Privacy Policy
Last updated: March 18, 2026
This Privacy Policy describes how RavenWing LLC ("Company," "we," "us," or "our") collects, uses, processes, stores, shares, and protects personal information and other data when you access or use FenceTrace (the "Service"). This Privacy Policy applies to all users of the Service, regardless of geographic location, and governs all data processing activities performed by RavenWing LLC in connection with the Service.
By accessing or using the Service, you acknowledge that you have read, understood, and agree to the data practices described in this Privacy Policy. This Privacy Policy is incorporated into and forms part of our Terms of Service. If you do not agree with these practices, you must not access or use the Service.
RavenWing LLC is a small business organized under the laws of the Commonwealth of Virginia, with its principal place of business in Mechanicsville, Virginia.
Table of Contents
- Information We Collect
- How We Collect Information
- Legal Basis for Processing
- How We Use Your Information
- Third-Party Services
- Data Sharing
- Data Storage Location
- Data Security
- Data Retention
- Your Rights
- Cookie Policy
- Children's Privacy
- International Data Transfers
- California Privacy Rights (CCPA)
- Changes to This Policy
- Contact Information
1. Information We Collect
We collect the following categories of information in connection with the Service. The specific information collected depends on how you interact with the Service and which features you use.
1.1 Account Information
When you create a FenceTrace account, we collect the following personal information:
- Email address (required; used as your primary account identifier and for account-related communications)
- Password (required; authentication is handled by AWS Cognito, a managed identity service that stores credentials securely using industry-standard hashing; we never store, log, transmit, or have access to your plaintext password)
- Full name (optional; if provided during registration or in account settings)
- Company or business name (optional; if provided during registration or in account settings)
- Business phone number (optional; if provided in account settings)
- Business address (optional; if provided in account settings)
- Account creation date and time
- Subscription status, plan type, billing cycle, and plan history
- Account role and permissions (for multi-user accounts)
1.2 Payment Information
Payment processing is handled exclusively by our third-party payment processor, Stripe, Inc. ("Stripe"), a PCI DSS Level 1 certified service provider. When you subscribe to a paid plan, Stripe collects and processes your payment card details directly through its secure, PCI-compliant infrastructure. RavenWing LLC does not collect, process, store, or have access to your full card number, CVV/CVC, PIN, or other sensitive payment authentication data at any time. We receive from Stripe only the following limited information:
- Last four digits of your payment card number
- Card brand (e.g., Visa, Mastercard, American Express, Discover)
- Card expiration month and year
- Billing address (city, state, postal code, and country, if provided to Stripe)
- Subscription status, plan type, billing cycle, and payment history (including amounts, dates, and success/failure status)
- Stripe Customer ID (an opaque, non-reversible identifier assigned by Stripe)
- Stripe Subscription ID and Payment Intent IDs (opaque identifiers)
1.3 Estimate and Project Data
When you use the Service to create fence estimates, we collect, process, and store the following data that you input or that the Service generates based on your input:
- Property addresses, street addresses, and geographic coordinates (latitude/longitude) that you search for, select, or navigate to
- Fence line coordinates, vertex positions, segment lengths, and calculated linear footage measurements
- Fence type selections, style selections, height specifications, material specifications, and configuration options
- Gate type selections, gate dimensions, gate positions, and gate hardware specifications
- Material quantities, unit prices (default and custom), extended prices, and total cost calculations
- Customer names, company names, contact information (phone numbers, email addresses, mailing addresses), and customer notes, to the extent you choose to enter this information
- Project names, labels, notes, annotations, and internal reference numbers you add to estimates
- Generated PDF documents, shareable estimate links and their access tokens
- Estimate creation timestamps, modification timestamps, and version history
- Markup percentages, tax rates, discount amounts, and other financial parameters you configure
1.3a Photographs and Images
When you upload photographs or images to the Service in connection with your estimates and projects, we store them in Amazon Web Services S3 (Simple Storage Service). Photographs are associated with your Account and the specific estimate or project you attach them to. We collect:
- The photograph file itself (JPEG, PNG, or other image formats)
- File metadata (file name, file size, upload timestamp)
- The estimate or project the photograph is associated with
Photographs are stored encrypted at rest in AWS S3 and are accessible only to you through your authenticated Account. You are solely responsible for the content of any photographs you upload, including ensuring you have the legal right to capture and use the imagery.
