1. Parties and Purpose
This Data Processing Agreement (“DPA”) is between COS Claira Operating System LLC (“PropGap,” “we,” “us”) and the law firm, tax consulting practice, or individual professional (“Client,” “you”) that has signed up for PropGap Pro services.
This DPA governs the processing of personal data and client property information that Client submits to PropGap for the purpose of generating property tax evidence kits, comparable sales analyses, and protest forms (“Services”).
2. Roles
Data Controller: The Client is the data controller for all personal data and client property information submitted to PropGap. The Client determines the purposes and means of processing.
Data Processor: PropGap acts as a data processor, processing data only as instructed by the Client and as necessary to deliver the Services.
3. Data We Process
PropGap Pro processes the following categories of data on behalf of the Client:
- Property addresses submitted for analysis
- Assessed values provided by the Client
- Firm name and contact email (account management)
- Batch processing results (gap calculations, comparable sales)
- Appeal outcome notes entered by the Client
PropGap does not process social security numbers, government IDs, financial account details, or sensitive personal categories as defined by applicable privacy law.
4. Processing Instructions
PropGap will process Client data only: (a) as necessary to provide the Services; (b) as directed by the Client through use of the PropGap Pro platform; and (c) as required by applicable law. PropGap will not sell Client data to third parties or use it to train machine learning models.
5. Sub-processors
PropGap uses the following sub-processors to deliver the Services:
| Sub-processor | Purpose | Location |
|---|---|---|
| Supabase | Database (batch results, firm records) | US East |
| RentCast | Property data and comparable sales lookup | United States |
| Resend | Transactional email delivery | United States |
| Stripe | Payment processing | United States |
| Vercel | Application hosting and edge network | United States |
PropGap will notify Clients of material changes to this sub-processor list by email at least 10 days in advance.
6. Security Measures
PropGap implements the following technical and organizational measures to protect Client data:
- All data transmitted over TLS 1.2 or higher
- Database access restricted to service accounts via Supabase Row-Level Security and admin client credentials
- Access keys are single-credential, firm-scoped, and never exposed in server logs
- PDF evidence kits generated server-side and served over authenticated endpoints
- Stripe handles all payment card data — PropGap never stores card numbers
- Passwords: PropGap uses key-based authentication; no passwords are stored
7. Data Retention
Batch results, evidence kit data, and outcome records are retained for the life of the Client’s subscription plus 12 months. Clients may request deletion of their firm’s data at any time by emailing info@propgap.ai.
Stripe retains payment records per their own retention policy and applicable financial regulations.
8. Data Subject Rights
To the extent that property owners whose data is included in Client submissions have rights under applicable privacy law (access, correction, deletion), the Client is responsible for managing those requests. PropGap will assist the Client in fulfilling such requests by providing data exports or deletions upon written request within 30 days.
9. Breach Notification
In the event of a data breach affecting Client data, PropGap will notify the Client by email within 72 hours of becoming aware of the breach, including: (a) the nature of the breach; (b) categories and approximate volume of records affected; (c) steps taken or proposed to address the breach.
10. Confidentiality
PropGap personnel with access to Client data are bound by confidentiality obligations. PropGap will not disclose Client data to third parties except as required to deliver the Services or as required by applicable law.
11. Term and Termination
This DPA is effective from the date of Client’s first use of PropGap Pro and continues until the subscription is terminated. Upon termination, PropGap will delete Client data within 90 days unless a longer retention period is required by law or the Client requests an export within that window.
12. Governing Law
This DPA is governed by the laws of the State of New Jersey, consistent with the Terms of Service.
13. Contact
For DPA-related inquiries, data deletion requests, or to obtain a signed copy of this DPA for your procurement records, contact: info@propgap.ai
PropGap Pro is operated by COS Claira Operating System LLC. © 2026. Privacy Policy · Terms of Service