DragonflyyDRAGONFLYY SOLUTIONS

Privacy Policy

Document ID: DFS-Privacy-v2.0 Version: 2.0 Effective Date: May 13, 2026 Governing Law: State of Florida

This Privacy Policy explains how Dragonflyy Solutions LLC ("Company," "Dragonflyy," "we," "us," or "our") collects, uses, discloses, retains, and protects information when you access or use the Dragonflyy.io platform, our website at dragonflyy.io, or related services (collectively, the "Platform"). This Policy applies to (a) prospective and current paying subscribers, (b) authorized users of subscriber accounts, (c) website visitors, and (d) any other person who interacts with us in connection with the Platform.

This Policy is governed by the laws of the State of Florida, complies with applicable Florida law (including the Florida Information Protection Act of 2014 and the Florida Digital Bill of Rights, where applicable), and addresses the rights of residents of California, Virginia, Colorado, Connecticut, Utah, and Texas to the extent those laws apply.

YOUR DATA, OUR DISCIPLINE: We collect what we need to operate the Platform, secure your tenant, deliver Construction Continuity Inspections, and improve the service. We do not sell personal information. We do not share your project data with other builders. Multi-tenant isolation is our core architectural commitment.

ARTICLE 1 — INFORMATION WE COLLECT

1.1 Information You Provide

  • Account Information: name, email address, phone number, company name, role/title, and credentials when you register.
  • Subscriber Configuration: organization name, addresses, billing contact, designated administrators, designated supers, designated inspectors, seat allocations.
  • Onboarding Materials: subcontractor lists, project plans, builder specifications, internal SOPs, warranty documents, branding assets, approved-supplier lists, insurance certificates, primary contact lists.
  • Project and Inspection Data: project names, addresses, phase information, inspection observations, photographs, written observation text, severity classifications, super corrections, and all data generated during Construction Continuity Inspections within your tenant.
  • Communications: emails, support tickets, in-platform messages, feedback, demo-call recordings (with your consent).
  • Payment Information: handled by our third-party payment processor (Stripe). We do not store card numbers; we receive only tokenized references and last-four/expiration metadata.

1.2 Information Collected Automatically

  • Device and Browser: IP address, device type, operating system, browser type and version, screen resolution, device identifiers.
  • Usage Data: pages visited, features used, click patterns, session duration, search queries, ANTOR interactions (subject to Section 3 below).
  • Location: approximate geographic location derived from IP address; precise device location is captured only during active inspection workflows with your consent and is used to establish inspection chain-of-custody, not retained long-term.
  • Logs: server logs, error reports, audit-log entries.
  • Cookies and Similar Technologies: session cookies, authentication cookies, preference cookies. We do not use third-party advertising cookies.

1.3 Information from Third Parties

  • Authentication: when you sign in via single sign-on or social authentication (if offered).
  • Payment Processor: subscription status, billing events, dispute notifications.
  • Analytics: limited aggregated usage data from our analytics provider.

ARTICLE 2 — HOW WE USE INFORMATION

We use information to:

  • Provide, operate, and improve the Platform.
  • Generate Platform Output (ANTOR analysis, CCI reports, code references, severity classifications, trade routing).
  • Maintain tenant security and enforce row-level-security isolation.
  • Communicate with you about service-related matters, security incidents, and policy updates.
  • Process payments and manage your account.
  • Detect, prevent, and respond to security threats, fraud, and abuse.
  • Generate aggregated, de-identified analytics (see Section 3).
  • Comply with legal obligations and respond to lawful requests.
  • Defend our rights, property, and the safety of our users and the public.

ARTICLE 3 — AI PROCESSING AND AGGREGATED DATA

3.1 AI Inference

We use Anthropic Claude as the underlying inference engine for ANTOR. When you submit content to ANTOR, that content is transmitted via secured connection to the Anthropic API for inference and returns to your tenant. Anthropic processes the data under data-processing terms that prohibit Anthropic from using your data to train its general models. Anthropic is not a sub-controller of your data; Company remains the controller in respect of your Subscriber Data.

3.2 Aggregated and De-Identified Data

We may collect, derive, and use aggregated, de-identified data from your use of the Platform to improve ANTOR, refine our rule engine, generate industry benchmarks, support research and product development, and inform our marketing. Aggregated Data does not identify you, your organization, your projects, your homeowners, or your subcontractors. We own Aggregated Data. You may opt out of contributing to Aggregated Data via Settings → Platform Intelligence.

3.3 Tenant Isolation

Per-tenant data (your projects, inspections, findings, photos, RAG documents) is isolated through Postgres row-level-security policies, per-tenant storage paths, and tenant-scoped retrieval. No subscriber sees another subscriber's data through the Platform.

ARTICLE 4 — HOW WE SHARE INFORMATION

We do not sell personal information. We share information only as described below.

  • Service Providers: cloud hosting (Vercel, Supabase), payment processing (Stripe), transactional email (Resend), AI inference (Anthropic), and analytics. Each is bound by contractual obligations consistent with this Policy.
  • Legal Compliance: in response to subpoenas, court orders, or law-enforcement requests, where we believe disclosure is legally required.
  • Protection of Rights: to investigate, prevent, or respond to suspected illegal activity, security threats, or violations of our Terms.
  • Business Transfers: in connection with a merger, acquisition, financing, or sale of all or substantially all of our assets. We will notify you of any such transfer affecting your information.
  • With Your Consent: for any other purpose for which you have given consent.

ARTICLE 5 — DATA RETENTION

5.1 Active-Subscription Data

We retain your Subscriber Data for the duration of your active subscription. Inspection records, photos, reports, and audit logs are retained for the duration of the subscription plus seven (7) years, supporting your warranty and litigation defense needs.

5.2 Post-Termination

Upon termination, you have thirty (30) days to export your data via the in-Platform export utility or written request. Within ninety (90) days following the export window, we delete your Subscriber Data from active systems. Encrypted backup copies persist in routine backup cycles for up to twelve (12) months, after which they are overwritten.

5.3 Aggregated Data

Aggregated Data is retained indefinitely.

5.4 Legal Holds

We may retain information beyond the periods stated above if required by law, regulation, or in connection with pending or anticipated legal proceedings.

ARTICLE 6 — DATA SECURITY

We maintain commercially reasonable administrative, technical, and physical safeguards designed to protect your information, including:

  • Encryption in transit using TLS 1.2 or higher.
  • Encryption at rest using AES-256 or equivalent.
  • Tenant isolation through Postgres row-level-security policies.
  • Multi-factor authentication enforced for inspector and administrator roles.
  • Least-privilege access controls and quarterly access reviews.
  • Audit logging of sensitive operations.
  • Routine vulnerability scanning and patching.
  • SOC 2 Type II compliant cloud infrastructure providers.
  • Defined incident-response procedures.

No security system is impenetrable. We cannot guarantee absolute security and accept no liability beyond that set forth in our Terms of Service or your Subscription Agreement.

ARTICLE 7 — BREACH NOTIFICATION

In the event of a security incident reasonably likely to have caused unauthorized acquisition of your personal information or Subscriber Data, we shall notify you within seventy-two (72) hours of confirming the incident, or as required by applicable law (including Section 501.171, Florida Statutes), whichever is sooner. Notice may be delayed at the documented request of law enforcement.

ARTICLE 8 — YOUR RIGHTS

Depending on your jurisdiction, you may have the following rights regarding your personal information:

  • Right to Access: to request access to the personal information we hold about you.
  • Right to Correct: to request correction of inaccurate personal information.
  • Right to Delete: to request deletion, subject to legal-retention obligations.
  • Right to Portability: to request a copy in a structured, commonly used, machine-readable format.
  • Right to Opt-Out: of certain processing, including the Platform Intelligence contribution and marketing communications.
  • Right to Non-Discrimination: we will not discriminate against you for exercising your rights.

To exercise rights, contact privacy@dragonflyy.io. We will respond within thirty (30) days, or as otherwise required by law. We may require verification of your identity.

8.1 California Residents (CCPA/CPRA)

California residents have additional rights including the right to know categories of personal information collected, sold, or shared; the right to delete; the right to correct; the right to limit use of sensitive personal information; and the right to non-discrimination. We do not sell personal information and we do not share personal information for cross-context behavioral advertising. To exercise rights, contact privacy@dragonflyy.io.

8.2 Florida Residents (Florida Digital Bill of Rights)

Where applicable based on our annual gross revenue or processing thresholds, Florida residents may have rights under the Florida Digital Bill of Rights (SB 262), including the right to access, correct, delete, and obtain a copy of personal data, and the right to opt out of targeted advertising and profiling. We do not engage in targeted advertising or profiling that produces legal or similarly significant effects. To exercise rights, contact privacy@dragonflyy.io.

8.3 Other Jurisdictions

Residents of other states or countries with applicable privacy laws (including Virginia, Colorado, Connecticut, Utah, Texas, and others) may have similar rights. Contact privacy@dragonflyy.io to inquire.

ARTICLE 9 — CHILDREN'S PRIVACY

The Platform is not directed to children under eighteen (18). We do not knowingly collect personal information from anyone under 18. If we learn that we have collected information from a child under 18, we will delete it. If you believe we have collected information from a child, contact privacy@dragonflyy.io.

ARTICLE 10 — INTERNATIONAL TRANSFERS

Our infrastructure is hosted in the United States. If you access the Platform from outside the United States, you consent to the transfer, processing, and storage of your information in the United States, which may have data-protection laws different from those of your jurisdiction.

ARTICLE 11 — THIRD-PARTY LINKS AND SERVICES

The Platform may contain links to or integrate with third-party services (e.g., document storage, calendars, payment). This Policy does not apply to third-party services. Review the privacy practices of any third party you engage.

ARTICLE 12 — CHANGES TO THIS POLICY

We may update this Policy from time to time. Material changes will be communicated by posting the updated Policy on the Platform with a new "Last Updated" date and, where required by law, by email. Your continued use after the effective date of any change constitutes acceptance.

ARTICLE 13 — CONTACT

Dragonflyy Solutions LLC, 8661 Salty Sands Street, Parrish, Florida 34219.

Ask ANTOR™