NegoBetter
Beta

Privacy Policy

Last updated: February 18, 2026

1. Introduction and Operator Identity

This Privacy Policy ("Policy") describes how NegoBetter ("we," "us," or "our") collects, uses, shares, and protects your personal information when you access or use the NegoBetter website located at negobetter.com and any associated services (collectively, the "Service"). NegoBetter is owned and operated by an individual sole proprietor based in the United States, and is not a registered LLC, corporation, or other formal business entity. This Policy applies to all visitors, users, and individuals who access or use the Service. By accessing or using the Service, you acknowledge that you have read and understood this Policy and agree to the collection, use, and disclosure of your information as described herein. Please also review our Terms of Service, which govern your use of the Service.

2. Information We Collect

We collect the minimum amount of information necessary to provide, maintain, and improve the Service. The information we collect falls into the following categories:

2a. Information You Provide Directly

  • Account information: Name, email address, and authentication method (email/password or Google OAuth) when you create an account
  • Uploaded documents: Home inspection PDF reports you submit for analysis
  • Contact and support inquiries: Any information you include when contacting us via email at support@negobetter.com
  • Feedback: Ratings and comments you optionally provide after downloading a report

2b. Information Collected Automatically

  • IP address: Collected for rate limiting and abuse prevention (processed by Cloudflare and our hosting providers)
  • Authentication tokens: Stored in your browser's localStorage for session persistence
  • Session identifiers: Unique IDs assigned to each analysis session to associate results with your account
  • HTTP server logs: Standard request logs maintained by our hosting providers (Vercel, Railway) which may include timestamps, request URLs, and response codes

2c. Information We Do NOT Collect

  • Credit card or banking details: All payment processing is handled entirely by Stripe; we never receive, store, or have access to your full card numbers or financial account information
  • Precise geolocation data: We do not request or collect GPS or precise location data from your device
  • Device fingerprints or advertising identifiers: We do not collect hardware identifiers, advertising IDs, or browser fingerprinting data
  • Tracking cookies: We do not use any first-party or third-party tracking cookies (see Section 7 for details)

3. How We Use Your Information

We use the information we collect for the following purposes:

  • To provide, operate, and deliver the Service, including processing uploaded inspection reports and generating repair cost estimates
  • To create, manage, and authenticate your user account
  • To process payments through Stripe and deliver purchased addendum documents
  • To respond to your support inquiries, questions, and feedback
  • To enforce our Terms of Service, rate limits, and usage policies
  • To detect and prevent fraud, abuse, spam, and unauthorized access to the Service
  • To improve and optimize the Service, including analyzing anonymized and aggregated usage patterns (we do not use your personal data or uploaded documents for model training)
  • To comply with applicable legal obligations

4. Legal Basis for Processing

We process your personal information on the following legal bases:

  • Contract performance: Processing necessary to provide the Service you have requested, including account creation, report analysis, and document delivery
  • Legitimate interests: Processing necessary for our legitimate interests, such as maintaining the security and integrity of the Service, preventing fraud and abuse, and improving the Service, provided such interests are not overridden by your data protection rights
  • Consent: Where you have given explicit consent for specific processing activities, such as providing optional feedback
  • Legal obligation: Processing required to comply with applicable laws, regulations, or legal proceedings

5. How We Share Your Information

We do not sell, rent, or trade your personal information to third parties.

We share your information only with the following categories of third-party service providers, solely as necessary to operate and deliver the Service:

  • LlamaParse (LlamaIndex): Receives uploaded PDF file content for text extraction and parsing
  • Google Gemini: Receives extracted inspection report text for AI-powered defect analysis and cost estimation
  • Stripe: Receives the minimum information necessary to process payments (email address, session metadata); handles all credit card and payment data directly
  • Supabase: Hosts our PostgreSQL database containing user accounts, session records, and analysis results
  • Vercel: Hosts our frontend application and processes HTTP requests
  • Railway: Hosts our backend application and processes API requests
  • Resend: Provides transactional email delivery (e.g., password reset, account verification emails)
  • Google OAuth: If you choose to sign in with Google, Google receives and processes your authentication request per Google's own privacy policies

We may also disclose your information if required to do so by law, regulation, legal process, or governmental request, or if we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or comply with a judicial proceeding or court order. In the event of a sale, merger, acquisition, or succession of the business, user information may be transferred to the successor entity.

