Geo Appraise
← Back
This Privacy Policy applies to all users of the Geo Appraise platform, including:
This Policy covers information collected through the Platform, including our web application, API services, and all associated serverless functions. It does not apply to third-party websites or services linked from the Platform.
| Category | Data Elements | When Collected |
|---|---|---|
| Account Identity | Email address, display name (optional), profile photo (if Google Sign-In used) | Account creation or first sign-in |
| Session Metadata | Property address, homeowner name (as entered by Inspector), session notes, inspection start and end timestamps | Session creation and during active session |
| Photo Annotations | Room labels, room-specific prompts, Inspector-entered notes and tags on individual photos | During and after session |
| Financial Records | Credit package selected, purchase amount, transaction timestamp, credit balance, credit usage history. Payment card data is processed exclusively by Stripe, Inc. and is not stored by Akemera. | Credit purchase and credit consumption events |
| UI Preferences | Display theme (dark/light) | Settings save |
| Category | Data Elements | When Collected |
|---|---|---|
| Identity | Name (provided voluntarily during session, if disclosed to Inspector) | During active session |
| Geolocation | GPS latitude, longitude, and accuracy radius — obtained from the Customer's device browser Geolocation API and associated with the session record | Continuously during active session while location permission is granted |
| Photographs | Images captured by the Customer's device camera, including both a compressed thumbnail and a full-resolution JPEG, stored with associated room metadata and GPS coordinates | Each time Customer captures a photo |
| Video and Audio (Transient) | Live camera and microphone feed transmitted via WebRTC peer-to-peer connection directly to the Inspector's browser. Akemera does not record, store, or process this video or audio stream on any server. Inspector screenshots derived from the stream are stored as photographs under the session record. | During active WebRTC session |
| Category | Data Elements | Source |
|---|---|---|
| Server Logs | IP address, request timestamps, HTTP method, path, status code, referrer, user-agent string | Vercel serverless function logs (retained per Vercel's standard log policy) |
| Firebase Auth Metadata | Account creation timestamp, last sign-in timestamp, authentication provider (email/password or Google) | Firebase Authentication service |
| ICE/TURN Connectivity | IP address transmitted to Cloudflare TURN relay servers solely to establish a WebRTC peer connection. This data is not retained by Akemera. | Cloudflare TURN service during session initiation |
We collect information you actively provide — such as your email address, display name, property address, session notes, and photo annotations — when you create an account, configure a session, annotate photos, or submit a support inquiry.
When you use the Platform, your browser or device provides information automatically, including GPS coordinates (with your explicit permission), camera and microphone streams (with your explicit permission), and standard HTTP request metadata such as your IP address and browser type.
Camera and microphone access is requested by the Platform only for the purpose of conducting the inspection session. The Platform will display a browser permission dialog before accessing either capability. You may revoke these permissions at any time through your browser or device settings, though doing so will impair or prevent session functionality.
If you choose to sign in using Google Sign-In, we receive from Google your email address, public profile name, and profile photograph URL as made available by Google's OAuth service. We do not receive your Google password.
Our payment processor, Stripe, Inc., notifies us via a signed webhook event when a credit purchase is completed. This notification includes the credit package identifier and a reference to your user account. We do not receive your full payment card number, CVV, or bank account details from Stripe.
We do not send marketing emails unless you have explicitly opted in. We do not sell your contact information to advertisers.
Where applicable law requires a stated legal basis for processing personal information, we rely on: (a) performance of a contract — to deliver the services you requested; (b) legitimate interests — to operate, maintain, and improve the Platform and to prevent fraud; and (c) compliance with legal obligations — to meet applicable regulatory requirements.
By design, certain information is shared between the Inspector and Customer within a session:
Customers should be aware that photographs and GPS data they contribute will be included in the inspection report generated by the Inspector and may be shared by the Inspector with third parties (such as lenders, appraisers, or clients) in that Inspector's professional capacity. Akemera is not responsible for how Inspectors use or disclose reports after download.
