**DRAFT FOR ATTORNEY REVIEW ONLY**
This privacy policy is a draft template requiring attorney review before use. Last Updated: [DATE]
Probate Property Radar Privacy Policy
This draft describes intended privacy practices for Probate Property Radar.
It must be aligned with actual collection, processing, sale, sharing, retention, vendor, and deletion practices before publication.
Bracketed items must be completed by the company and counsel.
This document is not legal advice.
Section 1: Introduction / Scope
This Privacy Policy applies to Probate Property Radar's websites, applications, subscriptions, data products, lead reports, and related services.
It applies to subscription customers, trial users, account administrators, authorized users, and prospects who interact with us.
It also applies to lead subjects whose information appears in probate, court, property, or related public-record data.
Lead subjects may include estate administrators, personal representatives, executors, heirs, beneficiaries, relatives, property owners, and other living individuals associated with probate records.
Some records may also concern deceased persons and estate information.
This Policy explains what we collect, where information comes from, how we use it, how we disclose it, and what rights may apply.
The Policy does not apply to third-party websites, dialers, email systems, advertisers, brokers, or customer outreach practices that we do not control.
Subscribers are independently responsible for their own privacy notices and legal compliance when using leads.
If a separate written agreement conflicts with this Policy, the written agreement controls only to the extent of the conflict.
Section 2: Two Categories of Personal Information We Collect
Category A: Subscriber Data.
Subscriber Data includes name, business name, email address, phone number, billing information, payment status, subscription plan, account credentials, user role, support communications, preferences, usage logs, device data, IP address, browser data, authentication logs, export history, search history, and compliance records.
We collect Subscriber Data when users create accounts, subscribe, pay invoices, contact support, use the platform, respond to surveys, or interact with our website.
Subscriber Data may include identifiers, commercial information, internet or electronic network activity, geolocation derived from IP address, and professional or employment-related information.
Category B: Lead Subject Data.
Lead Subject Data includes information derived from probate court public records and related public or commercial sources.
Lead Subject Data may include names of heirs, administrators, personal representatives, executors, beneficiaries, attorneys, property owners, and other associated persons.
Lead Subject Data may include deceased persons' estate information, case numbers, filing dates, court names, property addresses, mailing addresses, parcel information, estate status, and related public-record attributes.
Lead Subject Data may also include contact information, property information, and derived indicators obtained from public records, government databases, or third-party data providers.
We do not intend the platform to collect or provide consumer reports under the Fair Credit Reporting Act.
We do not intend to collect sensitive personal information unless it appears incidentally in public records or is provided by a subscriber.
Subscribers must not upload unnecessary sensitive information to the platform.
Section 3: Sources of Information
We collect information directly from subscribers and authorized users.
We collect information automatically through platform logs, cookies, pixels, analytics tools, security tools, and similar technologies.
We obtain Lead Subject Data from public court records.
We obtain information from government databases, recorder records, assessor records, tax records, property records, probate indexes, and similar public sources.
We obtain information from third-party data providers, data compilers, enrichment providers, and service providers.
We may obtain information from payment processors, identity verification tools, fraud prevention services, and business contact databases.
We may receive information from subscribers when they upload lists, notes, suppression files, or compliance records.
We may receive privacy requests, opt-outs, correction requests, and deletion requests from individuals or authorized agents.
We may infer information from account usage, search activity, export activity, and data interactions.
We do not control the accuracy, timing, or completeness of public records and third-party sources.
Section 4: How We Use Information
We use Subscriber Data to provide, maintain, secure, and administer the platform.
We use Subscriber Data to create accounts, authenticate users, process subscriptions, issue invoices, manage billing, and provide customer support.
We use information to monitor usage, enforce contract terms, detect scraping, prevent fraud, and protect platform security.
We use information to improve data quality, product features, matching logic, search tools, reporting, and user experience.
We use information to communicate about accounts, invoices, support, policy updates, security events, and product changes.
We use information to comply with legal obligations, respond to lawful requests, maintain records, and exercise legal rights.
We use Lead Subject Data to compile probate-related property intelligence for subscribers.
We use Lead Subject Data to organize, standardize, deduplicate, update, and display public-record and related data.
We may use aggregated or deidentified information for analytics, research, product development, and reporting.
We do not use Lead Subject Data to determine eligibility for credit, insurance, employment, housing, tenant screening, government benefits, or other FCRA purposes.
Section 5: Third-Party Sharing
We disclose information to payment processors for billing and subscription management.
We disclose information to cloud hosting providers, database providers, security vendors, logging tools, customer support tools, and email service providers.
