Privacy Policy

1. Introduction

Leveridge, Inc. ("Leveridge," "we," "us," or "our") provides real estate planning software for financial advisors (the "Service"). This Privacy Policy explains how we collect, use, store, and protect information when you use our website at leveridge.ai (the "Site") and our software platform.

By accessing or using the Service, you agree to this Privacy Policy. If you do not agree, please do not use our Service.

Key Principle: Advisors own their client data. We provide the infrastructure, not the advice.

AI Data Principle: Leveridge does not use identifiable client data to train AI models. Any AI training uses anonymized, aggregated data only, occurs within Leveridge-controlled AWS infrastructure, and operates under a zero data retention policy.

Geographic Scope: Leveridge currently offers the Service only to financial advisors based in the United States. The Service is designed around U.S. tax laws and regulatory frameworks and is not intended for use outside the United States at this time.

2. Information We Collect

2.1 Information You Provide Directly

Account Information: Name, email address, phone number, firm name and professional credentials (CFP®, RIA, etc.), job title and role, and payment information (processed by our payment provider when paid service launches).

Client Data You Upload: Identifying information (client name, household members), demographic information (marital status, household structure), income information (earned income, passive income, rental income), property details (address, purchase price, acquisition date, loan terms, rental income), financial data (cost basis, depreciation schedules, cash flow projections, equity estimates), tax-related information (filing status, depreciation, tax assumptions), strategy preferences and planning assumptions, and documents (Schedule E, property tax bills, loan statements).

Communications: Support inquiries, feedback and feature requests, survey responses, and scheduling information.

2.2 Information We Collect Automatically

Usage Data: Features accessed and frequency of use, analysis types run (Hold/Taxable Sale/1031 DST Exchange), session duration and interaction patterns, error logs and performance metrics.

Technical Information: IP address, browser type, and device information, operating system, and referral source and pages visited.

3. How We Use Your Information

We use information to provide the Service (process property analyses, store saved properties, enable exports, provide customer support), improve the Service (analyze usage patterns, debug issues, develop new capabilities using anonymized aggregated data only), communicate with you (product updates, newsletters via Beehiiv, transactional emails via SendGrid, personalized support via Google Workspace), and meet legal and security obligations.

We do not use identifiable client data to train AI models. Any AI training uses anonymized, aggregated data only.

4. Data Ownership and Advisor Responsibilities

4.1 You Own Your Data

Advisors own all client data uploaded to Leveridge. We do not claim any ownership rights to your clients' information. You retain full control and can access your data at any time, export your data in standard formats (JSON, CSV, PDF), and delete your data (see Section 11).

4.2 Advisor Responsibilities

As a financial professional using Leveridge, you are responsible for obtaining proper consent from your clients before uploading their data, complying with all applicable regulations (SEC, FINRA, CFP Board, state laws), all client recommendations and advice, and maintaining your own records and compliance documentation.

Leveridge provides planning tools, not financial advice. All outputs must be independently verified and are subject to your professional judgment.

5. How We Share Your Information

5.1 We Do Not Sell Your Data

Leveridge does not sell, rent, or trade your personal information to third parties for advertising or marketing purposes.

5.2 Service Providers (Subprocessors)

We share limited information with trusted third-party service providers: AWS (hosting, storage, and infrastructure), Google Workspace (personalized support communications), SendGrid (transactional email), Brevo (marketing communications), Beehiiv (newsletter distribution), Sentry (error tracking — anonymized data only), Cal.com (meeting scheduling), a third-party property data provider (property valuations — address queries only), Stripe (payment processing), and AWS Bedrock (AI processing within Leveridge-controlled AWS infrastructure only).

All subprocessors are contractually required to use data only for specified purposes, maintain appropriate security measures, comply with applicable privacy laws, and delete or return data upon termination.

Our internal tools (Slack, Linear, GitHub, 1Password, Cursor) do not have access to client data.

5.3 AI Model Hosting

Leveridge uses large language models hosted through AWS Bedrock, operating entirely within Leveridge's secure AWS environment. Identifiable client data is never sent to AI models. If Leveridge trains or fine-tunes AI models, only anonymized and aggregated data is used. AI models operate under a zero data retention policy.

5.4 Legal Requirements

We may disclose information when required by law, regulation, or legal process, or to prevent fraud, abuse, or security threats.

5.5 Business Transfers

If Leveridge is involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your information is transferred and becomes subject to a different privacy policy.

6. Data Security

We implement industry-standard security measures including AES-256 encryption at rest, TLS 1.3 for all data transmission, role-based access controls and multi-factor authentication, AWS Web Application Firewall, and AWS CloudTrail audit logging.

Organizational safeguards include background checks for employees with data access, security training, incident response procedures, and secure password management.

SOC 2 Type II is targeted for Q2 2027. While no system can guarantee absolute security, we implement safeguards consistent with industry best practices for financial data.

7. Data Retention

Active Accounts: Data is retained while your account is active.

Deleted Accounts: 30-day grace period for data recovery; permanent deletion from production systems at day 30; backup systems fully purged within 90 days; data subject to legal obligations retained as required.

Tax Return PDFs: Never retained — deleted within 30–60 seconds of processing.

Temporary Exports (PDFs generated by the platform): Auto-deleted after 24 hours.

Security Audit Logs: 2 years (compliance requirement).

Anonymized Data: We may retain anonymized, aggregated data indefinitely for product improvement and analytics. This data cannot be linked back to you or your clients.

8. Tracking Technologies

Leveridge does not currently use cookies on our platform. We use session-based authentication tokens (JWTs) for login management, which are stored in your browser and are not tracking cookies.

If we introduce cookies or similar tracking technologies in the future, we will update this Privacy Policy and provide appropriate notice and consent mechanisms before doing so.

9. Your Privacy Rights

All users have the right to access (request a copy of your personal information), correct (update inaccurate information), delete (request deletion subject to legal retention), export (download data in JSON, CSV, or PDF format), object (opt out of marketing communications), and restrict (limit how we process your information).

California Residents (CCPA/CPRA): You additionally have the right to know what personal information we collect, use, disclose, or sell; request deletion; opt out of "sales" (we don't sell data); and receive non-discrimination for exercising your rights.

To exercise your rights, email support@leveridge.io with your name, email address, specific request, and verification information. We respond within 30 days.

10. Geographic Limitations

Leveridge is based in the United States, and the Service is intended solely for use by U.S.-based financial advisors. We do not currently offer the Service to users located outside the United States, and we do not knowingly collect personal data subject to non-U.S. data protection regimes (such as GDPR).

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Material changes require email notification 30 days in advance. Minor updates are posted on this page with an in-app notification. Continued use constitutes acceptance of the updated policy.

12. Contact Us

Leveridge, Inc. 680 E Colorado Blvd, Suite 180 Pasadena, CA 91101 Email: support@leveridge.io