Listed by the AZ Department of Real Estate
Pro Sign In
Home Fraud Defense™ logo
Home Fraud DefenseReal Estate Fraud ProtectionPowered by Talveras™
Home Fraud Defense app icon

Home Fraud Defense™ — get the app

Free on iOS & Android — tap to download →

Home Fraud Defense™

Privacy Policy

What we collect, why, and your rights.

Version: 2.0Effective: May 4, 2026SHA-256: be1bce7403f8…

Home Fraud Defense™ Privacy Policy

Version: 2.0 Effective Date: May 4, 2026 Last Updated: May 4, 2026

This Privacy Policy explains how Home Fraud Defense, LLC ("HFD," "we," "us," "our") collects, uses, retains, shares, and protects information when you use our websites, mobile apps, and services (collectively, the "Services"). Capitalized terms not defined here have the meanings given in our Terms of Service. This Policy is incorporated into the Terms of Service by reference.

1. Information We Collect

You provide directly:

  • Account information: name, email, phone, password (stored as a salted hash), agency or company name, professional license number where applicable.
  • Submitted content: fraud-registry reports, dispute claims, support messages, suppression-request information, professional profile content, photos, and documents.
  • Payment information: processed by Stripe; we do not store full payment-card numbers.

Collected automatically when you use the Services:

  • Device and connection information: IP address, user-agent, device type, operating system, browser, language, approximate geolocation derived from IP, referring URL, and pages visited.
  • Search and scan activity: queries you submit (addresses, phone numbers, URLs, emails, message text, screenshots), the results returned, the algorithm version used, and timestamps.
  • Audit events: account creation, sign-in, terms acceptance, profile changes, scans run, reports viewed, emails sent to you, disputes filed, suppression requests submitted, and admin actions on your account.
  • Cookies and similar technologies: session cookies, preference cookies, and (where consented) analytics cookies. See our Cookie Policy.

Collected from third parties:

  • Public records: county recorder, assessor, and treasurer filings; FBI / FTC complaint statistics; USPS data; law-enforcement releases.
  • Data providers: ATTOM, BatchData, RentCast, AbstractAPI, IPQS, Google Safe Browsing, Twilio (telephony intelligence), Resend (delivery telemetry).
  • Identity-verification vendors (Stripe Identity, where used).

2. How We Use Information

  • Provide, operate, and maintain the Services.
  • Generate fraud-risk signals, summaries, and educational reports.
  • Authenticate users and protect against abuse, fraud, and security threats.
  • Maintain a complete, time-stamped audit trail to defend against legal claims and to comply with subpoenas and court orders.
  • Communicate with you about your account, security alerts, transactional matters, and (with your consent or where allowed by law) marketing.
  • Improve and develop the Services, including model evaluation. HFD does not train AI models on user submissions.
  • Comply with legal obligations.

3. Legal Bases (for users in jurisdictions requiring one)

  • Performance of a contract — to provide the Services you signed up for.
  • Legitimate interests — to operate, secure, and improve the Services and to defend legal claims.
  • Compliance with legal obligation — for tax, accounting, anti-fraud, and law-enforcement requests.
  • Consent — for optional analytics, marketing communications, and any sensitive-data processing where required.

4. Sharing of Information

We share information only as follows:

  • Service providers acting on our behalf under written contracts (hosting, email delivery, analytics, payment processing, AI inference, identity verification).
  • Public registry display — fraud-registry submissions that have been reviewed and approved for public display are shown on the Services. Rental-scam reports are aggregate-only (county / state / ZIP) and never include street addresses; see Section 9.
  • Law enforcement and legal process — in response to valid subpoenas, court orders, or to protect rights, property, or safety.
  • Business transfer — in connection with a merger, acquisition, financing, or sale, subject to confidentiality protections.

We do not sell your personal information in the traditional sense, and we do not engage in cross-context behavioral advertising. To the extent any disclosure is deemed a "sale" or "share" under California or other state law, you may opt out at /legal/do-not-sell.

5. Cookies and Tracking

We use session cookies necessary to operate the Services and preference cookies that remember your settings. Where required by law, we obtain consent before setting non-essential cookies. You can control cookies through your browser settings; disabling necessary cookies may prevent the Services from functioning.

We do not honor "Do Not Track" headers because there is no industry standard. We do honor recognized Global Privacy Control (GPC) signals where applicable. See our Cookie Policy for the full list.

6. Retention

We retain personal information for as long as is reasonably necessary for the purposes described above, then archive or delete it according to our written Data Retention Policy. Default retention periods:

Anonymous tool submissions (open fraud scanners):

Category Retention
Phone, email, and URL lookups 24 hours in our active database, then automatically purged
Message-review submissions (and reviewer outcomes) 24 hours, then automatically purged
Scan records 24 hours, then automatically purged
Raw third-party API responses (ATTOM, BatchData, IPQS, Safe Browsing, etc.) Not retained — parsed in-process and discarded
User-saved deed reports 30 days, then automatically purged
Page-view analytics 90 days, then automatically purged

These short-TTL periods are enforced daily by an automated purge job; an initial sweep also runs at every service start.

Account-bound and legal-defense data:

Category Retention
Account record (email, name, hashed password) Life of account + 24 months after closure
Audit events (sign-ins, scans run, reports viewed) 7 years from event date
Terms / Privacy / AI-Disclosure acceptances Indefinite
Communications log (transactional emails) 5 years
Fraud-registry submissions (approved & displayed) Indefinite, subject to dispute review
Fraud-registry submissions (rejected) 24 months
Suppression requests (Property Visibility Report) 7 years (defense record)
Pro-saved screening records 7 years (E&O / regulatory record-keeping)
Payment records (Stripe-managed) 7 years
IP addresses and user-agents 24 months for general logs; 7 years for audit events

A note on backups. Encrypted database backups roll off on a 90-day rolling window. Anonymous tool submissions may therefore continue to exist in encrypted backups for up to 90 days after the active-database row has been purged. Backups are restorable only for disaster recovery and are not used for analytics, training, or routine access.

No model training. HFD does not train any AI model on user submissions. Submissions are processed by third-party AI providers under their own retention terms and are not added to any HFD-controlled training corpus.

Records subject to a litigation hold are retained until the hold is released, regardless of the schedule above.

7. Your Rights

Depending on where you live, you may have rights to:

  • Access the personal information we hold about you.
  • Correct inaccurate personal information.
  • Delete your personal information, subject to exceptions for compliance, fraud prevention, and the defense of legal claims.
  • Port your personal information in a machine-readable format.
  • Opt out of any "sale" or "sharing" under state law.
  • Limit use of sensitive personal information (CA).
  • Appeal an adverse decision on a privacy request.
  • Withdraw consent at any time where processing is based on consent.

To exercise these rights, email info@homefrauddefense.org with the subject line "Privacy Request" or use the form at /legal/privacy-request. We will verify your identity before responding and will respond within the time required by law (typically 30–45 days). You may designate an authorized agent.

We do not discriminate against you for exercising your rights.

8. Security

We use industry-standard administrative, technical, and physical safeguards including TLS in transit, encryption at rest for sensitive fields, password hashing (bcrypt), least-privilege access controls, audit logging, and vendor security review. No method of transmission or storage is perfectly secure.

If you suspect your account has been compromised or have identified a security vulnerability in our Services, contact info@homefrauddefense.org with the subject line "Security Disclosure" immediately. See our Responsible Disclosure Policy.

9. Special Notice — Rental-Scam Reports

Reports of rental-listing scams are intentionally collected and stored at ZIP-code, county, and state granularity only. We do not collect or display street-level addresses for rental-scam reports because the property owner being impersonated is typically a victim, not the perpetrator. No professional, paid, or public endpoint of the Services exposes per-property rental-scam data.

10. Children's Privacy

The Services are not directed to children under 13, and we do not knowingly collect personal information from them. If you believe a child has provided personal information, contact info@homefrauddefense.org and we will delete it promptly consistent with the Children's Online Privacy Protection Act (15 U.S.C. § 6501 et seq.).

11. International Users

The Services are operated from the United States. By using the Services, you consent to the transfer, processing, and storage of your information in the United States.

12. Third-Party Services

The Services may link to third-party sites and services (e.g., Stripe, county recorder portals, LearnWorlds). We are not responsible for the privacy practices of those third parties.

13. State-Specific Privacy Disclosures

This Policy is intended to comply with the California Consumer Privacy Act / California Privacy Rights Act (CCPA/CPRA), the Virginia Consumer Data Protection Act (CDPA), the Colorado Privacy Act (CPA), the Connecticut Data Privacy Act (CTDPA), the Utah Consumer Privacy Act (UCPA), the Texas Data Privacy and Security Act (TDPSA), the Oregon Consumer Privacy Act (OCPA), the Montana Consumer Data Privacy Act (MCDPA), and analogous laws of other states.

California "Do Not Sell or Share My Personal Information" link: /legal/do-not-sell.

Categories of personal information we collect, the sources from which we collect each category, the business purposes for which we use each category, and the categories of third parties to whom we disclose each category are set forth in Sections 1, 2, and 4 above and in the Data Retention Policy.

14. Changes to This Policy

We may update this Policy. Material changes will be communicated by email and/or in-product notice and may require renewed acceptance. Each version is archived and identified by version number and content hash; prior versions are available at /legal/privacy/archive.

15. Contact

Home Fraud Defense, LLC 9362 W Sands Drive Peoria, AZ 85383 United States

Email: info@homefrauddefense.org (subject line: "Privacy Request" for data-subject rights) Telephone: (623) 263-2382

Previous Versions

Other legal documents: Terms · Privacy · AI Use · DMCA · Retention · Cookies · Accessibility · Responsible Disclosure

Questions? Contact us.