PRIVACY POLICY

1. IntroductionLeveridge, LLC ("Leveridge," "we," "us," or "our") provides real estate planning software for financial advisors (the "Service"). This Privacy Policy explains how we collect, use, store, and protect information when you use our website at leveridge.ai (the "Site") and our software platform.By accessing or using the Service, you agree to this Privacy Policy. If you do not agree, please do not use our Service.Key Principle: Advisors own their client data. We provide the infrastructure, not the advice.AI Data Principle: Leveridge does not use identifiable client data to train AI models. Any AI training uses anonymized, aggregated data only, occurs within Leveridge-controlled AWS infrastructure, and operates under a zero data retention policy.Geographic Scope: Leveridge currently offers the Service only to financial advisors based in the United States. The Service is designed around U.S. tax laws and regulatory frameworks and is not intended for use outside the United States at this time.2. Information We Collect2.1 Information You Provide DirectlyAccount Information:
- Name, email address, phone number
- Firm name and professional credentials (CFP®, RIA, etc.)
- Job title and role
- Payment information (processed by our payment provider when paid service launches)Client Data You Upload (when using the Service):
- Identifying information: Client name, household members, and related identifiers
- Demographic information: Marital status, household structure
- Income information: Earned income, passive income, rental income, and income assumptions
- Property details: Address, purchase price, acquisition date, loan terms, rental income
- Financial data: Cost basis, depreciation schedules, cash flow projections, equity estimates
- Tax-related information: Filing status, depreciation, tax assumptions, and related inputs
- Strategy preferences and planning assumptions
- Documents: Schedule E, property tax bills, loan statements, and related financial recordsCommunications:
- Support inquiries, feedback, and feature requests
- Survey responses and user research participation
- Scheduling information (via Cal.com)2.2 Information We Collect AutomaticallyUsage Data:
- Features accessed and frequency of use
- Analysis types run (Keep/Sell/Refinance/1031)
- Session duration and interaction patterns
- Error logs and performance metrics (via Sentry)Technical Information:
- IP address, browser type, and device information
- Operating system and screen resolution
- Referral source and pages visited
- Cookies and similar tracking technologies (see Section 8)2.3 Information from Third PartiesIf you connect integrations (future feature):
- Data from financial planning software (eMoney, RightCapital, MoneyGuidePro)
- Data imported via API connections3. How We Use Your InformationWe use information to:Provide the Service:
- Process property analyses and generate strategy recommendations
- Store and retrieve your saved properties and scenarios
- Enable you to export reports and share findings
- Provide customer support and respond to inquiries
- Schedule meetings and demos (via Cal.com)Improve the Service:
- Analyze usage patterns to enhance features
- Debug technical issues and optimize performance (via Sentry)
- Develop new capabilities based on user needs
- Use anonymized, aggregated data to improve system performance and internal models, where applicable. We do not train general-purpose AI models on identifiable client data.Communicate With You:
- Send product updates, feature announcements, and marketing communications (via Brevo)
- Send newsletters and educational content (via Beehiiv)
- Deliver transactional and application-related emails such as password resets and system notifications (via SendGrid)
- Send personalized, one-to-one communications and support responses (via Google Workspace / Gmail)
- Respond to your requests and provide technical support
- Conduct user research and gather feedback
- Send billing notifications and account updates (when paid service launches)Legal and Security:
- Comply with legal obligations and enforce our Terms of Service
- Prevent fraud, abuse, and security threats
- Protect the rights, property, and safety of Leveridge and our usersMarketing (With Your Consent):
- Send newsletters and promotional content (opt-out available via Beehiiv)
- Personalize your experience based on your preferences4. Data Ownership and Advisor Responsibilities4.1 You Own Your DataAdvisors own all client data uploaded to Leveridge. We do not claim any ownership rights to your clients' information. You retain full control and can:
- Access your data at any time
- Export your data in standard formats (JSON, CSV, PDF)
- Delete your data (see Section 11)4.2 Advisor ResponsibilitiesAs a financial professional using Leveridge:
- You are responsible for obtaining proper consent from your clients before uploading their data
- You must comply with all applicable regulations (SEC, FINRA, CFP Board, state laws)
- You remain solely responsible for all client recommendations and advice
- You must maintain your own records and compliance documentationLeveridge provides planning tools, not financial advice. All outputs must be independently verified and are subject to your professional judgment.5. How We Share Your Information5.1 We Do Not Sell Your DataLeveridge does not sell, rent, or trade your personal information to third parties for advertising or marketing purposes.5.2 Service Providers (Subprocessors)We share limited information with trusted third-party service providers who help us operate the Service:

All subprocessors are contractually required to:
- Use data only for specified purposes
- Maintain appropriate security measures
- Comply with applicable privacy laws
