EscrowAudit

Privacy Policy

Last updated 2026-06-01.

EscrowAudit is operated by NextAI Forge, LLC. We collect, process, and retain only what we need to deliver the audit and the QWR letter. This page is in plain English.

What we collect

  • Account: name and email via Clerk when you sign up.
  • Uploaded PDF: your annual escrow analysis statement. Stored encrypted at rest in Supabase Storage.
  • Extracted data: figures from the statement, your loan number, your property address. Loan number and address are encrypted at the column level.
  • Payment metadata: Stripe customer ID, payment intent ID, last 4 digits of card. We never see or store your full card number; Stripe handles all PCI scope.
  • Server logs: IP address, user agent, timestamps of accesses. Retained 30 days for security forensics.

What we do not collect

  • Your Social Security Number. We never ask for it.
  • Your bank account or routing numbers. Stripe handles payment.
  • Marketing trackers from third parties beyond essential analytics.

Retention

  • Raw PDF: auto-deleted 90 days after the audit, unless you subscribe to monitoring (in which case it is retained for the annual re-check window).
  • Extracted JSON and audit report: retained while your account is active. Deleted within 7 days of account deletion request.
  • Payment records: retained 7 years for tax and accounting compliance.
  • Server logs: 30 days.

Subprocessors

We use Clerk (auth), Supabase (database + storage), Stripe (payments), Anthropic (Claude Haiku 4.5 fallback extraction), Google (Gemini 3.1 Flash-Lite primary extraction), Vercel (hosting), Resend (email), Twilio (SMS), Sentry (error tracking), and SimpleCertifiedMail (cert-mail dispatch, only if opted in). Each is a contract subprocessor bound by their own DPAs.

Your rights

You may request a copy of your data, correction of errors, or deletion of your account at any time by emailing privacy@escrowaudit.us. Deletion is honored within 7 days. California, Colorado, Virginia, Connecticut, Utah residents have additional rights under state law; we honor them by default.

Cookies

We use first-party cookies for authentication only. We do not run third-party advertising trackers. We use PostHog for product analytics with IP redaction and no cross-site tracking.

Contact

NextAI Forge, LLC · privacy@escrowaudit.us

← Back to landing