Legal

Privacy Policy

Last updated: February 25, 2026

At GreenToran, Inc. ("GreenToran," "we," "us," or "our"), we are committed to protecting your privacy and the security of your personal and financial information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our real estate partnership management platform, website, and related services (collectively, the "Service").

By accessing or using the Service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. This Privacy Policy forms part of our Terms of Service. If you do not agree, please do not use the Service.

1. Information We Collect

1.1 Account Information

When you register for an account, we collect:

  • Full name and email address
  • Password (stored using industry-standard bcrypt hashing — we never store plaintext passwords)
  • Profile information you choose to provide (phone number, avatar, etc.)
  • If you sign in with Google OAuth, we receive your name, email address, and profile picture from Google

1.2 Financial and Partnership Data

When you use GreenToran to manage real estate partnerships, you may enter:

  • Property details (addresses, budgets, valuations)
  • Financial contributions, expenses, income, and settlement data
  • Partnership member information and ownership/share percentages
  • Transaction descriptions, amounts, dates, and categories

Important: This financial data belongs to you and your partnership. We do not claim ownership of it, and we do not use it to make financial decisions on your behalf.

1.3 Documents and Files

You may upload documents such as:

  • Receipts, invoices, and contracts
  • Property photos and documents
  • Partnership agreements and legal documents

These files are stored securely and are only accessible to authorized partnership members based on the permissions you configure.

Prohibited data: As outlined in our Terms of Service, you should not upload Social Security Numbers, full bank account or credit card numbers, medical records, government-issued identity documents, or biometric data. The Service is not designed to store or process these categories of sensitive information.

1.4 Payment and Billing Information

When you subscribe to a paid plan:

  • Payment processing is handled entirely by Stripe, Inc.
  • We never store your full credit card number, CVV, or bank account details on our servers
  • We receive and store only: a Stripe customer ID, subscription status, plan type, and the last four digits of your card for display purposes
  • Stripe's privacy policy also applies to payment data processed by Stripe

1.5 Usage Data and Analytics

We automatically collect:

  • Pages visited, features used, and actions taken within the Service
  • Browser type, device type, operating system, and screen resolution
  • IP address and approximate geographic location (country/region level). We do not collect precise GPS location
  • Referring URLs and campaign parameters (where available)
  • Session duration and timestamp data

1.6 Communication Data

When you contact us through our contact form, email, or support channels, we collect the content of your messages, your email address, and any attachments you send.

2. How We Use Your Information

We use the information we collect for the following purposes:

2.1 Providing and Operating the Service

  • To create and manage your account
  • To enable you to create and manage partnerships, properties, and transactions
  • To calculate profit splits, settlements, and financial summaries
  • To process invitations and manage team access
  • To generate reports and PDF exports

2.2 Communication

  • To send transactional emails (account verification, password resets, invitation notifications)
  • To notify you of important activity in your partnerships (new transactions, approvals needed, settlements)
  • To send service announcements and security alerts
  • To respond to your support requests and inquiries

2.3 Improvement and Analytics

  • To understand how users interact with our Service and identify areas for improvement
  • To detect, investigate, and prevent bugs, errors, and technical issues
  • To develop new features and functionality

2.4 Security and Compliance

  • To detect and prevent fraud, abuse, and unauthorized access
  • To enforce our Terms of Service
  • To comply with legal obligations

3. AI-Powered Features

GreenToran may use artificial intelligence to enhance your experience:

3.1 What AI Does

  • Analyzes uploaded receipts and documents to extract amounts, dates, categories, and descriptions
  • Suggests transaction categorization based on document content
  • Generates financial insights and summaries for reports

3.2 How AI Data Is Handled

  • Document content may be sent to our AI processing provider (currently OpenAI) for analysis
  • We do not use your data to train our models. When we send content to our AI provider for processing, we do so under terms intended to limit use of that content to providing the service. We configure our AI provider settings to disable training where available
  • AI-extracted data is stored only within your partnership and subject to the same access controls
  • You can choose not to use AI features — they are always optional
  • We send only the minimum necessary content for processing (not your full account data)

3.3 AI Limitations

AI-generated suggestions and extractions are not guaranteed to be accurate. You are responsible for reviewing and verifying all AI-processed information before relying on it for financial decisions.

4. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information to third parties.

We may share your information only in the following circumstances:

4.1 With Your Partnership Members

When you create or join a partnership, other authorized members can see shared partnership data (properties, transactions, settlements, documents) based on the access permissions configured by the partnership owner.

4.2 With Service Providers

We work with trusted third-party companies to operate our Service. These providers have access only to the information necessary to perform their services and are contractually obligated to protect your data:

  • Stripe — Payment processing (privacy policy)
  • Amazon Web Services (AWS) — Infrastructure, data storage, and compute
  • Email delivery provider — Transactional email delivery (account notifications, invitations, security alerts)
  • OpenAI — AI document analysis (opt-in only; privacy policy)
  • CDN / Security provider — Content delivery, DDoS protection, and DNS

We may change service providers from time to time. This list reflects our current primary providers and will be updated accordingly.

4.3 For Legal Reasons

We may disclose your information if required by law, regulation, legal process, or governmental request, or when we believe disclosure is necessary to:

  • Comply with applicable law, regulation, or court order
  • Protect the safety, rights, or property of GreenToran, Inc., our users, or the public
  • Detect, prevent, or address fraud, security, or technical issues
  • Enforce our Terms of Service

4.4 Business Transfers

If GreenToran, Inc. is involved in a merger, acquisition, reorganization, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our Service of any change in ownership or use of your personal information.

5. Data Security

We implement industry-standard security measures to protect your data:

5.1 Technical Safeguards

  • Encryption in transit: All data transmitted between your browser and our servers is encrypted using TLS 1.2+ (256-bit SSL encryption)
  • Encryption at rest: We use encryption at rest where appropriate, including for sensitive data
  • Password security: Passwords are hashed using bcrypt with appropriate cost factors and are never stored in plaintext
  • Access controls: Role-based access controls limit who can access what data within partnerships
  • Regular backups: Automated backups ensure data can be recovered in case of system failure

5.2 Operational Safeguards

  • Regular security reviews and vulnerability assessments
  • Principle of least privilege for internal access to production systems
  • Activity logging and audit trails for security-sensitive operations
  • Incident response procedures for potential breaches

5.3 Your Responsibility

You are responsible for maintaining the confidentiality of your account credentials and for restricting access to your devices. Please use a strong, unique password and enable any available security features.

Security Disclaimer

While we implement extensive security measures, no method of electronic storage or internet transmission is 100% secure. We cannot guarantee absolute security but are committed to protecting your information using commercially reasonable measures.

6. Your Rights and Choices

Depending on your jurisdiction, you may have the following rights regarding your personal information:

6.1 Access and Portability

  • Request a copy of the personal information we hold about you
  • Export your partnership and financial data in standard formats (CSV, PDF)

6.2 Correction

  • Update or correct inaccurate personal information through your account settings
  • Request corrections to data you cannot edit yourself by contacting us

6.3 Deletion

  • Delete your account and personal data through your account settings
  • Request deletion of specific data by contacting us
  • Note: Some data may be retained for legal, accounting, or legitimate business purposes (see Data Retention)

6.4 Opt-Out

  • Unsubscribe from marketing emails using the link in any marketing email
  • Manage notification preferences in your account settings
  • You cannot opt out of transactional emails (account security, billing, legal notices)

6.5 Restriction and Objection

  • Request that we restrict processing of your personal data in certain circumstances
  • Object to processing of your personal data for certain purposes

To exercise any of these rights, contact us at privacy@greentoran.com. We may verify your identity before fulfilling requests. We will respond to your request within 30 days.

