Privacy Policy

When you submit a pole concern through AcreSeal, we may collect:

• Contact information (optional) — phone number, email address
• Location data — GPS coordinates captured at time of submission
• Photo evidence — photos with EXIF metadata (camera model, timestamp, GPS if embedded)
• Device information — browser type, operating system, screen size (for platform optimization)
• Submission content — description of the pole concern, concern category, pole asset tag

What we do not collect: the submission form does not request your name. The API enforces this — the landowner_name field is always stored empty regardless of input.

For utility dashboard users, we collect work email and role information provided during account provisioning.

• Public complaint form at acreseal.com/report — landowner-initiated submissions
• Inspector field reports — utility staff submissions during pole inspections
• Dashboard activity — complaint management, assignment tracking, report generation
• Automated capture — GPS coordinates, environmental conditions (weather data from the NOAA National Weather Service at time of submission)

• Complaint processing — routing your report to the responsible utility for resolution
• Compliance documentation — creating forensic evidence records under HB 144 Sec. 38.103
• PUCT reporting — generating monthly compliance reports for utility regulatory filings
• Status updates — sending you email or SMS notifications about your complaint (if contact info provided)
• Platform improvement — aggregated, anonymized usage data to improve the platform

Your data is stored on Supabase (PostgreSQL) hosted on AWS US East infrastructure.

• Encryption at rest — AES-256-GCM for email and phone, with key material derived via HKDF from a service-role secret never exposed client-side
• Encryption in transit — TLS 1.3 for all connections
• Spatial data — GPS coordinates stored via PostGIS with Row Level Security (RLS)
• Complaint description — stored plaintext by design. Texas HB 144 requires the original description text to be preserved unaltered for forensic immutability; encrypting it would break the audit chain that regulators rely on. Description data is never sold, shared with advertisers, or used for analytics.
• Forensic integrity — SHA-256 hash chains ensure records cannot be altered after creation
• Access control — Row Level Security policies restrict data access by utility and role

For more details on our security architecture, see our Security page.

• Personal information (name, email, phone) — retained for 1 year, then replaced with “[REDACTED]” while preserving the complaint record
• Complaint records — retained for 5 years, aligned with the PUCT audit window under HB 144
• Forensic hash chains and audit logs — retained indefinitely for evidentiary continuity
• After 5 years — complaint records are archived (soft-deleted from active dashboards but remain in the database for verification)

Your data is shared with the assigned utility responsible for the pole in your report. This is necessary for complaint resolution under HB 144.

A small number of operational vendors receive specific fields to deliver the service. Each receives only what it needs:

• NOAA National Weather Service — receives your GPS coordinates only, to fetch the weather conditions at the moment you reported the issue. NWS is a US federal agency; no personal data is transmitted.
• Anthropic (our AI vendor) — receives your complaint description and GPS for two purposes: identifying the most likely affected utility pole, and drafting your confirmation message. Anthropic does not receive your name, email, or phone.
• Resend (email delivery) — receives your email address only when sending you a confirmation or status update.
• Twilio / Resend (SMS delivery) — receives your phone number only when sending SMS confirmations.
• Cloudflare Turnstile — receives a verification token to confirm you are not a bot. No complaint data is transmitted.

Beyond the operational vendors listed above:

• We never sell personal data to third parties
• We never share identifiable data with advertisers or data brokers
• Aggregated, anonymized data may be used for infrastructure insights and platform improvement
• We may disclose data if required by law, court order, or regulatory proceeding (e.g., PUCT audit)

You have the right to:

• Access — request a copy of the data we hold about you
• Correction — request correction of inaccurate information
• Deletion — request deletion of your personal data, subject to regulatory retention requirements (complaint records must be retained for 5 years under HB 144)
• Portability — request your data in a standard format (CSV or JSON)

To exercise any of these rights, contact info@acreseal.com.

For questions about this privacy policy or how we handle your data: