Back

Privacy Policy

Effective March 23, 2026

ZSR Ventures, LLC ("ZSR," "we," or "us") handles Personal Information that we collect in connection with individuals who visit our website, access our products and services, or otherwise engage in business with ZSR. This Privacy Policy describes our policies and practices regarding Personal Information collected via our website and services (the "Services"). This Privacy Policy applies to Personal Information collected through the Services and does not apply to information collected by third-party websites or applications not operated by ZSR.

By accessing the website and/or using our Services, you are consenting to our use of your Personal Information in accordance with this Privacy Policy. Your access to and use of the Services is also subject to the ZSR Terms of Service.

1. Information We Collect

Personal Information You Provide

We use the term "Personal Information" to mean any information that could be used to identify you, including your name, email address, or any combination of information that could be used to identify you. What Personal Information we collect depends on how you interact with the Services:

  • Account Information: When you register, we collect your full name, email address, and password (stored in hashed form). If you use Google or Microsoft OAuth login, we receive your name and email from those providers.
  • Company Information: Company name, business address, and team member information for multi-user accounts.
  • Payment Information: When you subscribe to a paid plan or purchase credits, payment is processed by Stripe. We do not store your full credit card number. We receive and store a payment method identifier, billing address, and transaction history from Stripe.
  • Uploaded Documents: When you upload deal documents (rent rolls, T12 operating statements, offering memoranda, appraisals, leases, insurance certificates), we store and process these files to generate underwriting reports and power AI features. These documents may contain third-party personal information such as tenant names and financial details.
  • Deal & Property Data: Property addresses, purchase prices, loan terms, and other underwriting inputs you provide through the Service.
  • Tenant Information: If you use the property management features, you may enter tenant names, contact information, lease terms, payment history, and account balances. Tenants who access the Tenant Portal provide their name, email, and payment information.
  • Investor Information: If you use the fund administration features, you may enter investor names, mailing addresses, email addresses, phone numbers, tax identification numbers (SSN or EIN), capital commitment amounts, distribution records, and K-1 preparation data.
  • Employee & Payroll Data: If you use the payroll features, you may enter employee names, Social Security numbers, addresses, dates of birth, bank account details for direct deposit, salary and wage information, tax withholding elections, benefits selections, and employment history.
  • Vendor Information: Vendor names, addresses, tax identification numbers (EIN/TIN), W-9 data, payment terms, and transaction history entered through the accounting and property management features.
  • Financial & Accounting Data: Journal entries, chart of accounts, budgets, invoices, bank reconciliation data, and financial statements entered through the accounting features.
  • API Keys: If you use the Bring Your Own Key (BYOK) feature, your Anthropic API key is encrypted at rest using industry-standard encryption and stored securely. See Section 6 for details.

Automatically-Collected Information

We and our service providers may automatically log information when you use our Services, such as:

  • Device data: Browser type, operating system, screen resolution, IP address, and general location information such as city or state.
  • Usage data: Pages viewed, features used, session duration, AI credit consumption, and navigation patterns within the Service.
  • Session cookies: The Service uses session cookies required for Blazor Server functionality and authentication. These are essential for the Service to operate and cannot be disabled.

2. How We Use Your Information

We use your Personal Information for the following purposes:

  • To operate, maintain, and provide the features of the Service, including generating underwriting reports, managing properties, processing accounting transactions, and administering funds.
  • To process and analyze uploaded documents using AI technology (including third-party AI models) to extract data and generate analysis.
  • To process payments and manage your subscription through our payment processor, Stripe.
  • To create and maintain your account and verify your identity.
  • To contact you regarding administrative issues, account notifications, billing, or respond to your inquiries.
  • To track and manage AI credit usage and enforce subscription plan limits.
  • To improve and develop the Service, including training and improving our analysis capabilities using aggregated, de-identified data.
  • To enforce our Terms of Service and comply with applicable law.
  • To protect the safety and security of our users and the Service.
  • To maintain audit logs for security and compliance purposes.

