Privacy

Privacy Policy.

What we collect, what we don't, how long we keep it, who we share it with. Plain language. No tracking pixels, no resale, no model training on your data.

Effective: 2026-05-20  ·  Last reviewed: 2026-06-12  ·  Version: v1.7

1. Who we are

Avow LLC, a Massachusetts limited liability company ("Avow," "we," "us"), is a software service that delivers federal environmental compliance data and regulatory screening memos for project areas in the United States. Standard and Pro screening memos are generated deterministically with no third-party AI involvement; the Expert tier adds an AI synthesis layer using Anthropic as a sub-processor (see Section 4). Contact: [email protected].

2. What we collect

2.1 Account information

Avow does not require account creation or passwords. Identity is keyed to the email address you provide at checkout. The data we hold is:

2.2 Email-verification codes (Firm Plan subscribers)

Firm Plan subscribers' memo orders are covered by their subscription's project credits and do not pass through Stripe Checkout (no payment step). To prevent credit-burn attacks (where someone who knows a subscriber's email could submit orders against their project credits), we issue a short-lived 6-digit verification code that the subscriber receives by email and enters in the order window. For each code we briefly retain:

We do not store the IP address of the device that requested the code. Rate-limiting against abuse is performed per-email (a capped number of codes per email per hour), not per-IP. Platform-level request logs maintained by our infrastructure provider (Render) capture IP addresses for short-term operational use (typically 7–30 days) and are not linked to the verification-code records.

Codes expire automatically after 15 minutes and the row is purged within 24 hours by a daily scheduled job. After successful verification, a short-lived (15-minute) session token is minted; the token is signed cryptographically and stored only in the subscriber's browser (sessionStorage, cleared on tab close). Avow's servers do not store session tokens, only the brief verification-code rows described here.

2.3 Team-membership data (Firm Plan multi-user)

A Firm Plan subscription supports up to ten authorized team email addresses. When a subscription owner adds your email as a team member via the team dashboard at /team, we store:

This data is used solely to verify your right to consume the subscription's project credits at checkout. If your email was added without your knowledge or consent, reply to the welcome email you received or contact [email protected] from that address, and we will remove you immediately.

2.4 Administrative audit log (Firm Plan team admin)

We maintain an append-only log of administrative actions taken via the Firm Plan team dashboard: sign-in code requests, successful sign-ins, team-member additions, team-member removals, and sign-outs. Each log entry records:

We do not store the IP address of the requester in this log. Platform-level request logs maintained by our infrastructure provider (Render) capture IP addresses for short-term operational use (typically 7–30 days) and are not linked to the administrative audit log.

The audit log is used solely for security investigations and dispute resolution. Logs are retained while the subscription is active and may be deleted on written request to [email protected] from the subscription owner.

2.5 Project area geometry

Shareable project-area links. If you use the "Copy shareable link" option on the project-area step, Avow stores the geometry you drew as a standalone snapshot under a randomly generated, unguessable identifier, so that anyone you send the link to lands on the order form with that same area pre-loaded. This snapshot contains the polygon geometry only: no email, no IP address, no pack or tier selection, and nothing that identifies you. The identifier in the link is the only way to retrieve it (the store cannot be listed or enumerated), and the snapshot is automatically deleted 30 days after it is created. A shared link pre-fills the order form only; the recipient must still complete payment to receive any data pack or screening memo.

2.6 Operational telemetry (never linked to your email in public dashboards)

2.7 Cookies and browser local storage

Avow does not use any analytics, advertising, social-media, or third-party tracking cookies. The Avow site sets no cookies at all: there is no cookie banner because there is nothing to consent to.

Avow uses Stripe Checkout via redirect to checkout.stripe.com for payment processing. While you are on Stripe's checkout page, Stripe may set its own session and fraud-prevention cookies under the stripe.com domain; those cookies are governed by Stripe's privacy policy, not this policy.

Browser local storage. When you sign in to the Firm Plan team-admin dashboard at /team, your browser stores a single signed session token in localStorage under the key avow_team_admin_token. The token expires after 30 minutes of inactivity, is rotated on each authenticated request, and is cleared when you click "Sign out." Its contents are limited to the email address you signed in with, a reference to the subscription, and the token's expiration timestamp. No other data is stored in your browser by Avow itself.

3. What we do not collect

4. AI sub-processor disclosure (Expert tier only)

Standard and Pro screening memos do not invoke any third-party AI provider. No AOI metadata, no pack contents, and no other customer data leaves Avow's infrastructure for AI generation purposes when you purchase a Standard or Pro memo. The deterministic engine that produces those memos runs entirely on Avow's own servers against the versioned regulatory corpus.

