Back to home

Legal

Privacy Policy

Effective date: July 17, 2026

Your data is yours. This policy explains, in plain language, what we collect, how we use it, who helps us run the Service, and the rights you have. Please also review our Terms of Service.

1.Who we are & scope

This Privacy Policy explains how Notroa collects, uses, protects, and shares information when you use our software and website. It applies to the Notroa application and the notroa.com site.

Notroa is operated by Keondre Cohen, an individual (sole proprietor), based in the Province of Quebec, Canada. In this policy, “we,” “us,” and “our” refer to that operator.

2.Data we collect

  • Account information — your name, email, organization name, and role, provided when you sign up.
  • Usage & product analytics — how you interact with the app (pages viewed, features used, and similar), used to operate and improve the Service.
  • Payment information — processed by Stripe. We do not store your full card number; we keep only limited billing metadata (such as plan, status, and the last four digits) that Stripe returns.
  • Property & lead data — property and motivated-seller information surfaced from public county open-data sources, plus any lists you import.
  • Skip-trace results — owner contact details (such as phone numbers and email addresses) returned by a third-party provider only when you run a lookup.

3.How we use your information

  • to provide, operate, and secure the Service;
  • to generate lead scoring, explanations, and outreach drafts;
  • to process payments and manage your subscription;
  • to provide support and respond to your requests; and
  • to understand usage and improve the product.

4.Skip-trace & third-party data

When you run a skip trace, personally identifiable information (such as phone numbers and email addresses) is returned by a third-party data provider (Tracerfy). We store those results scoped to your organization and encrypted at rest, and we use them only to fulfill the lookup you requested. This data is provided “as is” and its accuracy is not guaranteed. Your use of it is subject to the skip-tracing and data-compliance obligations in our Terms of Service.

5.Subprocessors

We rely on a small set of trusted service providers to run Notroa. Each processes data only as needed to provide its service to us:

  • SupabaseManaged Postgres database and authentication; enforces per-organization row-level isolation.
  • VercelApplication hosting, content delivery, and website analytics and performance monitoring (cookieless).
  • StripePayment processing and subscription billing.
  • AnthropicAI generation for scoring explanations and outreach drafts.
  • ResendTransactional and notification email delivery.
  • TracerfySkip-trace / owner contact-information lookups, when you run one.
  • PostHogPrivacy-respecting product analytics to help us improve the app.

We may update this list as our infrastructure evolves; changes will be reflected here.

6.Data retention

We retain your account and lead data for as long as your account is active and as needed to provide the Service. When you delete data or close your account, we delete or de-identify your personal data within a reasonable period, except where we must retain limited records to comply with legal, tax, accounting, or security obligations. Skip-trace results are retained scoped to your organization until you delete them or your account is closed.

7.Security

We protect data with encryption in transit (HTTPS) and at rest, tenant isolationenforced at the database level (row-level security, so one organization’s data is never visible to another), and least-privilege access controls. No system can be guaranteed perfectly secure, but we work to protect your information and to limit who and what can access it.

8.Your rights

Because we operate from Quebec, Canada, we approach privacy in line with Canadian norms (PIPEDA and Quebec’s Law 25), and we also honor, in general and honest terms, the access, correction, and deletion rights that U.S. privacy laws (such as the CCPA) provide. Subject to applicable law, you can:

  • access the personal information we hold about you;
  • correct information that is inaccurate or incomplete;
  • export your account data; and
  • request deletion of your data or account.

Much of this you can do directly in the app. For anything else, email support@notroa.com and we will respond. We are a small operation and are honest about what we can do today — we handle requests directly and promptly rather than through an automated rights portal.

9.Cookies & analytics

We use essential cookies needed to sign you in and keep the app working, and privacy-respecting product analytics (PostHog) to understand how the app is used so we can improve it. We also use Vercel Web Analytics, which reports aggregate, anonymized visitor traffic (such as pages viewed, referrers, and approximate location and device type) without cookies, and Vercel Speed Insights, which reports anonymized page-performance metrics (such as load times and Core Web Vitals) without cookies. We do not use advertising trackers.

10.We do not sell your data

We do not sell your personal information, and we do not share it with third parties for their own marketing. We share data only with the subprocessors listed above, as needed to run the Service, or where required by law.

11.Children

Notroa is a business tool intended for adults. It is not directed at anyone under 18, and we do not knowingly collect personal information from children. If you believe a child has provided us information, contact us and we will delete it.

12.Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will revise the effective date above and, where appropriate, provide additional notice. Your continued use of the Service after an update means you accept the revised policy.

13.Contact

Questions about your privacy or this policy? Email us at support@notroa.com. We operate asynchronously and respond over email.