Privacy Policy

Red Line Group LLC ("Company," "we," "us," or "our") operates REI Scout ("the Service"), a real estate investment analysis and management platform available at reiscout.com. This Privacy Policy describes how we collect, use, disclose, and protect your information when you use the Service.

By using the Service, you consent to the practices described in this Privacy Policy. If you do not agree, please do not use the Service.

2.1 Information You Provide

2.2 Information Collected Automatically

2.3 Information from Third Parties

When you use the Service, we may receive property-related data from third-party providers to enrich your experience:

• Google Maps Platform: Latitude/longitude coordinates and street-level imagery for properties you add (cached to reduce repeated API calls).
• Market data providers (future): Rental estimates, comparable sales data, and market trends from licensed data sources such as Rentcast.

We use your information to:

• Provide the Service — run calculations, store properties, track deals, generate reports, and process exports.
• Process payments — manage subscriptions, issue invoices, and handle billing through Stripe.
• Enrich property data — geocode addresses and retrieve property imagery to enhance your portfolio view.
• Communicate with you — send account-related emails (password resets, subscription changes, security alerts). We do not send marketing emails unless you explicitly opt in.
• Improve the Service — analyze usage patterns (in aggregate) to prioritize features, fix bugs, and improve user experience.
• Ensure security — detect and prevent fraud, abuse, and unauthorized access through rate limiting, session management, and authentication monitoring.
• Comply with legal obligations — respond to lawful requests from law enforcement or regulatory authorities.

We do not use your property data, financial inputs, or deal information to train machine learning models, sell to data brokers, or target you with third-party advertising.

We never sell your personal information. We share information only in the following limited circumstances:

4.1 Service Providers

We share data with third-party providers who process it on our behalf to deliver the Service. These providers are contractually obligated to use your data only for the purposes we specify:

4.2 Legal Requirements

We may disclose your information if required by law, subpoena, court order, or governmental request, or if we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others, investigate fraud, or respond to a government request.

4.3 Business Transfers

In the event of a merger, acquisition, bankruptcy, or sale of all or a portion of our assets, your information may be transferred as part of the transaction. We will provide notice before your information becomes subject to a different privacy policy.

4.4 With Your Consent

We may share information with third parties when you explicitly consent, such as when you use a "Share Report" feature to generate a shareable link to a property analysis.

Your data is stored in Supabase-managed PostgreSQL databases hosted on Amazon Web Services (AWS) infrastructure in the United States. We implement the following security measures:

• Encryption in transit: All connections use TLS 1.2 or higher.
• Encryption at rest: Database storage is encrypted using AES-256 via Supabase's infrastructure provider.
• Row Level Security (RLS): Database policies ensure users can only access their own data. No user can query, view, or modify another user's records.
• Password hashing: Passwords are hashed using bcrypt via Supabase Auth. We never store plaintext passwords.
• Rate limiting: API endpoints are rate-limited to prevent abuse and brute-force attacks.
• Security headers: Content Security Policy (CSP), HTTP Strict Transport Security (HSTS), X-Frame-Options, and other headers are enforced on all responses.
• Payment security: Payment card data is handled exclusively by Stripe (PCI DSS Level 1 compliant). We never receive, process, or store raw card numbers.

While we take commercially reasonable steps to protect your data, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

6.1 Cookies

We use the following cookies:

We do not use advertising cookies, tracking pixels, or third-party marketing cookies.

6.2 Local Storage

The Service uses browser local storage to cache application state (theme preferences, UI settings, and temporary form data) for performance. Local storage data remains on your device and is not transmitted to our servers. You can clear local storage through your browser settings at any time.

We may retain certain data longer if required by law (e.g., tax records, legal disputes) or necessary to enforce our Terms of Service.

You have the following rights regarding your data:

• Access: You can view all of your data within the Service at any time through the dashboard, property pages, and portfolio views.
• Export: You can export your data in CSV, PDF, Excel, and JSON formats using the built-in export tools (availability varies by tier). We do not charge for data export.
• Correction: You can edit your property data, profile information, and deal records directly within the Service at any time.
• Deletion: You can request complete deletion of your account and all associated data by contacting support@reiscout.com. Deletion is processed within 30 days, with data permanently removed after the 90-day retention window.
• Restrict Processing: You can request that we restrict the processing of your data to essential service operations only by contacting us.
• Withdraw Consent: Where processing is based on consent, you can withdraw consent at any time by updating your account settings or contacting us.

To exercise any of these rights, contact us at privacy@reiscout.com. We will respond to all requests within 30 days.

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), provides you with additional rights:

• Right to Know: You may request disclosure of the categories and specific pieces of personal information we have collected about you, the purposes for collection, and the categories of third parties with whom we share it.
• Right to Delete: You may request deletion of your personal information, subject to certain legal exceptions.
• Right to Correct: You may request correction of inaccurate personal information.
• Right to Opt-Out of Sale/Sharing: We do not sell personal information and do not share personal information for cross-context behavioral advertising. Therefore, there is no need to opt out.
• Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.

To submit a CCPA request, email privacy@reiscout.com with the subject line "CCPA Request." We will verify your identity before processing the request.

Categories of personal information collected (per CCPA definitions): Identifiers (email, name, IP address), commercial information (subscription tier, transaction history), internet/electronic activity (usage data, pages viewed), and professional/employment information (if provided in profile).

The Service is hosted in the United States. If you access the Service from outside the United States, your information will be transferred to and processed in the United States, which may have different data protection laws than your country.

For users in the European Economic Area (EEA), United Kingdom, or Switzerland: we process your data on the basis of contractual necessity (to provide the Service you requested), legitimate interests (to improve and secure the Service), and your consent (where applicable). You may have additional rights under the General Data Protection Regulation (GDPR), including the right to lodge a complaint with your local supervisory authority.

We do not currently maintain an EU representative. If this changes, we will update this policy.

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal information, please contact us at privacy@reiscout.com, and we will take steps to delete such information.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. Material changes will be communicated via email to the address associated with your account at least 30 days before they take effect. The "Last updated" date at the top of this page indicates when the policy was last revised.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data.

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: