Privacy Policy

1. Introduction

LienGrid ("Company," "we," "our," or "us") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy ("Policy") describes how we collect, use, disclose, retain, and safeguard your information when you access or use the LienGrid platform, including our website, web application, APIs, and all related services (collectively, the "Service"). This Policy applies to all users of the Service, including visitors, registered subscribers, and authorized team members.

By accessing or using the Service, you acknowledge that you have read, understood, and agree to the collection and use of your information in accordance with this Privacy Policy. If you do not agree with this Policy, you must not access or use the Service. This Privacy Policy is incorporated into and subject to our Terms of Service.

2. Information We Collect

We collect information that you provide directly, information collected automatically through your use of the Service, and information obtained from third-party sources. The categories of information we collect include the following:

2.1 Account and Registration Information. When you create an account, we collect your full name, email address, phone number, company name, business address, contractor license number (where applicable), job title or role, and any other information you provide during registration or account setup. If you sign up using a third-party authentication provider (such as Google or Microsoft), we receive your name, email address, and profile picture from that provider.

2.2 Billing and Payment Information. When you subscribe to a paid plan or purchase per-notice services, we collect billing information including your payment method details (credit card number, expiration date, billing address). Payment processing is handled by our third-party payment processor, Stripe, Inc. We do not store your full credit card number on our servers. We retain transaction records, invoice history, and subscription status information.

2.3 Project and Construction Data. In the course of using the Service, you may provide or we may extract the following project-related information: property addresses and legal descriptions; project names and descriptions; contract amounts, dates, and terms; names and contact information of property owners, general contractors, subcontractors, material suppliers, and other project participants; preliminary notice records, intent to lien letters, lien waiver records, and other construction-related legal documents; job status, deadline information, and compliance records.

2.4 Email Integration Data. When you connect your email account through OAuth or our email forwarding feature, we access and process emails related to construction projects for the purpose of automatically extracting job and project information. We use keyword-based filtering and AI classification to identify construction-related emails. We process the sender, recipient, subject line, body content, and attachments of emails identified as construction-related. We do not intentionally access, read, or store personal emails unrelated to your construction business. Email content processed for AI extraction is retained on processing servers for up to thirty (30) days, after which it is permanently deleted. Extracted structured data (project names, addresses, amounts, dates, parties) is retained in your account.

2.5 AI Processing Data. We use artificial intelligence and machine learning technologies provided by third-party AI service providers to extract, classify, and analyze data from your emails, uploaded documents, and other inputs. AI processing generates structured output including extracted field values, confidence scores, deadline calculations, and waiver risk assessments. Your data is not used to train third-party AI models. AI processing occurs on secure, encrypted servers.

2.6 Usage and Device Information. We automatically collect information about how you access and use the Service, including: IP address and approximate geographic location; browser type and version, operating system, and device identifiers; pages visited, features used, actions taken, and time spent on the Service; referring URLs and exit pages; error logs and performance data.

2.7 Cookies and Tracking Technologies. We use cookies, local storage, and similar technologies to maintain your session, remember your preferences, analyze usage patterns, and improve the Service. You can control cookie settings through your browser, but disabling certain cookies may limit the functionality of the Service. We use the following categories of cookies: strictly necessary cookies (required for authentication and security), functional cookies (to remember preferences and settings), and analytics cookies (to understand usage patterns and improve the Service).

2.8 Communications. When you contact us for support, provide feedback, or communicate with us through any channel, we collect the content of those communications along with any metadata (timestamps, email addresses, support ticket identifiers).

3. How We Use Your Information

We use the information we collect for the following purposes:

• Service Delivery. To provide, operate, and maintain the Service, including calculating state-specific deadlines, generating jurisdiction-compliant preliminary notices, processing certified mail delivery, managing lien waivers, and sending deadline reminders and forfeiture risk alerts across all fifty (50) US states;
• AI Extraction and Analysis. To process your emails and documents using AI to automatically extract project data, calculate deadlines, assess waiver risks, and generate confidence scores;
• Payment Processing. To process subscription payments, per-notice fees, and other charges, and to manage billing, invoicing, and payment history;
• Account Management. To create and manage your account, authenticate your identity, provide customer support, and communicate with you about your account and the Service;
• Service Improvement. To analyze usage patterns, diagnose technical issues, improve AI extraction accuracy using anonymized and aggregated data, develop new features, and optimize the user experience;
• Security and Fraud Prevention. To detect, investigate, and prevent unauthorized access, fraudulent activity, abuse, and security threats to the Service and our users;
• Legal Compliance. To comply with applicable laws, regulations, legal processes, and governmental requests, and to enforce our Terms of Service and other agreements;
• Communications. To send you transactional communications (account verification, deadline alerts, notice confirmations, billing notices), service announcements, and, with your consent, marketing communications about new features and industry information.

