Privacy Policy

Effective date: March 5, 2026

1. Introduction

Sekira ("we," "us," or "our") operates the website sekira.ai (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

2. Information We Collect

Account Information

When you create an account, we collect your email address (required) and name (optional, provided via Google sign-in). If you sign in with Google, we receive your basic profile information from Google OAuth.

Property Search Data

When you order a report, we collect the property address and geographic coordinates you searched for. This data is stored and linked to your account (or email, if you check out without an account).

Payment Information

Payments are processed by LemonSqueezy (Merchant of Record). We store your email, order amount, and transaction metadata. We do not store your credit card number or full payment details — these are handled entirely by LemonSqueezy.

Technical Data

We automatically collect your IP address, browser user agent, and session information when you use the Service. This data is used for security, rate limiting, and session management.

3. How We Use Your Information

  • Report generation: To gather property data and generate your report.
  • Payment processing: To complete transactions and issue refunds.
  • Email communication: To send you report download links and payment confirmations.
  • Security: To prevent abuse, enforce rate limits, and verify CAPTCHA challenges.
  • Account management: To link reports to your account and provide access to your report history.

4. Third-Party Services

We share data with the following third-party services as necessary to operate the Service:

  • Google Maps: Address geocoding and autocomplete. Your search queries are sent to Google.
  • LemonSqueezy (Merchant of Record): Payment processing. Your email and transaction details are shared with LemonSqueezy.
  • Resend: Email delivery. Your email address and report links are shared with Resend.
  • Cloudflare: CDN, DDoS protection, and CAPTCHA (Turnstile). Your IP address and challenge tokens are processed by Cloudflare.

We do not sell your personal information to any third party.

5. Cookies & Tracking

We use session cookies solely for authentication and session management. We do not use advertising cookies, analytics trackers, or any third-party tracking scripts.

6. Data Retention

  • Reports and orders: Stored indefinitely so you can access your report history.
  • Sessions: Expire automatically based on session timeout settings.
  • Report access tokens: Expire after 7 days.

You may request deletion of your data at any time by contacting us (see Section 11).

7. Your Rights Under GDPR

If you are located in the European Economic Area (EEA), you have the following rights under the General Data Protection Regulation:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Request correction of inaccurate data.
  • Erasure: Request deletion of your personal data.
  • Data portability: Request a machine-readable copy of your data.
  • Objection: Object to processing of your data in certain circumstances.
  • Restriction: Request restriction of processing in certain circumstances.

To exercise any of these rights, contact us at support@sekira.ai. We will respond within 30 days.

8. Your Rights Under CCPA

If you are a California resident, you have the following rights under the California Consumer Privacy Act:

  • Right to know: Request what personal information we collect, use, and disclose.
  • Right to delete: Request deletion of your personal information.
  • Right to opt-out: We do not sell personal information, so this right does not apply.
  • Non-discrimination: We will not discriminate against you for exercising your rights.

To exercise these rights, contact us at support@sekira.ai.

9. Data Security

We implement appropriate technical measures to protect your data, including HTTPS encryption, signed payment webhooks, CAPTCHA verification, rate limiting, and Content Security Policy headers. However, no method of transmission over the Internet is 100% secure.

10. Children's Privacy

The Service is not directed at children under the age of 16. We do not knowingly collect personal information from children. If you believe we have inadvertently collected such data, please contact us and we will promptly delete it.

11. International Data Transfers

Your data may be processed in jurisdictions outside your country of residence. By using the Service, you consent to the transfer of your data to these jurisdictions. We take steps to ensure your data is treated securely and in accordance with this Privacy Policy.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated effective date. Your continued use of the Service after changes are posted constitutes acceptance of the updated policy.

13. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your data rights, contact us at support@sekira.ai.