Privacy Policy

Last updated: February 2026

1. Information We Collect

CAMAudit.io collects information you provide directly, including:

  • Account information (name, email, company name)
  • Property and financial data you upload for reconciliation
  • Communication preferences and support inquiries

2. How We Use Your Information

We use collected information to:

  • Provide and improve our CAM reconciliation services
  • Process your uploaded financial data for analysis
  • Send service updates and respond to inquiries
  • Ensure security and prevent fraud

3. Data Security

We implement industry-standard security measures including:

  • Encryption in transit (TLS 1.3) and at rest (AES-256)
  • Row-level security for multi-tenant data isolation
  • Append-only audit logging for all financial record changes

4. Data Retention

  • Financial records (ledger entries, reconciliations, invoices): retained for 10 years per IRS § 6001 and Rev. Proc. 98-25.
  • Operational records (tenant data, invitations, feedback): retained for 2-3 years for business and legal compliance.
  • Transient records (job logs, notifications, webhook events): automatically purged on a weekly schedule (48 hours to 365 days depending on type).
  • Upon account deletion, personal data is anonymized within 30 days; financial records are retained for the full statutory period.

5. Third-Party Services

We share data only with service providers that process it on our behalf. We do not sell your data.

  • Supabase — database, authentication, and file storage (US-hosted PostgreSQL)
  • AWS — S3 document storage and Textract OCR (US region)
  • Anthropic — AI document processing. We send lease document text to Claude 3.5 Sonnet for structured data extraction. Anthropic does not use API inputs to train models. See our AI Transparency Statement.
  • Stripe — payment processing (PCI-DSS compliant)
  • Resend — transactional email delivery

6. California Resident Rights (CCPA)

If you are a California resident, the California Consumer Privacy Act gives you the following rights:

  • Right to Know — request the categories and specific pieces of personal information we have collected about you
  • Right to Delete — request deletion of your personal information (financial records subject to IRS § 6001 retention requirements cannot be deleted during the statutory window); submit requests to privacy@camaudit.io
  • Right to Correct — request correction of inaccurate personal information
  • Right to Opt-Out — we do not sell, rent, or share personal information with third parties for their own commercial purposes
  • Non-Discrimination — we will not discriminate against you for exercising any of these rights; your pricing and service level remain the same
  • Authorized Agent — you may designate an authorized agent to submit requests on your behalf with written authorization

7. Your Rights

You have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Request data deletion
  • Export your data in a portable format
  • Opt out of marketing communications

8. Contact Us

For privacy inquiries, contact us at privacy@camaudit.io.