Privacy Policy
Last updated: May 8, 2026.
This Privacy Policy describes how Pearland AI ("we") collects, uses, and shares information when you use protest.pearlandai.com (the "Service"). It is part of the Terms of Service. We've tried to keep it short and plain. If anything is unclear, email support@pearlandai.com.
1. What we collect
- Account info. Your email address. We use magic-link sign-in, so we do not store passwords.
- Authentication and session data. A session cookie, sign-in tokens, and the IP address and approximate time of each sign-in. Used to keep you signed in and to detect abuse.
- Property activity. The CAD property identifiers, owner names, addresses, and search terms you enter; the previews you view; the Packets you unlock; and the scope (subdivision, neighborhood, or pool-adjusted) and tax year you choose for each unlock.
- Purchase data. The fact and amount of your purchases, the Stripe checkout session ID, and the Stripe customer email associated with the charge. We never see or store your card number, CVV, expiration date, or full bank details — those go directly to Stripe under their own privacy and PCI-DSS controls.
- Generated documents. The PDF Packet for each property you unlock, stored on our server until your account is closed or you request deletion.
- Diagnostic logs. Standard server logs (IP, user-agent, request path, response code, timestamp) for security, error tracing, and capacity planning. Retained for up to 90 days.
2. What we do with it
- To provide the Service: authenticate you, render and deliver Packets, look up the right appraisal-district records, calculate previews, and process payments.
- To improve and maintain the Service: monitor performance, fix bugs, audit for fraud or abuse, and develop new features.
- To communicate with you about your account, your purchases, and material updates to the Service or these policies. We do not send marketing email unless you affirmatively opt in.
- To comply with legal obligations and enforce our agreements.
3. What we do not do
- We do not sell your personal data.
- We do not rent or share your contact information with third-party advertisers or data brokers for their own marketing.
- We do not run analytics products that fingerprint or cross-site track you across the open web.
We do use the Meta Pixel and Meta's Conversions API to measure the effectiveness of advertising we run on Facebook and Instagram. See section 5 for what we share with Meta and how to opt out.
4. Subprocessors and third parties we share with
The Service runs on these vendors. They each have their own privacy practices:
- Stripe — payment processing. Receives your email, payment amount, and card data you submit at checkout. stripe.com/privacy.
- Microsoft 365 — email delivery (sign-in links, transactional notices). Receives your email address and the message body. privacy.microsoft.com.
- DigitalOcean — server hosting and storage. Holds the database and the rendered PDFs at rest. digitalocean.com/legal/privacy-policy.
- Meta Platforms (Facebook / Instagram) — advertising measurement via Meta Pixel and Conversions API. Receives a hashed copy of your email and internal user id, your IP and user-agent, and the conversion events listed in section 4a. See facebook.com/privacy/policy.
We will share your information with these subprocessors only as needed to operate the Service. We do not authorize any of them to use your information for their own marketing purposes.
We may also disclose information when required by valid legal process (subpoena, court order, search warrant), to enforce our Terms, to protect the rights or safety of any person, or in connection with a merger, acquisition, or sale of substantially all of Pearland AI's assets (in which case we will provide notice of the change).
5. Advertising measurement (Meta Pixel and Conversions API)
We run advertising on Facebook and Instagram. To measure whether those ads result in actual signups and purchases, we use two related Meta tools:
- Meta Pixel (browser-side). A small JavaScript tag loaded on every page that records page views and sets two cookies (
_fbpand, when you arrive via a Facebook ad,_fbc). These let Meta tell whether you saw one of our ads before visiting the site. - Meta Conversions API (server-side). When you sign up, start a checkout, or complete a purchase, our server sends Meta a record of that event. The personal identifiers in those events — your email address and our internal user id — are SHA-256 hashed before transmission, so Meta can match the event to a known Meta user without us handing over the plain email. Your IP address and browser user-agent are sent unhashed for the same matching purpose.
We do not send Meta any of your CAD property records, search terms, Packet contents, or owner-condition notes. The events we send are limited to: page-view, signup completed, checkout started, and purchase completed (with the dollar amount and pack name).
You can opt out of Meta's use of your data for ad personalization through Meta's own ad-preferences page (facebook.com/adpreferences), or block the Meta Pixel using browser-level tracking-protection features (most modern browsers offer this), an ad-blocker extension, or by declining cookies through your browser settings. Blocking the Pixel will not affect your ability to use the Service. Blocking the server-side Conversions API requires opting out at Meta — we can't suppress server events for individual users from our side.
6. Cookies
We use a small number of strictly necessary cookies to keep you signed in and to protect against cross-site request forgery. We also load the Meta Pixel for advertising measurement (see section 5), which sets two Meta-owned cookies, _fbp and _fbc. We do not use any other third-party analytics cookies, and we do not load advertising tags from any other platform.
7. Data retention
- Account info and purchase history: retained for the life of the account, plus seven years after closure (for tax, fraud, and dispute records).
- Generated Packets: retained for the life of the account so you can re-download them. On account closure or deletion request, Packets are deleted within 30 days.
- Server logs: up to 90 days, then aggregated or deleted.
- Stripe-side records (charges, refunds, chargebacks): retained according to Stripe's policies, typically multiple years for compliance and dispute purposes.
8. Your choices and rights
You can request export, correction, or deletion of your account data by emailing support@pearlandai.com. We will respond within 30 days. Some records (Stripe-side payment records, fraud-prevention logs, audit logs required by law) may be retained beyond a deletion request to the extent legally required.
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect about you, the right to request deletion, and the right not to be discriminated against for exercising these rights. We do not "sell" personal information as that term is defined under CCPA. To exercise these rights, email the address above and identify yourself as a California resident.
9. Security
We host the Service on managed infrastructure with encrypted disk storage, TLS for all data in transit, application-level access controls, magic-link sign-in (no password reuse risk), and short-lived session cookies. No system is perfectly secure. If we ever experience a breach affecting your data, we will notify you by email and through the Service in accordance with applicable law.
10. Children
The Service is not directed to anyone under 18 and is not intended for their use. We do not knowingly collect personal information from children. If you believe a child has provided us with information, contact us and we will delete it.
11. Changes
We may update this Privacy Policy. The "Last updated" date at the top will reflect the change, and material changes will be communicated by email to your account address.
12. Contact
Privacy questions: support@pearlandai.com. Postal mail: Pearland AI, Pearland, Texas, USA.