PrivacyPolicy.

Final Walk-Through is a property inspection tool for realtors and property managers. References to "we", "us", or "our" mean Final Walk-Through.

Questions about this policy can be sent to hello@finalwalkthrough.com.

We collect only what is necessary to provide the service:

• Account data — email address used to sign in via Google OAuth or magic link.
• Inspection data — property addresses, inspection dates, room names, condition notes, and inspection items you enter.
• Photos and videos — media you upload during a walkthrough, stored in cloud storage.
• Signature data — the names and drawn signatures of parties who sign an inspection report.
• Usage data — anonymous event data (e.g. "report viewed") to understand how the product is used. No personally identifiable information is included.

Your data is used to:

• Generate and deliver signed PDF inspection reports.
• Send signature request emails to landlords and tenants.
• Analyse uploaded photos using AI to suggest room assignments and note damage (processed by Anthropic; no images are retained by Anthropic after processing).
• Improve the product through aggregate, anonymous usage analytics.

We do not sell, rent, or share your personal data with third parties for marketing.

We use the following sub-processors:

• Supabase — database and file storage (EU/US regions).
• Google — OAuth sign-in and address autocomplete.
• Anthropic — AI photo analysis (zero data retention policy).
• Vercel — application hosting and edge delivery.
• Resend — transactional email delivery.

Your inspection data is retained as long as your account is active. You may request deletion of your account and all associated data at any time by emailing hello@finalwalkthrough.com. We will process deletion requests within 30 days.

Signed inspection reports that have been shared with tenants or landlords may be retained for the duration required by applicable property law in your jurisdiction.

All data is transmitted over HTTPS. Database access requires authentication. File storage uses signed URLs with expiry. Signing tokens expire after 30 days.

No security measure is perfect. If you discover a vulnerability, please disclose it responsibly by emailing us before public disclosure.

You have the right to access, correct, export, or delete your personal data. Contact us by email and we will respond within 30 days. If you are in the EEA or UK, you also have the right to lodge a complaint with your local supervisory authority.

We may update this policy. Material changes will be communicated by email or by a notice on the application. Continued use after the effective date constitutes acceptance.