Expert tier: when you purchase an Expert Screening Memo, the deterministic base is generated identically to Standard and Pro, and an AI synthesis layer is then applied on top using Anthropic's Claude Sonnet 4.5 model. For this synthesis step only, allow-listed AOI metadata and pack contents are sent to Anthropic, our LLM sub-processor, solely to generate your Expert memo's narrative layer. Anthropic processes the request under its commercial terms, which prohibit using customer inputs for model training. We can provide a Data Processing Addendum reference on request.

We project AOI metadata through a hard-coded allow-list before any prompt is constructed for the Expert AI layer. The fields that may be sent to Anthropic are exactly: filename (truncated to 200 characters, with newlines stripped), area_acres, state, centroid_lat (rounded to four decimal places), and centroid_lon (rounded to four decimal places). Raw geometry coordinates, full polygon vertices, parcel identifiers, owner names, or any other attribute fields are never transmitted to Anthropic. The allow-list is hard-coded in Avow's generation pipeline (nothing in a request can widen it), and changes to it are version-controlled and reflected on this page.

4.1 Automated decision-making (Expert tier only)

The Expert tier's AI synthesis layer generates narrative regulatory commentary on top of the deterministic base. It does not make automated decisions about whether your project complies with any law, qualifies for any permit, triggers any agency consultation, or carries any specific liability. All such determinations remain the responsibility of the Customer or its retained Licensed Professional (see Terms of Service Section 5). Customers who object to AI-generated content may purchase Standard or Pro instead. Both are generated deterministically without any LLM involvement (Terms of Service Section 12). Standard and Pro tiers involve no automated decision-making technology of any kind.

5. Retention

Avow retains each category of data only as long as needed for the stated purpose:

Category Retention Basis
AOI geometry 90 days from delivery Service delivery; deletion on request
Shareable AOI snapshot (geometry only, no PII) 30 days from creation Convenience of link sharing; auto-deleted by a daily scheduled job
Delivered pack files 90 days from delivery Service delivery; deletion on request
Screening memos 90 days from delivery Service delivery; deletion on request
Order metadata (email, Stripe ID, SKU, timestamps, layer-success flags, corpus version) 7 years from delivery IRS retention; Stripe chargeback window; audit trail (see Section 9)
Firm Plan subscription + usage records Duration of subscription + 7 years Quota enforcement during active subscription; tax + chargeback retention thereafter
Email-verification codes (6-digit, Firm Plan only) 15 minutes (then auto-expired; row purged within 24 hours by a daily scheduled job) Credit-burn defense (see Section 2.2)
Operational telemetry (aggregated, no PII) Indefinite Service-quality monitoring; never linked to email
Email correspondence to Avow privacy / legal / support aliases Up to 7 years Customer-support history and audit; deletion on request once any open matter is closed

Backups. Avow does not maintain separate backups of AOI geometry, pack files, or screening memos; once Cloudflare R2 deletes an object at the end of its 90-day TTL, the deletion is permanent. The Supabase database that holds order metadata (Section 9) is subject to Supabase's platform-managed backup schedule; those backups follow Supabase's published retention policy and are outside Avow's direct control.

You may request earlier deletion of AOI geometry and pack files at any time by emailing [email protected] from the address on the order. We will confirm deletion within five business days.

6. Storage and security

7. How authentication works (no passwords, no accounts)

Avow does not have a traditional account system. There are no passwords to set, no usernames to choose, and no profile to maintain. Identity is keyed to the email address you provide at checkout:

Because there is no password, there is also no password reset, no two-factor authentication device, and no account recovery surface. If you lose access to the email address on file, contact [email protected] from a different address and we will verify ownership manually before transferring records.

8. Your rights

Regardless of your jurisdiction, you have the right to:

What a deletion request actually deletes. When you submit a deletion request from the email on the order, Avow will, within thirty (30) days:

After the 7-year retention period expires, the residual order metadata is purged on Avow's regular retention sweep. You may verify the retention status of a given order at any time by emailing the request address below.

Send requests to [email protected]. We respond within 30 days. To prevent unauthorized requests, Avow will accept deletion requests only from the email address on the original order, or from a verified authorized agent presenting written authorization signed by that address-holder.

9. Legal basis for retention beyond 90 days

We retain order metadata (email, Stripe ID, timestamps, pack SKU, layer-success flags, corpus version stamped at delivery) for 7 years after delivery for these specific reasons:

This metadata never includes your AOI geometry, the contents of your memo, or any layer payload.

10. Sub-processors and international transfers

Avow's production infrastructure is operated entirely in U.S. regions. The complete current list of sub-processors that may process Customer data on Avow's behalf is:

Sub-processor Role Region
Stripe Inc. Payment processing. Customer interacts with Stripe directly via redirect to checkout.stripe.com. Avow receives no payment-card data. Operates under Stripe's privacy policy. U.S.
Resend Inc. Transactional email: pack-delivery notifications, refund confirmations, Firm Plan verification codes, and quota-threshold notices to Customer-supplied email addresses. Operates under Resend's privacy policy. U.S.
Supabase Inc. Managed PostgreSQL database storing order metadata, subscription records, and webhook idempotency rows. Operates under Supabase's privacy policy. U.S.
Cloudflare, Inc. DNS for avowhq.com; R2 private object storage for delivered pack files and screening memos; Email Routing for inbound @avowhq.com aliases. Operates under Cloudflare's privacy policy. U.S.
Render Services, Inc. Hosting for Avow's backend API server. Operates under Render's privacy policy. U.S.
Vercel Inc. Hosting for the static marketing and legal site you are reading. No Customer data crosses Vercel beyond standard HTTP request logs. U.S.
Anthropic PBC Expert tier only. LLM provider (Claude Sonnet 4.5) for the Expert tier AI synthesis layer. Standard and Pro memos never reach Anthropic. Subject to the allow-list disclosed in Section 4. Operates under Anthropic's commercial terms, which prohibit using customer inputs for model training. U.S.

Changes. Avow will update this page when sub-processors are added, removed, or replaced. Active customers receive at least thirty (30) days' email notice before a new sub-processor begins handling their data; Customers may terminate the affected subscription without penalty during that notice period if they object.

International transfers. Avow does not knowingly process data of EU residents at this time. If you are an EU resident and believe we are processing your data, contact us so we can either route your data accordingly or arrange deletion.

11. Consumer rights under U.S. state privacy laws

Avow is a business-to-business service and most uses fall within the B2B exemptions in the comprehensive U.S. state privacy laws. To the extent a state privacy law applies to a Customer or end user, that person has the rights described below. The rights are substantially parallel across the laws named, and Avow honors them on the same request channel.

11.1 California: CCPA / CPRA

To the extent the California Consumer Privacy Act, as amended by the California Privacy Rights Act, applies to a Customer or end user, that person has the following rights:

11.2 Virginia: VCDPA

To the extent the Virginia Consumer Data Protection Act applies, Virginia residents have the following rights, exercisable on the same channel as the California rights above:

11.3 Colorado: CPA

To the extent the Colorado Privacy Act applies, Colorado residents have the following rights, exercisable on the same channel as the California rights above:

11.4 Other U.S. state privacy laws

Customers and end users who are residents of other U.S. states with comprehensive consumer-privacy laws, including Connecticut (CTDPA), Utah (UCPA), Texas (TDPSA), Oregon (OCPA), Delaware (DPDPA), Montana (MCDPA), New Hampshire (NHPA), New Jersey (NJDPA), Iowa (ICDPA), Tennessee (TIPA), Minnesota (MCDPA), Maryland (MODPA), and Indiana (ICDPA), have rights substantially parallel to those described above. Avow honors them on the same request channel and applies the same retention carve-out from Section 8 and Section 9.

11.5 How to exercise these rights

Global Privacy Control (GPC). Avow does not sell or share personal information for cross-context behavioral advertising and therefore has no "opt out of sale" preference to apply. Browsers that transmit a Global Privacy Control signal are honored automatically (we simply continue not to sell or share), and this Privacy Policy serves as our public confirmation of that posture.

Exercise the rights above by emailing [email protected] from the address on the order. Avow will verify the request as described in Section 8. You may designate an authorized agent in writing to make the request on your behalf.

12. Security incident notification

In the event of a confirmed security incident involving unauthorized access to, or unauthorized disclosure of, Customer data, Avow will notify affected Customers by email and post a notice on this page within seventy-two (72) hours of confirming the incident, unless a longer period is required by law enforcement. The notice will include, to the extent then known: the nature of the incident, the categories of data involved, the steps Avow has taken to contain and remediate the incident, and the steps Customers can take to protect themselves.

13. Children's privacy

Avow is a business-to-business service for environmental consultants and project proponents. We do not knowingly collect data from anyone under 18. If you believe a minor has provided data, contact [email protected].

14. Changes to this policy

Material changes will be announced by email to active customers and posted here at least 30 days before they take effect. The version number and effective date at the top of this page reflect the current version. Prior versions are retained for audit; request a copy at any time.

15. Contact

Privacy questions, deletion requests, data-portability requests, California-rights requests: [email protected].