable. If you discover a security issue, email security@newowneriq.com.

NewOwnerIQ is a B2B tool for service businesses. We do not knowingly collect data from anyone under 18. If you believe we have data on a minor, contact us and we'll delete it.

When we materially change this policy we'll update the "Last updated" date at the top and email account holders. Continued use after that means you accept the new version.

Questions, requests, complaints: hello@newowneriq.com.