We disclose information to analytics tools and product measurement providers.
We disclose information to professional advisors, including lawyers, accountants, auditors, insurers, and compliance consultants.
We disclose information to government authorities or litigants when required by law, subpoena, court order, or valid legal process.
We may disclose information in connection with a merger, acquisition, financing, reorganization, bankruptcy, sale of assets, or similar transaction.
We disclose Lead Subject Data to subscribers as part of the subscribed platform service.
We may disclose personal information to third-party data providers to match, validate, enrich, update, or suppress records.
We may use cookies, pixels, or similar tools that could be considered sharing for cross-context behavioral advertising under some state laws.
We sell and/or share personal information as defined under the California Consumer Privacy Act ('CCPA') as amended by the California Privacy Rights Act ('CPRA').
We do not knowingly sell or share personal information of consumers under sixteen years of age.
Subscribers may not resell or redistribute platform data except as expressly authorized in writing.
Where required by law, we will post a clear and conspicuous "Do Not Sell or Share My Personal Information" link or equivalent privacy choices link on our website and any other required collection point.
Section 6: CCPA/CPRA Disclosures
California residents may have rights under the CCPA and CPRA.
We sell and/or share personal information as defined under the California Consumer Privacy Act ('CCPA') as amended by the California Privacy Rights Act ('CPRA').
We provide a Do Not Sell or Share My Personal Information mechanism at [DO NOT SELL OR SHARE URL].
Consumers may also submit opt-out requests by emailing [PRIVACY EMAIL].
We honor Global Privacy Control (GPC) signals where required by applicable law and technically feasible.
A browser-based GPC signal will be treated as a request to opt out of sale or sharing for that browser or device.
If a consumer maintains an account with us, we may ask the consumer to submit an account-level request so the opt-out can be associated with the account.
Categories collected may include identifiers, commercial information, internet activity, geolocation derived from IP address, professional information, inferences, and public-record information.
Categories sold or shared may include identifiers, property-related information, probate-related public-record information, contact information, internet activity related to advertising tools, and inferences.
Categories disclosed for business purposes may include all categories described in this Policy.
Business purposes include service provision, billing, security, analytics, auditing, legal compliance, and product improvement.
We do not use sensitive personal information to infer characteristics except as permitted or authorized by law.
Section 7: Consumer Rights (CCPA/CPRA)
California residents may have the Right to Know what personal information we collect, use, disclose, sell, or share.
California residents may have the Right to Delete personal information, subject to legal exceptions.
California residents may have the Right to Correct inaccurate personal information.
California residents may have the Right to Opt-Out of Sale or Sharing of personal information.
California residents may have the Right to Limit Use of Sensitive Personal Information where applicable.
California residents may have the right not to receive discriminatory treatment for exercising privacy rights.
To submit a request, use [PRIVACY REQUEST WEBFORM], email [PRIVACY EMAIL], or write to [PRIVACY ADDRESS].
Authorized agents may submit requests if they provide proof of authorization and any verification information required by law.
We will verify requests by matching information provided in the request with information in our records.
We will respond to verifiable consumer requests within forty-five days, unless an extension is permitted by law.
If we need more time, we will provide notice and explain the extension as required by law.
Opt-out requests do not require account creation.
Deletion requests may be limited where information is needed for legal compliance, security, debugging, transactions, internal uses, or other permitted purposes.
We may deny or limit requests concerning information that is not personal information under applicable law.
We will not require a consumer to create an account to submit an opt-out request.
If we deny, limit, or cannot verify a request, we will explain the basis where required by applicable law.
Section 8: Deceased vs. Living Individuals
The CCPA generally does not protect personal information of deceased individuals.
Probate records often contain information about deceased persons, estates, case filings, assets, and property.
Living heirs, administrators, personal representatives, executors, beneficiaries, relatives, attorneys, subscribers, and users may be protected as living individuals under the CCPA or other privacy laws.
As a company policy, we seek to distinguish deceased-person estate records from information associated with living individuals where reasonably feasible.
We may retain deceased-person estate information when derived from public records and needed for the service.
We will evaluate privacy requests from living individuals whose information appears in Lead Subject Data.
Where legally required, we will honor deletion, correction, access, opt-out, and limitation rights for living individuals.
Where information is public-record information, we may retain it if permitted by law while honoring applicable opt-out or suppression obligations.
We may suppress a living individual's contact information from subscriber-facing displays when required by law or adopted by company policy.
We may maintain suppression records to ensure that deletion or opt-out requests continue to be honored.