4. Legal Bases for Processing

We process your personal information on the following legal bases:

• Contract Performance. Processing necessary to perform our contractual obligations to you under the Terms of Service and Subscription Agreement, including providing the Service, processing payments, and delivering notices;
• Legitimate Interests. Processing necessary for our legitimate business interests, including service improvement, security, fraud prevention, and analytics, where such interests are not overridden by your data protection rights;
• Consent. Where you have provided explicit consent for specific processing activities, such as marketing communications or optional data sharing;
• Legal Obligation. Processing necessary to comply with applicable laws, regulations, or legal processes.

5. Data Sharing and Disclosure

We do not sell your personal information to third parties. We may share your information with the following categories of recipients, solely for the purposes described in this Policy:

• Service Providers and Processors. We share information with third-party service providers who perform services on our behalf, including: Stripe, Inc. (payment processing); certified mail printing and delivery providers; email integration and connectivity providers; AI and machine learning service providers (for data extraction and document processing); authentication and cloud infrastructure providers; transactional email delivery providers; application hosting providers; and background job processing providers. These providers are contractually obligated to use your information only to provide the services we have engaged them to perform and to maintain appropriate security measures;
• United States Postal Service. When you send notices through the Service, the recipient name, address, and notice content are transmitted to USPS through our mail service provider for certified mail delivery;
• Legal and Regulatory Disclosures. We may disclose your information when required by law, subpoena, court order, or other legal process; when we believe disclosure is necessary to protect our rights, property, or safety, or that of our users or the public; to comply with applicable regulations or governmental requests; or to cooperate with law enforcement investigations;
• Business Transfers. In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your information may be transferred as part of the transaction. We will provide notice before your information is transferred and becomes subject to a different privacy policy;
• With Your Consent. We may share your information with third parties when you have provided explicit consent for such sharing;
• Aggregated and De-identified Data. We may share aggregated, anonymized, or de-identified data that cannot reasonably be used to identify you for purposes including industry research, benchmarking, and analytics.

6. Data Security

We implement and maintain administrative, technical, and physical security measures designed to protect your information from unauthorized access, disclosure, alteration, and destruction. These measures include, but are not limited to:

• Encryption of data in transit and at rest using industry-standard encryption protocols;
• Secure authentication with support for multi-factor authentication;
• Database-level security policies for multi-tenant data isolation ensuring that users can only access data belonging to their own organization;
• Regular security assessments, vulnerability scanning, and penetration testing;
• Access controls limiting employee access to personal information on a need-to-know basis;
• Secure software development practices including code review and dependency auditing;
• Incident response procedures for detecting, investigating, and responding to security incidents.

While we strive to protect your information using commercially reasonable measures, no method of transmission over the Internet or method of electronic storage is completely secure. We cannot guarantee the absolute security of your information. In the event of a data breach affecting your personal information, we will notify you and applicable regulatory authorities in accordance with applicable law.

7. Data Retention

We retain your information for the following periods:

• Account Information. Retained for the duration of your active account and for thirty (30) days following account cancellation or termination to allow for reactivation;
• Project and Notice Data. Retained for seven (7) years while your account is active, consistent with construction industry record-keeping requirements and applicable statutes of limitation for construction lien claims;
• Email Content (AI Processing). Raw email content processed for AI extraction is deleted from processing servers within thirty (30) days. Extracted structured data is retained as part of your project data;
• Payment and Transaction Records. Retained for seven (7) years in accordance with applicable tax and financial record-keeping requirements;
• Usage and Analytics Data. Retained in aggregated, de-identified form for up to three (3) years for service improvement purposes;
• Support Communications. Retained for two (2) years following resolution of the support inquiry;
• Post-Cancellation. Upon account cancellation, we retain your data for thirty (30) days to allow reactivation. After this period, your data is scheduled for permanent deletion. Certain data may be retained longer as required by law or for legitimate business purposes (such as resolving disputes or enforcing our agreements).