We share personal information with third-party service providers who process data on our behalf under contractual data processing obligations. See Section 6 for a complete list. These providers are authorized to use your personal information only as necessary to provide their services to us.
If Akemera, Inc. undergoes a merger, acquisition, reorganization, bankruptcy, or sale of all or substantially all of its assets, personal information held by us may be transferred to the successor entity. We will provide notice of any such transfer on this page or via the contact information associated with your account, and the successor will be bound by the terms of this Privacy Policy or a materially equivalent successor policy.
We may disclose personal information if we are required to do so by law, subpoena, court order, or other valid legal process, or if we believe in good faith that disclosure is necessary to protect the rights, property, or safety of Akemera, its users, or the public, or to enforce our Terms and Conditions.
The Platform relies on the following third-party infrastructure providers. Each provider has its own privacy policy governing the data it processes on your behalf.
| Provider | Purpose | Data Involved |
|---|---|---|
| Google Firebase (Google LLC) |
User authentication and cloud database (Firestore) | Inspector email, display name, password hash (auth); all session, photo, GPS, and Inspector profile data (Firestore). Data stored in Google's infrastructure in the United States. |
| Stripe, Inc. | Payment processing for credit purchases | Payment card data (managed entirely by Stripe; not received by Akemera). Akemera receives only a purchase completion event containing the credit package identifier and user reference. |
| Cloudflare, Inc. | TURN relay server for WebRTC peer connection establishment | IP address of Inspector and Customer devices, used solely to facilitate the encrypted WebRTC connection. Not retained by Akemera. Cloudflare's own data practices apply. |
| Google Maps Platform (Google LLC) |
Property address autocomplete during session creation | Address search input text sent to the Google Places API. Google may retain query data per its own privacy policy. |
| Vercel, Inc. | Web hosting and serverless function execution | All HTTP request data (IP address, headers, request path, response status) passes through Vercel's infrastructure. Vercel retains server access logs per its standard retention policy. |
| OpenStreetMap (OpenStreetMap Foundation) |
Map tile rendering in the Inspector session view | Tile requests are made to OpenStreetMap tile servers; these requests may include the Inspector's IP address. No personal data from session records is transmitted to OpenStreetMap. |
| Sentry (Functional Software, Inc.) |
Error monitoring and crash reporting for the Platform | When a software error occurs, Sentry receives a diagnostic report containing the error message, stack trace, browser type and version, operating system, URL where the error occurred, and your IP address. Sentry does not receive session photos, GPS coordinates, or payment information. Data is processed in the United States under Sentry's Privacy Policy. Sentry acts as a data processor on Akemera's behalf under a Data Processing Agreement. |
We do not integrate any advertising networks, social media trackers, or analytics SDKs (such as Google Analytics) on the Platform.
Inspector account information (email, display name, credit balance, transaction history, and UI preferences) is retained for the lifetime of the account. If you request account deletion (see Section 15), we will delete or anonymize your account data within 30 days, subject to any legal hold obligations.
Inspection session records, including photographs, GPS coordinates, and annotations, are retained indefinitely unless the Inspector deletes the session through the Platform interface or submits a deletion request as described in Section 15. Inspectors may delete individual sessions, which will also delete all associated photos and GPS records.
Akemera reserves the right to delete sessions that have been inactive for more than 24 consecutive months, with reasonable prior notice to the Inspector where practicable.
Because Customers do not create Akemera accounts, Customer-provided data (name, GPS records, photos) is associated with the Inspector's session record and subject to the Inspector's retention and deletion decisions. Customers who wish to have their data removed from a session should contact the Inspector who conducted the session. Customers may also contact us directly at the address in Section 15; we will process such requests to the extent we can identify and isolate the relevant data.
Transaction records (credit purchase history, credit consumption records) are retained for a minimum of seven (7) years to comply with applicable tax and financial recordkeeping requirements, even if the associated Inspector account is deleted.
