Privacy Policy

Last updated: March 23, 2026

We collect only what we need to run 3Y, we never sell your data, and you control your information.

The Short Version

We collect the minimum needed to create your account, run analyses, and support you. We don’t sell your personal data. We don’t use your property inputs or your reports for advertising. You own your specific analyses and reports and can delete them—or your whole account—anytime.

  • Emails: We send required service emails (security, receipts, critical updates). Optional product/promotional emails include an unsubscribe in every message.
  • Vendors we use: Stripe (payments), Firebase (auth/database), AWS (hosting), Google Maps (location), and Sentry (error monitoring). We choose reputable U.S. federal and trusted sources for market data.
  • Security: We use industry-standard practices, but no system is perfect—use a strong, unique password.

What We Collect & Why

Account Info

What: Email, name, hashed password.

Why: To create and secure your account, communicate about service activity.

Property & Goal Inputs

What: Addresses, purchase price/expense assumptions, loan terms, target returns, your goals.

Why: To generate cashflow scores, location scores, combined 3Y scores, target prices, and ROI projections at 3/5/7+ years.

Analysis Results

What: Scores, projections, neighborhood analytics, comparisons.

Why: To show and save your reports; power your history and exports.

Usage & Device Basics

What: Log and event data, app version, browser/device, IP (approximate location).

Why: To keep the service reliable, secure, and improve performance.

Security & Fraud Prevention Data

What We Collect

Limited account-related data (such as email or phone) transformed into a pseudonymous digital fingerprint using a one-way, salted hash function. This can’t be reversed or used to contact you.

Basic diagnostic reports and anonymized session interaction data when an error occurs—typically a message, timestamp, environment, page path, and a visual reconstruction of the UI leading up to the crash—to help us improve stability. We utilize strict client-side masking so these reports do not collect or transmit the actual text of your property data, financial details, or form inputs.

Why We Collect It

  • To prevent repeated free-tier sign-ups and maintain fair-use limits.
  • To protect our systems from automated or abusive behavior.
  • To detect and troubleshoot app errors efficiently.

How We Use It

These identifiers are used only for platform security and abuse prevention—not for analytics, marketing, or personalization. We retain them only as long as needed to prevent recurring abuse, and keep short-term diagnostic logs (usually under 90 days) for troubleshooting.

What We Don’t Do

  • Sell your personal data.
  • Use your property data or reports for advertising.
  • Share your specific analyses with other customers.
  • Retain your personal data after you delete your account (except where law requires limited retention, e.g., billing records).

Email Communications

Service Emails Required

Account verification, password resets, security alerts, plan limits, invoices/receipts, and essential service updates. You can’t opt out because they’re necessary to run your account.

Product & Promotional Emails Optional

Feature announcements, tips, educational content, occasional promotions. You can unsubscribe at any time using the link in every message. Unsubscribing doesn’t affect service emails.

Your Data & Ownership

  • You own the specific analyses, reports, and exports tied to your account.
  • We own the 3Y platform, models, and underlying methodology.
  • You grant 3Y a limited license to process your inputs/results to operate, secure, and improve the service.

Data Sources We Use

We pull data from trusted sources, including U.S. Census Bureau, BLS, FEMA, FHFA, FBI, NOAA, the Federal Reserve, Realtor.com® Economic Research, Google Maps, and other reputable third-party providers. We strive for accuracy but can’t guarantee it; you should validate assumptions for your use case.

Vendors & Where Data Lives

  • Stripe – payment processing (we don’t store full card numbers).
  • Firebase – authentication and database.
  • AWS – secure hosting and storage.
  • Google Maps – geocoding and maps.
  • Sentry – crash reporting and application monitoring (data is anonymized).

These providers act as processors where applicable and have their own privacy terms. We share only what’s needed to provide the service.

Security

We apply industry-standard safeguards (encryption in transit, access controls, backups, monitoring). No online service is 100% secure. Protect your account with a strong, unique password and don’t share login credentials.

Your Rights & Controls

  • Access your data and download reports.
  • Delete individual analyses or your entire account.
  • Change email preferences; unsubscribe from promotions anytime.
  • Request a copy or deletion of your data by emailing hello@3ynow.com.

Data Retention

We retain account data while your account is active. If you delete your account, we delete associated personal data within a reasonable period, except for limited records we must keep (e.g., invoices) for legal, tax, or security purposes.

Aggregated & anonymized data. We generate aggregated and anonymized statistics from platform activity—for example, daily and monthly report volume, feature usage counts, and market-level analytics. Once data has been aggregated or anonymized such that it cannot reasonably be linked back to you or any individual user, it no longer constitutes your personal data and is not deleted when you close your account. We retain and use this aggregated data indefinitely to operate, improve, and report on the service.

Children

3Y is for adults (18+). We don’t knowingly collect personal data from children.

Changes to This Policy

If we make material changes, we’ll notify you in-app or by email. Continued use after changes means you accept the updated policy.

Contact

Questions or requests? Email hello@3ynow.com.