Account Information: Name, email address, and organization name provided during registration.
Project Data: Project details, budgets, milestones, contacts, files, and financial information you enter into the Service.
Usage Data: Log data including IP addresses, browser type, pages visited, and feature usage for analytics and security.
Payment Information: Billing is processed by Stripe. We do not store credit card numbers. Stripe's privacy policy governs payment data handling.
We use your information to: provide and maintain the Service; generate AI-powered briefings and analysis (via Anthropic API); send transactional emails (via Microsoft Graph); process payments (via Stripe); improve the Service; and comply with legal obligations.
We use the following third-party services that may process your data:
Data is stored in Supabase (hosted on AWS) with encryption at rest and in transit (TLS 1.2+). Passwords are hashed with bcrypt (12 rounds). API keys and Plaid access tokens are encrypted with AES-256-CBC. Access is controlled via JWT authentication, role-based permissions, and tenant isolation. Bank login credentials are never transmitted to or stored by HAMRR — authentication occurs entirely within Plaid's secure environment.
What we store: Account name, institution name, account type, last 4 digits of account number, balance, and transaction history (date, merchant, amount, category). What we never store: Bank login credentials, full account numbers, routing numbers (for Plaid-linked accounts), or authentication tokens in plaintext.
You may delete all financial data at any time from Settings. Deletion immediately disconnects Plaid access and permanently removes stored transactions and balances.
We retain your data for as long as your account is active, subject to the following retention periods:
Upon account deletion, all data is permanently removed after the 30-day grace period. You may request immediate deletion of financial data at any time without closing your account.
You have the right to: access your data (via in-app export); correct inaccurate data; delete your account and all associated data; delete financial data independently of your account; export your data in standard formats (CSV, JSON); disconnect third-party integrations (Plaid, Outlook) at any time; and restrict processing where applicable.
By creating an account, you consent to the collection and processing of data as described in this policy. By connecting a bank account via Plaid, you provide additional consent for us to access your financial account data (balances and transactions) for the purpose of property management and accounting. You may revoke this consent at any time by disconnecting your bank account in Settings.
You may export all your data at any time through Settings → Data Export. Exports are available in CSV and JSON formats compatible with standard business tools.
We use localStorage for session management and user preferences. We do not use third-party tracking cookies or advertising cookies.
The Service is not directed at individuals under 18. We do not knowingly collect information from children.
We will notify organization administrators via email of material changes. Continued use after notification constitutes acceptance.
For privacy inquiries: matt@iwaycorp.com
Iway Development
See also: Information Security Policy