1.4 Usage and Analytics Data
We automatically collect certain information about how you interact with the Service to help us understand usage patterns, improve the user experience, and maintain the Service:
- Pages, views, and features accessed, and frequency and duration of use
- Actions performed within the Service (e.g., creating estimates, adding fence lines, generating PDFs, sharing estimates, modifying prices)
- Session duration, session start and end times, entry pages, and exit pages
- Error logs, exception reports, and performance metrics (page load times, API response times)
- Referral source (how you arrived at the Service, including referring URL, campaign parameters, and search terms)
- Feature usage frequency and patterns (to prioritize development of commonly used features)
- Search queries entered into the address search bar within the Service
1.5 Device and Technical Information
We automatically collect technical information about the device, browser, and network connection you use to access the Service:
- IP address (may be used for approximate geolocation at the city or region level for analytics and security purposes)
- Browser type, version, and language preferences
- Operating system type and version
- Device type (desktop, laptop, tablet, or mobile), device manufacturer, and screen resolution
- Time zone and locale settings
- Date and time of each access request (access timestamps)
- HTTP request headers, including Accept, Accept-Language, and Accept-Encoding
- TLS/SSL protocol version and cipher suite used for the connection
1.6 Communication Data
When you contact our support team or otherwise communicate with us, we collect:
- The content of your communications (email messages, subject lines, attachments)
- Your email address and name (as provided in your communication)
- Timestamps of communications
- Any additional information you voluntarily provide in connection with your inquiry
2. How We Collect Information
2.1 Information You Provide Directly
We collect information that you voluntarily and affirmatively provide when you: create an Account; subscribe to a paid plan; create, edit, or manage fence estimates; enter customer data into the Service; configure your account preferences; contact our support team via email; respond to surveys or questionnaires; or otherwise interact with the Service. You are not required to provide any information beyond what is necessary to create an Account (email address and password), but certain features of the Service may require additional information to function.
2.2 Information Collected Automatically
We use cookies, server-side logging, session storage, local storage, and similar technologies to automatically collect usage data, device information, and technical information when you access the Service. This data is collected passively through your browser and our server infrastructure. See Section 11 (Cookie Policy) for detailed information about the specific cookies and storage mechanisms we use, their purposes, and their durations.
2.3 Information from Third-Party Services
We may receive limited information from third-party services that are integrated into or interact with the Service, including:
- Stripe: Subscription status updates, payment success or failure notifications, payment dispute notifications, fraud risk assessments, and card update notifications (e.g., when a card on file is replaced by the issuing bank)
- Map tile providers (Esri ArcGIS, OpenStreetMap): Satellite imagery, aerial imagery, and base map tiles rendered in response to geographic coordinates requested by the Service on your behalf. These providers do not provide us with personal information about you; however, your IP address and requested tile coordinates are transmitted to these providers as part of the tile request process.
- Geocoding services (Nominatim/OpenStreetMap): Latitude and longitude coordinates corresponding to property addresses you search within the Service. Your search query (address text) is transmitted to Nominatim for geocoding. Nominatim's usage policy requires that requests include an identifiable user agent and contact information; we include our application identifier and contact email, not your personal information.
- Google Fonts: When the Service loads web fonts from Google's content delivery network, Google may collect your IP address and browser user-agent string. No other personal information is shared with Google through this integration.
3. Legal Basis for Processing
We process your personal information on the following legal bases, as applicable under relevant data protection laws (including the EU General Data Protection Regulation, UK GDPR, and similar frameworks):
- Performance of a Contract: Processing that is necessary to provide the Service you have subscribed to and to fulfill our contractual obligations to you, including: account creation and management, estimate generation and storage, output document production, payment processing, subscription management, and customer support. (Applies to data described in Sections 1.1, 1.2, 1.3, and 1.6.)
- Legitimate Interest: Processing that is necessary for our legitimate business interests, provided that such interests are not overridden by your fundamental rights and freedoms. Our legitimate interests include: improving and optimizing the Service; understanding usage patterns and trends; detecting, preventing, and investigating fraud, abuse, and security incidents; enforcing our Terms of Service; maintaining system security and integrity; and conducting aggregated analytics. We conduct balancing tests to ensure our interests do not override your rights. (Applies to data described in Sections 1.4, 1.5, and 1.6.)
- Consent: Where required by applicable law, we obtain your informed, specific, and freely given consent before processing personal information for particular purposes, such as sending marketing or promotional communications, deploying non-essential analytics cookies, or processing data for purposes beyond what is strictly necessary for service delivery. You may withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal. (Applies to optional marketing communications and non-essential cookies.)
- Legal Obligation: Processing that is necessary to comply with applicable laws, regulations, legal processes, court orders, subpoenas, or enforceable governmental requests. (Applies to retention of billing records for tax compliance, responses to law enforcement requests, and similar obligations.)
4. How We Use Your Information
We use the information we collect for the following specific purposes. We process only the minimum amount of data necessary to achieve each stated purpose.
