Your data is your data.

The Real Estate Investor Toolkit ("the Toolkit," "we," "us") is a product of Hehl Holdings. When you create an account, analyze a property, or save a deal, you're interacting with software we built and we operate.

This policy covers the Toolkit web application, our marketing site, and any free calculators we publish. It applies to everyone who uses our services, whether you're on the free tier, the Pro plan, or just browsing.

We collect the minimum we need to run the service. That breaks down into three buckets:

Your email address, name, and password hash. If you pay us, we pass your billing details to our payment processor (Stripe) — we never see or store your full card number.

Properties you analyze, comps you save, rehab scopes you build, reports you generate, and notes you write. This is your working data. It lives in your account and nowhere else.

Standard web logs — IP address, browser type, pages visited, timestamps. We use this to keep the service running, debug problems, and understand which features actually get used.

We use your data to do exactly what you'd expect:

• Run the service you pay for — save your deals, pull comps, generate reports.
• Keep you signed in and authenticate requests.
• Bill you correctly and send receipts.
• Send you service emails (password resets, billing notices, critical updates).
• Improve the product — understand which features are used, fix bugs, ship faster.
• Comply with legal obligations when we have to.

That's it. We don't use your data to build profiles for advertisers, enrich third-party databases, or sell market intelligence back to anyone.

Inside our company: a small number of engineers and support staff who need access to operate the service and help you when something breaks. Access is logged and limited to what's actually required.

Outside our company: a short list of subprocessors that help us run the business. Each one signs a data processing agreement with us.

We don't share your data with anyone else, including other users of the Toolkit. Your comps, rehab scopes, and deal analyses are not visible to anyone outside your account.

Plain and simple — this is worth saying out loud:

• We don't sell your personal data to anyone.
• We don't share it with advertising networks or data brokers.
• We don't sell aggregated or "anonymized" deal data to the real estate industry.
• We don't let insurers, lenders, or market-data companies buy access to what you analyze.
• We don't run ad-based re-targeting based on what you do inside the product.

We make money one way: you pay us a subscription for software. That's the whole business model, and we like it that way.

The Toolkit uses AI for things like deal summaries, comp narratives, and the "Ask AI" feature. Here's what that actually means:

• We send the minimum context needed to answer your question — not your entire deal history.
• We use enterprise API tiers from our AI providers that contractually prohibit training on our data.
• Your deals, comps, and analyses are never used to train any model, ours or anyone else's.
• We do not publish or share AI-generated outputs with other users.

If an AI provider ever changes its terms in a way that would allow training on customer data, we'll switch providers before that takes effect.

We use a small number of cookies, all first-party:

• A session cookie to keep you signed in.
• A preferences cookie to remember things like dark mode and sidebar state.
• A basic analytics cookie to count page views and measure what's broken.

We don't use third-party advertising pixels, Facebook tracking, Google Ads tags, or cross-site trackers. If you block cookies entirely, sign-in won't work — that's the only functional impact.

Your data is stored on servers in the United States, encrypted at rest (AES-256) and in transit (TLS 1.2+). Passwords are hashed with bcrypt, never stored in plain text.

We maintain a controls-aligned security posture modeled on SOC 2 Type II: least-privilege access, audit logging, regular vulnerability scans, and incident response procedures. If a breach ever materially affects your data, we'll notify you directly and promptly — no burying it in a status page.

Wherever you live, you have these rights over your data:

• Access — request a copy of everything we have about you.
• Correct — fix anything that's wrong.
• Delete — wipe your account and all associated data.
• Export — download your deals, comps, and reports in a standard format.
• Object — tell us to stop specific uses (e.g., product emails you don't want).

If you're in California, the EU, or the UK, you have additional rights under CCPA, GDPR, and UK-GDPR respectively. We honor all of them regardless of where you're located — same rules for everyone. Email privacy@reinvestortoolkit.com and we'll respond within 30 days.

While your account is active, we keep your data so you can use the service. When you close your account:

• Your deal data and analyses are deleted within 30 days.
• Billing records are kept for 7 years to satisfy US tax law. That's it.
• Backups roll off within 90 days of deletion.

If you want to take your data with you before closing, use the export feature in settings — you'll get a clean JSON and CSV archive of everything.

The Toolkit is for adult real estate investors. We don't knowingly collect data from anyone under 18, and the service isn't directed at children. If we learn we've collected data from a minor, we'll delete it.

We'll update this page when we change how we handle data. Material changes get an email notice at least 30 days before they take effect — you'll have a chance to review and, if you don't like it, export and close your account before anything changes.

Every version is archived. Ask us and we'll send you the full revision history.

Questions, requests, or a data issue you need to flag? Email privacy@reinvestortoolkit.com and a real human will get back to you within two business days.

Mailing address for formal correspondence: Hehl Holdings, Privacy Team. Reply to the email address above and we'll confirm where to send hard copy.