Privacy Policy
Last updated: April 2026
1. Overview
Recon respects your privacy. This policy explains what we collect, how we use it, and the rights you have. We do not sell your personal data — full stop.
2. Data We Collect
- Account: email, name, profile photo (via Firebase Authentication, Google or email/password).
- Billing: payment method and billing address are handled by Stripe. We never see or store full card numbers.
- Usage: addresses you analyze, deals you save, packages you generate — stored in Google BigQuery and Firestore so we can deliver the Service.
- Technical: IP address, browser type, and referrer for security, analytics, and abuse prevention.
3. How We Use It
- Provide ARV estimates, comps, deal scoring, and email/SMS delivery of packages.
- Process payments (via Stripe) and manage subscriptions.
- Improve model accuracy via aggregated, de-identified training data.
- Send transactional email (receipts, alerts). Marketing email only if you opt in.
- Detect fraud, abuse, and secure the Service.
4. Subprocessors
- Google Firebase — authentication, Firestore database, hosting.
- Google Cloud (BigQuery, GCS, Cloud Run) — analytics and backend compute.
- Stripe — payment processing.
- SendGrid — transactional email.
- Google Vertex AI / Gemini — narrative generation.
5. Cookies & Local Storage
We use cookies and browser local storage for authentication sessions, preferences (theme, sound), and basic analytics. You can disable cookies in your browser, but authenticated features will not work.
6. Data Sharing
We share data only with the subprocessors listed above, and only as needed to deliver the Service. We do not sell personal data to third parties. We may disclose data if required by law or to protect our rights.
7. Data Retention & Deletion
Account data is retained while your account is active and for 30 days after cancellation, then permanently deleted. Billing records are retained for 7 years for tax/accounting compliance. Anonymized model training data may be retained indefinitely.
8. Your Rights (GDPR / CCPA)
If you are a resident of the EU, UK, or California, you have the right to access, correct, export, or delete your personal data, and to opt out of sale (we do not sell data).
To exercise these rights, email privacy@dealpacker.com. We will respond within 30 days.
9. Security
All traffic is encrypted with TLS. Authentication is managed by Firebase. Secrets are stored in Google Secret Manager. We follow industry best practices, but no system is perfectly secure — use a unique, strong password.
10. Children
Recon is not intended for users under 18. We do not knowingly collect data from children.
11. Changes
Material changes to this policy will be announced via email and posted here with a new effective date.
12. Contact
Privacy questions: privacy@dealpacker.com