4.1 Service Delivery and Operations
- Providing, operating, maintaining, and improving the FenceTrace Service and all of its features
- Creating, authenticating, and managing your Account and Subscription
- Generating fence estimates, bills of materials, cost calculations, and related Output
- Rendering map imagery and satellite imagery for fence line drawing and property visualization
- Converting property addresses to geographic coordinates (geocoding) for map display
- Enabling shareable estimate links, PDF document generation, and estimate export
- Processing Subscription payments, managing billing cycles, and handling payment failures through Stripe
- Storing and retrieving your estimates, projects, and account data
4.2 Communication
- Sending transactional emails (account confirmation, email verification, password reset, billing receipts, payment confirmations, payment failure notifications, subscription renewal notices, and plan change confirmations)
- Responding to your support requests, questions, and inquiries in a timely manner
- Providing Service-related notices (including scheduled maintenance windows, unplanned outage notifications, policy changes, security alerts, and feature updates)
- Sending marketing or promotional communications (only with your explicit opt-in consent, and with an unsubscribe option in every communication)
4.3 Analytics, Improvement, and Development
- Analyzing usage patterns, trends, and user behavior to improve the Service's features, functionality, and user experience
- Identifying, diagnosing, and fixing bugs, errors, performance bottlenecks, and usability issues
- Developing, testing, and deploying new features, tools, and functionality
- Creating aggregated, de-identified, and anonymized data sets for internal benchmarking, statistical analysis, and Service improvement (in which no individual User, customer, or project is identifiable)
- Conducting A/B testing and feature experiments to optimize the user experience
- Monitoring system performance, server health, and infrastructure capacity
4.4 Security, Fraud Prevention, and Compliance
- Detecting, investigating, and preventing fraudulent, unauthorized, malicious, or illegal activity
- Monitoring for and responding to security threats, vulnerabilities, and anomalous behavior
- Enforcing our Terms of Service, EULA, and other policies
- Complying with applicable legal obligations, regulatory requirements, and valid legal process
- Maintaining audit logs for security and compliance purposes
- Preventing abuse of free trial offers and enforcing usage limits
We do not sell your personal information to third parties. We do not share your personal information with third parties for their own marketing purposes. We do not send marketing or promotional emails unless you have explicitly opted in to receive them.
5. Third-Party Services
The Service integrates with the following third-party services to provide its functionality. Each third-party service operates under its own terms of service and privacy policy, which govern their respective collection and processing of data. We encourage you to review their policies.
| Service | Provider | Purpose | Data Shared / Accessible |
|---|---|---|---|
| Cloud Hosting & Infrastructure | Amazon Web Services, Inc. (AWS) | Application hosting, compute, database, file storage, content delivery, and infrastructure services | All Service data is stored and processed on AWS infrastructure. AWS acts as a data processor on our behalf and does not access or use your data for its own purposes. |
| Payment Processing | Stripe, Inc. | Subscription billing, payment card processing, fraud detection, and payment compliance (PCI DSS) | Payment card details (collected directly by Stripe), billing address, email address, subscription plan details, and transaction amounts |
| Authentication | Amazon Web Services (AWS Cognito) | User identity management, authentication, account registration, password reset, and session token issuance | Email address, hashed password, authentication tokens, and session metadata. AWS Cognito acts as a data processor on our behalf. |
| Satellite & Aerial Imagery / Map Tiles | Esri (ArcGIS World Imagery) and OpenStreetMap contributors | Rendering satellite imagery, aerial photography, and base map tiles for fence line drawing, property visualization, and measurement | Geographic coordinates (latitude/longitude) of map viewport center and bounds, zoom level, and tile coordinates. Your IP address is transmitted as part of tile HTTP requests. |
| Geocoding (Address Search) | Nominatim (operated by OpenStreetMap Foundation) | Converting property addresses entered by users into geographic coordinates (latitude/longitude) for map display and navigation | Property address search text entered by users. Your IP address is transmitted as part of geocoding HTTP requests. Our application user-agent string is included per Nominatim usage policy. |
| Web Fonts (Typography) | Google Fonts (operated by Google LLC) | Rendering the Inter typeface used throughout the Service's user interface and generated documents | IP address and browser user-agent string (collected by Google when font files are loaded from Google's CDN). No other personal information is shared. |
| Analytics (planned) | Google LLC (Google Analytics) | Understanding usage patterns, page views, feature adoption, and user engagement to improve the Service | IP address (anonymized), browser type, device type, pages visited, session duration, and referral source. Google Analytics may be added in the future; if implemented, we will use IP anonymization and will not enable advertising features. See Google's Privacy Policy. |
We select third-party service providers that maintain appropriate security standards and data protection practices. Where required, we execute data processing agreements (DPAs) with our providers to ensure compliance with applicable data protection laws. However, we are not responsible for the privacy practices, security measures, or data handling of third-party services beyond our contractual agreements with them.
We encourage you to review the privacy policies of our third-party service providers:
- AWS Privacy Notice | AWS Data Privacy Center
- Stripe Privacy Policy | Stripe GDPR Guide
- Esri Privacy Policy
- OpenStreetMap Foundation Privacy Policy
- Google Privacy Policy (Fonts and Analytics)
6. Data Sharing
We do not sell, rent, trade, or otherwise commercially transfer your personal information to third parties. We share your information only in the following limited and specifically defined circumstances:
6.1 Third-Party Service Providers
We share information with the third-party services identified in Section 5 solely to the extent necessary for them to perform their respective functions in connection with the Service. These providers act as data processors on our behalf (where applicable) and are contractually obligated to use your information only for the purposes specified in our agreements with them.