Server access logs generated by Vercel's infrastructure are retained per Vercel's standard log retention policy (typically up to 30 days). Akemera does not separately archive server logs.
We implement commercially reasonable administrative, technical, and physical safeguards to protect personal information from unauthorized access, disclosure, alteration, and destruction. Specific measures include:
No method of data transmission or storage is 100% secure. While we strive to protect your personal information using the measures described above, we cannot guarantee absolute security. In the event of a data breach that affects your personal information, we will notify affected users and, where required, applicable regulatory authorities in accordance with applicable law.
The Platform uses your browser's localStorage to persist your Firebase authentication session across page reloads and browser tabs. This is a functional requirement for maintaining your login state without requiring you to re-authenticate on every visit. This data does not contain your password and is encrypted by Firebase before storage.
The Platform enables Firestore's offline persistence feature, which stores a local cache of your session data in your browser's IndexedDB. This cache allows the Platform to display session data even when your internet connection is temporarily interrupted. This data is stored locally on your device and is not transmitted to any third party beyond what is already synchronized with Firestore during normal operation.
The admin management interface uses sessionStorage to hold the administrator's session authentication token. This data is automatically cleared when the browser tab is closed and is not accessible to other origins.
The Platform does not set any first-party cookies. Firebase Authentication may set cookies under the firebaseapp.com domain as part of Google's OAuth flow. These are strictly functional cookies required for authentication and do not track your behavior for advertising purposes. We do not use advertising cookies, social media cookies, or cross-site tracking technologies.
The Platform does not use tracking technologies that respond to Do Not Track ("DNT") browser signals, because we do not engage in behavioral tracking in the first place.
In the preceding twelve (12) months, we have collected the following categories of personal information as defined by the CCPA:
| CCPA Category | Examples Collected by Akemera | Purpose |
|---|---|---|
| A — Identifiers | Email address, IP address, Firebase UID, display name | Account management, authentication, platform operation |
| B — Personal Records | Name (Inspector and Customer), credit transaction history | Session records, financial recordkeeping |
| C — Protected Classifications | None collected | — |
| D — Commercial Information | Credit purchases, credit balances, credit consumption records | Billing, account management |
| E — Biometric Information | None collected or stored | — |
| F — Internet / Network Activity | Browser type, IP address, server access logs | Security, diagnostics |
| G — Geolocation Data | GPS latitude, longitude, accuracy radius (Customer device) | Session records, report generation |
| H — Sensory Data | Photographs captured during session; live video/audio (transient WebRTC stream — not stored) | Inspection documentation |
| I — Professional Information | None specifically collected (Inspector's profession not required or stored) | — |
| J — Education Information | None collected | — |
| K — Inferences | None drawn | — |
| L — Sensitive Personal Information | Government ID numbers: none. Precise geolocation (GPS): yes — required for session functionality. Financial account data: none stored directly (processed by Stripe). | Session records |
You have the right to request that we disclose: (a) the categories and specific pieces of personal information we have collected about you; (b) the categories of sources from which that information was collected; (c) the purposes for which we use that information; and (d) the categories of third parties with whom we share that information.
You have the right to request deletion of personal information we have collected from you, subject to certain exceptions. We may deny a deletion request if retention of the information is necessary for us or our service providers to: complete a transaction, detect or prevent security incidents, comply with legal obligations, or exercise free speech or other legal rights.
You have the right to request that we correct inaccurate personal information we maintain about you. Inspectors may update their display name and email address directly within the Platform's Settings screen. For other corrections, please contact us as described in Section 15.
Akemera does not sell personal information and does not share personal information for cross-context behavioral advertising. Therefore, there is no opt-out required. We will continue to not sell or share personal information in the future.
We only use sensitive personal information (specifically, precise geolocation data from Customer devices) for the purpose of providing the inspection session service, which is the direct purpose for which it was collected. We do not use sensitive personal information to infer characteristics or for secondary purposes beyond those disclosed in this Policy.
