Skip to content

Privacy

Effective 2026-07. Short version: there is almost nothing to collect, so almost nothing is collected.

No cookies, no analytics, no tracking pixels, no accounts. Reading these pages sends us nothing.

  • Rate limiting: the worker holds your IP address and a request counter in memory for up to 60 seconds (a sliding per-minute window) to enforce the 30 calls/min limit. It is not written to storage and is discarded on rollover.
  • No application request logging: the worker does not persist who called what. The run metadata it stores (listing-refresh timestamps and counts) contains no user data.
  • Address lookups: if you call the underwrite or comps endpoints with a street address instead of coordinates, that address is sent to a third-party geocoder (OpenStreetMap Nominatim) to resolve it, and is not stored by us.
  • Infrastructure: the service runs on Cloudflare Workers; Cloudflare processes requests in order to deliver them, under its own policies.
  • No cookies, no analytics, no sale of anything.

Future, stated now so it isn’t a surprise

Section titled “Future, stated now so it isn’t a surprise”

When self-serve API keys ship (F2), accounts will exist for the first time: key identifiers, granted scopes, and issuance/usage audit logs. Retention periods for those logs will be stated on this page at launch, before any key is issued.

Questions: GitHub issues (repository link to be published).