6.2 Shareable Estimate Links
When you generate a shareable estimate link through the Service, the estimate data associated with that link (which may include property address, fence measurements, material selections, material quantities, unit prices, and total costs) becomes accessible to anyone who possesses the unique link URL. Shareable estimate links do not include your Account credentials, login information, personal contact information, or any information about other estimates in your account. Shareable links are designed to contain only the specific estimate data relevant to a single project. You are solely responsible for controlling the distribution of shareable links and for understanding that anyone with access to the link URL can view the estimate data.
6.3 Legal Requirements and Lawful Disclosure
We may disclose your information if we believe in good faith that such disclosure is reasonably necessary to:
- Comply with applicable law, regulation, legal process, subpoena, court order, or enforceable governmental request (including requests from law enforcement and national security agencies);
- Enforce our Terms of Service, EULA, and other agreements, including investigation of potential violations thereof;
- Detect, prevent, or address fraud, security incidents, abuse, or technical problems;
- Protect the rights, property, personal safety, or security of RavenWing LLC, our Users, or the public as required or permitted by applicable law; or
- Respond to an emergency involving danger of death or serious physical injury to any person, where disclosure is necessary to prevent such danger.
Where legally permitted, we will make reasonable efforts to notify you of any such disclosure before or promptly after it occurs, unless notification is prohibited by law or court order, or would jeopardize an ongoing investigation.
6.4 Business Transfers
In the event of a merger, acquisition, reorganization, dissolution, bankruptcy, asset sale, equity sale, or other business transfer or change of control involving RavenWing LLC (whether actual or contemplated), your personal information and User Content may be among the assets transferred, disclosed during due diligence, or otherwise provided to the acquiring, surviving, or successor entity. In such event:
- We will provide written notice (via email to the address associated with your Account) at least thirty (30) days prior to any transfer of your personal information to a new controlling entity;
- The successor entity will be bound by the terms of this Privacy Policy with respect to your previously collected personal information until such time as the successor entity provides you with notice of any changes and an opportunity to exercise your rights; and
- You will have the option to request deletion of your Account and personal information prior to the completion of any such transfer.
6.5 Aggregated and De-Identified Data
We may create, use, and share aggregated, de-identified, or anonymized data sets that cannot reasonably be used to identify you, any of your customers, or any specific project. Such data may be used for industry research, analytics, benchmarking, trend analysis, and other purposes. Aggregated and de-identified data is not considered personal information under this Privacy Policy or applicable data protection laws.
6.6 With Your Consent
We may share your personal information with third parties when we have your explicit, informed consent to do so for a specific, stated purpose.
7. Data Storage Location
All Service data, including your Account information, estimates, User Content, analytics data, and system logs, is stored on Amazon Web Services (AWS) infrastructure located in the US-East-1 (Northern Virginia) region within the United States of America.
AWS US-East-1 data centers maintain the following security certifications and compliance frameworks:
- SOC 1 (Type II), SOC 2 (Type II), and SOC 3 reports
- ISO 27001, ISO 27017, and ISO 27018 certifications
- PCI DSS Level 1 compliance
- FedRAMP authorization (applicable to government workloads)
- HIPAA eligibility (though FenceTrace does not process protected health information)
Database backups are maintained within the same AWS US-East-1 region for redundancy, disaster recovery, and business continuity purposes. Backups are encrypted at rest using AES-256 encryption and are retained in accordance with the retention periods described in Section 9.
Content delivery for static assets (such as web fonts and CSS files) may be served through content delivery networks (CDNs) with edge locations in various geographic regions, but no personal information or User Content is stored at CDN edge locations.
8. Data Security
We implement administrative, technical, and physical security measures designed to protect your personal information from unauthorized access, disclosure, alteration, destruction, and loss. These measures are commensurate with the sensitivity of the information processed and include, but are not limited to:
8.1 Technical Safeguards
- Encryption in Transit: All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher (Transport Layer Security) / HTTPS. We enforce HTTP Strict Transport Security (HSTS) headers to prevent protocol downgrade attacks.
- Encryption at Rest: All data stored on our servers, databases, and backup systems is encrypted at rest using AES-256 encryption (Advanced Encryption Standard with 256-bit keys) managed through AWS Key Management Service (KMS).
- Password Security: User passwords are hashed using bcrypt with unique per-user salts and a cost factor calibrated to current hardware capabilities. We never store, log, display, or have access to plaintext passwords. Password reset tokens are cryptographically random, single-use, and time-limited.
- Session Security: User sessions are managed using secure, httpOnly, and SameSite cookies with cryptographically random session identifiers. Sessions expire after periods of inactivity and may be terminated remotely by the user.
- CSRF Protection: Cross-site request forgery tokens are used on all state-changing operations to prevent unauthorized actions on behalf of authenticated users.
