Vecindr
Legal

Privacy Policy

Last updated: May 2026

Vecindr is committed to protecting your privacy. We collect only what is necessary to operate the service, never sell your data to third parties, and give you full control over your information at any time. If you have questions, email privacy@vecindr.com.

1. Information We Collect

We collect different types of information depending on how you use Vecindr:

  • Account information — When you create an account, we collect your name and email address.
  • Payment information — All payments are processed securely by Stripe. Vecindr never receives or stores your full card number, CVV, or billing address. Stripe provides us with only a tokenized reference and the last four digits of your card.
  • Usage data — We collect anonymized information about which pages you visit and which municipalities you search, in order to improve the platform. This data is not linked to your identity.
  • Session data — Authentication cookies and session tokens managed by Supabase keep you signed in. These are stored in your browser and transmitted only over HTTPS.

2. How We Use Your Information

We use the information we collect to:

  • Deliver the reports and subscription features you purchase
  • Send transactional emails (purchase confirmation, trial expiry notices, renewal reminders)
  • Improve data accuracy and platform performance using aggregated, anonymized analytics
  • Respond to support requests
  • Comply with legal obligations

We do not sell, rent, or share your personal information with advertisers or data brokers. We do not use your data to build advertising profiles.

3. Data Processors

We use the following third-party services to operate Vecindr:

  • Supabase — Database, authentication, and file storage. Your account data and purchased report metadata are stored in Supabase-managed PostgreSQL on AWS infrastructure.
  • Stripe — Payment processing. Stripe is PCI-DSS Level 1 compliant. Review Stripe's privacy policy at stripe.com/privacy.
  • Resend — Transactional email delivery. Email addresses are transmitted to Resend solely to send emails you expect (purchase receipts, account notices).
  • Vercel — Application hosting. Request logs (IP addresses, user-agents) may be retained by Vercel for up to 30 days for security and debugging.
  • Cloudflare Turnstile — Bot detection on sign-in and sign-up forms. No personal data is stored by Turnstile beyond the challenge verification token.

4. Cookies

Vecindr uses the following categories of cookies:

  • Essential cookies — Session tokens set by Supabase to maintain your authenticated session. These are required for the service to function and cannot be disabled.
  • Preference cookies — Language preference (English / Spanish). Stored for 1 year.
  • Analytics — We use Vercel Web Analytics for aggregated, anonymized page view data. No cookies are set by this service; it uses request metadata only.

You can clear cookies at any time through your browser settings. Clearing session cookies will sign you out.

5. Data Retention

We retain your account data for as long as your account remains active. Purchased report records are retained for at least 2 years for billing and dispute purposes. Usage analytics are retained in aggregate form indefinitely; no personally identifiable usage logs are retained beyond 90 days.

6. Your Rights (CCPA / General)

Regardless of your location, you have the right to:

  • Request a copy of the personal data we hold about you
  • Correct inaccurate information
  • Request deletion of your account and associated personal data
  • Opt out of any non-essential communications

California residents have additional rights under the CCPA, including the right to know the categories of personal information collected and the right to non-discrimination for exercising privacy rights.

To delete your account or request a copy of your data, email support@vecindr.com with the subject line “Data Request”. We will respond within 48 hours and complete your request within 30 days.

7. Security

We implement industry-standard safeguards: HTTPS-only connections, HSTS headers, encrypted secrets management, server-side session handling, and rate limiting on all authentication endpoints. Passwords are never stored in plaintext; authentication is managed by Supabase using bcrypt hashing.

No method of electronic transmission is 100% secure. If you believe your account has been compromised, contact us immediately at support@vecindr.com.

8. Data Pertaining to Geographic Areas

All crime, flood, demographic, and employment data displayed on Vecindr describes geographic areas (municipalities), not individuals. No personal identifying information is included in any Vecindr report. Data is sourced from publicly available government datasets — see our Data Sources page for the full list.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last updated” date at the top of this page and, if the changes are significant, notify you by email. Continued use of Vecindr after changes become effective constitutes acceptance of the updated policy.

10. Contact

Privacy questions or requests: privacy@vecindr.com
General support: support@vecindr.com