1. Scope; Controller; Applicability
This Privacy Policy (this "Policy") is issued by Groundfloor ("Company," "Groundfloor," "we," "us," or "our") and governs the collection, use, disclosure, retention, and protection of personal information in connection with groundfloorrealestate.com, the Groundfloor application, account areas, recruiting tools, AI-supported workflows, subscriptions, community areas, and related services (collectively, the "Service").
This Policy applies to visitors, account holders, subscribers, contributors, administrators, and other persons who access or use the Service (collectively, "Users"). Groundfloor is primarily designed for Users in the United States. If a User accesses the Service from outside the United States, personal information may be processed in the United States and in other jurisdictions where our service providers operate.
This Policy is incorporated into and forms part of the Groundfloor Terms of Use. Capitalized terms not defined in this Policy have the meanings given in the Terms of Use.
2. Definitions
- "Personal information" and "personal data" mean information that identifies, relates to, describes, can reasonably be associated with, can reasonably be linked to, or is otherwise regulated as information about an identifiable person under applicable privacy law.
- "PII" means personally identifiable information, including information that could reasonably be used to identify an individual.
- "Confidential Information" means non-public information, including trade secrets, business plans, customer data, financial information, proprietary information, and information designated or reasonably understood as confidential.
- "AI-Generated Content" means any output produced partially or wholly by an AI system, including text, analysis, summaries, scores, recommendations, transcripts, drafts, code, audio, video, images, or data analysis.
- "High-Impact AI Decision" means any AI-supported process that affects employment, financial status, legal rights, access to essential services, or another similarly significant matter.
3. Information We Collect
The personal information Groundfloor collects depends on how a User accesses or uses the Service. This section describes the categories of information Groundfloor may collect, the purposes for collection, and the criteria used to determine retention periods.
Primary purposes
Create and secure accounts, authenticate users, manage waitlist and access controls, sync account metadata, provide support, prevent abuse, and administer subscriptions.
Retention criteria
Retained only for as long as reasonably necessary for the purposes described in this Policy, including to provide the Service, administer accounts, satisfy legal obligations, resolve disputes, enforce agreements, preserve security, prevent abuse, maintain audit records, operate backups, and support legitimate business needs, subject to deletion or de-identification where required by law.
Primary purposes
Personalize the product, prepare recruiting workflows, generate tasks, recommend target firms, provide profile pages, and support onboarding.
Retention criteria
Retained only for as long as reasonably necessary for the purposes described in this Policy, including to provide the Service, administer accounts, satisfy legal obligations, resolve disputes, enforce agreements, preserve security, prevent abuse, maintain audit records, operate backups, and support legitimate business needs, subject to deletion or de-identification where required by law.
Primary purposes
Parse resumes and job descriptions, create application workflows, generate prep content, score practice answers, create action tasks, and improve reliability and quality controls.
Retention criteria
Retained only for as long as reasonably necessary for the purposes described in this Policy, including to provide the Service, administer accounts, satisfy legal obligations, resolve disputes, enforce agreements, preserve security, prevent abuse, maintain audit records, operate backups, and support legitimate business needs, subject to deletion or de-identification where required by law.
Primary purposes
Import, organize, deduplicate, and support User networking workflows, enforce plan limits, troubleshoot imports, and preserve relevant source context for the applicable account.
Retention criteria
Retained only for as long as reasonably necessary for the purposes described in this Policy, including to provide the Service, administer accounts, satisfy legal obligations, resolve disputes, enforce agreements, preserve security, prevent abuse, maintain audit records, operate backups, and support legitimate business needs, subject to deletion or de-identification where required by law.
Primary purposes
Operate community features, moderate submissions, prevent abuse, publish approved content, record attribution where needed, and maintain audit trails.
Retention criteria
Retained only for as long as reasonably necessary for the purposes described in this Policy, including to provide the Service, administer accounts, satisfy legal obligations, resolve disputes, enforce agreements, preserve security, prevent abuse, maintain audit records, operate backups, and support legitimate business needs, subject to deletion or de-identification where required by law.
Primary purposes
Deliver AI-assisted features, transcription, summarization, drafting, scoring, recommendations, quality review, quota enforcement, troubleshooting, abuse prevention, and service reliability.