- Input Validation: All user input is validated, sanitized, and parameterized to prevent injection attacks (including SQL injection, XSS, and command injection).
8.2 Access Controls
- Principle of Least Privilege: Access to production systems, databases, and user data is restricted to authorized personnel on a need-to-know basis. Each team member has only the minimum permissions required for their role.
- Multi-Factor Authentication: Multi-factor authentication (MFA) is required for all administrative access to production systems, cloud infrastructure, and developer tools.
- Audit Logging: All administrative access to production systems is logged with timestamps, user identifiers, and actions performed. Audit logs are retained and reviewed regularly.
8.3 Infrastructure Security
- Network Security: Our hosting infrastructure on AWS employs Virtual Private Cloud (VPC) network isolation, security groups (firewalls), network access control lists (NACLs), and network segmentation to restrict traffic flow.
- Monitoring: We employ continuous monitoring, log aggregation, and alerting for security events, anomalous behavior, and system health.
- Vulnerability Management: We conduct periodic security assessments, code reviews, dependency vulnerability scanning, and infrastructure audits to identify and remediate vulnerabilities.
8.4 Incident Response
We maintain a documented incident response plan to address security breaches and data incidents promptly and effectively. In the event of a data breach affecting your personal information:
- We will investigate the incident and take immediate steps to contain and remediate the breach;
- We will notify affected users via email without unreasonable delay, and in any event within seventy-two (72) hours of confirming the breach (or as otherwise required by applicable law);
- We will notify relevant data protection authorities and law enforcement as required by applicable law; and
- We will provide affected users with a description of the nature of the breach, the categories of data affected, the likely consequences, and the measures taken or proposed to address the breach.
No method of electronic transmission or storage is 100% secure. While we implement reasonable precautions and industry-standard safeguards to protect your information, we cannot guarantee absolute security against all threats. You are responsible for maintaining the confidentiality of your Account credentials and for reporting any suspected security incidents promptly to support@fencetrace.com.
9. Data Retention
We retain your personal information for as long as reasonably necessary to fulfill the purposes described in this Privacy Policy, to comply with our legal obligations, to resolve disputes, and to enforce our agreements. Specific retention periods for each category of data are as follows:
| Data Category | Retention Period | Basis |
|---|---|---|
| Account Information (email, name, company) | Duration of active Account, plus 90 days after cancellation or termination | Contract performance; reactivation window |
| Estimate and Project Data | Duration of active Account, plus 90 days after cancellation or termination | Contract performance; data export window |
| Payment and Billing Records | Seven (7) years from the date of each transaction | Legal obligation (IRS record-keeping requirements; state tax compliance) |
| Usage and Analytics Data | Twenty-four (24) months from the date of collection | Legitimate interest (service improvement and trend analysis) |
| Device and Technical Information | Twenty-four (24) months from the date of collection | Legitimate interest (security monitoring and analytics) |
| Server Access Logs | Ninety (90) days from the date of collection | Legitimate interest (security monitoring, incident investigation) |
| Support Correspondence | Three (3) years from the date of last interaction in the support thread | Legitimate interest (service quality, dispute resolution) |
| Cookie Data | See Section 11 (Cookie Policy) for specific durations per cookie | Varies by cookie type (see Section 11) |
| Database Backups | Up to 180 days after data is deleted from active systems | Legitimate interest (disaster recovery, business continuity) |
| Security Audit Logs | Two (2) years from the date of the logged event | Legitimate interest (security compliance, incident forensics) |
Upon expiration of the applicable retention period, personal information will be securely deleted or irreversibly anonymized using industry-standard data destruction methods. Certain information may be retained beyond these periods only as strictly necessary to comply with legal obligations, resolve pending disputes, enforce our agreements, or respond to active litigation holds.
10. Your Rights
Depending on your jurisdiction and applicable data protection laws (including the EU GDPR, UK GDPR, California CCPA/CPRA, Virginia VCDPA, Colorado CPA, Connecticut CTDPA, and similar frameworks), you may have the following rights regarding your personal information:
10.1 Right of Access
You have the right to request a copy of the personal information we hold about you. Upon a verified request, we will provide this information in a commonly used, structured, machine-readable format (such as JSON or CSV) within thirty (30) days of receiving your verified request. If the request is complex or voluminous, we may extend this period by an additional thirty (30) days with written notice to you.
10.2 Right to Correction (Rectification)
You have the right to request that we correct any inaccurate, incomplete, or outdated personal information we hold about you. You may update most of your Account information (including name, email, company name, and business details) directly through the Service at any time. For corrections that cannot be made through the Service interface, contact us at support@fencetrace.com.
10.3 Right to Deletion (Erasure / Right to Be Forgotten)
You have the right to request that we delete your personal information, subject to certain exceptions. We may retain information where deletion would conflict with our legal obligations (such as tax record-keeping requirements), where the data is necessary to resolve pending disputes, or where retention is otherwise permitted by applicable law. To request deletion of your Account and all associated data, contact us at support@fencetrace.com. Deletion requests will be processed within thirty (30) business days.