8. Your Rights and Choices

Subject to applicable law, you have the following rights with respect to your personal information:

• Right of Access. You may request a copy of the personal information we hold about you, including the categories of information collected, the purposes for which it is used, and the categories of third parties with whom it is shared;
• Right of Correction. You may request that we correct or update inaccurate or incomplete personal information. You can update most account information directly through your account settings;
• Right of Deletion. You may request that we delete your personal information. Please note that we may retain certain information as required by law or for legitimate business purposes. Deletion of your account data is permanent and cannot be reversed after the thirty (30) day retention period;
• Right to Data Portability. You may request that we provide your personal information in a structured, commonly used, and machine-readable format. You can export your project data, notice records, and other account data through the Service or by contacting support;
• Right to Disconnect Integrations. You may disconnect your email account integration at any time through your account settings. Disconnecting will stop the processing of new emails but will not delete previously extracted project data;
• Right to Opt Out of Marketing. You may opt out of marketing communications at any time by clicking the "unsubscribe" link in any marketing email or by contacting us. You may not opt out of transactional or service-related communications (such as deadline alerts, notice confirmations, and billing notices) while maintaining an active account;
• Right to Restrict Processing. In certain circumstances, you may request that we restrict the processing of your personal information;
• Right to Object. You may object to the processing of your personal information based on our legitimate interests.

To exercise any of these rights, contact us at privacy@liengrid.com. We will respond to your request within thirty (30) days, or such shorter period as required by applicable law. We may request additional information to verify your identity before processing your request. We will not discriminate against you for exercising your privacy rights.

9. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act ("CCPA/CPRA"):

• Right to Know. You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources from which we collected it, the business or commercial purposes for collecting it, and the categories of third parties with whom we shared it;
• Right to Delete. You have the right to request the deletion of your personal information, subject to certain exceptions;
• Right to Correct. You have the right to request that we correct inaccurate personal information;
• Right to Opt Out of Sale or Sharing. We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising;
• Right to Limit Use of Sensitive Personal Information. To the extent we process sensitive personal information, we use it only for purposes permitted under the CCPA/CPRA;
• Non-Discrimination. We will not discriminate against you for exercising your CCPA/CPRA rights.

In the preceding twelve (12) months, we have collected the following categories of personal information as defined by the CCPA: identifiers (name, email, phone number, IP address); commercial information (transaction records, subscription history); internet or electronic network activity (usage data, log data); professional or employment-related information (company name, contractor license); and geolocation data (approximate location from IP address). We collect this information for the business purposes described in Section 3 of this Policy.

To exercise your California privacy rights, contact us at privacy@liengrid.com or submit a request through your account settings. You may also designate an authorized agent to submit requests on your behalf.

10. Other State Privacy Rights

Residents of Virginia, Colorado, Connecticut, Utah, and other states with comprehensive privacy legislation may have similar rights to those described above, including rights of access, correction, deletion, data portability, and the right to opt out of certain processing activities. To exercise your rights under any applicable state privacy law, contact us at privacy@liengrid.com. We will process your request in accordance with the requirements of your state's applicable law.

11. International Data Transfers

The Service is operated in the United States. If you access the Service from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States, where our servers are located and our central database is operated. The data protection and privacy laws of the United States may differ from the laws of your jurisdiction. By using the Service, you consent to the transfer of your information to the United States and the processing of your information in accordance with this Privacy Policy.

12. Children's Privacy

The Service is not directed to individuals under the age of eighteen (18). We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information promptly. If you believe we have inadvertently collected information from a child under 18, please contact us at privacy@liengrid.com.

13. Third-Party Links and Services

The Service may contain links to third-party websites, applications, or services that are not owned or controlled by LienGrid. This Privacy Policy does not apply to third-party services. We are not responsible for the privacy practices or content of any third-party services. We encourage you to review the privacy policies of any third-party services you access through or in connection with the Service. Your interactions with third-party services are governed by those services' own terms and privacy policies.

14. Do Not Track Signals

Some web browsers transmit "Do Not Track" (DNT) signals to websites. Because there is no universally accepted standard for how to respond to DNT signals, the Service does not currently respond to DNT signals. We will continue to monitor developments in DNT technology and may adopt a DNT policy in the future.

15. Data Processing Agreements

We maintain data processing agreements with our third-party service providers that require them to process personal information only on our instructions, maintain appropriate security measures, assist us in responding to data subject requests, and notify us of data breaches. Our key service providers and their roles are described in Section 5 of this Policy.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, the Service, or applicable law. We will notify you of material changes by sending an email notification to the address associated with your account, posting a prominent notice within the Service, and updating the "Last updated" date at the top of this Policy. Material changes will take effect thirty (30) days after notification. Your continued use of the Service after the effective date of any changes constitutes your acceptance of the revised Privacy Policy. If you do not agree to the revised Policy, you must discontinue your use of the Service before the effective date.

17. Contact Information

For questions, concerns, or requests regarding this Privacy Policy or our data practices, contact us at:

• Privacy Inquiries: privacy@liengrid.com
• General Support: support@liengrid.com
• Security Concerns: security@liengrid.com

We will respond to privacy-related requests within thirty (30) days of receipt, or such shorter period as required by applicable law.