Privacy

Curbnote surfaces public-record facts about Maryland real estate listings. The product is about properties, not people. This page documents what we read, what we keep, and the one narrow exception to that principle.

What we read

• The listing's address, price, days-on-market, price history, square footage, lot size, bedroom and bathroom counts, year built, zoning, special conditions, and the listing description text.
• Maryland public-record data tied to the parcel: SDAT assessments, FEMA flood zone, MERLIN / iMap environmental layers, county permit portals, and hand-curated polygon overlays.

What we do not read or store

• Listing photos.Never extracted. They are the most common place an owner's face, family, or identifiable interior shows up.
• Owner names. Even though they are public-record on SDAT, we derive only a coarse ownerType (individual / trust / LLC / corp / estate / government / other) and drop the name string.
• Virtual-tour URLs, phone numbers, email addresses, broker names, MLS remarks unrelated to property condition.
• Tracking pixels and analytics inside the extension.The extension is silent. Server-side observability counts requests per anonymous client UUID; it does not log which listings any individual user has viewed beyond what the dossier cache requires.

The one exception: listing-agent name (rule L1)

Rule L1flags listings where the listing agent appears on a known regional builder's "About" or "Team" page. That kind of affiliation can mean the listing is not an arm's-length resale — useful to know, especially on a to-be-built property.

Detecting this requires the listing-agent name. We treat that name as a narrowly-scoped, transient input:

• The extension reads the agent name from the listing page and sends it to the dossier API alongside the rest of the listing payload.
• The backend uses the name once, to look up affiliation against a committed roster of Maryland builders (data/builders.json). The roster contains agent names that are public-record on the builders' own websites.
• After the lookup, the agent name is discarded. It is not written to the dossier we return, not written to the database, not written to logs, not written to error-monitoring (Sentry), and not echoed back to the extension. The dossier's L1 finding text quotes the buildername and the builder's About-page URL — never the agent.
• The cache key for a dossier is a one-way SHA-256 hash; cleartext agent names never reach storage even via that path.

This is the only place in Curbnote where any agent or person name crosses our wire. It is a deliberate, documented exception to the property-only rule above; if you would prefer L1 not run at all on your visits, the extension's settings include an opt-out (and the "Forget my data" button clears all server-side records tied to your client UUID).

Accounts, usage, and payments

Searching requires a Curbnote account, created by signing in with an email address and a one-time code (no password). Here is exactly what that adds to the picture:

• Your email address, stored in our authentication provider (Supabase) and used to sign you in, to look up your plan, and — if you subscribe — as the email on your Stripe receipt. We do not send marketing email to account addresses and we never sell or share them.
• Your plan and usage counts. We record which plan your account is on and which properties your account has searched this month (as one-way address hashes, for the monthly unique-search quota). Usage rows are counts and hashes, not browsing history — we do not reconstruct or display a feed of what you looked at.
• Payments.Subscriptions are processed entirely by Stripe on Stripe-hosted pages. Your card number never touches our servers, and we store only Stripe's opaque customer and subscription identifiers — enough to know what plan is active, nothing more. Stripe's own privacy policy governs the payment data they hold.
• Beta invite codes. Redeeming a code records which code your account redeemed, so codes can be limited and revoked.

Sources we cite, not collect

Every flag in a Curbnote dossier links to its public source: the SDAT parcel page, the FEMA Map Service Center panel, a county permit portal, a builder's About page, and so on. We are surfacing what these sources already publish — we are not building a private dossier about anyone.

Forget my data

The Curbnote toolbar popup includes a "Delete my account & data" button. One click, end to end: it cancels any active subscription, deletes your Stripe customer record (Stripe retains its own transaction records as financial regulations require), deletes your plan, usage, and invite-code rows, deletes your sign-in email from our authentication provider, and wipes every row keyed to your anonymous client UUID — request counts and observability records included. The extension then forgets its local session. The roster file (builders.json) is not user data and is not affected.

Limits

Curbnote flags what we can detect from public records. It is not a substitute for a home inspection, a real estate attorney, or a financial advisor. Absence of a flag does not mean absence of an issue.