10.4 Right to Data Portability
You have the right to request a copy of your data in a structured, commonly used, machine-readable format. This includes your estimate data, project data, customer data you have entered, and Account information. You may request your data in JSON, CSV, or PDF format. The Service provides an "Export My Data" feature that allows you to download your data directly from your Account settings. You may also submit a data export request to support@fencetrace.com, and we will provide the requested data within thirty (30) days of your verified request.
10.5 Right to Opt Out
You may opt out of:
- Marketing communications: By clicking the "unsubscribe" link in any marketing email, by adjusting your communication preferences in your Account settings, or by contacting us at support@fencetrace.com. Opting out of marketing emails does not affect transactional or Service-related communications (such as billing receipts, security alerts, and Terms updates), which are necessary for the operation of your Account.
- Non-essential cookies: By adjusting your browser cookie settings or by using the cookie preference mechanisms described in Section 11. Note that blocking strictly necessary cookies may impair the functionality of the Service.
- Analytics data collection: By contacting us at support@fencetrace.com to request that we exclude your Account from analytics data collection. This will not affect the core functionality of the Service.
10.6 Right to Restrict Processing
You have the right to request that we restrict the processing of your personal information in certain circumstances, including: when you contest the accuracy of your data (during the period we verify accuracy); when you object to our processing and we are evaluating whether our legitimate interests override your rights; when our processing is unlawful but you prefer restriction over deletion; or when we no longer need the data but you require it for legal claims.
10.7 Right to Object
You have the right to object to our processing of your personal information where we rely on legitimate interest as our legal basis. Upon receiving your objection, we will cease processing the relevant data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or where the processing is necessary for the establishment, exercise, or defense of legal claims.
10.8 Right to Withdraw Consent
Where our processing of your personal information is based on your consent, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing that was based on consent before it was withdrawn.
10.9 Exercising Your Rights
To exercise any of the rights described above, please contact us at support@fencetrace.com with the subject line "Privacy Rights Request." Please include in your request: (a) your full name; (b) the email address associated with your Account; (c) the specific right(s) you wish to exercise; and (d) any additional information that may help us locate and verify your data.
We may require you to verify your identity before processing your request to protect against unauthorized access to your data. Verification may include confirming ownership of the email address associated with your Account. We will respond to all valid, verified requests within thirty (30) days. If we require additional time due to the complexity of the request, we will inform you of the reason and the expected completion date within the initial thirty (30) day period.
You will not be discriminated against, penalized, or subjected to any adverse consequence for exercising any of your privacy rights. We will not deny you the Service, charge you different prices, provide you with a different level or quality of Service, or suggest that you will receive any of the foregoing as a result of exercising your rights.
11. Cookie Policy
FenceTrace uses cookies and similar client-side storage technologies (including local storage and session storage in your web browser) to provide, secure, and improve the Service. A "cookie" is a small data file placed on your device by your web browser when you visit a website. This section describes the specific cookies we use, their purposes, and how you can manage them.
11.1 Categories of Cookies
We categorize the cookies used in the Service as follows:
- Strictly Necessary Cookies: Required for the Service to function. These cookies enable core functionality such as user authentication, session management, and security protection. The Service cannot operate correctly without these cookies. You cannot opt out of strictly necessary cookies.
- Functional Cookies: Enable enhanced functionality and personalization, such as remembering your preferences, default settings, and display options. These cookies are not strictly necessary but improve your experience.
- Analytics Cookies: Collect anonymized information about how the Service is used, including pages visited, features used, and session duration. This data helps us understand usage patterns and improve the Service. Analytics cookies do not contain personally identifiable information.
11.2 Specific Cookies We Use
| Cookie Name | Category | Purpose | Duration |
|---|---|---|---|
fc_session |
Strictly Necessary | Maintains your authenticated session after login. Contains a cryptographically random session identifier. Required for the Service to recognize you as a logged-in user. | Session (expires when browser is closed), or 30 days if "Remember me" is selected during login |
fc_csrf |
Strictly Necessary | Cross-site request forgery (CSRF) protection token. Prevents unauthorized third-party websites from performing actions on your behalf while you are logged in. | Session (expires when browser is closed) |
fc_consent |
Strictly Necessary | Records your cookie consent preferences (which categories of cookies you have accepted or declined). | 1 year |
fc_prefs |
Functional | Stores your application preferences, including default fence type, preferred map view, measurement units, and display settings. | 1 year |
fc_theme |
Functional | Stores your display theme preference (if applicable). | 1 year |
fc_analytics |
Analytics | Collects anonymized, non-personally-identifiable usage data to help us understand how the Service is used, identify popular features, and detect areas for improvement. | 1 year |
fc_ref |
Analytics | Records the referral source that brought you to the Service (e.g., search engine, direct link, marketing campaign). Used for marketing attribution and channel analysis. | 30 days |
fc_ab |
Analytics | Assigns you to A/B test groups for feature experiments. Contains only a randomized group identifier, no personal information. | 90 days |
11.3 Third-Party Cookies
Certain third-party services integrated into FenceTrace may set their own cookies on your device when you use the Service:
- Stripe: Sets cookies necessary for secure payment processing, fraud detection, and bot prevention when you interact with payment forms. See Stripe's cookie policy for details.