Retention criteria
Retained only for as long as reasonably necessary for the purposes described in this Policy, including to provide the Service, administer accounts, satisfy legal obligations, resolve disputes, enforce agreements, preserve security, prevent abuse, maintain audit records, operate backups, and support legitimate business needs, subject to deletion or de-identification where required by law.
Primary purposes
Measure product usage, content engagement, conversion, abuse risk, security events, performance, and reliability without intentionally placing private resume, message, or contact contents into analytics tools.
Retention criteria
Retained only for as long as reasonably necessary for the purposes described in this Policy, including to provide the Service, administer accounts, satisfy legal obligations, resolve disputes, enforce agreements, preserve security, prevent abuse, maintain audit records, operate backups, and support legitimate business needs, subject to deletion or de-identification where required by law.
Primary purposes
Administer plans, checkout, renewals, usage limits, cost controls, entitlement enforcement, support, accounting, tax, and dispute handling.
Retention criteria
Retained only for as long as reasonably necessary for the purposes described in this Policy, including to provide the Service, administer accounts, satisfy legal obligations, resolve disputes, enforce agreements, preserve security, prevent abuse, maintain audit records, operate backups, and support legitimate business needs, subject to deletion or de-identification where required by law.
Primary purposes
Respond to requests, operate support and review workflows, preserve accountability, prevent duplicate actions, investigate incidents, and maintain compliance records.
Retention criteria
Retained only for as long as reasonably necessary for the purposes described in this Policy, including to provide the Service, administer accounts, satisfy legal obligations, resolve disputes, enforce agreements, preserve security, prevent abuse, maintain audit records, operate backups, and support legitimate business needs, subject to deletion or de-identification where required by law.
Primary purposes
Provide the requested Service, secure accounts, transcribe or parse User-provided content, comply with law, protect rights, and maintain security. Groundfloor does not use sensitive personal information to infer characteristics unrelated to the Service.
Retention criteria
Retained only for as long as reasonably necessary for the purposes described in this Policy, including to provide the Service, administer accounts, satisfy legal obligations, resolve disputes, enforce agreements, preserve security, prevent abuse, maintain audit records, operate backups, and support legitimate business needs, subject to deletion or de-identification where required by law.
| Information category | Primary purposes | Retention criteria |
|---|---|---|
| Identifiers and account data | Create and secure accounts, authenticate users, manage waitlist and access controls, sync account metadata, provide support, prevent abuse, and administer subscriptions. | Retained only for as long as reasonably necessary for the purposes described in this Policy, including to provide the Service, administer accounts, satisfy legal obligations, resolve disputes, enforce agreements, preserve security, prevent abuse, maintain audit records, operate backups, and support legitimate business needs, subject to deletion or de-identification where required by law. |
| Profile and career data | Personalize the product, prepare recruiting workflows, generate tasks, recommend target firms, provide profile pages, and support onboarding. | Retained only for as long as reasonably necessary for the purposes described in this Policy, including to provide the Service, administer accounts, satisfy legal obligations, resolve disputes, enforce agreements, preserve security, prevent abuse, maintain audit records, operate backups, and support legitimate business needs, subject to deletion or de-identification where required by law. |
| Resume, job, application, and prep content | Parse resumes and job descriptions, create application workflows, generate prep content, score practice answers, create action tasks, and improve reliability and quality controls. | Retained only for as long as reasonably necessary for the purposes described in this Policy, including to provide the Service, administer accounts, satisfy legal obligations, resolve disputes, enforce agreements, preserve security, prevent abuse, maintain audit records, operate backups, and support legitimate business needs, subject to deletion or de-identification where required by law. |
| Contacts and imported relationship data | Import, organize, deduplicate, and support User networking workflows, enforce plan limits, troubleshoot imports, and preserve relevant source context for the applicable account. | Retained only for as long as reasonably necessary for the purposes described in this Policy, including to provide the Service, administer accounts, satisfy legal obligations, resolve disputes, enforce agreements, preserve security, prevent abuse, maintain audit records, operate backups, and support legitimate business needs, subject to deletion or de-identification where required by law. |
| Community and contribution data | Operate community features, moderate submissions, prevent abuse, publish approved content, record attribution where needed, and maintain audit trails. | Retained only for as long as reasonably necessary for the purposes described in this Policy, including to provide the Service, administer accounts, satisfy legal obligations, resolve disputes, enforce agreements, preserve security, prevent abuse, maintain audit records, operate backups, and support legitimate business needs, subject to deletion or de-identification where required by law. |
