Privacy Policy

Last updated: April 22, 2026 · Sandingzone, Inc.

This Privacy Policy describes how Sandingzone, Inc. (“Sandingzone,” “we,” “us,” or “our”), a Delaware corporation, collects, uses, stores, and shares information when you use the HomeScope website, web application, and related services (collectively, “Services”). HomeScope is a home-inspection reporting product that converts site photos into structured defect reports using artificial intelligence. By accessing or using our Services, you agree to this Privacy Policy.

1. Information We Collect

1.1 Information You Provide

• Account data (name, email address) supplied during sign-up or sign-in through our authentication provider
• Inspection photographs you upload, together with titles, room labels, notes, severity tags, and recommendations you record
• Communications you send us (support requests, feedback, inquiries)

1.2 Information Collected Automatically

• Usage data: request logs, inspection and finding timestamps, response codes, and rate-limit counters
• Device information: IP address, browser type, operating system, referrer URLs
• Essential cookies and similar technologies required for authentication, session management, and security

1.3 Information from Third Parties

• Identity and session information from our authentication provider when you sign in (including social sign-in identifiers where you authorize them)
• Analysis results returned by our AI provider based on the photographs you submit

2. How We Use Your Information

• Service delivery. To provide, operate, and maintain HomeScope, including inspection creation, AI-assisted defect detection, report generation, and share links
• Security and abuse prevention. To detect and prevent unauthorized access, misuse of our AI analysis, and bandwidth abuse (including through per-user rate limiting)
• Account management. To create and manage your account and provide customer support
• Communication. To send service notifications, security alerts, and (with your consent) product updates
• Product improvement. To analyze aggregate usage patterns and improve our Services. We do not use your inspection photographs to train AI models
• Legal obligations. To comply with applicable laws and respond to lawful requests from authorities

3. Legal Bases for Processing (GDPR)

For individuals in the European Economic Area (EEA) and the United Kingdom, we process your personal data under the following legal bases:

• Contractual necessity. Processing necessary to deliver our Services under our Terms of Service
• Legitimate interests. Security monitoring, abuse prevention, and product improvement
• Consent. Marketing communications and optional analytics where required
• Legal obligation. Compliance with applicable laws

4. Sharing Your Information

We do not sell your personal information. We share information with the following categories of providers strictly to operate the Services, under written data-processing terms:

• Authentication provider (Clerk). Account credentials, email, and session tokens for sign-up, sign-in, and session management
• Cloud hosting and storage (Vercel, Inc.). Application hosting and serverless execution
• Object storage (Vercel Blob). Storage for inspection photographs and generated PDF reports
• Managed database (Neon). Inspection metadata, findings, user accounts, and rate-limit counters stored in a managed PostgreSQL database
• AI analysis provider (Anthropic, PBC). Inspection photographs and prompts are transmitted to Anthropic's Claude API for defect detection. Per Anthropic's API terms, submitted data is not used to train their models and is processed on a zero-retention basis
• Payments (Stripe, Inc.). Subscription billing, payment method tokenization, and invoice history. Stripe processes payment card data as an independent controller under its own privacy policy
• Legal authorities. When required by law, court order, or to protect the rights, property, or safety of Sandingzone, our users, or the public
• Business transfers. In connection with a merger, acquisition, or sale of assets, subject to confidentiality obligations
• With your consent. Any other sharing with your explicit authorization (for example, when you generate a public share link, the report becomes accessible to anyone who receives that link)

5. Data Retention

We retain your personal data and inspection content for as long as your account remains active or as needed to provide the Services. You may delete individual inspections at any time from your dashboard. During the current product phase, uploaded inspection photographs are automatically deleted from object storage 90 days after they are uploaded. The generated report metadata (findings, summaries, severity, timestamps) is retained for the life of the account so that you can continue to reference and export past inspections. This 90-day photo retention window applies to the MVP service and may be extended or made configurable in future releases; any change will be reflected on this page before it takes effect.

Upon account deletion requested through admin@sandingzone.com, we will remove your account data and stored inspection content from our production systems within 30 days, subject to backup-cycle purges and any retention required to comply with law, resolve disputes, or enforce our agreements.

6. Your Rights

Depending on your location, you may have the following rights:

• Access. Request a copy of the personal data we hold about you
• Correction. Request correction of inaccurate or incomplete data
• Deletion. Request deletion of your personal data (subject to legal retention obligations)
• Portability. Receive your data in a structured, machine-readable format
• Objection. Object to processing based on legitimate interests
• Opt-out of sale or sharing (CCPA/CPRA). California residents have the right to opt out of the sale or sharing of personal information. We do not sell personal data

To exercise any of these rights, contact us at admin@sandingzone.com. We will respond within 30 days (GDPR) or 45 days (CCPA) of receipt.

7. International Data Transfers

Sandingzone is headquartered in the United States and our primary service infrastructure (Vercel, Neon, Anthropic) operates from the United States. If you access the Services from outside the US, your information will be transferred to and processed in the United States. For transfers originating in the EEA or UK, we rely on appropriate safeguards, including Standard Contractual Clauses (SCCs) approved by the European Commission.

8. Security

We implement industry-standard security measures to protect your data, including TLS encryption in transit, encryption of stored photographs and database records at rest through our infrastructure providers, strict access controls for production systems, server-side file validation (MIME whitelist and magic-byte verification) on uploads, per-user rate limiting, and a strict Content Security Policy on our web application. No method of transmission over the internet is 100 percent secure. Please use a strong, unique password and notify us immediately at admin@sandingzone.com if you suspect any unauthorized access.

9. Cookies

We use essential cookies for authentication and session management. Disabling these cookies will prevent you from using the Services. We may use analytics cookies in the future with your consent to understand how the Services are used. You may control cookie preferences through your browser settings.

10. Children's Privacy

The Services are intended for professional home inspectors and adult homeowners. They are not directed to individuals under the age of 18, and we do not knowingly collect personal information from children. If we learn we have inadvertently collected information from a child, we will promptly delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on our website and updating the “Last updated” date above. Continued use of the Services after such changes constitutes your acceptance of the revised policy.

12. Contact

For privacy questions, data-subject requests, or security reports, contact us at admin@sandingzone.com.