- Google Fonts: May set cookies or use other tracking mechanisms when loading font files from Google's content delivery network. See Google's cookie policy for details.
We do not control third-party cookies and are not responsible for their content, duration, or data collection practices.
11.4 Local Storage and Session Storage
In addition to cookies, the Service uses your browser's local storage and session storage APIs to store authentication tokens (issued by AWS Cognito), application state, cached data, and user preferences locally on your device. Authentication tokens stored in local storage are required for the Service to maintain your logged-in session. Data stored in local storage persists until explicitly cleared by you or by the application. Data stored in session storage is automatically cleared when you close your browser tab.
11.5 Managing Cookies
You can control and manage cookies through your browser settings. Most modern browsers allow you to view, block, or delete cookies for specific websites. However, please note that blocking or deleting strictly necessary cookies (such as fc_session and fc_csrf) will prevent the Service from functioning correctly, and you may be unable to log in or use the Service.
Instructions for managing cookies in common browsers:
12. Children's Privacy
FenceTrace is a business-to-business software tool designed for use by fencing professionals, contractors, and related businesses. The Service is not intended for, directed at, or designed to attract individuals under the age of eighteen (18).
In compliance with the Children's Online Privacy Protection Act (COPPA), we do not knowingly collect, solicit, use, or maintain personal information from children under the age of thirteen (13). In compliance with our Terms of Service, we do not permit individuals under the age of eighteen (18) to create Accounts or use the Service.
If we become aware that we have inadvertently collected personal information from an individual under the age of eighteen (18), we will take immediate steps to:
- Delete all personal information associated with the individual from our active systems and backups;
- Terminate the associated Account; and
- Notify the individual (or their parent or legal guardian, if applicable) of the deletion.
If you believe that a child under the age of eighteen (18) has provided us with personal information or created an Account, please contact us immediately at support@fencetrace.com with the subject line "COPPA Concern" so that we can promptly investigate and take appropriate action.
13. International Data Transfers
The Service is operated from, and all data is stored and processed in, the United States of America (specifically, the AWS US-East-1 region in Northern Virginia). If you access the Service from outside the United States, you acknowledge and understand that your personal information will be transferred to, processed in, and stored in the United States, where data protection and privacy laws may differ from, and may provide fewer protections than, those in your country, state, or jurisdiction of residence.
By accessing and using the Service, you explicitly consent to the transfer of your personal information to the United States for processing and storage as described in this Privacy Policy.
13.1 European Economic Area (EEA), United Kingdom, and Switzerland
If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, the transfer of your personal information to the United States constitutes a transfer to a country that has not been found to provide an adequate level of data protection by the European Commission or the UK Information Commissioner's Office. To ensure that your personal information receives an adequate level of protection, we rely on the following lawful transfer mechanisms as applicable:
- Your explicit consent to the transfer, provided at the time of Account creation;
- Performance of a contract between you and RavenWing LLC (i.e., providing the Service you have subscribed to);
- Standard Contractual Clauses (SCCs) approved by the European Commission (Commission Implementing Decision (EU) 2021/914), where applicable to transfers to our sub-processors; and
- Any other applicable transfer mechanism recognized under applicable data protection law.
You may request a copy of the safeguards we use for international data transfers by contacting us at support@fencetrace.com.
13.2 Other Jurisdictions
If you are located in any other jurisdiction that imposes restrictions on cross-border data transfers, by using the Service you consent to the transfer of your personal information to the United States as described in this Privacy Policy. If applicable law requires specific transfer mechanisms, we will take reasonable steps to implement them.
14. California Privacy Rights (CCPA/CPRA)
If you are a California resident, the California Consumer Privacy Act of 2018 (CCPA), as amended by the California Privacy Rights Act of 2020 (CPRA), provides you with additional rights regarding your personal information. This section supplements the rest of this Privacy Policy with disclosures specific to California residents.
14.1 Right to Know
You have the right to request that we disclose the following information covering the twelve (12) month period preceding your request:
- The categories of personal information we have collected about you;
- The categories of sources from which the personal information was collected;
- The business or commercial purposes for collecting or selling the personal information;
- The categories of third parties with whom we share personal information; and
- The specific pieces of personal information we have collected about you.
14.2 Right to Delete
You have the right to request that we delete personal information we have collected from you, subject to certain exceptions permitted by the CCPA/CPRA (including retention required to complete a transaction, comply with legal obligations, detect security incidents, exercise free speech, or for internal uses reasonably aligned with your expectations).
