Privacy Policy

Last updated: March 2026

1. Introduction

This Privacy Policy describes how Calibarna LLC (“Company,” “we,” “us,” or “our”), operating as Plotwatch, collects, uses, shares, and protects your information when you use our website at https://plotwatch.ai and related services (the “Service”).

The Service is designed for users in the United States. By accessing or using the Service, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use the Service.

2. Information We Collect

2.1 Information You Provide

  • Account data: email address, first and last name (required); phone number and profile image (optional). Account data is synced from our authentication provider, Clerk.
  • Property tracking: property addresses you choose to track, including associated city, state, ZIP code, and geographic coordinates.
  • Coverage areas: geographic areas you define for monitoring, represented as H3 hexagonal grid cells.
  • Monitoring rules: natural language descriptions of conditions you want to monitor (e.g., “notify me of price drops over 5%”) and the structured rules generated from them.
  • Chat messages: messages you send to the AI analysis feature and the AI responses you receive.
  • Notification preferences: your alert delivery settings (in-app, email, SMS) and SMS opt-in status.
  • Payment data: processed entirely by Stripe. We store only a Stripe customer identifier and subscription identifier. We never receive, store, or have access to your credit card numbers or bank account details.
  • Waitlist: email address only, collected during pre-launch signup.

2.2 Information Generated by the Service

  • Leverage scores (0–100 algorithmic estimates of buyer negotiating position)
  • Market statistics and comparable property analysis computed from public listing data
  • AI-generated property and market analysis responses
  • Structured monitoring conditions parsed from your natural language input
  • Alerts triggered by your monitoring rules

2.3 Information Collected Automatically

  • IP addresses: used for rate limiting and abuse prevention. Stored in Redis with automatic expiration; not permanently retained.
  • Authentication cookies: session cookies set by Clerk for login state management. These are essential for the Service to function and cannot be disabled.
  • Server logs: standard web server request logs including timestamps, request paths, and response codes.

2.4 Information from Public Sources

We aggregate publicly available data to power the Service, including: real estate listings from MLS services (Redfin, Realtor.com), rental listings (Craigslist), property records (ATTOM), government data (city permits, code violations, zoning cases, 311 reports, crime data), weather alerts (National Weather Service), and seismic data (USGS). This is public data about properties and geographic areas, not private data about individuals.

3. How We Use Your Information

We use the information we collect to:

  • Provide the Service, including property tracking, monitoring, alerts, leverage scoring, and AI-powered analysis
  • Process payments and manage your subscription
  • Send service notifications via in-app alerts, email, and SMS (when opted in)
  • Power AI features by transmitting your messages and associated property and market context to Anthropic’s Claude API for analysis (see Section 5 for details)
  • Parse your natural language monitoring rules into structured conditions via AI processing
  • Improve the Service by analyzing usage patterns and diagnosing errors
  • Communicate with you regarding service announcements, support responses, and billing notifications
  • Enforce our Terms of Service and protect against misuse
  • Comply with legal obligations

4. How We Share Your Information

4.1 Third-Party Service Providers

We share information with the following service providers who process data on our behalf to operate the Service:

  • Clerk (Authentication): receives your email, name, phone number, and profile image to manage authentication and account security.
  • Stripe (Payments): processes your payment information for subscription billing. Stripe is PCI-DSS Level 1 certified. We never receive your card details.
  • Anthropic (AI Features): receives your chat messages, property data, market statistics, and conversation history to generate AI-powered analysis. See Section 5 for complete details.
  • Twilio (SMS Delivery): receives your phone number and alert message content solely for delivering SMS notifications.
  • Mapbox (Mapping and Geocoding): receives property addresses for geocoding and geographic coordinates for map rendering.
  • Supabase (Database Hosting): hosts our PostgreSQL database containing all application data. Provides encryption at rest.
  • Upstash (Rate Limiting): processes user identifiers and IP addresses for rate limiting and abuse prevention. Data is ephemeral and automatically expires.
  • Resend (Email Delivery): receives email addresses and notification content for email delivery.
  • Inngest (Background Processing): schedules and executes background data processing tasks including data source polling and alert delivery.
  • Railway (Application Hosting): hosts our application infrastructure.
  • Cloudflare (Infrastructure): provides DNS, CDN, and DDoS protection for our domain.

We may also use Sentry for error tracking and PostHog for product analytics in the future. If activated, these services may receive error context and usage interaction data respectively.

4.2 We Do Not Sell Your Information

We do not sell, rent, or trade your personal information to third parties for their marketing or promotional purposes. We have not sold personal information in the preceding twelve (12) months.

We may disclose your information if required to do so by law, court order, subpoena, or other legal process, or if we believe in good faith that such disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request. We may also share information in connection with a merger, acquisition, or sale of assets, in which case we will notify affected users.

5. AI Data Processing

This section describes how your data is processed when you use Plotwatch’s AI-powered features.

When you use the AI chat feature or create monitoring rules through natural language, the following data is transmitted to Anthropic (our AI provider) for processing:

  • Your chat messages and questions
  • Property data associated with your conversation (addresses, prices, listing status, property characteristics, price history)
  • Market statistics for your coverage areas (active listing counts, median prices, days on market, price reduction rates)
  • Comparable property listings in your area
  • Your recent conversation history (up to the last 10 messages) for context continuity
  • Your existing monitoring rules (names and conditions) when creating or modifying rules

This data is processed by Anthropic’s Claude API to generate real-time analysis and responses. Anthropic processes this data under their Privacy Policy and API Terms of Service. AI responses are stored in our database as part of your conversation history.

By using AI features, you acknowledge and consent to the transmission of your data to Anthropic as described above.

6. SMS Text Messaging

Plotwatch offers SMS text message alerts as part of its paid subscription plans. By opting in to SMS notifications, you consent to receive automated, recurring text messages from Plotwatch at the mobile phone number you provide. These messages contain real estate alerts related to properties and geographic areas you are actively monitoring, such as new listings, price changes, and status updates.

Consent and Opt-In

SMS messaging is off by default. To receive text messages, you must explicitly opt in through your account settings page by entering your mobile phone number and enabling the SMS notifications toggle. Your consent to receive SMS messages is not a condition of purchase or use of the Plotwatch service.

Opt-Out and STOP

You can opt out of SMS messages at any time by replying STOP to any message you receive from us, or by disabling SMS notifications in your account settings. After opting out, you will receive a one-time confirmation message and no further SMS messages will be sent. Reply HELP for assistance.

Message Frequency and Rates

Message frequency varies based on the number of properties and areas you monitor and real estate activity in those areas. You may receive up to 10 messages per hour during periods of high activity. Message and data rates may apply. Check with your mobile carrier for details about your messaging plan.

Mobile Information Sharing

We do not sell, rent, share, or otherwise disclose your mobile phone number or SMS opt-in data to any third parties or affiliates for marketing or promotional purposes. Your phone number is used solely to deliver Plotwatch service alerts that you have requested. SMS messages are delivered via Twilio, our communications provider, which processes your phone number solely for message delivery on our behalf.

7. Cookies and Tracking Technologies

The Service uses the following technologies:

  • Authentication cookies (essential): set by Clerk to manage your login session. These are strictly necessary for the Service to function and cannot be disabled while using the Service.
  • Security cookies: set by Cloudflare for bot detection and DDoS protection.
  • Browser local storage: used to store UI preferences and application state on your device.

We do not use advertising cookies, cross-site tracking pixels, or third-party advertising networks. If we activate product analytics (PostHog) in the future, we will update this Privacy Policy accordingly.

8. Data Retention

  • Active account data: retained for as long as your account is active and the Service is provided to you.
  • Account deletion: when you delete your account, we mark your data as deleted and cease active processing. Deleted data may be retained in our systems for legal compliance, fraud prevention, dispute resolution, and backup purposes. We are working to implement automated permanent data purge processes.
  • Conversation history: AI chat messages and responses are retained as part of your account data. Upon account deletion, conversation history may be retained in archived form.
  • Waitlist emails: retained until the Service launches or until you request removal.
  • Rate limiting data: IP addresses and user identifiers used for rate limiting are stored in Redis with automatic expiration and are not permanently retained.
  • Payment records: Stripe retains customer and subscription data per their own retention policies for billing, chargeback, and financial compliance purposes.
  • Public event data: aggregated public data (listings, permits, alerts) is retained indefinitely for historical analysis. This data is sourced from public records and does not contain user personal information.

9. Data Security

We implement reasonable administrative, technical, and physical safeguards to protect your information, including:

  • Encryption in transit (TLS/HTTPS) for all connections to and from the Service
  • Encryption at rest for our database (provided by our database hosting provider, Supabase)
  • Fail-closed authentication middleware that requires valid credentials for all protected routes
  • Cryptographic signature verification for all webhook communications (Stripe and Clerk)
  • Multi-tier rate limiting to prevent abuse and brute-force attacks
  • Content Security Policy (CSP) headers to mitigate cross-site scripting
  • No storage of credit card numbers or bank account details on our servers

No method of electronic transmission or storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee its absolute security.

10. Your Rights and Choices

10.1 All Users

  • Access: you can view your account data, tracked properties, coverage areas, and conversation history through the Service.
  • Correction: you can update your profile information through your account settings.
  • Deletion: you can request account deletion through your account settings or by contacting us. See Section 8 for data retention details following deletion.
  • SMS opt-out: reply STOP to any message or disable SMS in your account settings.
  • Email preferences: manage notification settings in your account.

10.2 California Residents (CCPA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):

  • Right to Know: you have the right to request that we disclose what personal information we collect, use, and share about you.
  • Right to Delete: you have the right to request deletion of your personal information, subject to certain exceptions (e.g., legal compliance, completing a transaction, fraud prevention).
  • Right to Opt-Out of Sale: we do not sell your personal information. No opt-out mechanism is necessary, but we affirm this commitment.
  • Right to Non-Discrimination: we will not discriminate against you for exercising your CCPA rights.

Categories of personal information we collect: identifiers (name, email, phone number), commercial information (subscription and billing data), internet or electronic network activity (usage data, IP addresses for rate limiting), and geolocation data (property addresses and coverage area coordinates).

To exercise your CCPA rights: contact us at [email protected]. We will verify your identity before processing any request. You may also designate an authorized agent to submit a request on your behalf with your written permission.

11. Children’s Privacy

The Service is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children under the age of 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete that information promptly. If you believe a child under 13 has provided us with personal information, please contact us at [email protected].

12. Third-Party Links and Services

The Service may contain links to third-party websites or services, such as property listings on Redfin or government data portals. We are not responsible for the privacy practices, content, or security of any third-party sites. We encourage you to review the privacy policies of any third-party sites you visit.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, the Service, or applicable laws. Material changes will be communicated to you via email or in-app notification at least fourteen (14) days before they take effect. Your continued use of the Service after the effective date constitutes your acceptance of the updated Privacy Policy. Previous versions are available upon request.

14. Contact Us

For questions about this Privacy Policy, CCPA requests, data deletion requests, or SMS-related inquiries, contact us at:

Calibarna LLC
Email: [email protected]