| AI and transcription data | Deliver AI-assisted features, transcription, summarization, drafting, scoring, recommendations, quality review, quota enforcement, troubleshooting, abuse prevention, and service reliability. | Retained only for as long as reasonably necessary for the purposes described in this Policy, including to provide the Service, administer accounts, satisfy legal obligations, resolve disputes, enforce agreements, preserve security, prevent abuse, maintain audit records, operate backups, and support legitimate business needs, subject to deletion or de-identification where required by law. |
| Usage, analytics, and device data | Measure product usage, content engagement, conversion, abuse risk, security events, performance, and reliability without intentionally placing private resume, message, or contact contents into analytics tools. | Retained only for as long as reasonably necessary for the purposes described in this Policy, including to provide the Service, administer accounts, satisfy legal obligations, resolve disputes, enforce agreements, preserve security, prevent abuse, maintain audit records, operate backups, and support legitimate business needs, subject to deletion or de-identification where required by law. |
| Billing and commercial data | Administer plans, checkout, renewals, usage limits, cost controls, entitlement enforcement, support, accounting, tax, and dispute handling. | Retained only for as long as reasonably necessary for the purposes described in this Policy, including to provide the Service, administer accounts, satisfy legal obligations, resolve disputes, enforce agreements, preserve security, prevent abuse, maintain audit records, operate backups, and support legitimate business needs, subject to deletion or de-identification where required by law. |
| Support, operations, and audit data | Respond to requests, operate support and review workflows, preserve accountability, prevent duplicate actions, investigate incidents, and maintain compliance records. | Retained only for as long as reasonably necessary for the purposes described in this Policy, including to provide the Service, administer accounts, satisfy legal obligations, resolve disputes, enforce agreements, preserve security, prevent abuse, maintain audit records, operate backups, and support legitimate business needs, subject to deletion or de-identification where required by law. |
| Sensitive personal information | Provide the requested Service, secure accounts, transcribe or parse User-provided content, comply with law, protect rights, and maintain security. Groundfloor does not use sensitive personal information to infer characteristics unrelated to the Service. | Retained only for as long as reasonably necessary for the purposes described in this Policy, including to provide the Service, administer accounts, satisfy legal obligations, resolve disputes, enforce agreements, preserve security, prevent abuse, maintain audit records, operate backups, and support legitimate business needs, subject to deletion or de-identification where required by law. |
4. Sources of Information
- Users, including information submitted through account creation, onboarding, resume uploads, contact imports, community submissions, contribution forms, audio recordings, checkout, support requests, and other interactions with the Service.
- Browsers, devices, and networks, including request metadata, local storage, cookies, analytics events, and security or abuse signals.
- Service providers that support authentication, billing, AI features, hosting, storage, analytics, security, support, and infrastructure.
- Public or commercial sources, public websites, user submissions, and administrator-reviewed import sources used to operate firm profiles, recruiting resources, and related Service functionality.
- Other Users, where they submit community content, firm intel, comments, contacts, or other information that references another person.
5. Use of Information
- Provide, maintain, secure, debug, and improve Groundfloor.
- Create accounts, verify sessions, sync account metadata, enforce waitlist approval, and prevent unauthorized access.
- Personalize recruiting workflows, onboarding, firm research, application tracking, prep plans, and content gates.
- Parse resumes and job descriptions, transcribe audio, generate draft outreach, create prep questions, score practice answers, and generate recommendations.
- Import, store, deduplicate, and manage user-directed contact and relationship data for the applicable account.
- Operate community, contribution, moderation, review, and support workflows.
- Administer plan limits, usage counters, checkout, subscriptions, billing, support, accounting, and cost controls.
- Analyze content engagement and product usage through privacy-conscious analytics and internal product-event records.
- Protect the service, enforce Terms, investigate abuse, prevent fraud, rate-limit traffic, maintain audit logs, and comply with legal obligations.
- Respond to support, privacy, legal, billing, security, and copyright requests.
6. Artificial Intelligence Processing
Groundfloor may process User-provided, account-derived, and Service-derived inputs through AI technologies and AI service providers when Users access AI-supported features. Such inputs may include resume text, job descriptions, target role context, firm context, profile fields, practice answers, audio for transcription, prompts, outputs, and related workflow context.
