Skip to content
CureProof

Legal

Privacy Policy

Last updated: July 13, 2026

This Privacy Policy explains what information CureProof collects, how we use and share it, and the choices you have. We aim to collect only what we need to help you respond to an HOA notice, and to be plain about the third parties that process your data.

1. The short version

  • We collect your account info (via Google sign-in), the documents you upload, the case details we extract, and basic usage analytics.
  • To read and analyze your letter, we send its contents to third-party text-recognition and AI providers. See “Text recognition & AI processing.”
  • Payments are handled by Stripe; we never receive your full card number.
  • We don’t sell your personal information or use it for third-party advertising.
  • You can delete all your data at any time from your account.

2. Information we collect

Information you provide

  • Account details from Google sign-in — typically your name, email address, and profile identifier. We do not receive or store your Google password.
  • The documents and text you upload — HOA violation notices and, optionally, your governing documents (CC&Rs, bylaws, rules).
  • Case information you enter — your state, answers about your situation, and your own description of what happened.
  • Communications you send us (for example, support emails).

Information collected automatically

  • Extracted case data — the details our system reads from your uploads (association name, cited rule, dates, fine amount, etc.).
  • Product analytics — events such as pages viewed and actions taken, tied to a random identifier stored in your browser (not your name or email). We do not store letter text, email addresses, or IP addresses in analytics.
  • Security and abuse-prevention data — your IP address is processed transiently to enforce rate limits and protect the service; it is not used to build a profile of you.

Payment information

When you pay, our processor (Stripe) collects your payment details directly. We receive confirmation of your purchase and your plan status, but not your full card number.

3. How we use information

  • To provide the service — read your notice, assess it against publicly available rules and your governing documents, and generate your documents.
  • To maintain your account and saved cases, and to process purchases.
  • To secure the service, prevent abuse, and enforce our Terms.
  • To understand and improve how the product is used, using aggregate analytics.
  • To communicate with you about your account, purchases, or support requests.
  • To comply with legal obligations.

4. Text recognition & AI processing

To read and analyze your notice, the contents of your uploaded documents (and text you paste) are sent to third-party providers that perform optical character recognition and AI-based extraction and analysis. This is necessary to deliver the core service. These providers process the content to return results to us and, under our agreements and their policies, are not permitted to use your content to train their models for their own purposes. If you are not comfortable with this processing, please do not upload documents.

5. How we share information

We share information only as described here:

  • With service providers (subprocessors) that operate the product on our behalf — see the list below.
  • For legal reasons — to comply with law, respond to lawful requests, or protect the rights, safety, and property of you, us, or others.
  • In a business transfer — if we are involved in a merger, acquisition, or sale of assets, subject to this policy.
  • With your direction — for example, when you choose to download or send a document.

We do not sell your personal information, and we do not share it for cross-context behavioral advertising.

6. Service providers

We rely on the following categories of providers to run CureProof. Confirm this list matches your production configuration before relying on it:

  • Hosting, database, file storage, and authentication (our application platform and Google sign-in).
  • Payment processing (Stripe).
  • Text recognition (OCR) of uploaded documents.
  • AI processing for extraction, analysis, and semantic search.
  • Rate limiting and abuse prevention.

7. Data retention

We keep your account and case data for as long as your account is active or as needed to provide the service and meet legal, accounting, or reporting requirements. You can delete your data at any time from your account, which removes your cases and uploaded documents from our active systems. Some records (for example, transaction records held by our payment processor) may be retained where required by law. Backups and logs may persist for a limited period before being overwritten.

8. Your rights & choices

Depending on where you live, you may have rights to access, correct, delete, or receive a copy of your personal information, and to object to or restrict certain processing. You can exercise many of these directly:

  • Access & download — view your saved cases in your account.
  • Deletion — delete all of your data from the account page at any time.
  • Other requests — contact us and we will respond consistent with applicable law.

California residents (CCPA/CPRA) and residents of the EU/UK (GDPR) have additional rights, including the right not to receive discriminatory treatment for exercising them. We do not sell or “share” personal information as those terms are defined by California law. Where we rely on consent or a legitimate interest to process data, you may withdraw consent or object as provided by law.

9. Security

We use reasonable technical and organizational measures to protect your information, including encryption in transit, private file storage, access controls, and rate limiting. No method of transmission or storage is completely secure, so we cannot guarantee absolute security. If you believe your account has been compromised, contact us right away.

10. Cookies & local storage

We use a small number of first-party cookies and browser storage items that are necessary to run the service — for example, to keep you signed in and to remember a random analytics identifier. We do not use third-party advertising cookies. You can clear these through your browser settings, though some features may not work without them.

11. Children

CureProof is intended for adults (18+) and is not directed to children. We do not knowingly collect personal information from children. If you believe a child has provided us information, contact us and we will delete it.

12. International users

CureProof is operated from, and its providers may process data in, the United States and other countries. By using the service, you understand your information may be transferred to and processed in countries whose data-protection laws may differ from those in your country.

13. Changes to this policy

We may update this Privacy Policy from time to time. We’ll revise the “Last updated” date above and, for material changes, take reasonable steps to notify you. Your continued use of the service after changes take effect means you accept the updated policy.

14. Contact us

Questions or requests about your privacy? Contact us at privacy@cureproof.com. See also our Terms of Service.

Questions about this page? See our Terms and Privacy Policy, or contact us using the details above.