3. Third-Party Services

We use third-party services to operate the Service. These services may process your data as described below:

  • Anthropic (Claude AI): We send deal data, document content, and financial information to Anthropic's Claude AI to generate narrative analysis, parse documents, power deal chat, and provide AI-driven features. Data sent to the API may include property financials, tenant information from rent rolls, and other deal details. Anthropic does not use data submitted through their commercial API to train models. Anthropic's processing is subject to their privacy policy and data usage terms.
  • Stripe: We use Stripe to process subscription payments, credit top-up purchases, and tenant portal payments. Stripe collects and processes payment card information directly. Stripe's handling of your payment data is subject to the Stripe Privacy Policy.
  • Microsoft Azure: The Service is hosted on Microsoft Azure cloud infrastructure. Your data is stored on Azure servers in the United States, encrypted at rest and in transit. Azure's handling of data is subject to the Microsoft Privacy Statement.
  • Authentication Providers: If you use Google or Microsoft OAuth login, those providers handle the authentication flow subject to their own privacy policies.
  • Public Data APIs: We integrate with government data sources (FRED, BLS, Census, CMS) to enrich market analysis. These integrations send property addresses or geographic identifiers to retrieve public data. No personal information is shared with these services.

We do not sell your Personal Information to third parties. We share data with third-party services only as necessary to operate the Service as described above.

4. Cookies & Tracking

The Service uses essential cookies required for authentication and Blazor Server functionality. These session cookies are necessary for the Service to operate and are automatically cleared when you close your browser or log out. We do not use third-party advertising cookies or tracking pixels for interest-based advertising.

We may use analytics tools to understand how users interact with the Service. Any analytics data collected is aggregated and de-identified.

5. Data Security

We have put in place safeguards to protect Personal Information against loss, theft, and unauthorized use, disclosure, or modification, including:

  • Encryption of data in transit (TLS/HTTPS) and at rest (Azure Storage Service Encryption).
  • Secure password hashing using ASP.NET Identity with industry-standard algorithms.
  • Secrets management through Azure Key Vault (no credentials stored in application configuration).
  • Role-based access controls and multi-tenant data isolation.
  • Audit logging of data access and modifications in a dedicated audit database.
  • Rate limiting and account lockout protections.
  • Encrypted storage of sensitive fields including API keys.

However, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee the absolute security of your data.

6. Bring Your Own Key (BYOK)

If you provide your own Anthropic API key through the BYOK feature, you acknowledge and agree that:

  • AI requests made with your key are processed under your own Anthropic account agreement, not ZSR's agreement with Anthropic.
  • Data retention and usage policies for AI requests may differ based on your Anthropic account settings.
  • You are responsible for ensuring your Anthropic account settings are configured appropriately for the sensitivity of data you process through the Service.
  • Your API key is encrypted at rest using ASP.NET Data Protection and is only decrypted at the moment of making an API request.

7. Data Retention

We keep your Personal Information for as long as reasonably necessary for the purposes described in this Privacy Policy or as required by law. Specifically:

  • Account data: Retained while your account is active and for thirty (30) days after cancellation or deletion request.
  • Uploaded documents: Retained while the associated deal exists in your account.
  • Underwriting reports & AI outputs: Retained while the associated deal exists in your account.
  • Tenant & investor data: Retained while the associated property or fund exists in your account.
  • Financial & accounting data: Retained while your account is active. May be retained longer as required by applicable tax and financial regulations.
  • Payment records: Retained as required by applicable financial regulations and for dispute resolution purposes.
  • Audit logs: Retained for a minimum of one (1) year for security and compliance purposes.
  • Usage data: Retained in aggregated, de-identified form for analytics purposes.

8. Your Rights & Choices

Depending on your jurisdiction, you may have the following rights regarding your Personal Information:

  • Access: Request information about the Personal Information we collect and maintain about you.
  • Correction: Request correction of inaccurate Personal Information.
  • Deletion: Request deletion of your Personal Information and account. Note that some data may be retained as required by law or legitimate business purposes.
  • Data Portability: Request a copy of your Personal Information in a commonly used, machine-readable format.
  • Opt-out of marketing: If we send marketing communications, you can opt out by clicking "unsubscribe" or contacting us.

To exercise any of these rights, please contact us at privacy@zsrventures.com. We will respond to verifiable requests within thirty (30) days.

9. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

Categories of Personal Information Collected

In the preceding 12 months, we have collected the following categories of Personal Information:

  • Identifiers: Name, email address, IP address, account credentials, Social Security numbers (payroll), tax identification numbers (investors, vendors).
  • Commercial information: Subscription plan, payment history, credit usage, transaction records.
  • Financial information: Deal financials, property data, accounting records, investor capital accounts, payroll and wage data, bank account details for direct deposit, vendor payment information (as entered by you into the Service).
  • Internet/electronic activity: Pages viewed, features used, session data, device information.
  • Professional information: Company name, role, employment history, business context provided in connection with account registration or payroll processing.
  • Sensitive personal information: Social Security numbers, tax identification numbers, and financial account information collected in connection with payroll processing, vendor management, and investor administration. This information is collected solely for the purpose of providing the Service and is not used for profiling or advertising.

Sources of Personal Information

We collect Personal Information from the following sources:

  • Directly from you when you register, use the Service, or communicate with us.
  • From your employer or property management company if they provision your account (e.g., tenant portal or employee payroll access).
  • Automatically through your use of the Service (device data, usage data, cookies).
  • From third-party authentication providers (Google, Microsoft) if you use OAuth login.

Business Purpose for Collection

We collect and use each category of Personal Information for the business purposes described in Section 2 of this Privacy Policy. We do not collect or use Personal Information for purposes that are materially different from those disclosed at the time of collection without providing you with notice.

Your CCPA Rights

  • Right to Know: You may request that we disclose what Personal Information we have collected, used, disclosed, and sold about you in the preceding 12 months.
  • Right to Delete: You may request that we delete Personal Information we have collected from you, subject to certain exceptions (e.g., data required for legal compliance or to complete a transaction).
  • Right to Correct: You may request that we correct inaccurate Personal Information.
  • Right to Opt Out of Sale/Sharing: We do not sell or share your Personal Information for cross-context behavioral advertising. There is nothing to opt out of.
  • Right to Limit Use of Sensitive Personal Information: We only use sensitive personal information (SSNs, tax IDs, financial account numbers) for the purposes of providing the Service. You may request that we limit our use of sensitive personal information to what is necessary.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.

To exercise your CCPA rights, contact us at privacy@zsrventures.com or use the contact information in Section 13. We will verify your identity before processing your request. You may also designate an authorized agent to submit a request on your behalf by providing written authorization.

Disclosure of Personal Information for Business Purposes

In the preceding 12 months, we have disclosed the following categories of Personal Information to the following categories of service providers for a business purpose:

  • Anthropic (AI processing): Deal data, document content, financial information, and tenant data from rent rolls — for AI analysis and report generation.
  • Stripe (payment processing): Payment card information, billing addresses, and transaction amounts — for subscription billing and tenant payment processing.
  • Microsoft Azure (cloud hosting): All categories of Personal Information stored on our servers — for cloud infrastructure and data storage.

Do Not Sell or Share My Personal Information

We do not sell your Personal Information. We do not share your Personal Information for cross-context behavioral advertising purposes. We only share data with third-party service providers as necessary to operate the Service, as described in Section 3. If you wish to confirm this or have questions, you may contact us at privacy@zsrventures.com or visit our Do Not Sell My Personal Information page.

10. Children's Privacy

The Service is not directed to children under the age of 18. We do not knowingly collect Personal Information from children under 18. If you become aware that a minor has provided Personal Information through our Service, please contact us and we will take steps to delete such information.

11. International Data Transfers

The Service is hosted in the United States on Microsoft Azure infrastructure. If you access the Service from outside the United States, your Personal Information will be transferred to and processed in the United States. By using the Service, you consent to this transfer. We take steps to ensure that your data is treated securely and in accordance with this Privacy Policy regardless of where it is processed.

12. Changes to This Privacy Policy

We reserve the right to modify this Privacy Policy at any time. If we make material changes, we will notify you through the Service or by email. We encourage you to review this Privacy Policy periodically to stay informed about how we collect, use, and protect your information.

13. Contact Information

If you have any questions about this Privacy Policy or wish to exercise your privacy rights, please contact us at:

ZSR Ventures, LLC
Email: privacy@zsrventures.com

An unhandled error has occurred. Reload 🗙

Rejoining the server...

Rejoin failed... trying again in seconds.

Failed to rejoin.
Please retry or reload the page.

The session has been paused by the server.

Failed to resume the session.
Please reload the page.