Privacy Policy
Last updated: 2026-05-09 — DRAFT, requires legal review.
What we collect
- Account data: email address, name (if provided), hashed password, account type.
- Property data: property nickname, address, ZIP, the items you register, photos you upload of nameplates/serial labels, and the people you list to be notified about your home's safety.
- Safety data: matches between your registered items and recall/safety notices we monitor, and any actions you or our admins take on those matches.
- Usage data: hashed IP address, user-agent (truncated), session timestamps, and audit log entries for actions taken in the product. Raw IPs are NOT stored.
- RiskReady Guide data: if you have "Save Guide History" turned on, your conversations with the assistant are stored. If it's off, only a hash of each message is kept for compliance.
What we DON'T collect (or don't keep)
- We do not sell your personal data. (See "Do Not Sell or Share" notice.)
- We do not use third-party advertising trackers.
- We do not retain raw IP addresses; only HMAC hashes for fraud/abuse correlation.
- We strip EXIF metadata (including GPS) from photos you upload BEFORE storing them.
- Phone numbers and email addresses of contacts you list are encrypted at rest.
How we use it
To run the product: monitor your registered items against safety sources, send recall notifications you've opted in to, generate reports you request, and operate the optional RiskReady Guide assistant.
Sharing with partners
If you opt in to a partner integration (e.g. an insurer), we share only the data scope you authorize. See the Partner Data Sharing Notice for details.
Your rights
Depending on where you live, you may have the right to access, export, correct, or delete your data, and to opt out of certain data uses. You can:
- Export your data at /account/data-export
- Delete your account and data at /account/data-delete
- Submit a request to
privacy@riskreadyhome.com(placeholder — replace with the actual address before publication)
Security
Passwords are hashed with bcrypt. Sensitive secrets are stored in AWS Secrets Manager. Sessions are HttpOnly + SameSite=Lax cookies. Admin accounts require multi-factor authentication. We log access to your data for audit purposes.
Contact
Questions about this policy: privacy@riskreadyhome.com (placeholder).
This page is a draft. The published version must be reviewed and signed off by a licensed attorney.