7. Data Retention

We retain your information for as long as necessary to provide the Service and fulfill the purposes described in this Privacy Policy:

  • Active accounts: Data is retained as long as your account is active and the Service is being used
  • After account deletion: We retain your data for up to 30 days to allow for recovery, after which it is permanently deleted from our active systems
  • Backup retention: Data may persist in encrypted backups for up to 90 days after deletion before being purged
  • Legal and financial records: Certain data (billing records, transaction logs) may be retained for up to 7 years to comply with tax, accounting, and legal requirements
  • Anonymized data: We may retain anonymized, aggregated data (which cannot identify you) indefinitely for analytics and service improvement

8. Cookies and Tracking Technologies

8.1 Cookies We Use

  • Essential cookies: Required for the Service to function (session management, CSRF protection, authentication). These cannot be disabled
  • Preference cookies: Remember your settings and preferences (theme, language, sidebar state)

8.2 Cookies We Do NOT Use

  • We do not use advertising or retargeting cookies
  • We do not use third-party tracking cookies for ad networks
  • We do not sell cookie data or browsing behavior to third parties

8.3 Managing Cookies

You can configure your browser to block or delete cookies. However, blocking essential cookies will prevent you from using the Service.

9. International Data Transfers

GreenToran's servers are primarily located in the United States. Our service providers may operate in other countries as well. By using the Service, you consent to the transfer of your information to the United States and other jurisdictions that may have different data protection laws than your country of residence. We ensure appropriate safeguards are in place for such transfers, including:

  • Standard contractual clauses with service providers
  • Ensuring service providers maintain adequate security measures
  • Compliance with applicable international data transfer frameworks

10. For Users in the European Economic Area (EEA/GDPR)

If you are located in the EEA, United Kingdom, or Switzerland, the following additional provisions apply:

10.1 Legal Basis for Processing

We process your personal data under the following legal bases:

  • Contract performance: Processing necessary to provide you with the Service you signed up for
  • Legitimate interests: Processing for analytics, security, fraud prevention, and service improvement, where these interests are not overridden by your rights
  • Consent: Processing based on your explicit consent (e.g., AI features, marketing emails)
  • Legal obligation: Processing necessary to comply with applicable laws

10.2 Data Protection Officer

For GDPR-related inquiries, contact us at privacy@greentoran.com.

10.3 Supervisory Authority

You have the right to lodge a complaint with your local data protection supervisory authority if you believe your data is being processed unlawfully.

11. For California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

  • Right to Know: You can request details about the categories and specific pieces of personal information we collect about you
  • Right to Delete: You can request deletion of your personal information, subject to certain exceptions
  • Right to Opt-Out of Sale: We do not sell your personal information. No opt-out is necessary
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights
  • Right to Correct: You can request correction of inaccurate personal information
  • Right to Limit Use of Sensitive Personal Information: We only use sensitive personal information as necessary to provide the Service

To exercise these rights, contact us at privacy@greentoran.com or use the contact form on our website.

12. Children's Privacy

GreenToran is not directed to, and is not intended for use by, individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take immediate steps to delete that information. If you believe a child has provided us with personal information, please contact us at privacy@greentoran.com.

13. Third-Party Links and Services

The Service may contain links to third-party websites or services that are not operated by us. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party services you access through our platform.

14. "Do Not Track" Signals

Some browsers transmit "Do Not Track" (DNT) signals. Since there is no industry standard for DNT compliance, we do not currently respond to DNT signals. However, as stated above, we do not engage in cross-site tracking or sell your data to advertisers.

15. Data Breach Notification

In the event of a data breach that affects your personal information, we will:

  • Notify affected users via email as required by applicable state and federal laws
  • Where GDPR applies, notify the relevant supervisory authority within 72 hours of becoming aware of a breach when required, and notify affected users without undue delay in accordance with applicable law
  • Notify relevant authorities and supervisory bodies as required by applicable law
  • Provide information about the nature of the breach, the data affected, and steps taken to mitigate the impact
  • Provide guidance on steps you can take to protect yourself

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes:

  • We will update the "Last updated" date at the top of this page
  • We will notify you via email if the changes are significant
  • We may display a prominent notice within the Service
  • We will provide at least 30 days notice before material changes take effect
  • Your continued use of the Service after changes become effective constitutes acceptance of the updated Privacy Policy

17. Governing Law

This Privacy Policy is governed by the laws of the State of Delaware, United States, consistent with our Terms of Service. Any disputes related to this Privacy Policy are subject to the dispute resolution provisions in our Terms of Service.

18. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: