Legal

Privacy Policy

Effective: April 26, 2026 · Last updated: April 26, 2026

This policy explains what data Hailroad collects, why, and how it's protected. We try to use plain language. If anything's unclear, email hello@hailroad.com.

1. Data we collect

Account data

• Email address (used as your account identifier)
• Full name and company / shop name (entered at signup)
• Hashed password (never stored in plaintext; managed by Supabase Auth)
• Workspace name, slug, and brand assets (logo, color, contact info) you choose to enter

Customer Data you upload

• Knock list addresses, geocoded coordinates, and your status notes
• Lead pipeline records: contact name, email, phone, notes, stage
• Roof measurements, polygons, pitch labels

Billing data

Your card details are entered into Stripe Checkout, never seen by Hailroad servers. We store only the Stripe customer ID, subscription ID, plan, and renewal date. See Stripe's privacy policy for how they handle payment data.

Usage / analytics

• Page-view counts via Vercel Analytics (privacy-friendly: no cookies, no fingerprinting, no cross-site tracking).
• Page views, session attribution, and basic device/geo data via Google Analytics 4. GA4 uses cookies. We do not enable GA's advertising features, demographics, or cross-site signals.
• Server logs: IP, request path, status code, response time. Retained 14 days for debugging and abuse prevention.

We do not use third-party advertising pixels (Meta, LinkedIn, TikTok), retargeting trackers, or session recording tools.

2. Why we collect it

• Operate the Service: account management, billing, building knock lists, generating reports.
• Communicate: transactional email (signup confirmation, billing receipts, system notices). We don't send marketing emails by default; if we ever do, you'll have opt-out controls.
• Security: detect abuse (scraping, brute-force login attempts).
• Legal compliance: respond to lawful requests, comply with tax law for billing.

3. How it's stored & protected

• Customer Data lives in Supabase Postgres in US-based regions. Row-Level Security (RLS) enforces that workspaces can only read each other's data with explicit authorization.
• Connections use TLS 1.3.
• Daily encrypted Postgres backups, 7-day point-in-time recovery on Pro tier.
• Service-role keys (which bypass RLS) are stored only in Vercel env vars, never client-side.
• Stripe is PCI-DSS Level 1 certified; we rely on their card-data handling.

4. Sub-processors

We use these third parties to deliver the Service. Each is contractually bound to handle data only on our behalf:

• Vercel — application hosting, edge functions, analytics
• Supabase — Postgres database, auth, storage
• Stripe — payment processing, customer billing portal
• Google Workspace — operations email (hello@hailroad.com)
• Resend (or Postmark) — transactional email delivery

We do not share Customer Data with weather, advertising, or marketing-data brokers. Storm data Hailroad ingests from NOAA SPC is one-directional (we read; they don't get any of your data).

5. Your rights

You can request to access, export, correct, or delete your data at any time by emailing hello@hailroad.com or using the in-app export tools. We respond within 30 days.

California residents have rights under CCPA. EU/UK residents have rights under GDPR. Both are honored: you can request a copy of your data, ask for corrections, or request deletion.

6. Data retention

• While your subscription is active: indefinitely.
• After cancellation: 30 days grace period (you can re-subscribe to recover everything), then permanent deletion. Encrypted backups retain for an additional 60 days before final purge.

7. Cookies

We set a first-party authentication cookie (sb-*) via Supabase Auth, and Google Analytics 4 sets its own cookies (_ga, _ga_*) for session attribution. We do not use any marketing, advertising, or retargeting cookies.

8. Changes to this policy

Material changes will be announced 30 days in advance via the email on your account.

9. Contact

Privacy questions: hello@hailroad.com. Mail: Digital Architects, 711 Hennepin Ave, Suite 507, Minneapolis MN 55403.