Privacy Policy

Capital Ladder (“Company,” “we,” “us,” or “our”) operates the website capitalladder.com and associated services (collectively, the “Platform”). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our Platform, subscribe to our newsletter, create an account, or use any of our tools and services.

We are committed to protecting your privacy and handling your data responsibly. By accessing or using the Platform, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.

1. Information We Collect

1.1 Account Information

When you create an account, we collect: full name, email address, password (stored in hashed form; we never store or have access to your plaintext password), account type selection (Free, Starter, or Accredited tier), accredited investor self-certification status (if applicable), and profile preferences.

1.2 Financial and Portfolio Data

When you use our portfolio tracker, deal analysis, or proforma tools, you may provide: property addresses and details, purchase prices, loan amounts, interest rates, rental income, vacancy rates, operating expenses, insurance policy details (carrier, coverage limits, deductibles, premiums), property tax amounts, property manager information, capital expenditure records, and entity/LLC information.

Important: We treat all portfolio data as confidential. Your individual property data is never shared with other users, third parties, or service providers without your explicit consent.

1.3 Syndication and Investment Interest Data

If you use our syndication marketplace features, we may collect: accredited investor verification status, investment preferences, deal interest expressions, and sponsor evaluation history.

1.4 User-Generated Content

When you participate in community features, we collect: forum posts and replies, “Review My Deal” submissions (which you control — anonymous posting is available), service provider reviews, and event registrations.

1.5 Payment Information

Payment processing is handled by Stripe, Inc. We do not store your full credit card number, CVV, or bank account details on our servers. We receive from Stripe: last four digits of your card, card brand, billing address, and transaction history.

1.6 Usage and Analytics Data

We automatically collect: IP address, browser type and version, device type, pages visited, time spent on pages, referring URL, and interaction data (tools used, searches performed, calculators run).

2. How We Use Your Information

• Platform operation: Account management, delivering subscriptions, processing payments, providing tools and calculators.
• Personalization: Customizing market recommendations, Deal Score calculations, and content based on your profile.
• Anonymized benchmarking: Your portfolio data contributes to aggregated, anonymized benchmark statistics (e.g., average CoC return by market, median insurance costs by ZIP). Individual data is never identifiable. We require a minimum of 5 properties from 3+ users before displaying any benchmark for a given geography, preventing statistical identification.
• Newsletter delivery: Sending your selected newsletter tier and transactional emails.
• Communication: Account notifications, security alerts, product updates, and marketing communications (opt-out available).

3. How We Share Your Information

We never sell your individual personal or financial data.

We share information only with:

• Supabase (database hosting): Account data, portfolio data — encrypted at rest and in transit
• Stripe (payments): Billing information only
• Beehiiv (newsletter): Email address and subscription tier
• Vercel (hosting): Usage analytics, IP addresses
• Google Analytics (optional): Anonymized usage patterns

Aggregated, anonymized benchmark data may be referenced in published content (e.g., “Capital Ladder investor data shows median insurance costs in ZIP 46142 are $1,680/year”). No individual investor is identifiable in any published data.

4. Cookies

We use essential cookies for authentication and session management. We use analytics cookies (Google Analytics) to understand Platform usage. We do not use advertising or tracking cookies. You can disable non-essential cookies in your browser settings.

5. Your Rights

You have the right to: access all data we hold about you, correct inaccurate data, delete your account and associated data, export your data in machine-readable format (CSV), opt out of marketing communications, and withdraw consent for non-essential data processing.

To exercise these rights, email privacy@capitalladder.com.

6. California Residents (CCPA/CPRA)

California residents have additional rights including: knowing what personal information is collected, requesting deletion, opting out of sale (we do not sell personal information), and non-discrimination for exercising privacy rights.

7. Data Retention

Account data is retained while your account is active and for 30 days after deletion request. Portfolio and financial data is deleted within 30 days of account deletion. Anonymized aggregate data (benchmarks) is retained indefinitely. Payment records are retained for 7 years per IRS requirements.

8. Security

We implement: TLS 1.3 encryption for all data in transit, AES-256 encryption for data at rest, bcrypt password hashing, row-level security in our database (users can only access their own data), regular security audits, and 72-hour breach notification commitment.

9. Children's Privacy

The Platform is not intended for individuals under 18 years of age. We do not knowingly collect data from minors.

10. Changes to This Policy

We will notify you of material changes via email and/or a prominent notice on the Platform at least 30 days before changes take effect.

Contact

For privacy questions: privacy@capitalladder.com