14.3 Right to Correct
You have the right to request that we correct inaccurate personal information that we maintain about you, taking into account the nature of the personal information and the purposes of processing.
14.4 Right to Opt Out of Sale or Sharing
We do not sell personal information. We have not sold personal information in the preceding twelve (12) months and do not intend to sell personal information in the future. We do not share personal information with third parties for cross-context behavioral advertising purposes. As we do not sell or share personal information as defined by the CCPA/CPRA, no opt-out mechanism for sale or sharing is required or offered.
14.5 Right to Limit Use of Sensitive Personal Information
We do not collect or process sensitive personal information as defined by the CCPA/CPRA (such as Social Security numbers, driver's license numbers, financial account credentials, precise geolocation of your person, racial or ethnic origin, religious beliefs, genetic data, biometric data, health information, or sex life/sexual orientation information).
14.6 Right to Non-Discrimination
We will not discriminate against you for exercising any of your CCPA/CPRA rights. Specifically, we will not: deny you the Service; charge you different prices or rates; provide you with a different level or quality of the Service; or suggest that you will receive any of the foregoing differential treatment as a result of exercising your privacy rights.
14.7 Categories of Information Collected
In the preceding twelve (12) months, we have collected the following categories of personal information as defined by the CCPA/CPRA:
| CCPA Category | Examples Collected | Source | Business Purpose |
|---|---|---|---|
| A. Identifiers | Email address, name, IP address, Stripe Customer ID, Account ID | Directly from you; automatically collected | Account management, authentication, communication |
| B. Personal Information (Cal. Civ. Code 1798.80(e)) | Name, company name, email address, billing address | Directly from you; from Stripe | Account management, billing, service delivery |
| D. Commercial Information | Subscription records, payment history, transaction amounts, estimates created, features used | Directly from you; from Stripe; automatically collected | Billing, service delivery, analytics |
| F. Internet or Network Activity | Browsing history within the Service, pages visited, features used, session duration, interaction data, referral source | Automatically collected | Service improvement, analytics, security |
| G. Geolocation Data | Property addresses and geographic coordinates entered into estimates (not your personal real-time location) | Directly from you | Service delivery (map display, estimate generation) |
| K. Inferences | Usage patterns, feature preferences, subscription likelihood (derived from usage data) | Derived from collected information | Service improvement, product development |
14.8 Retention of Personal Information
We retain each category of personal information for the period described in Section 9 (Data Retention) of this Privacy Policy.
14.9 Exercising Your California Privacy Rights
To exercise your rights under the CCPA/CPRA, you may:
- Email us at support@fencetrace.com with the subject line "California Privacy Rights Request"
You may also designate an authorized agent to submit a request on your behalf. If you use an authorized agent, we may require: (a) proof of your written authorization for the agent; and (b) verification of your own identity directly with us.
We will verify your identity before fulfilling any request by confirming ownership of the email address associated with your Account. We will respond to verified requests within forty-five (45) days. If we require additional time (up to an additional forty-five (45) days), we will notify you of the extension and the reason therefor within the initial forty-five (45) day period. You may submit up to two (2) verifiable consumer requests within a twelve (12) month period.
15. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our data practices, the Service's features, applicable laws, or other factors. When we make changes to this Privacy Policy:
- We will update the "Last updated" date at the top of this page to reflect the date of the most recent revision;
- For material changes (including changes to the types of data collected, new data sharing practices, changes to your rights, or new uses of personal information), we will provide notice by email to the address associated with your Account and/or by displaying a prominent notice within the Service at least thirty (30) days before the changes take effect;
- For non-material changes (such as typographical corrections, clarifications, or formatting updates that do not substantively alter your rights or our data practices), changes may take effect immediately upon posting;
- Your continued use of the Service after the effective date of any modification constitutes your acceptance of the updated Privacy Policy; and
- If you do not agree with the updated Privacy Policy, you should discontinue use of the Service before the effective date and may request deletion of your Account and personal information.
We encourage you to review this Privacy Policy periodically to stay informed about how we collect, use, and protect your information. We will maintain an archive of prior versions of this Privacy Policy, which will be available upon request.
16. Contact Information
If you have any questions, concerns, complaints, or requests regarding this Privacy Policy or our data practices, please contact us at:
RavenWing LLC
Mechanicsville, Virginia 23111
United States of America
Email: support@fencetrace.com
For privacy-specific inquiries, data protection requests, privacy rights requests, or to report a data security concern, please include "Privacy" in the subject line of your email to ensure prompt routing and prioritized handling.
If you are not satisfied with our response to your privacy concern, you may have the right to lodge a complaint with your local data protection authority or supervisory authority. For EU residents, a list of data protection authorities is available at https://edpb.europa.eu/about-edpb/about-edpb/members_en. For UK residents, you may contact the Information Commissioner's Office (ICO) at https://ico.org.uk/.
RavenWing LLC is a small business organized under the laws of the Commonwealth of Virginia.