Pillar Logo
PILLAR
Log inSign up

Privacy Policy

Last Updated: January 2025

This Privacy Policy describes how Pillar Technologies Inc. ("Pillar," "we," "us," or "our") collects, uses, discloses, and protects information when you use our real estate intelligence platform and related services (the "Service").

Pillar will not sell or share your Personal Data as such terms are defined in the California Privacy Rights Act ("CPRA") or similar state privacy laws.

We are committed to protecting your privacy and handling your data responsibly. Please read this Privacy Policy carefully to understand our practices.

1. Information We Collect

1.1 Information You Provide Directly

Account Information

When you create an account, we collect:

  • First and last name
  • Email address
  • Password (stored in encrypted form)
  • Job title (optional)
  • Profile photo/avatar (optional)

Organization Information

When you create or join an Organization, we collect:

  • Organization name
  • Billing email address
  • Team member information (names, email addresses, roles)

Payment Information

When you subscribe to a paid plan, we collect through our payment processor (Stripe):

  • Billing name and address
  • Payment method details (processed and stored by Stripe)
  • Transaction history

User-Generated Content

When you use the Service, we collect:

  • Projects, notes, and descriptions you create
  • Contacts you add or import
  • Files you upload (shapefiles, GeoJSON, CSV, Parquet, images)
  • Custom fields and data you define
  • Mail designs and campaign content
  • Search queries and saved searches

Communications

When you contact us, we collect:

  • Email correspondence
  • Support requests
  • Feedback and suggestions

1.2 Information Collected Automatically

Usage Data

When you use the Service, we automatically collect:

  • Features accessed and actions taken
  • Search queries and filter criteria
  • Map interactions (areas viewed, layers enabled)
  • Time spent on features
  • Error logs and performance data

Device and Technical Information

  • IP address
  • Browser type and version
  • Operating system
  • Device identifiers
  • Referring URLs

Cookies and Similar Technologies

We use cookies and similar tracking technologies to track activity on our Service and store certain information. Cookies are files with a small amount of data which may include an anonymous unique identifier.

Types of Cookies We Use:

  • Session Cookies: We use Session Cookies to operate our Service and maintain your authentication.
  • Preference Cookies: We use Preference Cookies to remember your preferences and various settings.
  • Security Cookies: We use Security Cookies for security purposes.
  • Analytics Cookies: We use Analytics Cookies to understand how you use our Service and improve it.

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.

Local Storage

We store certain preferences locally in your browser, including:

  • Map layer visibility settings
  • Basemap preferences
  • UI state preferences

This data remains on your device and is not transmitted to our servers unless you explicitly save preferences to your account.

2. How We Use Your Information

2.1 Providing the Service

We use your information to:

  • Create and manage your account
  • Process subscriptions and payments
  • Provide property and contact data you request
  • Enable CRM and project management features
  • Process and deliver direct mail campaigns
  • Store and display your uploaded files and content
  • Provide customer support

2.2 Improving the Service

We use information to:

  • Analyze usage patterns to improve features
  • Debug issues and optimize performance
  • Develop new features and services
  • Personalize your experience

2.3 Communications

We use your contact information to:

  • Send transactional emails (password resets, invitation links, receipts)
  • Notify you of important account or Service changes
  • Send product updates and announcements (with your consent)
  • Respond to your inquiries

2.4 Security and Compliance

We use information to:

  • Protect against fraud and unauthorized access
  • Enforce our Terms of Service
  • Comply with legal obligations
  • Maintain audit logs for security purposes

2.5 Analytics

We use analytics services (including PostHog) to understand how users interact with our Service. This helps us improve functionality and user experience. Analytics data includes:

  • User identification (user ID, email, name)
  • Organization identification
  • Feature usage events
  • Session information

Pillar owns the intellectual property rights in Usage Data.

3. Information Sharing and Disclosure

3.1 With Your Organization

If you are part of an Organization:

  • Organization owners and administrators can view member information
  • Team members may see shared projects, contacts, and content
  • Activity within the Organization may be visible to other members

3.2 Service Providers

We share information with third-party providers who assist in delivering our Service:

  • Supabase - Database, authentication, file storage
  • Stripe - Payment processing
  • Mapbox - Map visualization
  • Regrid - Parcel data
  • Zoneomics - Zoning data
  • SkipSherpa/Whitepages - Contact lookup
  • PCM Integrations - Direct mail
  • Resend - Email delivery
  • PostHog - Analytics
  • OpenAI - Image enhancement

These providers are contractually obligated to protect your information and use it only for the purposes we specify.

