ten31tracker Privacy Policy

Effective Date: February 1, 2026 Last Updated: February 1, 2026 Company: ten31tracker LLC


Introduction

ten31tracker ("we," "our," or "us") provides a cloud-based software platform designed to help law firms and qualified intermediaries (QIs) manage IRC Section 1031 like-kind exchange transactions. We are committed to protecting your privacy and handling your data transparently.

This Privacy Policy explains what information we collect, how we use it, who we share it with, and your rights regarding your data. We encourage you to read this policy carefully. This policy should be read together with our Terms of Service.

Important: ten31tracker is a tracking and organization tool only. It does not provide legal, tax, or financial advice. All users should consult qualified professionals for 1031 exchange guidance.


Information We Collect

Information You Provide Directly

Data TypeWhen CollectedPurpose
Account InformationRegistration & loginName, email address, firm name
Waitlist InformationPre-launch signupName (optional), email, firm type
Billing InformationSubscription setupProcessed by Stripe; we do not store full payment card numbers
Exchange DataApplication useClient names, property addresses, transaction amounts, dates, deadlines
DocumentsFile uploadsExchange-related documents you upload (stored encrypted)
Tax IdentifiersExchange recordsSSN/EIN for exchange participants (encrypted at application level)
CommunicationsSupport requestsEmails, support tickets, feedback

Information Collected Automatically

Data TypeHow CollectedPurpose
Usage DataApplication logsFeature usage, page views, actions taken
Device InformationBrowser/deviceBrowser type, operating system, device type
IP AddressServer logsSecurity, rate limiting, fraud prevention
Error DataError tracking (Sentry)Debugging and improving the service (no PII sent to Sentry)

Information We Do NOT Collect

  • Health or biometric data
  • Social Security Numbers beyond what you enter for exchange records (encrypted)
  • Data from children under 13
  • Browsing history outside our application
  • Location data beyond IP-derived region

How We Use Your Information

We use your information for the following purposes:

Service Delivery

  • Provide, maintain, and improve ten31tracker
  • Process transactions and send related information
  • Calculate exchange deadlines and send notifications
  • Store and organize your exchange documents

Communication

  • Send service-related notices (deadline reminders, account updates)
  • Respond to your requests and support inquiries
  • Send product updates if you've opted in (waitlist or account settings)

Security & Compliance

  • Protect against unauthorized access and fraud
  • Maintain audit logs for compliance purposes
  • Enforce our Terms of Service
  • Contract: Processing necessary to provide our services
  • Consent: Marketing communications (opt-in only)
  • Legitimate Interests: Security, fraud prevention, service improvement
  • Legal Obligation: Tax and regulatory compliance, responding to legal requests

Sharing & Third Parties

We do not sell, rent, or trade your personal information. We share data only with the following service providers who assist in operating our platform:

ProviderPurposeData SharedPrivacy Policy
Auth0Authentication & identityEmail, name, login credentialsAuth0 Privacy
StripePayment processingBilling details, subscription statusStripe Privacy
ResendTransactional emailEmail address, nameResend Privacy
AWS S3Document storageEncrypted filesAWS Privacy
NeonDatabase hostingAll application data (encrypted)Neon Privacy
InngestBackground jobsJob metadata (no PII)Inngest Privacy
SentryError monitoringError logs, stack traces (no PII)Sentry Privacy
VercelFrontend hostingRequest logs, IP addressesVercel Privacy
RailwayAPI hostingApplication logsRailway Privacy

Other Disclosures

We may disclose information:

  • To comply with legal obligations, court orders, or government requests
  • To protect our rights, privacy, safety, or property
  • In connection with a merger, acquisition, or sale of assets (with notice to you)
  • With your explicit consent

Security Measures

We implement reasonable administrative, technical, and physical safeguards to protect your data:

Technical Safeguards

  • Encryption in Transit: All data transmitted via TLS (HTTPS)
  • Encryption at Rest: AES-256 encryption for stored data
  • Application-Level Encryption: Sensitive fields (Tax IDs) encrypted before database storage
  • Row-Level Security: PostgreSQL RLS ensures strict tenant isolation
  • Secure Authentication: Auth0 with support for MFA

Operational Safeguards

  • Audit Logging: All significant actions logged with timestamps and actor identification
  • Access Controls: Role-based permissions limit data access
  • No-Delete Architecture: Data is archived/voided, not permanently deleted, ensuring complete audit trails
  • Regular Reviews: Security practices reviewed at least annually

Limitations

While we use reasonable measures to protect your data, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.


