[ legal · privacy policy ]

privacy policy.

last updated: April 17, 2026. how we collect, use, share, and protect your information when you use the Verleon AI platform.

1. Information We Collect

We collect the following categories of information: • Account Information — name, email address, and a securely hashed password when you register. • Payment Information — processed and stored exclusively by Stripe, our PCI-compliant payment processor. We never store credit card numbers, CVVs, or full card details on our servers. • Usage Data — searches performed, properties saved or favorited, dashboard interactions, login timestamps, and feature usage patterns. • Device & Log Data — IP address, browser type, operating system, referring URL, and access timestamps collected automatically through server logs. • Communications — messages you send through our contact form or customer support channels. • Third-Party Enrichment — when you use skip-trace or property enrichment features, data is retrieved from licensed third-party providers on your behalf.

2. How We Use Your Information

We use collected information to: • Provide, operate, and maintain the Platform and its features. • Process transactions, manage subscriptions, and enforce plan limits. • Personalize your experience, including saved searches, favorites, and deal alerts. • Communicate important account updates, security notices, and billing changes. • Analyze aggregate, anonymized usage patterns to improve performance and features. • Detect, prevent, and respond to fraud, abuse, or security incidents. • Comply with legal obligations and enforce our Terms of Service. We do not use your data to build advertising profiles or serve targeted ads.

3. Data Sharing & Third Parties

We do not sell, rent, or trade your personal information. We share data only with: • Stripe — payment processing (PCI DSS Level 1 compliant). • Infrastructure Providers — cloud hosting and database services necessary to operate the Platform. • Property Data Providers — when you request skip-trace, comps, or enrichment data, minimal address data is sent to licensed vendors to fulfill your request. • Email Services — transactional emails (account verification, password reset, billing receipts) are sent through a SOC 2-compliant transactional email provider. • Law Enforcement — only when required by valid legal process (subpoena, court order, or applicable law). All third-party providers are bound by data processing agreements and are prohibited from using your data for their own purposes.

4. Data Security

We implement industry-standard security measures, including: • Encryption in transit (TLS/HTTPS on all connections). • Password hashing with a modern, adaptive, computationally-hardened algorithm at industry-recommended work factors. • Stateless authentication using signed, short-lived tokens with refresh-token rotation. • Row-level access controls on all database tables to enforce strict per-user data isolation. • Security headers (HSTS, CSP, X-Frame-Options, nosniff). • Rate limiting on authentication endpoints and sensitive API routes. No system is 100% secure. We strongly recommend using a unique, strong password and enabling any available multi-factor authentication.

5. Cookies & Local Storage

We use only essential cookies and local storage: • Authentication Cookie — a secure, SameSite=Strict cookie containing your session token. Required to access your dashboard. • Refresh Token Cookie — an httpOnly cookie used to issue new session tokens without re-entering your password. • Theme Preference — stored in localStorage for dark/light mode persistence. You can manage non-essential preferences from /cookie-preferences. We do not use third-party advertising or tracking cookies.

6. Data Retention

• Account Data — retained for as long as your account is active and for 30 days after deletion to allow recovery. • Search & Activity Logs — retained for 12 months, then automatically purged. • Payment Records — retained as required by tax and financial regulations (typically 7 years). • Server Logs — retained for 90 days for security and debugging purposes. You may request earlier deletion by contacting us at the email below.

7. Your Rights

Depending on your jurisdiction, you may have the right to: • Access — request a copy of the personal data we hold about you. • Correction — request correction of inaccurate or incomplete data. • Deletion — request deletion of your account and associated data. • Portability — receive your data in a structured, machine-readable format (CSV export). • Restriction — request that we limit processing of your data. • Objection — object to processing based on legitimate interests. • Opt-Out — unsubscribe from non-essential email communications at any time. To exercise any of these rights, email info@verleon.ai. We will respond within 30 days.

8. Children

The Platform is intended for users 18 years of age and older. We do not knowingly collect personal information from anyone under 18. If we learn that we have collected data from a minor, we will delete it promptly.

9. International Data Transfers

Our servers are located in the United States. If you access the Platform from outside the U.S., your data will be transferred to and processed in the U.S. By using the Platform, you consent to this transfer.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or through an in-app notification at least 14 days before they take effect.

11. Contact

For privacy-related questions, data requests, or concerns, contact us at: Verleon AI Email: info@verleon.ai

Not investment advice. Verleon AI provides analytical tooling for real-estate professionals. Underwriting outputs (DSCR, cap rate, Section 8 FMR estimates, scores) are modeled from public and licensed data and are not a substitute for independent due diligence, legal counsel, lender pre-approval, or licensed appraisal. Past performance is not indicative of future results.