Privacy Policy

Last updated: pending F3 Law review

Draft. Pending F3 Law review. Final version will include CCPA-specific disclosures.

Data we collect

Project records you upload (drawings, verified reports, contracts, correspondence). Architect/engineer/PI license numbers and contact information. Workflow events (document classifications, gap analyses, drafts, signatures). Billing information (via Stripe).

How we use data

We use uploaded documents and project metadata to power the agent workflow. Inputs to large language models pass through a PII redaction layer before being sent to Anthropic via AWS Bedrock. Document content is stored encrypted at rest in private Vercel Blob storage. We do not train any third-party model on customer data.

Subprocessors

AWS Bedrock (us-west-2 region), Anthropic (LLM inference via Bedrock), Vercel (hosting, blob storage), Neon (Postgres database), Clerk (auth), Inngest (background jobs), Stripe (billing), Resend (email), Sentry (error monitoring), Axiom (audit log archive).

Data retention and deletion

Project records are retained for the duration of your subscription plus 90 days. Audit log entries (hashed prompts, token counts, latencies — not raw content) retained 7 years for legal defensibility. Customers may request deletion at any time.

Your rights

California residents have rights under the CCPA / CPRA including right to access, delete, and opt out of "sale" or "sharing" of personal information. We do not sell or share personal information.

Contact

privacy@dsacloseout.com