6. Automated Decision-Making and AI Processing

The core function of the Service involves automated processing of your uploaded inspection reports using artificial intelligence. When you upload a PDF, it is parsed by LlamaParse and analyzed by Google Gemini through a two-pass AI analysis system (conservative and thorough passes) to identify defects and estimate repair costs. This processing is fully automated — no human reviews the analysis results before they are delivered to you.

The AI-generated output is produced algorithmically and may contain errors, omissions, or inaccuracies. The estimates are intended solely as informal negotiation guidance and do not constitute professional advice. You have the right to request human review of any AI-generated output by contacting us at support@negobetter.com. For more information on the limitations of AI-generated estimates, please see Sections 6 and 7 of our Terms of Service.

7. Cookies, Local Storage, and Tracking

NegoBetter uses a consent-based approach to cookies and tracking.

Essential (no consent required):

  • localStorage: Stores nb_token (authentication JWT), nb_user (basic user profile), and nb_cookie_consent (your cookie preference) for persistent login sessions
  • sessionStorage: May temporarily store analysis results during your active browser session; automatically cleared when you close the tab

Non-essential (requires your consent):

  • Google Ads conversion tracking cookies: Used only to measure the performance of our advertising campaigns. These cookies are loaded only if you click “Accept” on the cookie consent banner. You can change your preference at any time by clearing your browser storage.

We use Plausible Analytics for website usage statistics. Plausible is cookieless and privacy-focused — it does not use cookies or collect personal data, and does not require consent. We use Sentry for error monitoring, which processes functional error reports and does not use tracking cookies. NegoBetter respects Do Not Track (DNT) browser signals.

8. Data Retention

We retain your information for the following periods:

  • Uploaded PDF files: Processed in memory during analysis and not permanently stored by NegoBetter. Files are transmitted to third-party AI services for processing and are subject to their respective retention policies.
  • Analysis results (paid sessions): Retained indefinitely to allow you to re-download your purchased addendum documents at any time
  • Analysis results (unpaid sessions): Automatically purged after ninety (90) days of inactivity
  • User accounts: Retained until you request deletion of your account
  • Contact and support messages: Retained for up to twelve (12) months to assist with ongoing or follow-up inquiries
  • Server logs: Maintained by our hosting providers (Vercel, Railway) per their standard retention policies, typically approximately thirty (30) days
  • Feedback: Retained indefinitely in anonymized form to improve the Service

9. Data Security

We implement reasonable administrative, technical, and organizational safeguards designed to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • All data transmitted between your browser and the Service is encrypted using HTTPS/TLS
  • Passwords are hashed using bcrypt with appropriate work factors; we never store plaintext passwords
  • Authentication tokens (JWTs) are issued with a twenty-four (24) hour time-to-live (TTL) and are validated on every authenticated request
  • Security headers are enforced, including Strict-Transport-Security (HSTS), X-Content-Type-Options, and X-Frame-Options
  • Rate limiting is applied to all API endpoints to prevent abuse and brute-force attacks

Despite these measures, no method of electronic transmission or storage is completely secure. We cannot guarantee the absolute security of your information, and you acknowledge that you transmit data to the Service at your own risk. In the event of a data breach that affects your personal information, we will notify affected users in accordance with our data breach notification procedures described in Section 17 of this Policy.

10. International Data Transfers

NegoBetter is a United States-based service. Your personal information is processed and stored in the United States. If you access the Service from outside the United States, please be aware that your information may be transferred to, stored in, and processed in the United States, where data protection laws may differ from those in your jurisdiction. Our third-party service providers may process data in locations outside the United States in accordance with their own policies and applicable data protection frameworks. By using the Service, you consent to the transfer of your information to the United States and any other jurisdictions where our service providers operate.

11. Your Rights

Subject to applicable law, you have the following rights regarding your personal information:

  • Right of access: You may request a copy of the personal information we hold about you
  • Right to correction: You may request that we correct any inaccurate or incomplete personal information
  • Right to deletion: You may request the deletion of your account and associated personal data. We will process deletion requests within thirty (30) days, subject to any legal retention obligations
  • Right to data portability: Where technically feasible, you may request a copy of your data in a structured, commonly used, and machine-readable format
  • Right to withdraw consent: Where processing is based on consent, you may withdraw your consent at any time without affecting the lawfulness of processing carried out prior to withdrawal

To exercise any of these rights, please contact us at support@negobetter.com. We will respond to all verified requests within thirty (30) days. We will not discriminate against you for exercising any of your privacy rights.