The purpose of AI processing is to provide requested Service functionality, support extraction, transcription, scoring, drafting, summarization, recommendation, quality control, security, abuse prevention, cost monitoring, and operational reliability. Groundfloor does not use AI outputs to make final employment, admissions, financial, legal, credit, housing, insurance, healthcare, immigration, lending, or other High-Impact AI Decisions.
AI-Generated Content may be incomplete, inaccurate, outdated, biased, or inappropriate for a particular use. Final responsibility for reviewing, verifying, approving, sending, submitting, or relying on AI-Generated Content rests with the User.
Groundfloor uses AI service providers under applicable provider terms and available data controls. Groundfloor does not authorize AI service providers to use User Content to train general-purpose models unless Groundfloor separately discloses that use or obtains any consent required by applicable law.
7. Disclosure of Information
Groundfloor discloses personal information as necessary to operate the Service, at the direction of the User, to service providers, for legal, security, safety, compliance, and enforcement purposes, and in connection with business transactions. Groundfloor does not sell personal information and does not share personal information for cross-context behavioral advertising as those terms are defined by applicable California privacy law.
Purpose
Authenticate users, manage accounts, verify access, support checkout or subscription state, and maintain user metadata.
Purpose
Provide resume parsing, job-description parsing, preparation tools, drafting, scoring, summarization, recommendations, quality review, and transcription.
Purpose
Host the Service, operate databases and storage, deliver analytics, preserve logs, maintain backups, secure the Service, and support performance.
Purpose
Process payments, renewals, cancellations, tax/accounting records, disputes, and subscription administration.
Purpose
Provide support, moderate content, review contributions, publish approved content, maintain audit logs, prevent abuse, and operate the Service.
Purpose
Operate public or community features according to the visibility settings and nature of the applicable feature.
Purpose
Comply with law, enforce Terms, protect rights and safety, investigate incidents, obtain professional advice, and complete a merger, acquisition, financing, restructuring, or similar transaction.
| Recipient category | Purpose |
|---|---|
| Account, authentication, and user-management providers | Authenticate users, manage accounts, verify access, support checkout or subscription state, and maintain user metadata. |
| AI and transcription service providers | Provide resume parsing, job-description parsing, preparation tools, drafting, scoring, summarization, recommendations, quality review, and transcription. |
| Hosting, storage, analytics, security, and infrastructure providers | Host the Service, operate databases and storage, deliver analytics, preserve logs, maintain backups, secure the Service, and support performance. |
| Payment processors and billing services | Process payments, renewals, cancellations, tax/accounting records, disputes, and subscription administration. |
| Moderators, administrators, contractors, and support personnel | Provide support, moderate content, review contributions, publish approved content, maintain audit logs, prevent abuse, and operate the Service. |
| Other users or public visitors | Operate public or community features according to the visibility settings and nature of the applicable feature. |
| Legal, safety, professional, and business recipients | Comply with law, enforce Terms, protect rights and safety, investigate incidents, obtain professional advice, and complete a merger, acquisition, financing, restructuring, or similar transaction. |
9. Retention
Retained only for as long as reasonably necessary for the purposes described in this Policy, including to provide the Service, administer accounts, satisfy legal obligations, resolve disputes, enforce agreements, preserve security, prevent abuse, maintain audit records, operate backups, and support legitimate business needs, subject to deletion or de-identification where required by law.
Where the Service provides deletion functionality, Users may delete certain records directly. For broader deletion, account deletion, imported-data deletion, or privacy-right requests, Users may email liam@groundfloorrealestate.com.
Backups, logs, audit records, moderation records, de-identified records, aggregated analytics, fraud-prevention records, billing records, tax records, dispute records, and legal-preservation records may remain after a deletion request where allowed or required by law.
10. Security
Groundfloor uses administrative, technical, and organizational safeguards designed to protect personal information, including access controls, authentication safeguards, authorization checks, usage limits, validation, private-response controls, protected storage practices, and administrative audit logging.
No online service, vendor, network, storage environment, AI tool, or transmission method is guaranteed to be secure, uninterrupted, or error-free. Users are responsible for ensuring that information submitted, uploaded, imported, transmitted, or otherwise processed through the Service is information they are authorized to provide and use for the applicable Service purpose.
11. User Choices and Requests
- Account and profile information may be updated through the Service where available or by contacting Groundfloor.
- Resume and profile content may be replaced through the Service where available or may be subject to a deletion request.
