DisasterChief — Privacy Policy
Effective Date: March 8, 2026 Last Updated: March 8, 2026
1. Introduction
DisasterChief ("we," "us," or "our") operates a subscription-based SaaS platform that helps independent landlords manage rental property maintenance requests. This Privacy Policy explains how we collect, use, disclose, and protect personal information when you use our services, including the landlord dashboard (Progressive Web App), the tenant submission portal, the technician portal, and our API.
By using DisasterChief, you agree to the practices described in this policy. If you do not agree, please discontinue use of the platform.
2. Who This Policy Covers
This policy applies to three categories of individuals:
- Property Owners (Landlords): Subscribers who manage rental units through the DisasterChief dashboard.
- Tenants: Individuals who submit maintenance requests via SMS or the web form portal. Tenants do not create accounts and are not required to download any application.
- Technicians: Service professionals added to the platform by property owners, or who interact with the platform via SMS or the technician portal.
3. Information We Collect
3.1 Property Owners
When you register and use your landlord account, we collect:
- Account Information: Name, email address, and authentication credentials managed by our identity provider (Clerk).
- Company and Property Information: Company name, property addresses, unit details, and tenant assignments you enter into the platform.
- Billing Information: Payment method details and billing history, processed by Stripe. DisasterChief does not store raw payment card data.
- Subscription Data: Plan type, subscription status, trial period dates, and billing period information.
- Notification Preferences: Push notification subscription data (VAPID-based Web Push tokens), SMS preferences, and platform notification settings including approval gate and auto-approval thresholds.
- Usage Data: Actions taken within the dashboard, including request management decisions, technician assignments, category corrections, and approval/rejection actions, stored in an immutable audit log.
- Device Information: Browser type, device identifiers associated with push notification subscriptions.
3.2 Tenants
Tenants interact with DisasterChief without creating an account. We collect:
- Contact Information: Phone number (provided when submitting via SMS or the web form).
- Address and Unit Information: Property address or unit identifier associated with your submission.
- Maintenance Request Content: Descriptions of the issue you report, including text messages sent via SMS.
- Media Attachments: Photos or videos you attach to a submission via the web form or MMS.
- Bot-Protection Data: Interaction signals collected by Cloudflare Turnstile during web form submission to detect automated abuse.
- Access Tokens: A unique token associated with your request that allows you to view the status of your submission without logging in.
3.3 Technicians
Technicians may be added to the platform by property owners or may interact directly via SMS or the technician portal. We collect:
- Contact Information: Name, phone number, and/or email address provided by the property owner or by the technician directly.
- Service Information: Service categories, geographic service area, technician type (internal or external), and active/inactive status.
- Communication Data: SMS replies, availability responses, quote amounts, appointment notes, and photos or videos uploaded via the technician portal.
- Performance Data: Job history, response times, landlord ratings (1–5 stars), and completion records.
- Access Tokens: A unique token scoped to each assigned request, used to authenticate technician portal access without a login account.
4. How We Collect Information
- Directly from you: When you register, fill out forms, submit requests, reply via SMS, or upload media.
- Automatically: Through your use of the platform, including audit log entries, device push tokens, and usage activity.
- From third parties: Authentication data from Clerk; payment events from Stripe; inbound messages routed through Twilio.
- Via SMS: Inbound text messages to our Twilio-provisioned phone number are captured and processed by our system.
5. How We Use Information
We use the information we collect to:
- Deliver the platform: Process and route maintenance requests, dispatch technicians, notify tenants of status updates, and track resolution.
- Operate AI features: Send request text and relevant context to Anthropic's Claude API for categorization, urgency scoring, automated message drafting, and reply parsing. We do not use your data to train third-party AI models unless you explicitly opt in.
- Send communications: Deliver SMS messages via Twilio to tenants and technicians; send push notifications to property owners; send transactional email via our email provider.
- Process billing: Manage subscriptions, enforce plan limits, and handle payment events via Stripe.
- Manage security and abuse prevention: Rate-limit SMS submissions, verify bot protection via Cloudflare Turnstile, and maintain audit logs for dispute resolution and liability protection.
- Improve the platform: Analyze aggregated, de-identified usage patterns to improve features and reliability.
- Comply with law: Retain records as required by applicable legal obligations.
6. AI Processing
DisasterChief uses Anthropic's Claude API to categorize and prioritize maintenance requests and to draft outreach messages. When a request is processed by AI:
- Request text, urgency signals, and relevant property/tenant context are transmitted to Anthropic's API.
- Anthropic processes this data under their own privacy and data handling policies.
- No payment information or authentication credentials are transmitted to AI services.
- Property owners may submit category corrections through the dashboard; these corrections are stored as feedback examples and may be used to improve AI accuracy specifically for your account (few-shot examples).