12. State-Specific Privacy Rights (United States)

California (CCPA / CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) provide you with additional rights regarding your personal information:

  • Right to know: You may request that we disclose the categories and specific pieces of personal information we have collected, the categories of sources, the business purposes for collection, and the categories of third parties with whom we share information
  • Right to delete: You may request the deletion of your personal information, subject to certain exceptions
  • Right to opt-out of sale: We do not sell your personal information, as defined under the CCPA/CPRA, and have not done so in the preceding twelve (12) months
  • Right to non-discrimination: We will not discriminate against you for exercising your CCPA/CPRA rights

To exercise your California privacy rights, email support@negobetter.com with "CCPA Request" in the subject line. We do not share personal information for direct marketing purposes as defined by California's Shine the Light law (Civil Code Section 1798.83).

Virginia, Colorado, and Connecticut

If you are a resident of Virginia (VCDPA), Colorado (CPA), or Connecticut (CTDPA), you may have similar rights under your respective state privacy laws, including the right to access, correct, delete, and obtain a portable copy of your personal data. To exercise these rights, please contact us at support@negobetter.com with the relevant state law referenced in your request.

13. Children's Privacy

The Service is not intended for use by individuals under the age of eighteen (18). We do not knowingly collect, solicit, or maintain personal information from anyone under 18. If we discover that we have inadvertently collected personal information from a minor, we will promptly delete such information from our records. If you believe that a child under 18 has provided personal information to us, please contact us immediately at support@negobetter.com so that we can take appropriate action.

14. Third-Party Links

The Service may contain links to third-party websites, services, or resources that are not owned or controlled by NegoBetter. We are not responsible for the privacy practices, content, or data collection policies of any third-party websites or services. We encourage you to review the privacy policy of every third-party site you visit. The inclusion of any link does not imply endorsement by NegoBetter of the linked site or any association with its operators.

15. Marketing Communications

NegoBetter currently does not send marketing or promotional emails. We send only transactional communications directly related to the Service, such as password reset emails, account verification emails, and payment confirmation emails. If we introduce marketing communications in the future, they will be strictly opt-in, and you will be provided with a clear and easy mechanism to unsubscribe from any marketing emails at any time. Unsubscribing from marketing communications will not affect your receipt of transactional emails related to your account or purchases.

16. Data Processor and Controller Roles

For the purposes of applicable data protection laws, NegoBetter acts as the data controller for the personal information collected through the Service. Our third-party service providers act as data processors, processing personal data on our behalf and in accordance with our instructions. Each third-party provider is bound by its own data processing agreements and privacy policies:

17. Data Breach Notification

In the event of a security breach that results in the unauthorized access, acquisition, use, or disclosure of your personal information, we will notify affected users via the email address associated with their account within seventy-two (72) hours of becoming aware of the breach, where feasible. We will also notify applicable regulatory authorities as required by law. The notification will describe: the nature and scope of the breach, the types of personal information involved, the steps we have taken and are taking to address the breach, and recommended actions you can take to protect yourself. If direct email notification is not feasible (for example, if we do not have current email contact information), we will provide notice through a conspicuous posting on the Service.

18. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make changes, we will revise the "Last updated" date at the top of this page. For material changes that significantly affect how we collect, use, or share your personal information, we will make reasonable efforts to notify you via the email address associated with your account or through a prominent notice on the Service prior to the changes taking effect. Your continued use of the Service after the effective date of any changes constitutes your acceptance of the updated Policy. We encourage you to review this page periodically for the latest information on our privacy practices.

19. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Email: support@negobetter.com

For CCPA, CPRA, VCDPA, CPA, or CTDPA requests, please include the name of the applicable law in the subject line of your email. We will respond to all verified privacy requests within thirty (30) days.

Please also review our Terms of Service, which govern your use of the Service and contain important information about dispute resolution, limitations of liability, and other legal provisions.