3.3 Legal Requirements

We may disclose information when required by law, including to:

  • Comply with legal process (subpoenas, court orders)
  • Respond to government requests
  • Protect our rights, privacy, safety, or property
  • Enforce our Terms of Service

3.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. We will notify you of any such change.

3.5 With Your Consent

We may share information in other circumstances with your explicit consent.

3.6 Aggregated or De-Identified Data

We may share aggregated or de-identified information that cannot reasonably identify you for research, marketing, or other purposes.

4. Data Retention

4.1 Account Data

We will retain your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy, but no more than twelve (12) months after the termination of your account. We will retain and use your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.

After account termination, we may retain certain information for:

  • Legal compliance
  • Dispute resolution
  • Enforcing agreements
  • Legitimate business purposes

4.2 Content and Files

Your uploaded content and files are retained while your account is active. Upon account termination, we will delete your content within twelve (12) months unless retention is required by law.

4.3 Usage and Analytics Data

Usage data may be retained in aggregated or anonymized form indefinitely for analytical purposes.

4.4 Audit Logs

Security audit logs are retained indefinitely for compliance and security purposes.

4.5 Third-Party Data

Property and contact data obtained from third-party providers is subject to those providers' retention policies.

5. Data Security

5.1 Security Measures

We implement technical and organizational measures to protect your information, including:

  • Encryption of data in transit (HTTPS/TLS)
  • Secure authentication with hashed passwords
  • Row-Level Security (RLS) at the database level
  • Organization-based access controls
  • Regular security assessments
  • Access logging and monitoring

5.2 Access Controls

  • Only authorized personnel can access user data
  • Database access is restricted by role
  • Super administrator actions are logged for audit purposes

5.3 Your Responsibilities

You are responsible for:

  • Maintaining the security of your account credentials
  • Reporting any suspected security breaches
  • Using secure connections when accessing the Service

5.4 No Guarantee

While we strive to protect your information, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

6. Your Rights and Choices

6.1 Access and Portability

You can:

  • Access your account information through your profile settings
  • Export your data by contacting support
  • Download files you've uploaded

6.2 Correction

You can update your account information through your profile settings. For other data corrections, contact support.

6.3 Deletion

You may request deletion of your account and associated data by contacting support. Note that:

  • Some information may be retained for legal or legitimate business purposes
  • Data shared with third parties may not be retrievable
  • Account deletion is processed by administrators

6.4 Communication Preferences

You can:

  • Opt out of marketing communications via unsubscribe links
  • Update notification preferences in your account settings

Note: You cannot opt out of transactional communications necessary for Service delivery.

6.5 Cookies

You can manage cookie preferences through your browser settings. Disabling cookies may affect Service functionality.

6.6 Do Not Track

We do not currently respond to "Do Not Track" browser signals.

7. State-Specific Privacy Rights

7.1 California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

Right to Know

You may request disclosure of:

  • Categories of personal information collected
  • Sources of personal information
  • Business purposes for collection
  • Categories of third parties with whom we share information
  • Specific pieces of personal information collected

Right to Delete

You may request deletion of personal information we have collected, subject to certain exceptions.

Right to Correct

You may request correction of inaccurate personal information.

Right to Opt-Out of Sale/Sharing

We do not sell personal information. We do share information with third-party service providers as described in Section 3.

Right to Limit Use of Sensitive Personal Information

You may request that we limit the use and disclosure of sensitive personal information.

Right to Non-Discrimination

We will not discriminate against you for exercising your privacy rights.

Right to Private Action

You have the right to initiate a private cause of action for certain data breaches as provided under CPRA.

Authorized Agents

You may designate an authorized agent to make requests on your behalf.

Categories of Information

In the past 12 months, we have collected:

  • Identifiers (name, email, IP address)
  • Commercial information (transaction history, subscription data)
  • Internet activity (usage data, browsing history within the Service)
  • Geolocation data (derived from IP address, map interactions)
  • Professional information (job title, organization)

Shine the Light

California Civil Code Section 1798.83 permits California residents to request information about disclosure of personal information to third parties for direct marketing. We do not disclose personal information to third parties for their direct marketing purposes.