Section 9: Data Broker Registration Disclosures
Probate Property Radar may qualify as a data broker in one or more jurisdictions depending on actual operations.
Where applicable, we will register and maintain registrations required by state data broker laws.
California registration may be required under Civil Code § 1798.99.80.
Vermont registration may be required under 9 V.S.A. § 2446.
Oregon registration may be required under applicable Oregon data broker law.
Texas registration may be required under Texas Business and Commerce Code Chapter 510.
Registration status should be listed here: [DATA BROKER REGISTRATION STATUS AND LINKS].
Where required, we will post a conspicuous website notice that we are a data broker and provide required registration or privacy-request information.
Consumers may submit deletion or suppression requests through [PRIVACY REQUEST WEBFORM].
Consumers may also email [PRIVACY EMAIL] with the subject line Data Broker Deletion Request.
We may require verification before deleting, suppressing, or correcting information.
We may deny requests where an exception applies, including legal compliance, security, public-record limitations, or inability to verify identity.
We will document request handling as required by applicable data broker laws.
If California's centralized data broker deletion mechanism applies to us, we will monitor and process those deletion requests on the schedule required by the California Delete Act and implementing regulations.
Section 10: Data Retention
We retain Subscriber Data for as long as the account is active and for a reasonable period afterward for billing, audit, legal, tax, security, and dispute-resolution purposes.
Billing records may be retained for at least seven years or as required by accounting and tax rules.
Usage logs may be retained for security, fraud prevention, compliance monitoring, and product analytics for a period determined by internal policy.
Support records may be retained for customer service, quality assurance, and dispute-resolution purposes.
Lead Subject Data may be retained while it remains relevant to the platform, public-record update cycles, subscriber service needs, suppression obligations, or legal compliance.
Suppression, opt-out, deletion, and do-not-contact records may be retained as long as necessary to honor the request and prove compliance.
Consent and telecommunications compliance records uploaded by subscribers should be retained by subscribers for at least six years.
We may retain aggregated, anonymized, or deidentified information without time limitation where permitted by law.
When retention is no longer reasonably necessary, we may delete, deidentify, aggregate, archive, or securely dispose of information.
Actual retention schedules must be approved by counsel and documented internally.
Section 11: Security
We use technical and organizational measures designed to protect information against unauthorized access, loss, misuse, alteration, and disclosure.
Measures may include access controls, authentication, encryption in transit, network monitoring, logging, backups, vulnerability management, and vendor review.
We restrict access to personal information to personnel and service providers with a business need.
We train relevant personnel on confidentiality, data handling, security, and compliance obligations.
No security program can guarantee absolute security.
Subscribers are responsible for maintaining secure passwords, managing authorized users, protecting exports, and limiting access within their organizations.
Subscribers must promptly notify us of suspected account compromise or unauthorized data use.
We may suspend access if we detect security risk, credential sharing, scraping, or unauthorized activity.
We may maintain audit logs to investigate misuse and comply with legal obligations.
Security practices should be reviewed periodically and updated as the platform changes.
Section 12: Children's Privacy
The platform is not directed to children under thirteen years of age.
We do not knowingly collect personal information directly from children under thirteen.
Subscribers may not use the platform to target children.
If we learn that we collected personal information directly from a child under thirteen without required consent, we will take appropriate steps to delete it.
Public records may incidentally include information relating to minors, and such records should be handled according to applicable law and counsel-approved policies.
Requests concerning minors should be submitted to [PRIVACY EMAIL].
Section 13: Contact / Privacy Requests
Privacy requests may be submitted to [PRIVACY EMAIL/ADDRESS].
Requests may also be submitted through [PRIVACY REQUEST WEBFORM].
Do Not Sell or Share requests may be submitted through [DO NOT SELL OR SHARE URL].
Please include enough information for us to identify the records at issue.
For account requests, include the account email address and company name.
For lead subject requests, include name, mailing address, property address if applicable, and any relevant probate case information.
We may request additional information to verify identity or authority.
We will use information submitted in a privacy request to process, verify, document, and respond to the request.
Authorized agents should provide proof of authorization.
Questions about this draft should be directed to counsel before publication.
Section 14: Updates to This Policy
We may update this Privacy Policy from time to time.
We may provide notice by posting an updated policy, emailing account contacts, displaying an in-product notice, or using another reasonable method.
The Last Updated date should be revised when material changes are made.
Material changes may require additional notices or consent depending on applicable law.
Continued use of the platform after an update means the subscriber acknowledges the updated Policy.
Privacy rights will be handled according to the policy and law in effect when the request is processed.
This draft must be reviewed and approved by licensed counsel before use.