Last updated: June 12, 2025
Privacy Policy
Ground Report ("we," "us," or "our") operates groundreport.app. This Privacy Policy describes how we collect, use, and share information when you use our service.
Information We Collect
Address data. When you search or purchase a report, we collect the address you enter. This address is used to query public environmental databases and generate your report. It is stored in our database to enable report retrieval and future freshness notifications.
Email address. When you purchase a report or sign in, we collect your email address. We use it to: deliver your report, send you account access links, and notify you when report data is refreshed (approximately once per year). We do not sell or share your email.
Payment information. Payments are processed by Stripe, Inc. We do not store your credit card number, CVV, or full payment details. We receive a transaction ID and your email from Stripe. Stripe's privacy policy applies to payment data.
Usage data. We collect standard web analytics (pages visited, referrer, approximate location via IP) using privacy-respecting analytics tools. We do not use Google Analytics. We do not fingerprint individual users.
How We Use Your Information
- Generate and deliver the environmental risk report you purchased
- Provide account access via magic-link email authentication
- Notify you when the data underlying your report has been refreshed
- Improve the accuracy and coverage of our data sources
- Comply with legal obligations
We do not use your data to train AI models. We do not sell your personal information to third parties.
Data Sources
Reports are generated from publicly available government databases including EPA Envirofacts, SDWIS, ECHO, FEMA NFHL, USGS, CDC, ATSDR, AirNow, and others. All data points in your report are sourced and attributable to named public agencies. No private data about you or your property is purchased from data brokers.
Report Privacy
Reports are private by default. Only you can access your report when signed in. You may opt in to make a report publicly viewable — publicly shared reports expire from public view after 24 months. The aggregate risk score (without detailed findings) for any address is always public.
Data Retention
Report data is retained indefinitely to support the freshness notification system. You may request deletion of your report and account data by emailing us at the address below. We will delete your data within 30 days.
Third-Party Services
- Supabase — Database and authentication (supabase.com/privacy)
- Stripe — Payment processing (stripe.com/privacy)
- Resend — Transactional email delivery (resend.com/legal/privacy-policy)
- Mapbox — Address geocoding and map rendering (mapbox.com/legal/privacy)
- Vercel — Hosting and edge delivery (vercel.com/legal/privacy-policy)
Children's Privacy
Our service is not directed to children under 13. We do not knowingly collect personal information from children under 13.
Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes via email if you have an account. The "Last updated" date at the top of this page reflects the most recent revision.
Contact
Questions about this Privacy Policy? Email us at privacy@groundreport.app.