ClosureRadar Privacy Policy

Last updated: [DATE]

Effective date: [DATE]

1. Who we are and what this policy covers

ClosureRadar ("ClosureRadar," "we," "us," or "our") is a business-to-business subscription service operated by [LEGAL ENTITY NAME], located at [REGISTERED ADDRESS]. We turn public records published by the Texas Health and Human Services Commission (HHSC) Child Care Regulation program into a searchable, monitored data product for professional subscribers.

This Privacy Policy explains:

What personal information we collect from our subscribers (the people and companies who pay for and log into our service), and why.
How we use payment processors, cookies, and analytics.
The choices and rights you have over your information.
An important distinction: the facility records we publish are public records about businesses, not personal information about you as a subscriber. See Section 9.

This policy applies to our website, web application, and Data API (together, the "Service"). It does not govern how Texas HHSC or data.texas.gov collect or publish the underlying public records.

2. The short version

We collect only the subscriber information we need to run the Service: your account details, billing information, and how you use the product.
We do not sell your personal information, and we do not share it for cross-context behavioral advertising.
Card payments are handled by Stripe. We never see or store your full card number.
You can access, correct, export, or delete your subscriber information by contacting us (Section 11).
The facility data we publish comes from public government records. Every record carries a source link and a freshness stamp, and we offer a correction/takedown process (Section 9).

3. The personal information we collect from subscribers

We collect the following categories of personal information, all relating to subscribers and prospective subscribers — not to the facilities we cover.

a. Account and identity information

When you create an account or contact us, we collect your name, business email address, company/organization name, and any optional profile details you choose to provide (for example, job title or phone number).

b. Billing information (via Stripe)

When you subscribe to a paid tier (Watchlist Pro, Diligence, or Data API), our payment processor Stripe collects and processes your payment details. We receive only limited billing metadata from Stripe — for example, your billing name, billing email, country/postal code, subscription status, the last four digits and brand of your card, and invoice records. We do not collect, see, or store your full card number, CVC, or full bank details. See Section 5.

c. Service usage and API data

To operate, secure, and improve the Service, we collect information about how you use it, including:

Authentication and session data (login timestamps, security tokens).
API usage and metering data — for the Data API tier, we log API keys, request counts, endpoints called, timestamps, and response status, both to bill metered usage and to enforce rate limits and prevent abuse.
Watchlist and alert configuration — the facilities, searches, or criteria you choose to monitor, and your alert delivery preferences.
Product activity — features used, searches run, and reports generated, associated with your account.

d. Device and log information

Like most online services, our servers automatically record technical information when you access the Service, such as your IP address, browser type, device and operating system information, referring pages, and access timestamps. We use this for security, fraud prevention, debugging, and to keep the Service reliable.

e. Communications

If you email us, request support, submit a correction/takedown request, or respond to a survey, we keep a record of that correspondence and any information you include in it.

4. Why we use subscriber information (purposes)

We use the personal information above only for legitimate business purposes, including to:

Provide the Service — create and authenticate your account, deliver alerts and reports, run searches, and serve API responses.
Process payments and billing — manage subscriptions, meter API usage, issue invoices and receipts, and handle refunds or disputes (with Stripe).
Communicate with you — send service and transactional messages (e.g., alerts you configured, billing notices, security notifications, and policy updates). We will only send marketing email where permitted, and you can opt out of marketing at any time.
Secure and maintain the Service — authenticate users, detect and prevent fraud or abuse, enforce rate limits and our terms, and troubleshoot problems.
Improve the Service — understand which features are used so we can make the product better.
Comply with law — meet our legal, tax, accounting, and regulatory obligations, and respond to lawful requests.

We rely on the following bases for processing, as applicable: performance of our contract with you, our legitimate business interests (such as security and product improvement), your consent (such as for non-essential cookies or marketing), and compliance with legal obligations.

5. Payment processing (Stripe)

We use Stripe, Inc. as our third-party payment processor. When you enter payment details, that information is transmitted directly to Stripe and processed under Stripe's own terms and privacy policy. Stripe is a PCI-DSS Level 1 certified payment provider.

We do not store your full payment card number, CVC, or full bank account details on our systems.
We receive from Stripe only the limited billing metadata described in Section 3(b), which we use to manage your subscription and our records.
Stripe acts as an independent controller/processor of your payment data for its own compliance and fraud-prevention purposes.

You can review how Stripe handles your information in Stripe's privacy policy at https://stripe.com/privacy.

6. Cookies and analytics

We use a limited set of cookies and similar technologies:

Strictly necessary cookies — required to log you in, keep your session secure, and remember essential preferences. These cannot be turned off without breaking the Service.
[Analytics, if used] — [If we use analytics (for example, a privacy-respecting product/usage analytics tool), we use it to understand aggregate usage and improve the Service. Name the tool(s), describe what they collect, and link to a cookie/consent mechanism here. If we use NO analytics or only first-party, cookieless analytics, state that plainly instead and remove this bullet.]

We do not use third-party advertising cookies, and we do not allow third parties to track you across other websites for advertising through our Service.

You can control cookies through your browser settings. Where required by law, we will present a cookie/consent banner and honor recognized opt-out preference signals (such as Global Privacy Control) for non-essential cookies. Blocking strictly necessary cookies may prevent the Service from working.

7. We do not sell your personal information

We do not sell your personal information, and we do not share it for cross-context behavioral advertising or targeted advertising. We have not done so in the preceding 12 months.

We are a B2B-gated service: subscriber data exists to run your account, not to be monetized. We do not rent or trade subscriber contact lists.

8. How we share subscriber information

We share subscriber personal information only in these limited circumstances:

Service providers (sub-processors) who help us run the Service under contract and on our instructions — for example: Stripe (payments), our cloud hosting and infrastructure provider(s) [NAME], our email/alert delivery provider [NAME], and our analytics provider [NAME, if any]. These providers may only use your information to provide services to us.
Legal and safety — when required by law, subpoena, or legal process, or to protect the rights, property, or safety of ClosureRadar, our users, or the public, and to enforce our terms.
Business transfers — if we are involved in a merger, acquisition, financing, or sale of assets, subscriber information may be transferred as part of that transaction, subject to this policy.
With your direction or consent — when you ask us to share information or otherwise consent.

We can provide a current list of sub-processors on request (Section 11).

9. Facility data is public records, not your personal information

ClosureRadar's core product publishes information about child care facilities, which are businesses and regulated entities, sourced verbatim from public open data published by Texas HHSC on data.texas.gov (Socrata). This includes facility names, addresses, license/operation status, inspection and deficiency history, and our derived risk scores and change diffs.

Important points:

This facility data is not the personal information of our subscribers. Nothing in this Service connects a subscriber's identity to the facility records — those records are about regulated businesses and originate from government public records.
We publish verbatim sourced public records and attach a source link and freshness/last-updated stamp to every record, so you can trace each item back to the official source.
We launch in a B2B-gated posture: facility data is provided only to authenticated, paying subscribers. There is no public consumer directory at launch.
We exclude nursing homes entirely from the Service.
To the limited extent any public record we republish contains information about an individual (for example, a named owner or operator within a government record), that information comes directly from the public source. If you believe a published record is inaccurate or should be corrected or removed, use our correction/takedown process below.

Corrections and takedowns. To report an inaccuracy or request correction or removal of a published record, email [CORRECTIONS@DOMAIN] with the record's source link and a description of the issue. Because we mirror official public records, the authoritative fix often must occur at the government source; we will review every request, correct or annotate our copy where appropriate, and direct you to the source agency where the correction must originate.

10. Data retention

We keep subscriber personal information only for as long as we need it for the purposes described in this policy, and then delete or anonymize it. In general:

Account information — kept while your account is active and for a reasonable period afterward, then deleted or anonymized [e.g., within [X] days of account closure].
Billing and transaction records — retained as required for tax, accounting, audit, and legal purposes (typically up to [7] years), including by Stripe.
API usage and access logs — retained for [X] months for billing, security, and abuse-prevention, then deleted or aggregated.
Support and correspondence — retained for [X] months/years for recordkeeping.
Facility public records — because these are public records (not subscriber personal data), we may retain historical snapshots and change history indefinitely as part of the product's value (history reports and diffs).

We may retain limited information longer where required by law or to resolve disputes and enforce agreements.

11. Your rights and choices

Depending on where you live (for example, under the Texas Data Privacy and Security Act, California's CCPA/CPRA, or other applicable laws), you may have the right to:

Access / know the personal information we hold about you.
Correct inaccurate personal information.
Delete your personal information.
Obtain a portable copy of certain information.
Opt out of any sale, sharing for targeted advertising, or certain profiling. (As noted in Section 7, we do not sell or share your personal information for advertising.)
Withdraw consent where processing is based on consent, and opt out of marketing emails at any time via the unsubscribe link or by contacting us.

How to exercise your rights. Email us at [PRIVACY@DOMAIN] or use [LINK/MECHANISM]. We will verify your request (typically by confirming control of your account email) and respond within the timeframe required by applicable law. You will not be discriminated against for exercising your rights.

Appeals. If we decline your request, you may appeal by replying to our decision or emailing [PRIVACY@DOMAIN] with "Privacy Appeal" in the subject line. Where applicable, you may also contact the Texas Attorney General or your state regulator if you have unresolved concerns.

Authorized agents. You may use an authorized agent to submit a request, subject to our verification of the agent's authority.

12. Security

We use reasonable administrative, technical, and organizational safeguards designed to protect subscriber information, including encryption in transit, access controls, authentication, and tokenized payments via Stripe. No method of transmission or storage is completely secure, so we cannot guarantee absolute security. If you believe your account has been compromised, contact us immediately at [SECURITY@DOMAIN].

13. International users and data transfers

The Service is operated from the United States, and we process and store information in the United States. If you access the Service from outside the U.S., you understand your information will be transferred to and processed in the U.S. [If we accept EU/UK subscribers, counsel must add the appropriate transfer mechanism (e.g., Standard Contractual Clauses) and lawful-basis disclosures here.]

14. Children's privacy

The Service is a B2B product intended for businesses and professionals. It is not directed to children, and we do not knowingly collect personal information from anyone under 18 as a subscriber. Note that while the underlying public records concern child care *facilities*, the Service does not collect personal information from children. If you believe a child has provided us personal information, contact us and we will delete it.

15. Third-party links

The Service contains links to third-party websites, including official government sources (e.g., data.texas.gov) and Stripe. We are not responsible for the privacy practices of those sites. Please review their privacy policies.

16. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date above and, where appropriate, notify you by email or through the Service. Your continued use of the Service after changes take effect means you accept the updated policy.

17. Contact us

If you have questions, requests, or complaints about this policy or your information:

Privacy requests: [PRIVACY@DOMAIN]
Record corrections/takedowns: [CORRECTIONS@DOMAIN]
Security: [SECURITY@DOMAIN]
Mailing address: [LEGAL ENTITY NAME], [REGISTERED ADDRESS]