Privacy Policy
Privacy Policy
Effective Date: 7/11/2026
At Crest Labs CRE (“we,” “us,” or “our”), we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our property inspection and management platform (the “Service”).
1. Information We Collect
Personal Information
When you register for an account or use our Service, we may collect:
- Name and contact information (email address, phone number, mailing address)
- Account credentials (username and password)
- Company/organization name and business information
- Professional credentials and certifications
- Billing and payment information
- Government-issued identification (when required for verification)
Property and Inspection Data
Through your use of the Service, we collect:
- Property addresses and location data
- Property inspection reports and findings
- Photographs and videos of properties
- Property condition assessments and recommendations
- Client and contractor information
- Financial data related to properties and transactions
Automatically Collected Information
When you access our Service, we automatically collect:
- Device information (IP address, browser type, operating system)
- Usage data (pages visited, features used, time spent)
- Cookies and similar tracking technologies
- Log data (access times, error logs, referral URLs)
- Location information (with your permission)
2. How We Use Your Information
We use the collected information for the following purposes:
Service Provision
- Create and manage your account
- Provide property inspection and management services
- Process transactions and billing
- Generate reports and analytics
- Enable collaboration features between team members
- Provide customer support
Communication
- Send service-related notifications and updates
- Respond to inquiries and support requests
- Send marketing communications (with your consent)
- Provide important security and legal notices
Improvement and Development
- Analyze usage patterns to improve our Service
- Develop new features and functionality
- Conduct research and analytics
- Ensure quality control and training
3. Legal Basis for Processing
We process your personal information based on the following legal grounds:
- Contract Performance: To provide the services you've requested
- Legitimate Interests: To improve our services and ensure security
- Legal Compliance: To comply with applicable laws and regulations
- Consent: When you've given explicit consent for specific processing
- Vital Interests: To protect someone's life or physical safety
4. Information Sharing and Disclosure
We do not sell, trade, or rent your personal information. We may share your information in the following circumstances:
With Your Consent
We share information when you explicitly authorize us to do so, such as when you connect third-party services or share reports with clients.
Service Providers
We work with trusted third-party service providers who assist us in operating our Service, including:
- Cloud hosting and storage providers (AWS)
- Payment processors (Stripe, QuickBooks)
- Email service providers
- Analytics providers
- Customer support tools
Legal Requirements
We may disclose information if required by law or when we believe disclosure is necessary to:
- Comply with legal obligations or court orders
- Protect our rights, property, or safety
- Prevent fraud or security issues
- Protect the rights and safety of our users or the public
Business Transfers
In the event of a merger, acquisition, or sale of our assets, your information may be transferred as part of the business transaction. We will notify you of any such change in ownership or control.
5. Data Security
We implement comprehensive security measures to protect your information:
- Encryption of data in transit and at rest using industry-standard protocols
- Secure data centers with physical access controls
- Regular security audits and penetration testing
- Access controls and authentication mechanisms
- Employee training on data protection and security
- Incident response and breach notification procedures
- Regular backups and disaster recovery plans
While we strive to protect your information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.
6. Data Retention
We retain your personal information for as long as necessary to:
- Provide our services to you
- Comply with legal obligations
- Resolve disputes and enforce agreements
- Maintain business records for analysis and auditing
When your account is closed or upon request, we will delete or anonymize your personal information, except where we are required to retain it by law or for legitimate business purposes.
7. Your Rights and Choices
Depending on your location, you may have the following rights regarding your personal information:
Access and Portability
You have the right to request access to your personal information and receive a copy in a structured, commonly used format.
Correction and Update
You can update your account information at any time through your account settings or by contacting us.
Deletion
You may request deletion of your personal information, subject to certain legal exceptions.
Objection and Restriction
You can object to certain processing activities or request that we restrict the use of your information.
Marketing Communications
You can opt-out of marketing emails by clicking the unsubscribe link or contacting us directly.
Cookie Preferences
You can manage cookie preferences through your browser settings, though this may affect Service functionality.
8. International Data Transfers
Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. When we transfer information internationally, we ensure appropriate safeguards are in place, including:
- Standard contractual clauses approved by regulatory authorities
- Data processing agreements with service providers
- Compliance with applicable data transfer mechanisms
9. Children's Privacy
Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately, and we will take steps to delete such information.
10. California Privacy Rights (CCPA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):
- Right to know what personal information we collect, use, and disclose
- Right to request deletion of your personal information
- Right to opt-out of the sale of personal information (we do not sell your data)
- Right to non-discrimination for exercising your privacy rights
To exercise these rights, please contact us using the information provided below.
11. European Privacy Rights (GDPR)
If you are located in the European Economic Area (EEA) or United Kingdom, you have additional rights under the General Data Protection Regulation (GDPR):
- Right to be informed about data processing
- Right to rectification of inaccurate data
- Right to erasure (“right to be forgotten”)
- Right to restrict processing
- Right to data portability
- Right to object to processing
- Rights related to automated decision-making
- Right to lodge a complaint with a supervisory authority
12. Third-Party Links and Services
Our Service may contain links to third-party websites or integrate with third-party services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal information.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes by:
- Posting the updated policy on our Service
- Updating the “Effective Date” at the top of this policy
- Sending you an email notification (for material changes)
Your continued use of the Service after changes constitutes acceptance of the updated Privacy Policy.
14. Contact Information
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Crest Labs CRE
Support: support@crestlabs.ai
For data protection inquiries, you may also contact our Data Protection Officer at: dpo@crestlabs.ai
By using our Service, you acknowledge that you have read and understood this Privacy Policy and agree to our collection, use, and sharing of your information as described herein.
Last Updated: 7/11/2026