Privacy Policy

Minervian AI Inc. (“Minervian AI,” “we,” “us,” or “our”) provides a commercial real estate deal analysis platform. This Privacy Policy explains how we collect, use, store, share, and protect information when you use our Service.

By using the Service, you agree to the practices described in this Policy. If you do not agree, please do not use the Service.

We collect only the information necessary to provide the Service.

2.1 Account Information

When you register, we collect your email address and a hashed version of your password (or a federated identity token if you sign in via a third-party provider). We also collect your name and organization details if you provide them.

2.2 Deal and Financial Data

The core purpose of the Service is to analyze commercial real estate deals. To do so, we collect:

• Property information you enter via the chat interface (ChatPane), the structured input form (InputPane), or file uploads (e.g., rent rolls, PDFs, screenshots);
• Financial assumptions and deal parameters;
• Analysis outputs generated by the Platform (which remain your property per our Terms of Service).

This data is stored in your account and accessible only to authorized members of your organization (as defined in our Terms of Service).

2.3 Usage Data

We automatically collect certain technical information when you use the Service, including your IP address, browser type, operating system, pages visited, and timestamps of actions. This data is used to operate, secure, and improve the Platform.

2.4 Payment Information

We do not collect or store payment card numbers. Payment is processed by Stripe. We receive only non-sensitive billing identifiers from Stripe (e.g., subscription status, subscription ID, and renewal date). Card details, including card numbers, are never transmitted to or stored by our servers - they are collected and retained exclusively by Stripe.

2.5 Communications

If you contact us by email or through the Platform, we retain your messages to respond to your inquiry and to improve our Service.

We use the information we collect to:

• Provide, operate, and maintain the Service;
• Process and display deal analysis outputs;
• Authenticate your identity and manage your account;
• Process payments and manage your subscription;
• Send transactional emails (e.g., account verification, password reset, billing receipts);
• Detect and prevent fraud, abuse, and security incidents;
• Comply with applicable legal obligations.

We do not sell or share personal information as defined under applicable privacy laws. We do not use your data for advertising.

The Service does not make automated decisions that produce legal or similarly significant effects on you. All financial outputs are analytical tools for your review and decision-making.

Some features of the Platform use AI models to extract and interpret deal data from unstructured inputs (e.g., chat messages, uploaded documents). We primarily use Anthropic’s Claude models for this purpose. Anthropic processes these inputs directly via its API; no separate OCR provider is used. If we add additional AI sub-processors in the future, we will update Section 5.1 and notify you.

Your deal data submitted to AI features is processed by Anthropic under a data processing agreement that:

• Prohibits Anthropic from training its models on your data;
• Restricts use of your data solely to fulfilling your request;
• Requires Anthropic to maintain appropriate security safeguards.

AI extraction may produce errors or omissions. You are responsible for reviewing and verifying all extracted data before relying on any output. See our Terms of Service for the full Data Extraction Disclaimer.

Once AI extraction is complete, all financial calculations are performed by our proprietary deterministic engine — no AI model is involved in the calculation or output steps.

We do not sell or share your personal information. We share your information only in the following circumstances:

5.1 Sub-processors

We share information with the following third-party service providers (“sub-processors”) to operate the Service. We maintain data processing agreements with each sub-processor restricting use of your data to service delivery purposes. We may update this list from time to time; material changes will be communicated to you in advance.

5.2 Legal Requirements

We may disclose your information if required to do so by law or in response to a valid legal process (e.g., a court order or government request), or to protect the rights, property, or safety of Minervian AI, our users, or the public.

5.3 Business Transfers

If Minervian AI is involved in a merger, acquisition, or sale of all or substantially all of its assets, your information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have.