We will not discriminate against you for exercising any of your CCPA rights. We will not deny you goods or services, charge you different prices, provide a different level of service quality, or suggest that you will receive different treatment as a result of exercising your privacy rights.
You may designate an authorized agent to submit a CCPA request on your behalf. We will require written authorization from you confirming the agent's authority, and we may require verification of your identity directly before processing the request.
To exercise any of the rights described above, please submit a verifiable consumer request using the contact information in Section 15. We will respond to a verifiable request within 45 days of receipt. If we require more time (up to an additional 45 days), we will provide written notice of the extension. We do not charge a fee for processing verifiable consumer requests unless they are excessive or repetitive.
We process personal data under the following lawful bases as defined in Article 6 GDPR:
For special categories of personal data (Article 9 GDPR), we do not knowingly collect such data. Precise geolocation data is processed under Article 6(1)(b) as it is integral to the inspection session service.
Subject to applicable conditions and exceptions under GDPR, you have the following rights:
Submit your request to geoappraise@akemera.com. We will respond within one (1) month of receipt. Where requests are complex or numerous, we may extend this period by a further two months and will notify you accordingly. We do not charge a fee for reasonable requests.
We may need to verify your identity before processing a request. For Inspector accounts, we may ask you to confirm your request from the email address associated with your account.
If you believe we have processed your personal data in a manner inconsistent with GDPR, you have the right to lodge a complaint with your local data protection supervisory authority. In the EEA, this is the authority in the EU Member State of your habitual residence, place of work, or the place of the alleged infringement. In the United Kingdom, this is the Information Commissioner's Office (ICO). We encourage you to contact us first at geoappraise@akemera.com so we have the opportunity to address your concern directly.
Akemera, Inc. is based in the United States. When personal data of EEA, UK, or Swiss residents is transferred to and processed in the United States, we rely on appropriate safeguards to ensure an adequate level of protection. These safeguards include:
You may request a copy of the relevant transfer safeguards by contacting us at geoappraise@akemera.com.
Akemera, Inc. is not required to appoint a Data Protection Officer (DPO) under Article 37 GDPR based on the nature and scale of our processing activities. Privacy-related inquiries and GDPR requests should be directed to geoappraise@akemera.com.
The Platform is not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13. If you are under 13 years of age, you may not use the Platform. If we learn that we have inadvertently collected personal information from a child under 13 without verifiable parental consent, we will delete that information promptly.
If you believe we have collected information from a child under 13, please contact us immediately using the information in Section 15.
The Platform is operated from the United States. Akemera, Inc. is a California corporation. If you access or use the Platform from outside the United States, your personal information will be transferred to, stored, and processed in the United States.
EEA, UK, and Swiss residents: your rights and the applicable international transfer safeguards are described in Section 11. For all other international users, data protection laws in the United States may differ from those in your country. By using the Platform, you acknowledge this transfer. If you have questions, please contact us at geoappraise@akemera.com.
We may update this Privacy Policy from time to time to reflect changes in our practices, the Platform's features, or applicable law. When we make material changes, we will update the "Last Revised" date at the top of this page and, where practicable, provide in-Platform notice (such as a broadcast notification to Inspector accounts).
Your continued use of the Platform following the posting of a revised Privacy Policy constitutes your acceptance of the changes. If you do not agree to the revised Policy, you must stop using the Platform.
We encourage you to review this Privacy Policy periodically. The version posted on this page is always the current version.
For any of the following, please contact us using the information below:
We will respond to all privacy-related inquiries within 30 days of receipt. For verifiable California consumer requests, the specific timeframe is governed by Section 10.9. For GDPR data subject requests, the timeframe is governed by Section 11.3 (one month, extendable by two months for complex requests).
This Privacy Policy is effective as of June 1, 2026 and governs all use of the Geo Appraise platform on and after that date.
Akemera, Inc. · Geo Appraise · California, United States