Privacy Policy

Account Information: When you register, we collect your name, email address, company name, contractor type, Washington license number, phone number, and city/state.

Uploaded Documents: Construction documents you upload for compliance analysis, including PDFs, Word documents, images, plans, permits, and contracts.

Usage Data: Information about how you use the Service, including pages visited, features used, compliance checks run, AI interactions, and session duration.

Device Information: Browser type, operating system, IP address, and device identifiers collected automatically when you access the Service.

We use your information for the following purposes:

• Providing compliance checking and permit readiness analysis
• Processing documents through our AI pipeline for issue detection
• Generating embeddings and indexing documents for semantic search
• Improving our AI models using anonymized, aggregated document patterns
• Sending transactional emails (welcome, document processed, compliance results)
• Monitoring errors and improving service reliability via Sentry
• Processing payments through Stripe

Your data is stored using industry-standard cloud infrastructure:

• Documents: AWS S3 (us-west-2) with server-side encryption (AES-256)
• User Data: Supabase PostgreSQL with encrypted connections (TLS 1.3)
• AI Embeddings: Pinecone vector database with encryption at rest
• Authentication: Supabase Auth with bcrypt password hashing

All data in transit is encrypted using TLS 1.3. We follow SOC 2 readiness practices and conduct regular security reviews.

We do not sell your personal data or uploaded documents to third parties.

We share data only with the following service providers who process data on our behalf:

• Anthropic — AI processing (Claude API for document analysis)
• AWS — Document storage (S3)
• Supabase — Database and authentication
• Pinecone — Vector search for compliance matching
• Stripe — Payment processing
• Resend — Transactional email delivery
• Sentry — Error monitoring and performance tracking

We may disclose data when required by law, court order, or government regulation.

Uploaded documents are retained for the duration of your active subscription. Upon account termination:

• Documents are retained for 30 days to allow for data export
• After 30 days, documents are permanently deleted from AWS S3
• Vector embeddings derived from your documents are removed from Pinecone
• Anonymized, aggregated patterns may be retained for AI model improvement

You have the right to:

• Access: Request a copy of all personal data we hold about you
• Correction: Update inaccurate information via your Profile page
• Deletion: Request permanent deletion of your account and all associated data
• Export: Download your uploaded documents and project data
• Opt-out: Unsubscribe from marketing emails (transactional emails cannot be opted out)

To exercise these rights, contact us at support@vulpa.ai. We will respond within 30 days.

Vulpa uses the following technologies:

• Supabase Auth Cookies: Essential for authentication and session management
• Sentry: Error tracking and performance monitoring to improve reliability

We do not use advertising cookies or third-party tracking pixels. We do not share your browsing data with advertisers.

Vulpa is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from children.

We may update this Privacy Policy from time to time. Material changes will be communicated via email to registered users. Your continued use of the Service after changes constitutes acceptance.

For privacy-related questions or requests, contact our privacy team:

Vulpa, Inc.
Email: support@vulpa.ai
Subject: Privacy Request