PredicateLandlord-tenant notices
Sign in
DRAFT — Boilerplate generated by an LLM. Requires attorney review before launch. Do not rely on as final.

Last updated · May 3, 2026

Privacy Policy

This Privacy Policy explains how [COMPANY LEGAL NAME] ("we," "us," "our") collects, uses, and shares information when you use the Paper Trail website and software (the "Service").

1. Information we collect

1.1 Account information

When you create an account, we collect your email address and a password. Passwords are stored hashed and salted by our authentication provider (Supabase) — we cannot view or recover your raw password.

1.2 Subscription and billing information

When you subscribe to a paid plan, we use Stripe to process your payment. Stripe collects and stores your payment method directly; we do not see, store, or have access to your full credit card number. We retain a Stripe customer reference, the last four digits of your card (as displayed by Stripe), your subscription status, and your billing history.

1.3 Draft content (includes information about third parties)

When you generate a notice, you provide information about the property and tenant, including:

  • Property address
  • Tenant name (and any other names you choose to include)
  • Monthly rent amount
  • Amount in dispute
  • A free-text description of the situation, which may contain additional facts about the tenant or third parties

This is information about people other than you. By submitting it, you represent that you have a lawful basis under your jurisdiction's landlord-tenant law to process it for the purpose of preparing a notice. We treat this information with the same security controls as your own account information.

1.4 Generated drafts

We retain the rendered notice text along with the metadata above so that you can revisit, re-download, and audit your prior drafts. Drafts are private to your account; no other Predicate user can access them.

1.5 Usage and diagnostic data

We collect standard server logs (IP address, request paths, timestamps, error traces) for security and operational purposes. We use [ANALYTICS PROVIDER — typically PostHog or Plausible] for product analytics and [ERROR-TRACKING PROVIDER — typically Sentry] for crash reports.

2. How we use information

  • To provide, operate, and maintain the Service;
  • To process payments and manage your subscription;
  • To send transactional emails (account confirmation, password reset, magic link, billing receipts, service notices);
  • To diagnose problems and improve the Service;
  • To protect against fraud, abuse, and unauthorized access;
  • To comply with legal obligations.

We do not use your draft content to train generative AI models, sell to advertisers, or share with third parties for marketing.

3. Service providers

We rely on the following providers, each of which processes your information on our behalf and under contractual privacy obligations:

  • Supabase — database, authentication, file storage. Hosted in [REGION — e.g., us-east-1].
  • Stripe — payment processing and billing.
  • Resend (or equivalent SMTP provider) — transactional email delivery.
  • [HOSTING — e.g., Vercel] — application hosting.
  • [ERROR TRACKING — e.g., Sentry] — crash and error monitoring.
  • [ANALYTICS — e.g., PostHog or Plausible] — product usage analytics.

Each provider has its own privacy policy. We have selected providers that align with our security and privacy posture, but we do not control their underlying practices.

4. Sharing and disclosure

We do not sell your personal information. We share it only:

  • With the service providers above, to deliver the Service to you;
  • To comply with a valid legal process (subpoena, court order, government request) when we are legally compelled to do so;
  • To enforce our Terms of Service or protect the rights, property, or safety of Predicate, our users, or others;
  • In connection with a merger, acquisition, or sale of assets, in which case we will provide notice and applicable choices.

5. Data retention

We retain account information, billing records, and drafts for as long as your account is active. If you delete your account, we delete personal data within [NUMBER — typical: 30] days, with the following exceptions where law requires longer retention:

  • Billing and tax records — retained for the period required by applicable tax law (typically 7 years in the U.S.);
  • Server logs — retained for up to 90 days for security and operational purposes;
  • Information necessary to enforce our Terms or comply with legal obligations.

6. Your rights

You can:

  • Access the personal information we hold about you by contacting [PRIVACY EMAIL — e.g., privacy@papertrail.com];
  • Correct inaccurate information through your account settings or by contacting us;
  • Export your drafts in a machine-readable format on request;
  • Delete your account and associated personal data subject to the retention exceptions above.

Residents of California, Colorado, Virginia, Connecticut, Utah, and other states with comprehensive privacy statutes may have additional rights (for example, to opt out of "sale" or "sharing" of personal information, or to appeal a denied request). To exercise any state-specific right, contact us at the email above and identify the right you wish to exercise. We will respond within the timeframes required by your state's law.

7. Children

The Service is not directed to children under 18 and we do not knowingly collect information from them. If we learn we have collected information from a child under 18, we will delete it.

8. Security

We use industry-standard administrative, technical, and physical safeguards to protect your information, including encryption in transit (HTTPS), encryption at rest at the database layer, and Row-Level Security on our database to prevent users from accessing each other's data. No system is perfectly secure; we cannot guarantee absolute security.

9. International users

The Service is operated from the United States. If you access it from outside the U.S., you consent to the transfer of your information to the U.S. and to its processing under U.S. law. [If serving EU/UK users at launch, add GDPR transfer language and data-protection officer designation here].

10. Changes to this Policy

We may update this Privacy Policy from time to time. Material changes will be announced by email or by a prominent notice within the Service. The "Last updated" date at the top of this page reflects the most recent revision.

11. Contact

Questions or requests about this Privacy Policy? Email [PRIVACY EMAIL] or write to [COMPANY LEGAL NAME], [MAILING ADDRESS].