Privacy Policy

1. Introduction

Welcome to JV DealRoom. We are committed to protecting your proprietary joint venture intelligence, wholesale real estate buyer networks, transaction ledgers, and digital agreements. This Privacy Policy outlines our data handling, security, and masking protocols designed to prevent circumvention and protect your transaction details.

2. Information We Collect

We collect and store information necessary to structure digital wholesale partnerships, log transaction milestones, and verify identity:

• Account & Security Credentials: Full name, email address, password hashes, and Multi-Factor Authentication (MFA) secrets. MFA secrets are symmetrically encrypted using AES-256-GCM.
• Joint Venture Deal Configurations: Deal titles, property addresses, contract details, profit split percentages, partnership roles (Sourcer vs. Buyer Finder), state compliance riders (IL, OK, FL, TX), execution pathways (Path A Assignment vs. Path B Double-Close), LLC Entity Names, and state broker license numbers.
• Search, Matching & Alerts Data: Wholesaler property metadata (with masked address logs for Deal Postings), buyer criteria (Want Ads budgets, strategy, asset types), and geofenced zip code alert rules.
• Buyer Protection Vault Data: Full names, contact phone numbers, and email addresses of prospective cash buyers. These records establish your digital \"chain of custody\" for buyer procurement.
• Closing Document Vault: User-uploaded files categorizing critical closing milestones, including Earnest Money Deposit (EMD) Wire Receipts, Title Commitments, and Settlement statements.
• Affiliate & Referral Logs: Referral codes, registration sources, referee subscription discounts, and accumulated referrer commission balances (e.g. lifetime recurring commissions).
• Cryptographic Audit Trails: Every deal event is logged with user identity, registered email, current IP address, and timestamp. Digital signatures on joint venture agreements are secured with SHA-256 cryptographic hashes, and developer API sync tokens are stored as SHA-256 hashes.

3. Buyer Masking & Non-Circumvention Policy

To fulfill our core anti-theft guarantee, cash buyer contact details registered in your Buyer Protection Vault are cryptographically locked and completely masked from all other partners in a joint venture deal room.

Only the partner who registered the cash buyer is authorized to view or unlock the contact details. Other partners see masked placeholding text, preventing the bypass of deal room partners.

4. Database Security, Encryption & Host Infrastructure

Our application databases are hosted on secure, enterprise-grade PostgreSQL instances managed by Supabase.

Row Level Security (RLS): To prevent unauthorized exposure of your deal details, we enforce strict Row Level Security policies on all public database tables. All direct REST API calls using our public anonymous key are systematically rejected. Data can only be systematically queried or mutated through our secure server-side next.js APIs using authenticated session cookies.

Data-at-Rest Encryption & Hashing: To protect sensitive credentials from potential database compromises, Multi-Factor Authentication (MFA) secrets are symmetrically encrypted using AES-256-GCM. Additionally, static developer API tokens are one-way hashed using SHA-256. These cryptographically shielded parameters are processed entirely on the server and are masked in user-facing dashboards.

5. Billing, Cancellations & Payout Withdrawals Data

Upgrade actions to Pro or Team tiers are processed using Stripe Checkout. Our database records subscription status, subscription cancellation period-end timestamps, referee 10% discount periods, and referrer 20% commission payouts. No credit card details or bank credentials are saved to our local databases; all billing information is processed and stored securely by Stripe.

For live affiliate payout withdrawals, Stripe Connect and PayPal details (e.g. withdrawal accounts or emails) are processed securely using their respective official APIs. This information is used solely to execute commission payout transfers.

6. Geofenced Alert Email Dispatches (Resend API)

When users subscribe to geofenced zip code monitors or matching notifications, transaction alerts are generated and dispatched.

Data Transmitted to Resend: To send transaction emails, we utilize the Resend API. We transmit only the necessary destination email and restricted listing metadata summaries. Exact property street addresses and cash buyer identity details are systematically excluded from email alerts to maintain absolute anti-theft deal security.

7. Local Personalization & Customization

Sidebar Theme customizer: Custom UI accent themes (e.g. Amber Gold, Emerald Green, Steel Cyan) selected by the user are stored locally in the browser's `localStorage`. This personalization data remains on your local device and is not synchronized to or stored on our servers.

8. Contact Us

If you have questions regarding this Privacy Policy, your masked buyer vault data, or your account credentials, contact our support team at privacy@jvdealroom.com or via our support page.