7. How We Share Information
We do not sell your personal information. We share data only in the following circumstances:
7.1 Within the Platform
- Between owners and tenants: Request status updates and resolution information are shared with tenants via SMS and the public status page.
- Between owners and technicians: Request details, property address, and contact information are shared with assigned technicians to enable job coordination.
7.2 Third-Party Service Providers
We share data with the following categories of vendors who process it on our behalf:
| Provider | Purpose | Data Shared |
|---|---|---|
| Clerk | Landlord authentication | Owner account credentials and identity |
| Stripe | Subscription billing | Owner billing data, plan, and payment events |
| Telnyx | SMS delivery and inbound SMS | Phone numbers, message content |
| Twilio | SMS delivery and inbound SMS | Phone numbers, message content |
| Anthropic (Claude API) | AI categorization and message drafting | Request text, property context |
| Cloudflare | Bot protection (Turnstile) | Tenant form interaction signals |
| Email provider (e.g., Resend/SendGrid) | Transactional email | Recipient email address, message content |
| Cloudflare R2 / S3-compatible storage | Media file storage | Uploaded photos and videos |
| Railway / Vercel | Hosting and infrastructure | All platform data at rest and in transit |
All third-party providers are required to protect personal data consistent with this policy and applicable law.
7.3 Legal Requirements
We may disclose personal information if required to do so by law, regulation, or valid legal process, or to protect the rights, property, or safety of DisasterChief, our users, or the public.
7.4 Business Transfers
In the event of a merger, acquisition, or sale of assets, personal information may be transferred as part of that transaction. We will notify affected users via the platform or email before data is transferred and becomes subject to a different privacy policy.
8. Data Retention
| Data Category | Retention Period |
|---|---|
| Owner account and company data | Duration of subscription + 90 days after cancellation |
| Maintenance request records and audit logs | Minimum 3 years (liability protection) |
| Tenant phone numbers and request content | Retained with the associated request record |
| Billing records | 7 years (financial compliance) |
| AI category feedback | Retained until the owner deletes their account |
| Push notification tokens | Until revoked by the user or subscription expires |
| Media attachments (photos/videos) | Retained with the associated request record |
You may request deletion of your personal data at any time (see Section 11).
9. Data Security
We implement industry-standard security measures to protect your information:
- All data is encrypted in transit using TLS.
- Data at rest is encrypted by our hosting and storage providers.
- Tenant and technician portal access is controlled via unique, scoped tokens — no password required and no shared credentials.
- The admin console uses separate, secret-key–gated session authentication isolated from the landlord-facing platform.
- Audit logs are immutable — no record can be modified after it is written.
- We perform regular dependency audits and follow OWASP security practices in our codebase.
No method of transmission or storage is 100% secure. We cannot guarantee absolute security, but we are committed to protecting your data using commercially reasonable means.
10. Cookies and Tracking
- Landlord dashboard: Uses session cookies set by Clerk for authentication. No third-party advertising cookies are used.
- Admin console: Uses a server-set session cookie for authentication, scoped to the admin origin.
- Tenant portal: Cloudflare Turnstile may use cookies or local storage for bot detection purposes.
- Push notifications: We store Web Push subscription tokens locally on your device and in our database.
We do not use tracking pixels, advertising networks, or behavioral profiling.
11. Your Rights and Choices
Depending on your jurisdiction, you may have the following rights:
- Access: Request a copy of the personal data we hold about you.
- Correction: Request correction of inaccurate or incomplete data.
- Deletion: Request deletion of your personal data, subject to retention obligations (e.g., audit logs, financial records).
- Objection / Restriction: Object to or request restriction of certain processing activities.
- Portability: Receive your data in a structured, machine-readable format.
- Withdraw Consent: Where processing is based on consent, withdraw that consent at any time.
Property owners may manage most data directly from the Settings section of the dashboard, including notification preferences, company and property data, and account deletion.
Tenants and technicians who wish to exercise data rights should contact us using the information in Section 14.
We will respond to verifiable requests within 30 days.
12. Children's Privacy
DisasterChief is not directed at individuals under the age of 18. We do not knowingly collect personal information from minors. If you believe we have inadvertently collected information from a minor, please contact us and we will delete it promptly.
13. Changes to This Policy
We may update this Privacy Policy periodically. When we make material changes, we will:
- Update the "Last Updated" date at the top of this document.
- Notify property owners via the dashboard or email at least 14 days before changes take effect.
Continued use of the platform after changes take effect constitutes acceptance of the revised policy.
14. Contact
If you have questions, concerns, or requests related to this Privacy Policy or your personal data, please contact:
DisasterChief Privacy Inquiries Email: privacy@disasterchief.com