- Contacts may be deleted individually where supported or may be subject to a request for deletion of imported contact data.
- Community content may be deleted, edited, removed, hidden, or anonymized where supported or where Groundfloor determines such action is appropriate.
- Analytics identifiers may be affected by browser and local-storage settings; security, audit, abuse-prevention, and operational logs may continue to be generated through ordinary use of the Service.
- Marketing communications, if any, may include unsubscribe mechanisms. Transactional, legal, security, billing, and account-related communications may continue as permitted by law.
12. US State Privacy Rights
Subject to applicable law, Users may have privacy rights under California law and other United States comprehensive privacy laws. Groundfloor provides a request process for United States Users even where a particular law may not strictly require the requested action.
- Right to know or access the categories and specific pieces of personal information Groundfloor processes about the User.
- Right to confirm processing and receive a portable copy of personal information where required.
- Right to correct inaccurate personal information.
- Right to delete personal information, subject to legal, security, operational, audit, backup, and other permitted exceptions.
- Right to opt out of sale, sharing, targeted advertising, and certain profiling where applicable. Groundfloor does not sell personal information or share personal information for cross-context behavioral advertising.
- Right to limit the use and disclosure of sensitive personal information where applicable. Groundfloor does not use sensitive personal information to infer unrelated characteristics.
- Right not to be discriminated against for exercising privacy rights.
- Right to appeal a denied privacy request where required by state law.
How to submit a request
A User may email liam@groundfloorrealestate.com with the subject line "Privacy Request" and describe the right the User seeks to exercise. Groundfloor may verify identity, account control, residency, and authorized-agent status before fulfilling a request.
California notice
In the 12 months before the date of this Policy, Groundfloor may have collected the categories listed in the "Information We Collect" section and disclosed them to the recipient categories listed in "Disclosure of Information" for business purposes. Groundfloor does not sell personal information or share personal information for cross-context behavioral advertising. Groundfloor does not knowingly sell or share personal information of Users under 16.
13. GDPR; UK; International Rights
Groundfloor is primarily domestic to the United States, but if the GDPR, UK GDPR, Swiss law, or similar laws apply, legal bases may include performance of a contract, legitimate interests, consent, and compliance with legal obligations.
- Performance of a contract: account access, recruiting tools, subscriptions, support, and requested features.
- Legitimate interests: service security, product improvement, abuse prevention, analytics, internal administration, and protecting rights, provided those interests are not overridden by the applicable User's rights.
- Consent: optional marketing, optional cookies or analytics where required, and any other feature where consent is the chosen basis.
- Legal obligations: tax, accounting, regulatory, litigation, security, and compliance obligations.
International transfers
Information may be transferred to the United States and other countries that may not provide the same level of data protection as the applicable User's home jurisdiction. Where required, Groundfloor relies on appropriate safeguards through service-provider agreements, data processing addenda, standard contractual clauses, adequacy mechanisms, or other lawful transfer mechanisms.
Additional rights
Subject to applicable law, Users may have rights to access, correct, delete, restrict, object, withdraw consent, receive portability, complain to a supervisory authority, and avoid decisions based solely on automated processing that produce legal or similarly significant effects. Groundfloor does not use AI outputs to make solely automated legal or similarly significant decisions about Users.
14. Children and Students
Groundfloor is not directed to children under 13, and children under 13 may not use the Service. Groundfloor does not knowingly collect personal information from children under 13. If a child under 13 has provided personal information, Groundfloor may be contacted at liam@groundfloorrealestate.com and will take appropriate steps.
Users under the age of majority may use Groundfloor only with permission from a parent or legal guardian. Schools, clubs, employers, and organizations that invite students or other persons to use Groundfloor are responsible for notices, consents, institutional policies, education-record obligations, and other requirements applicable to their own use.
15. Third-Party Links and Platforms
Groundfloor may link to third-party sites such as employer pages, professional-network platforms, payment or authentication flows, public resources, and firm websites. Their privacy practices are governed by their own notices, not this Policy.
16. Changes to This Policy
Groundfloor may update this Policy from time to time. If changes are material, Groundfloor will take reasonable steps to notify Users through the Service, email, or another appropriate method. The updated Policy applies when posted unless a different effective date is stated.
17. Contact
For privacy requests, questions, complaints, authorized-agent requests, appeals, or data deletion requests, email liam@groundfloorrealestate.com.