We implement technical and organizational measures designed to protect your information against unauthorized access, loss, or misuse. We follow the principle of least privilege: access to your data is limited to those who need it to perform their job functions, and access is regularly reviewed. Key measures include:

• Encryption in transit: All data exchanged between your browser and our servers is encrypted using TLS 1.2 or higher. HTTPS is enforced across all endpoints.
• Encryption at rest: Structured data is stored in Google Cloud Firestore with GCP-managed encryption. Uploaded documents are stored in Google Cloud Storage with encryption at rest; buckets containing sensitive deal documents are protected by HSM-backed customer-managed keys.
• Access controls: Access to your data is restricted to authorized members of your organization. Our engineers do not have standing access to customer data; any support access is explicitly authorized and logged.
• Authentication: We use Google Cloud Identity Platform, which supports multi-factor authentication (MFA) and automatic lockout on repeated failed login attempts.
• Secrets management: Application credentials and API keys are stored in GCP Secret Manager and never hardcoded.
• Audit logs: Authentication events and administrative actions are logged. GCP Cloud Audit Logs are exported to a dedicated retention bucket with a 7-year retention policy, public access prevention, and uniform bucket-level access.

No method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security, but we continuously work to protect your data.

We retain different categories of data for the following periods:

• Account data (email, name, organization details): retained for as long as your account is active, and deleted or anonymized within 90 days after account deletion.
• Deal and financial data: retained for as long as your account is active, and deleted or anonymized within 90 days after account deletion.
• Authentication and audit logs: retained for security and compliance purposes for the period required by applicable law (currently 7 years for GCP Cloud Audit Logs).
• Billing records: retained for the period required by applicable tax and accounting regulations (typically 7 years).

You may request deletion of specific deal data at any time while your account is active by contacting us at privacy@minervianai.com. Upon request, you may also export your deal data in a standard machine-readable format (e.g., CSV or JSON).

Deletion requests for the entire account can be initiated from your account settings or by contacting us at privacy@minervianai.com. We will complete deletion or anonymization within 90 days, except where retention is required by applicable law.

The Service is currently available only to users located in the United States. We do not offer the Service outside the United States, and we do not knowingly collect personal information from individuals located outside the United States.

US-based users may have the following rights depending on applicable state law:

• Access: Request a copy of the personal information we hold about you.
• Correction: Request correction of inaccurate or incomplete information.
• Deletion: Request deletion of your personal information, subject to legal retention obligations.
• Portability: Request a machine-readable copy of your personal information.
• Withdraw Consent: Where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, contact us at privacy@minervianai.com. We will respond within 30 days. We may need to verify your identity before fulfilling a request.

8.1 California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

• Right to Know: Request a list of the categories of personal information we have collected about you and the purposes for which it is used.
• Right to Delete: Request deletion of your personal information, subject to certain exceptions.
• Right to Correct: Request correction of inaccurate personal information we hold about you.
• Right to Opt-Out of Sale or Sharing: We do not sell or share personal information as defined under the CCPA/CPRA. No opt-out is required, but you may contact us to confirm.
• Non-Discrimination: We will not discriminate against you for exercising your California privacy rights.

To exercise your California rights, contact us at privacy@minervianai.com. We will respond within 45 days, with a possible 45-day extension where reasonably necessary.

The Service uses essential session cookies, authentication tokens, and local storage to maintain your login state, session security, and application preferences. These are necessary for the Service to function and cannot be disabled without affecting core functionality.

We currently do not use third-party advertising cookies or tracking pixels. If we introduce analytics or marketing cookies in the future, we will update this Policy and provide you with a mechanism to manage your cookie preferences before any such cookies are deployed.

You may disable cookies in your browser settings, but certain features of the Service may not function correctly without them.

We may de-identify and aggregate data collected through the Service to generate market insights — for example, average cap rates or rent levels across property types or submarkets. Aggregated, de-identified data cannot be used to identify you or your specific deals.

We may use such aggregated analytics to:

• Improve the Service and develop new features;
• Generate anonymized market benchmarks and industry research;
• Understand usage patterns and optimize platform performance.

We will not re-identify or attempt to re-identify de-identified data.

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from minors. If we become aware that we have collected information from a minor, we will delete it promptly.

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the Platform at least 14 days before the change takes effect. Your continued use of the Service after the effective date constitutes acceptance of the updated Policy.

In the event of a security incident involving your personal data, we will notify affected users and, where required, relevant authorities, without undue delay and within the timeframes required by applicable law.

For privacy-related questions or to exercise your rights, contact:

If you discover a security vulnerability in our platform, please report it to security@minervianai.com. We will acknowledge your report within 48 hours and work with you to resolve the issue responsibly.