Privacy Policy - Back On Market Docs

Privacy Policy

Last updated: January 2025

Back On Market Docs ("we", "us", "our") is committed to protecting your privacy and being transparent about how we collect, use, and safeguard your personal information. This Privacy Policy explains our practices and your rights regarding your data.

This policy applies to all users of our Service, including buyers, sellers, realtors, inspectors, developers, and other professionals who interact with our real estate report marketplace. By using Back On Market Docs, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

Account & Profile Information

When you create an account, we collect:

  • Name: Your full name or display name
  • Email Address: Used for authentication, notifications, and account recovery
  • Password: Stored as a cryptographic hash (we never see your plain-text password)
  • Role: User type (Buyer, Uploader, Realtor, Developer, Admin) to customize your experience
  • Account Status: Developer approval status, subscription status, and account preferences
Report & Transaction Information

When you upload, purchase, or interact with reports:

  • Report Metadata: Property address, city, state (Utah, and expanding to other U.S. states), property type, report type (inspection, appraisal, etc.), inspector/appraiser name and license number, report price
  • Report Files: PDF files of property reports stored securely in Azure Blob Storage
  • Purchase Records: Transaction history, payment amounts, commission calculations, license tokens
  • Download & View Activity: When you view or download reports (for analytics and license validation)
Payment & Financial Information

When you make purchases or receive payouts:

  • Payment Method Details: Processed securely through Stripe—we never store full credit card numbers
  • Transaction Records: Purchase amounts, dates, payment status, refund information
  • Payout Information: Bank account details (if applicable) for commission payouts, processed securely
  • Commission Tracking: Earnings, referral fees, payout requests, and financial summaries
Usage & Analytics Data

To improve our Service, we collect:

  • Usage Analytics: Report view counts, download counts, purchase counts, search queries (anonymized)
  • API Usage: API key usage logs, endpoint calls, response times (for Developer accounts)
  • Device & Browser Information: IP address (for security and license validation), browser type, device type, operating system
  • Access Logs: Login times, account activity, security events
Communications

When you contact us:

  • Support Requests: Emails, messages, and feedback sent through our contact forms
  • Password Reset Requests: Email verification tokens and reset links
  • Email Notifications: Transactional emails (purchase confirmations, report ready notices, password resets)

2. How We Use Your Information

We use the information we collect for the following purposes:

Service Operation
  • To authenticate you and manage your account
  • To process purchases, payments, and commission payouts
  • To host, store, and serve property reports via Azure Blob Storage
  • To validate licenses and enforce download/view restrictions
  • To send transactional emails (purchase confirmations, password resets, report notifications)
Service Improvement
  • To analyze usage patterns and improve our marketplace
  • To develop new features and enhance user experience
  • To optimize report search and discovery
  • To monitor API performance and usage (for Developer accounts)
Communication
  • To respond to your inquiries and support requests
  • To send important account notifications (security alerts, policy updates)
  • To provide customer service and technical support
Security & Legal Compliance
  • To detect and prevent fraud, abuse, and unauthorized access
  • To enforce our Terms & Conditions and comply with legal obligations
  • To protect the rights, property, and safety of BOMDocs, our users, and others
  • To comply with court orders, subpoenas, or legal processes

3. Data Sharing & Third-Party Services

We never sell or rent your personal information to third parties. We only share data with third-party service providers as necessary to operate our Service:

Service Providers
  • Microsoft Azure Blob Storage: Stores report PDFs and JSON metadata. Azure maintains industry-standard security and compliance certifications. Data is stored in the United States.
  • Stripe: Processes payments and manages financial transactions. Stripe is PCI-DSS compliant and handles all credit card processing securely. We do not store full credit card numbers.
  • Mailgun: Sends transactional emails (purchase confirmations, password resets). Mailgun adheres to GDPR and data protection standards.
  • USPS Address Validation API: Standardizes property addresses for accurate report metadata. Address data is processed securely and not retained by USPS beyond the API call.
Legal Requirements

We may disclose your information if required by law, court order, or government regulation, including:

  • Responding to subpoenas, warrants, or legal processes
  • Complying with law enforcement requests
  • Protecting our rights, property, or safety, or that of our users
  • Investigating potential violations of our Terms & Conditions
Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the new entity. We will notify you of any such change in ownership or control of your personal information.

