Privacy
Policy.

BLACK SUN HOLDING LLC, doing business as HomeTrace (“HomeTrace,” “we,” “us,” or “our”), is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our property history report services (collectively, the “Service”).

By using the Service, you consent to the practices described in this policy. If you do not agree, please do not use the Service.

1. Information We Collect

1.1 Information You Provide Directly

• Account information: Name, email address, phone number, and password when you create an account.
• Payment information: Billing name, billing address, and payment method details. Credit card numbers and sensitive payment data are processed and stored exclusively by our payment processor, Stripe, Inc. — we never see or store your full card number.
• Property search data: Addresses and property identifiers you enter when requesting Reports.
• Communications: Messages, emails, or information you send us through support channels, contact forms, or live chat.

1.2 Information Collected Automatically

• Device & browser data: IP address, browser type and version, operating system, device type, screen resolution, and unique device identifiers.
• Usage data: Pages visited, time spent on pages, click patterns, referring URLs, search queries within the Service, and navigation paths.
• Location data: Approximate geographic location derived from your IP address (we do not collect precise GPS location).
• Cookies & similar technologies: See Section 5 below.

1.3 Information from Third Parties

• Payment processor: Stripe may provide us with transaction status, last four digits of your card, and billing address for order fulfillment and fraud prevention.
• Analytics providers: We may receive aggregated and anonymized analytics data from services like Google Analytics.

2. How We Use Your Information

We use the information we collect to:

• Provide, operate, and maintain the Service, including generating and delivering property history Reports
• Process payments and send transaction confirmations and receipts
• Communicate with you about your account, orders, and support requests
• Send you service-related notifications (e.g., report delivery, subscription renewal reminders, payment failures)
• Improve and optimize the Service through analytics and usage patterns
• Detect, prevent, and address fraud, abuse, and security incidents
• Comply with legal obligations and enforce our Terms of Service
• Send marketing communications (only with your consent; you may opt out at any time)

3. How We Share Your Information

We do not sell, rent, or trade your personal information to third parties for their marketing purposes. We may share your information only in the following circumstances:

• Payment processing: With Stripe to process your transactions securely.
• Service providers: With trusted third-party vendors who perform services on our behalf (e.g., email delivery, hosting, analytics), subject to confidentiality obligations and limited to the data necessary for their function.
• Legal compliance: When required by law, subpoena, court order, or government regulation, or when we believe disclosure is necessary to protect our rights, safety, or property, or the rights, safety, or property of others.
• Business transfers: In connection with a merger, acquisition, bankruptcy, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you via email and/or prominent notice on the Service before your information becomes subject to a different privacy policy.
• With your consent: In any other circumstances where you have provided explicit consent.

4. Data Retention

• Account data: Retained for as long as your account is active. If you delete your account, we will delete or anonymize your personal data within 30 days, except where retention is required by law (e.g., tax records, transaction logs).
• Reports: Available in your account for 12 months after purchase. After that, report data is automatically purged from our systems.
• Payment records: Transaction records are retained for 7 years to comply with tax and accounting regulations.
• Usage & analytics data: Retained in aggregated, anonymized form indefinitely. Identifiable usage data is deleted within 26 months.
• Support communications: Retained for 3 years after your last interaction for quality assurance and dispute resolution.

5. Cookies & Tracking Technologies

5.1 What We Use

• Essential cookies: Required for the Service to function (e.g., session management, authentication, shopping cart). These cannot be disabled.
• Analytics cookies: Help us understand how visitors interact with the Service (e.g., Google Analytics). These collect anonymized data.
• Functional cookies: Remember your preferences (e.g., saved addresses, display settings).
• Marketing cookies: Used to deliver relevant advertisements and measure campaign effectiveness. Only set with your consent.

5.2 Your Choices

You can control cookies through your browser settings. Most browsers allow you to block or delete cookies. Please note that disabling essential cookies may prevent the Service from functioning properly. You can also opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.

6. Data Security

We implement industry-standard security measures to protect your personal information, including:

• 256-bit TLS/SSL encryption for all data transmitted between your browser and our servers
• Encryption of sensitive data at rest using AES-256
• Regular security audits and vulnerability assessments
• Access controls limiting employee access to personal data on a need-to-know basis
• PCI DSS-compliant payment processing through Stripe
• Automated monitoring for unauthorized access attempts

While we take commercially reasonable precautions, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

7. Your Rights & Choices

7.1 All Users

Regardless of your location, you may:

• Access and update your personal information through your account settings
• Request a copy of the personal data we hold about you
• Request deletion of your account and personal data
• Opt out of marketing communications at any time by clicking “unsubscribe” in any marketing email or by contacting us
• Withdraw consent for non-essential cookies

7.2 California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act and the California Privacy Rights Act:

• Right to Know: You may request the categories and specific pieces of personal information we have collected, the sources, the purposes, and the third parties we share it with.
• Right to Delete: You may request deletion of your personal information, subject to certain exceptions.
• Right to Correct: You may request correction of inaccurate personal information.
• Right to Opt Out of Sale/Sharing: We do not sell or share (as defined by CCPA/CPRA) your personal information for cross-context behavioral advertising.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights.

To exercise these rights, email us at support@hometrace.com with the subject line “CCPA Request.” We will verify your identity and respond within 45 days.

7.3 EEA/UK Residents (GDPR)

If you are located in the European Economic Area or United Kingdom, you have additional rights under the General Data Protection Regulation:

• Legal basis: We process your data based on contractual necessity (to deliver Reports you purchase), legitimate interest (to improve the Service and prevent fraud), and consent (for marketing communications).
• Right to access, rectification, erasure, restriction, portability, and objection — contact us to exercise these rights.
• Right to lodge a complaint with your local data protection authority.
• Data transfers: Your data may be transferred to and processed in the United States. We rely on Standard Contractual Clauses and other legally approved mechanisms to ensure adequate protection.

7.4 Other U.S. State Privacy Laws

We comply with applicable state privacy laws, including those in Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), and other states that have enacted consumer data privacy legislation. Residents of these states may exercise their rights by contacting us at support@hometrace.com.

8. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected personal data from a child under 18, we will delete that information promptly. If you believe a child has provided us with personal information, please contact us at support@hometrace.com.

9. Do Not Track Signals

Some browsers transmit “Do Not Track” (DNT) signals. We currently do not respond to DNT signals because there is no industry-wide standard for compliance. However, you can control tracking through your cookie preferences and browser settings as described in Section 5.

10. Third-Party Links

The Service may contain links to third-party websites or services that are not owned or controlled by HomeTrace. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party services you access.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email (sent to the address associated with your account) and/or by posting a prominent notice on the Service at least thirty (30) days before the changes take effect. The “Last updated” date at the top of this page reflects the most recent revision. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.

12. Data Breach Notification

In the event of a data breach that compromises your personal information, we will notify affected users within 72 hours of becoming aware of the breach via email and/or a prominent notice on the Service, in accordance with applicable law. We will provide details about the nature of the breach, the data affected, steps we are taking to address it, and recommended actions you can take to protect yourself.

13. Contact Information

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us:

• Email: support@hometrace.com
• Phone: (619) 984-3533
• Entity: BLACK SUN HOLDING LLC
• Privacy inquiries subject line: “Privacy Request”

For complaints that we are unable to resolve, you may contact your local data protection authority or the Federal Trade Commission (FTC).