ten31tracker Privacy Policy
Effective Date: February 1, 2026 Last Updated: February 1, 2026 Company: ten31tracker LLC
Introduction
ten31tracker ("we," "our," or "us") provides a cloud-based software platform designed to help law firms and qualified intermediaries (QIs) manage IRC Section 1031 like-kind exchange transactions. We are committed to protecting your privacy and handling your data transparently.
This Privacy Policy explains what information we collect, how we use it, who we share it with, and your rights regarding your data. We encourage you to read this policy carefully. This policy should be read together with our Terms of Service.
Important: ten31tracker is a tracking and organization tool only. It does not provide legal, tax, or financial advice. All users should consult qualified professionals for 1031 exchange guidance.
Information We Collect
Information You Provide Directly
| Data Type | When Collected | Purpose |
|---|---|---|
| Account Information | Registration & login | Name, email address, firm name |
| Waitlist Information | Pre-launch signup | Name (optional), email, firm type |
| Billing Information | Subscription setup | Processed by Stripe; we do not store full payment card numbers |
| Exchange Data | Application use | Client names, property addresses, transaction amounts, dates, deadlines |
| Documents | File uploads | Exchange-related documents you upload (stored encrypted) |
| Tax Identifiers | Exchange records | SSN/EIN for exchange participants (encrypted at application level) |
| Communications | Support requests | Emails, support tickets, feedback |
Information Collected Automatically
| Data Type | How Collected | Purpose |
|---|---|---|
| Usage Data | Application logs | Feature usage, page views, actions taken |
| Device Information | Browser/device | Browser type, operating system, device type |
| IP Address | Server logs | Security, rate limiting, fraud prevention |
| Error Data | Error tracking (Sentry) | Debugging and improving the service (no PII sent to Sentry) |
Information We Do NOT Collect
- Health or biometric data
- Social Security Numbers beyond what you enter for exchange records (encrypted)
- Data from children under 13
- Browsing history outside our application
- Location data beyond IP-derived region
How We Use Your Information
We use your information for the following purposes:
Service Delivery
- Provide, maintain, and improve ten31tracker
- Process transactions and send related information
- Calculate exchange deadlines and send notifications
- Store and organize your exchange documents
Communication
- Send service-related notices (deadline reminders, account updates)
- Respond to your requests and support inquiries
- Send product updates if you've opted in (waitlist or account settings)
Security & Compliance
- Protect against unauthorized access and fraud
- Maintain audit logs for compliance purposes
- Enforce our Terms of Service
Legal Bases for Processing (GDPR)
- Contract: Processing necessary to provide our services
- Consent: Marketing communications (opt-in only)
- Legitimate Interests: Security, fraud prevention, service improvement
- Legal Obligation: Tax and regulatory compliance, responding to legal requests
Sharing & Third Parties
We do not sell, rent, or trade your personal information. We share data only with the following service providers who assist in operating our platform:
| Provider | Purpose | Data Shared | Privacy Policy |
|---|---|---|---|
| Auth0 | Authentication & identity | Email, name, login credentials | Auth0 Privacy |
| Stripe | Payment processing | Billing details, subscription status | Stripe Privacy |
| Resend | Transactional email | Email address, name | Resend Privacy |
| AWS S3 | Document storage | Encrypted files | AWS Privacy |
| Neon | Database hosting | All application data (encrypted) | Neon Privacy |
| Inngest | Background jobs | Job metadata (no PII) | Inngest Privacy |
| Sentry | Error monitoring | Error logs, stack traces (no PII) | Sentry Privacy |
| Vercel | Frontend hosting | Request logs, IP addresses | Vercel Privacy |
| Railway | API hosting | Application logs | Railway Privacy |
Other Disclosures
We may disclose information:
- To comply with legal obligations, court orders, or government requests
- To protect our rights, privacy, safety, or property
- In connection with a merger, acquisition, or sale of assets (with notice to you)
- With your explicit consent
Security Measures
We implement reasonable administrative, technical, and physical safeguards to protect your data:
Technical Safeguards
- Encryption in Transit: All data transmitted via TLS (HTTPS)
- Encryption at Rest: AES-256 encryption for stored data
- Application-Level Encryption: Sensitive fields (Tax IDs) encrypted before database storage
- Row-Level Security: PostgreSQL RLS ensures strict tenant isolation
- Secure Authentication: Auth0 with support for MFA
Operational Safeguards
- Audit Logging: All significant actions logged with timestamps and actor identification
- Access Controls: Role-based permissions limit data access
- No-Delete Architecture: Data is archived/voided, not permanently deleted, ensuring complete audit trails
- Regular Reviews: Security practices reviewed at least annually
Limitations
While we use reasonable measures to protect your data, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.