- Delete or return data upon terminationNote: Internal tools (Slack, Linear, GitHub, 1Password, Shape CRM, Cursor, JetBrains, Lovable) are used solely by our team for development, design, and operations. These tools do not process or have access to your client data.5.3 AI Model Hosting and Data AccessLeveridge uses large language models hosted through AWS Bedrock, which operates entirely within Leveridge’s secure AWS environment.Identifiable client data is never sent to AI models. Model inference occurs solely within Leveridge-controlled AWS infrastructure.If Leveridge trains or fine-tunes AI models, only anonymized and aggregated data is used. Such data cannot be used to identify any individual client or household.AI models used by Leveridge operate under a zero data retention policy. Data processed for inference or internal model training is not stored, logged, or retained by the underlying model services beyond the duration necessary to perform the requested computation.No client data is sent to, stored by, or accessible to third-party model providers. Leveridge does not permit third parties to train models on identifiable client data.5.4 Legal RequirementsWe may disclose information when required by:
- Law, regulation, or legal process (subpoena, court order)
- Government or regulatory investigations
- Protection of our rights, property, or safety
- Prevention of fraud, abuse, or security threats5.5 Business TransfersIf Leveridge is involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify you via email and/or prominent notice on our Site before your information is transferred and becomes subject to a different privacy policy.6. Data SecurityWe implement industry-standard security measures to protect your information:Technical Safeguards:
- Encryption at rest: AES-256 encryption for all stored data (AWS, MongoDB)
- Encryption in transit: TLS 1.3 for all data transmission
- Access controls: Role-based permissions and multi-factor authentication (via 1Password)
- Network security: Firewalls, intrusion detection, and regular vulnerability scans
- Error monitoring and performance alerting (via Sentry)Organizational Safeguards:
- Background checks for employees with data access
- Security training and awareness programs
- Incident response and breach notification procedures
- Regular security audits and penetration testing
- Secure password management (via 1Password)SOC 2 Compliance: We are working toward SOC 2 Type I certification (target: Q4 2026).No System is 100% Secure: While no system can guarantee absolute security, we implement safeguards consistent with industry best practices for financial data.7. Data Retention7.1 Active Accounts
We retain your information for as long as your account is active and for 7 years after account closure to comply with financial recordkeeping requirements. Retention is limited to encrypted archives for regulatory compliance and is not actively processed or accessed.7.2 Deleted Accounts
When you delete your account:
- 30-day grace period: Data remains accessible for recovery
- After 30 days: Permanent deletion from production systems (AWS, MongoDB)
- Backup retention: Data in backups is deleted within 90 days
- Legal holds: Data subject to legal obligations is retained indefinitely7.3 Anonymized Data
We may retain anonymized, aggregated data indefinitely for:
- Product improvement and analytics
- Research and development
- Industry benchmarking
Anonymized data cannot be linked back to you or your clients.8. Cookies and Tracking Technologies8.1 What We UseEssential Cookies (Required):
- Session management and authentication
- Security and fraud prevention
- Load balancing and performanceAnalytics Cookies (Optional):
- Usage patterns and feature adoption
- Error tracking and debugging (Sentry)
- Performance monitoringMarketing Cookies (Optional, With Consent):
- - Email campaign and newsletter tracking (Brevo, Beehiiv)
- Referral tracking and attribution8.2 Your ChoicesBrowser Controls:
- Configure your browser to reject all cookies
- Delete cookies after each session
- Enable "Do Not Track" signals (we honor them)Our Cookie Banner:
- Accept all, reject optional, or customize preferences
- Withdraw consent at any time in account settingsNote: Disabling essential cookies may impair Service functionality.9. Your Privacy Rights9.1 All UsersYou have the right to:
- Access: Request a copy of your personal information
- Correct: Update inaccurate or incomplete information
- Delete: Request deletion of your account and data (subject to legal retention)
- Export: Download your data in portable format (JSON, CSV, PDF)
- Object: Opt out of marketing communications (via Brevo unsubscribe link)
- Restrict: Limit how we process your information9.2 California Residents (CCPA/CPRA)If you are a California resident, you additionally have the right to:
- Know what personal information we collect, use, disclose, or sell
- Request deletion of your personal information
- Opt out of "sales" (we don't sell, but you can request anyway)
- Non-discrimination for exercising your rightsShine the Light: You may request information about data shared with third parties for their marketing purposes (we don't do this).9.3 How to Exercise Your RightsEmail us at: [email protected]Include:
- Your name and email address associated with your account
- Specific request (access, delete, correct, export)
- Verification information (we may ask security questions)Response time: Within 30 days (may extend to 60 days for complex requests)10. Geographic LimitationsLeveridge is based in the United States, and the Service is intended solely for use by U.S.-based financial advisors.We do not currently offer the Service to users located outside the United States, and we do not knowingly collect personal data subject to non-U.S. data protection regimes (such as GDPR).If you access the Service from outside the United States, you do so at your own risk, and such use may violate this Privacy Policy and our Terms of Service.11. Changes to This Privacy PolicyWe may update this Privacy Policy from time to time. Changes will be reflected by the "Last Updated" date at the top.How we notify you:
- Material changes: Email notification 30 days in advance
- Minor updates: Posted on this page and in-app notification
- Continued use: Constitutes acceptance of updated policy12. Contact UsGeneral Inquiries:
Leveridge, LLC
680 E Colorado Blvd, Suite 180
Pasadena, CA 91101
Email: [email protected]Last Updated: January 7, 2026