Last updated: April 24, 2026 · Effective date: April 24, 2026
This Privacy Policy explains how GR1D Recon ("we," "us," "our") collects, uses, shares, and protects information when you use our commercial real estate site intelligence platform (the "Service"). It also describes your rights and how to exercise them. If you have questions about anything here, email us at admin@gr1drecon.io.
This Policy applies to personal information about users of the Service — the individuals who create accounts and use the platform. The Service is directed at professionals working in commercial real estate, site selection, development, and related business contexts.
The Service also processes information about real properties, parcels, owners of record, and government activity sourced from public records. That information is not personal information of our users and is governed by Section 3 of our Terms of Service, including the restriction that the Service must not be used in any manner governed by the Fair Credit Reporting Act or used to make consumer-eligibility decisions.
Account information you provide.
Usage and activity data.
Technical data collected automatically.
Communications.
We do not intentionally collect sensitive personal information (such as Social Security numbers, government IDs, health information, precise geolocation, or biometric data). Please do not submit such information through the Service.
We use the information above to:
We do not sell your personal information for money, and we do not "share" personal information for cross-context behavioral advertising (as those terms are defined under California law). We do not use your data for advertising and we do not participate in advertising networks or data-broker exchanges.
If you are in the European Economic Area, the United Kingdom, or Switzerland, we rely on the following legal bases under Article 6 of the GDPR:
We use the following categories of third-party processors and sub-processors to operate the Service. Each has its own privacy commitments and handles only the information necessary to perform its service.
We may update this list as our infrastructure evolves. A current list is available on request.
We may also disclose information (a) to comply with law, legal process, or lawful government request; (b) to enforce our Terms of Service; (c) to protect the rights, property, or safety of GR1D Recon, our users, or the public; or (d) in connection with a merger, acquisition, financing, or sale of assets, subject to appropriate safeguards.
We currently do not use third-party analytics or advertising cookies (such as Google Analytics, Meta Pixel, or similar). We may use first-party server-side logs and metrics provided by our hosting infrastructure (Vercel, Supabase) for debugging, security, and capacity planning. If we add a third-party analytics provider in the future, we will update this Policy and, where required, obtain your consent.
Portions of the Service rely on artificial intelligence and machine learning to classify zoning codes, extract ordinance provisions, summarize government activity, and generate district-intent summaries. These workloads operate primarily on public records, government documents, and aggregated platform data — not on your personal account information.
We do not engage in automated decision-making that produces legal or similarly significant effects concerning you. Parcel scoring is an informational ranking aid, not a decision about any individual.
Your data is stored on cloud infrastructure located in the United States (primarily AWS us-east-1, via Supabase). We implement reasonable administrative, technical, and physical safeguards, including encrypted connections (HTTPS/TLS), encrypted storage, role-based access controls, authentication via an identity provider with modern password hashing, and row-level access controls that limit each user to their own profile data.
If you access the Service from outside the United States, your information will be transferred to and processed in the United States, which may have different data-protection laws than your home country. Where required by law (for example, for transfers from the EEA, UK, or Switzerland), we rely on appropriate transfer mechanisms such as the European Commission's Standard Contractual Clauses (and the UK Addendum) with our sub-processors.
No system is completely secure. While we work to protect your information, we cannot guarantee absolute security.
Transactional emails (verification, billing, security notices, policy updates, service changes) are required to operate the Service. You cannot opt out of transactional emails while your account is active.
Marketing emails (product announcements, platform news, feature launches) are sent only if you opt in. You can opt in or out at any time in Settings → Notifications → Communication Preferences or by clicking the unsubscribe link in any marketing email. We comply with the CAN-SPAM Act and will process unsubscribe requests within ten (10) business days.
We retain personal information only as long as needed for the purposes described in this Policy or as required by law.
Subject to applicable law, you have the right to:
To exercise any of these rights, email admin@gr1drecon.io. We may need to verify your identity before responding. We will respond within 30 days (or 45 days under U.S. state laws, extendable once where permitted).
We will not discriminate against you for exercising these rights.
If you are a California resident, you have the rights described in Section 11 and additional rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act:
Categories of personal information we collect. Identifiers (name, email, IP address); commercial information (subscription and billing records); internet/network activity information (browsing, search, and usage logs); geolocation information (approximate, derived from IP); professional information (if you voluntarily share it); inferences drawn from the above (communication preferences, usage patterns). We collect these categories directly from you and automatically from your device. We use them for the purposes described in Section 3.
To exercise your California rights, email admin@gr1drecon.io. You may designate an authorized agent; we may require written verification of the agent's authority.
Residents of Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), Virginia (VCDPA), and other states with comprehensive privacy laws have rights similar to those described in Sections 11 and 12, which may include the rights to access, correct, delete, and port personal information, and the right to opt out of targeted advertising, sale of personal information, or certain profiling. Because we do not engage in targeted advertising, sale of personal information, or high-impact profiling, no opt-out mechanism is needed. To exercise your rights, email admin@gr1drecon.io. If we deny a request, you may appeal by replying to our denial; we will respond to appeals within 60 days.
The Service is not directed at children. We do not knowingly collect personal information from anyone under the age of 13 (or 16 in the EEA/UK and other jurisdictions that require a higher age). If we learn we have collected personal information from a child without verified parental consent, we will delete it. If you believe a child has provided us with personal information, please contact admin@gr1drecon.io.
The Service uses a small number of strictly necessary cookies and browser local-storage entries for:
We do not use third-party advertising cookies, cross-site tracking pixels, or data-broker cookies. Most browsers allow you to clear or block cookies and local storage, but doing so may prevent the Service from functioning correctly.
If we discover a security incident that results in the unauthorized acquisition of or access to your personal information, we will notify you and any applicable regulators as required by applicable law (including, where applicable, U.S. state breach-notification laws and Articles 33–34 of the GDPR). Our notice will describe, to the extent known, the nature of the incident, the categories of data involved, the likely consequences, and the measures we have taken.
Some browsers offer a "Do Not Track" signal. Because there is no common industry standard for how to respond, we do not currently respond to Do Not Track signals. As noted above, we do not track users across third-party sites for advertising purposes.
We may update this Privacy Policy from time to time. For material changes, we will provide at least 30 days' notice by email or in-app notification before the changes take effect (or sooner where required by law). Non-material changes are effective when posted. The "Last updated" date at the top indicates the most recent revision. Your continued use of the Service after changes take effect constitutes acceptance of the updated Policy.
For privacy questions, rights requests, or any concern about this Policy, contact us at admin@gr1drecon.io. We aim to respond within 30 days.
If you have questions about this Privacy Policy or how we handle your data, reach out to us.
admin@gr1drecon.io