7.2 Virginia, Colorado, Connecticut, and Utah Residents

Residents of these states have similar rights including:

  • Right to access
  • Right to delete
  • Right to correct
  • Right to data portability
  • Right to opt out of targeted advertising

To exercise these rights, contact us using the information in Section 12.

7.3 Nevada Residents

Nevada residents may opt out of the sale of personally identifiable information. We do not currently sell personal information as defined by Nevada law.

8. International Data Transfers

8.1 Data Location

Our Service is hosted in the United States. Your consent to this Privacy Policy followed by your submission of information represents your agreement to the transfer and processing of your data in the United States.

8.2 EU/EEA Users

If you are located in the European Union or European Economic Area, your personal data may be transferred to the United States where data protection laws may differ. We implement appropriate safeguards for such transfers.

8.3 GDPR Rights

If GDPR applies to you, you have rights including:

  • Access
  • Rectification
  • Erasure
  • Restriction of processing
  • Data portability
  • Objection
  • Rights related to automated decision-making

To exercise these rights, contact us at pillar@pillarhq.co.

9. Links to Other Sites

Our Service may contain links to other sites that are not operated by us. If you click a third-party link, you will be directed to that third party's site. We strongly advise you to review the Privacy Policy of every site you visit.

We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

10. Children's Privacy

The Service is not intended for children under 18. We do not knowingly collect personal information from children. If we learn we have collected information from a child, we will delete it promptly. If you believe a child has provided us information, please contact us.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Posting the updated policy on our website
  • Sending an email to your registered email address
  • Displaying a notice within the Service

Your continued use of the Service after changes become effective constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact us:

Pillar Technologies Inc.

Privacy Inquiries:
Email: pillar@pillarhq.co

General Contact:
Email: pillar@pillarhq.co

Data Protection Officer:
Email: pillar@pillarhq.co

13. Additional Information for Specific Features

13.1 Skip Tracing and Contact Data

When you use skip tracing features:

  • We query third-party providers with property information (addresses, owner names)
  • Contact information returned may include names, phone numbers, emails, and addresses
  • This data is cached in your Organization's workspace
  • You are responsible for complying with applicable laws when using this data
  • We track credit usage for these lookups

13.2 Direct Mail Campaigns

When you use mail services:

  • Recipient names and addresses are shared with our mail fulfillment partner
  • Mail designs and content you create are stored and transmitted for printing
  • Delivery status information is received and stored
  • Undeliverable addresses are tracked

13.3 Map and Location Features

When you use mapping features:

  • Your map interactions (pan, zoom, area views) may be logged
  • Geographic coordinates of properties you search are processed
  • Layer preferences are stored locally and/or in your account
  • Satellite imagery may be processed through third-party services

13.4 File Uploads

When you upload files:

  • Files are stored in secure cloud storage
  • File metadata (name, size, type, upload date) is stored
  • Geospatial files may be processed to extract geometry and attributes
  • Files remain accessible to your Organization members with appropriate permissions

13.5 Analytics and Tracking

We use third-party service providers to monitor and analyze the use of our Service:

PostHog

PostHog is a product analytics platform that helps us understand how users interact with our Service.

  • Events tracked include feature usage, navigation, and actions taken
  • User identification links events to your account
  • Session information helps us understand user journeys
  • For more information: https://posthog.com/privacy
  • To opt out or request deletion of your analytics data, contact us at pillar@pillarhq.co

Stripe

Stripe provides payment processing and may collect analytics related to billing.

We do not currently use advertising or remarketing services. If this changes, we will update this Privacy Policy.

14. Glossary

  • Personal Information: Information that identifies, relates to, or could reasonably be linked to you or your household.
  • Service Provider: A third party that processes personal information on our behalf.
  • Processing: Any operation performed on personal information, including collection, use, storage, and disclosure.
  • Controller: The entity that determines the purposes and means of processing personal information.
  • Processor: An entity that processes personal information on behalf of a controller.

This Privacy Policy is designed to be transparent about our data practices. If you have any questions or concerns, please don't hesitate to contact us.