4. Data Security

We implement industry-standard security measures to protect your information:

  • Encryption: All data transmitted between your browser and our servers uses HTTPS/TLS encryption
  • Password Security: Passwords are hashed using cryptographic algorithms (bcrypt/PBKDF2)—we never store plain-text passwords
  • Secure Storage: Report files and metadata are stored in Azure Blob Storage with access controls and encryption at rest
  • Access Controls: Role-based access control (RBAC) limits who can access sensitive data
  • API Security: API keys are hashed and validated on every request
  • Monitoring: We monitor for suspicious activity and unauthorized access attempts
  • Regular Updates: We keep our systems and software up to date with security patches

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security. You are responsible for keeping your account password confidential and for logging out of shared devices.

5. Cookies & Tracking Technologies

We use essential cookies and tracking technologies for the following purposes:

Essential Cookies
  • Authentication Cookies: Store your login session so you don't have to log in repeatedly
  • Security Cookies: Help protect against cross-site request forgery (CSRF) attacks
  • Session Cookies: Maintain your session state while browsing the Service
Analytics Cookies (Optional)

We may use anonymized analytics to understand how users interact with our Service. You can opt out by disabling cookies in your browser settings.

We do NOT use third-party advertising cookies or trackers. We do not sell your data to advertisers or use your browsing history for advertising purposes.

6. Your Privacy Rights

You have the following rights regarding your personal information:

Access & Portability
  • View and download your account data through your Account page
  • Request a copy of your personal information in a portable format
  • See what reports you've purchased, uploaded, or interacted with
Correction & Updates
  • Update your profile information (name, email, display name) through your Account page
  • Change your password at any time
  • Correct any inaccurate information we have about you
Deletion & Account Closure
  • Delete your account and associated data by contacting us
  • Note: Some information may be retained for legal or business purposes (e.g., transaction records for tax compliance)
  • Reports you've purchased may remain accessible to you, but you cannot continue using the Service after account deletion
Opt-Out & Preferences
  • Opt out of non-essential email communications (you'll still receive transactional emails for purchases and account security)
  • Disable analytics tracking by adjusting your browser settings
  • Manage cookie preferences through your browser
GDPR Rights (EU Users)

If you are located in the European Union, you have additional rights under the General Data Protection Regulation (GDPR):

  • Right to be informed about data collection and use
  • Right of access to your personal data
  • Right to rectification of inaccurate data
  • Right to erasure ("right to be forgotten")
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing
  • Rights related to automated decision-making

To exercise any of these rights, contact us at support@bomdocs.com. We will respond to your request within 30 days.

7. Data Retention

We retain your information for as long as necessary to provide our Service and fulfill the purposes outlined in this policy:

  • Account Data: Retained while your account is active. If you delete your account, we may retain certain information for legal or business purposes (e.g., transaction records for tax compliance) for up to 7 years.
  • Report Files: Retained as long as the report is available in our marketplace. If a report is deleted by the uploader, we may retain it for a limited time for backup purposes.
  • Transaction Records: Retained for at least 7 years to comply with tax and financial regulations.
  • API Usage Logs: Retained for up to 1 year for analytics and troubleshooting.
  • Security Logs: Retained for up to 90 days to monitor for unauthorized access and security threats.

8. Children's Privacy

Back On Market Docs is not intended for users under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately, and we will take steps to delete that information.

9. International Data Transfers

Back On Market Docs is based in the United States, and your information is processed and stored in the United States. If you are located outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States, which may have different data protection laws than your country.

By using our Service, you consent to the transfer of your information to the United States. We will take appropriate measures to protect your information in accordance with this Privacy Policy.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by:

  • Posting the updated policy on this page with a new "Last updated" date
  • Sending an email notification to registered users (if changes are significant)
  • Displaying a notice on the Service

Your continued use of the Service after changes are posted constitutes acceptance of the updated policy. If you do not agree to the changes, you must stop using the Service and may close your account.

11. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Back On Market Docs
Email: support@bomdocs.com
Website: www.bomdocs.com

For GDPR-related inquiries, you may also contact your local data protection authority.