Privacy Policy

Last updated: April 1, 2026

1. Information We Collect

Account Information: When you create an account, we collect your email address. We do not collect passwords — authentication is handled through secure magic link emails.

Payment Information: Payment is processed by Stripe. We do not store credit card numbers or sensitive payment details on our servers. Stripe's privacy policy governs how your payment information is handled.

Report Data: When you generate a report, we store the address you searched, the industry selected, and the analysis results so you can access your purchased reports at any time.

Usage Data: We may collect basic usage information such as pages visited, reports generated, and browser type to improve the Service.

2. How We Use Your Information

We use your information to:

• Provide and deliver the reports you purchase
• Send transactional emails (login links, purchase confirmations)
• Store your purchased reports for future access
• Improve the Service and user experience
• Prevent fraud and abuse

3. Data Sources

Reports are generated from publicly available data including:

• U.S. Census Bureau (American Community Survey)
• Google Places API (business listings and reviews)
• Walk Score API (walkability and transit data)
• OpenStreetMap (geographic and point-of-interest data)

We do not collect personal information about individuals in the areas being analyzed.

4. Data Sharing

We do not sell, rent, or trade your personal information. We share data only with:

• Stripe: For payment processing
• Resend: For transactional email delivery
• Law enforcement: When required by law

5. Data Retention

Your account and purchased reports are retained indefinitely so you can access them at any time. If you request account deletion, we will remove your personal data within 30 days.

6. Security

We use industry-standard security measures including encrypted connections (HTTPS), secure session management, and secure payment processing through Stripe. However, no method of transmission over the Internet is 100% secure.

7. Cookies

We use a single HTTP-only session cookie to keep you logged in. We do not use tracking cookies or third-party advertising cookies.

8. Your Rights

Regardless of where you are located, you have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your account and data
• Export your purchased reports
• Withdraw any previously granted consent
• Lodge a complaint with a supervisory authority

To exercise any of these rights, email privacy@expansionlens.com. We respond to verified requests within thirty (30) days.

9. California Residents (CCPA / CPRA)

If you are a California resident, you have the following additional rights under the California Consumer Privacy Act and California Privacy Rights Act:

• Right to know what personal information we have collected about you, the sources, the purposes, and the categories of third parties we share it with.
• Right to delete your personal information, subject to legal exceptions.
• Right to correct inaccurate personal information.
• Right to opt out of sale or sharing of your personal information. ExpansionLens does not sell or share personal information as those terms are defined under California law.
• Right to limit use of sensitive personal information. We do not collect sensitive personal information for purposes that would trigger this right.
• Right to non-discrimination for exercising any of these rights. We will not deny service, charge different prices, or provide a different level of service because you exercised a privacy right.

To exercise any California privacy right, email privacy@expansionlens.com with the subject line "California Privacy Request." We may need to verify your identity before processing the request.

10. European Union / United Kingdom Residents (GDPR / UK GDPR)

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, the General Data Protection Regulation (GDPR) and UK GDPR apply to our processing of your personal data. The data controller is ExpansionLens.

Legal basis for processing. We process your personal data on the following bases:

• Contract: to provide the reports you purchase and deliver account services you requested.
• Legitimate interests: to prevent fraud, secure our systems, and improve the Service.
• Consent: where you have explicitly agreed (for example, by submitting your email address to receive a login link).
• Legal obligation: to comply with applicable laws.

Your GDPR rights. In addition to the rights in Section 8, you have the right to:

• Object to our processing of your personal data
• Request restriction of processing
• Receive your personal data in a portable, machine-readable format
• Lodge a complaint with your national data protection authority

International transfers. ExpansionLens is operated from the United States, and your personal data will be processed in the United States. Where required, we rely on appropriate safeguards such as Standard Contractual Clauses approved by the European Commission.

To exercise any GDPR right, email privacy@expansionlens.com.

11. Children's Privacy

The Service is not intended for users under 18 years of age. We do not knowingly collect information from children.

12. Changes to This Policy

We may update this Privacy Policy periodically. We will notify registered users of material changes via email.

13. Contact

For privacy-related questions or requests, contact us at privacy@expansionlens.com.