Data Retention

We retain your data as follows:

Data TypeRetention PeriodReason
Account InformationDuration of account + 30 daysService delivery
Exchange Records7 years after exchange completionLegal/tax compliance
Audit Logs7 yearsCompliance and dispute resolution
Billing Records7 yearsTax and accounting requirements
Support Communications3 yearsService quality
Waitlist DataUntil launch + 1 year or unsubscribeMarketing (with consent)

You may request deletion of your data subject to legal retention requirements.


Your Rights

Depending on your location, you may have the following rights:

All Users

  • Access: Request a copy of your personal data
  • Correction: Update inaccurate or incomplete data
  • Deletion: Request deletion of your data (subject to legal retention)
  • Opt-Out: Unsubscribe from marketing communications
  • Data Portability: Receive your data in a structured format

California Residents (CCPA/CPRA)

California residents have additional rights under the California Consumer Privacy Act:

  • Right to Know: What personal information we collect, use, and disclose
  • Right to Delete: Request deletion of personal information
  • Right to Correct: Correct inaccurate personal information
  • Right to Opt-Out of Sale/Sharing: We do not sell or share your personal information for cross-context behavioral advertising. The "Do Not Sell or Share My Personal Information" right does not apply because we do not engage in these practices.
  • Non-Discrimination: We will not discriminate against you for exercising your rights

Categories of Personal Information Collected: Identifiers, commercial information, internet activity, professional information, and inferences drawn from the above.

Texas Residents (TDPSA)

Texas residents have rights under the Texas Data Privacy and Security Act:

  • Right to Access, Correct, Delete, and Port your personal data
  • Right to Opt-Out of targeted advertising, sale of personal data, and profiling
  • Global Privacy Control (GPC): We honor GPC browser signals as a valid opt-out request

Note: We do not sell personal data or engage in targeted advertising.

European Users (GDPR)

If you are in the European Economic Area, you have rights under GDPR including access, rectification, erasure, restriction, portability, and objection. You may also lodge a complaint with your local supervisory authority.

Exercising Your Rights

To exercise any of these rights, contact us at:

Email: privacy@ten31tracker.com

We will respond within the timeframe required by applicable law (typically 30-45 days). We may need to verify your identity before processing your request.


Cookies & Tracking

Essential Cookies Only

ten31tracker uses only essential cookies necessary for the application to function:

CookiePurposeDuration
Session cookieAuthentication stateSession
CSRF tokenSecuritySession

What We Do NOT Use

  • Third-party advertising cookies
  • Cross-site tracking
  • Behavioral profiling for ads
  • Social media tracking pixels

Analytics

We may use privacy-respecting analytics (e.g., Vercel Analytics) that do not track individuals across sites or create advertising profiles.


International Data Transfers

ten31tracker is based in the United States. If you access our service from outside the U.S., your data will be transferred to and processed in the U.S.

For users in the EEA/UK, we rely on:

  • Standard Contractual Clauses (SCCs) with our service providers
  • Service providers' compliance with applicable data protection frameworks

Children's Privacy

ten31tracker is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we learn we have collected such information, we will delete it promptly.


Changes to This Policy

We may update this Privacy Policy from time to time. We will:

  • Update the "Last Updated" date at the top
  • Notify you of material changes via email or in-app notice
  • Review this policy at least annually

Continued use of ten31tracker after changes constitutes acceptance of the updated policy.


Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at:

Email: privacy@ten31tracker.com

Mailing Address: ten31tracker LLC [Address to be added]


Summary of Key Points

TopicOur Practice
Data SaleWe do not sell your personal data
Targeted AdvertisingWe do not use your data for targeted ads
Third-Party SharingOnly with service providers listed above
EncryptionAES-256 at rest, TLS in transit
Tenant IsolationRow-Level Security ensures firm data separation
Audit TrailsAll significant actions logged for 7 years
Your ControlAccess, correct, delete, or port your data
GPC/Opt-OutWe honor Global Privacy Control signals

This policy is reviewed annually or upon material changes to our data practices.

ten31tracker is a tracking and organization tool only. It does not provide legal, tax, or financial advice. All users should consult qualified professionals for 1031 exchange guidance. Data security features are designed for confidentiality.