Data Retention
We retain your data as follows:
| Data Type | Retention Period | Reason |
|---|---|---|
| Account Information | Duration of account + 30 days | Service delivery |
| Exchange Records | 7 years after exchange completion | Legal/tax compliance |
| Audit Logs | 7 years | Compliance and dispute resolution |
| Billing Records | 7 years | Tax and accounting requirements |
| Support Communications | 3 years | Service quality |
| Waitlist Data | Until launch + 1 year or unsubscribe | Marketing (with consent) |
You may request deletion of your data subject to legal retention requirements.
Your Rights
Depending on your location, you may have the following rights:
All Users
- Access: Request a copy of your personal data
- Correction: Update inaccurate or incomplete data
- Deletion: Request deletion of your data (subject to legal retention)
- Opt-Out: Unsubscribe from marketing communications
- Data Portability: Receive your data in a structured format
California Residents (CCPA/CPRA)
California residents have additional rights under the California Consumer Privacy Act:
- Right to Know: What personal information we collect, use, and disclose
- Right to Delete: Request deletion of personal information
- Right to Correct: Correct inaccurate personal information
- Right to Opt-Out of Sale/Sharing: We do not sell or share your personal information for cross-context behavioral advertising. The "Do Not Sell or Share My Personal Information" right does not apply because we do not engage in these practices.
- Non-Discrimination: We will not discriminate against you for exercising your rights
Categories of Personal Information Collected: Identifiers, commercial information, internet activity, professional information, and inferences drawn from the above.
Texas Residents (TDPSA)
Texas residents have rights under the Texas Data Privacy and Security Act:
- Right to Access, Correct, Delete, and Port your personal data
- Right to Opt-Out of targeted advertising, sale of personal data, and profiling
- Global Privacy Control (GPC): We honor GPC browser signals as a valid opt-out request
Note: We do not sell personal data or engage in targeted advertising.
European Users (GDPR)
If you are in the European Economic Area, you have rights under GDPR including access, rectification, erasure, restriction, portability, and objection. You may also lodge a complaint with your local supervisory authority.
Exercising Your Rights
To exercise any of these rights, contact us at:
Email: privacy@ten31tracker.com
We will respond within the timeframe required by applicable law (typically 30-45 days). We may need to verify your identity before processing your request.
Cookies & Tracking
Essential Cookies Only
ten31tracker uses only essential cookies necessary for the application to function:
| Cookie | Purpose | Duration |
|---|---|---|
| Session cookie | Authentication state | Session |
| CSRF token | Security | Session |
What We Do NOT Use
- Third-party advertising cookies
- Cross-site tracking
- Behavioral profiling for ads
- Social media tracking pixels
Analytics
We may use privacy-respecting analytics (e.g., Vercel Analytics) that do not track individuals across sites or create advertising profiles.
International Data Transfers
ten31tracker is based in the United States. If you access our service from outside the U.S., your data will be transferred to and processed in the U.S.
For users in the EEA/UK, we rely on:
- Standard Contractual Clauses (SCCs) with our service providers
- Service providers' compliance with applicable data protection frameworks
Children's Privacy
ten31tracker is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we learn we have collected such information, we will delete it promptly.
Changes to This Policy
We may update this Privacy Policy from time to time. We will:
- Update the "Last Updated" date at the top
- Notify you of material changes via email or in-app notice
- Review this policy at least annually
Continued use of ten31tracker after changes constitutes acceptance of the updated policy.
Contact Us
If you have questions about this Privacy Policy or our data practices, contact us at:
Email: privacy@ten31tracker.com
Mailing Address: ten31tracker LLC [Address to be added]
Summary of Key Points
| Topic | Our Practice |
|---|---|
| Data Sale | We do not sell your personal data |
| Targeted Advertising | We do not use your data for targeted ads |
| Third-Party Sharing | Only with service providers listed above |
| Encryption | AES-256 at rest, TLS in transit |
| Tenant Isolation | Row-Level Security ensures firm data separation |
| Audit Trails | All significant actions logged for 7 years |
| Your Control | Access, correct, delete, or port your data |
| GPC/Opt-Out | We honor Global Privacy Control signals |
This policy is reviewed annually or upon material changes to our data practices.
ten31tracker is a tracking and organization tool only. It does not provide legal, tax, or financial advice. All users should consult qualified professionals for 1031 exchange guidance. Data security features are designed for confidentiality.