Privacy Policy
Contents
01Overview
This Privacy Policy describes how Plotted collects, uses, and shares information when you use our API and dashboard at plotted.to. We try to keep this concise. If anything is unclear, email privacy@plotted.to.
This policy covers information about you (our customer). Information about U.S. property owners that we surface via the API is treated differently — see Section 5 for opt-out rights.
02What we collect
| Category | Examples | Source |
|---|---|---|
| Account | Email, name, hashed password (or Google OAuth ID) | You, on signup |
| Billing | Stripe customer ID, last 4 digits of card, billing address | Stripe |
| Usage | API calls (endpoint, status, timestamp, source IP), credit balance | Server logs |
| Support | Emails you send us, screenshots you share | You |
| Cookies | Auth session, analytics ID | Your browser |
We do not sell your account data, and we do not run third-party ad trackers on this site.
03How we use it
- Operate the Service (authenticate you, route API calls, enforce rate limits)
- Bill you and prevent fraud
- Debug issues and improve performance (aggregated, no individual targeting)
- Communicate with you about your account, security events, and material product changes
- Comply with legal obligations
04Who we share with
We share information only with sub-processors required to operate the Service:
| Vendor | Purpose | Data shared |
|---|---|---|
| Google Cloud / Firebase | Hosting, auth, database, functions | Account, usage, billing |
| Stripe | Payment processing | Billing, email |
| Google Workspace | Support email | Support messages |
We share customer information with law enforcement only when compelled by valid legal process. We will notify you unless legally prohibited.
05Your rights
If you are our customer
You can access, export, correct, or delete your account data from the dashboard or by emailing privacy@plotted.to. We respond within 30 days.
If you are a U.S. property owner whose record appears in the dataset
Plotted is not a consumer reporting agency. The data we surface comes from public records (county assessor and recorder offices, USPS, OpenAddresses) and from licensed commercial data partners.
If you are a U.S. resident and want your record suppressed or corrected, email privacy@plotted.to with the parcel address and proof of identity. We will process the request within 30 days. Suppression covers contact fields (email, phone) and owner name; address and parcel boundary data may remain because it is a public record we don't control at source.
California residents: you have additional rights under the CCPA (right to know, delete, correct, opt-out of sale). Email the same address with "CCPA Request" in the subject line.
06Retention & security
- Account data: retained while your account is active, then 90 days after closure for billing reconciliation
- API call logs: 90 days, then aggregated to anonymous metrics
- Billing records: 7 years (tax compliance)
- Security: data encrypted in transit (TLS 1.3) and at rest (AES-256); access controlled by least-privilege IAM; bcrypt for password hashes
07Cookies & analytics
We use first-party cookies to keep you signed in. We use Google Analytics for aggregate site usage (no per-user identification, IP truncation enabled). No third-party ad cookies. No fingerprinting.
08Children
The Service is not directed to children under 13. We do not knowingly collect information from children. If you believe we have, email us and we will delete it.
09Contact
Privacy: privacy@plotted.to · General: hello@plotted.to
See also: Terms of Service · Data Processing Agreement