Privacy Policy

1. Scope

This Privacy Policy describes how Woosung Investments LLC (“Command Center,” “we”) collects, uses, and shares information when you use Command Center (the “Service”) or visit our marketing pages.

If you are a property manager or landlord using Command Center to manage tenant or vendor data, you are the controller of that data and we are a processor acting on your behalf. Our processing of tenant and vendor data is governed by our Data Processing Agreement.

2. Information we collect

Account information

• Name, email address, password (hashed), company name
• Billing details (handled by Stripe - we receive only the last 4 digits and card brand)
• Phone number, mailing address (optional)

Customer Data you upload

• Property records, leases, work orders, accounting entries
• Tenant contact information, payment history, communications log
• Vendor records, documents, photos
• Integration data synced from Buildium, OpenPhone, and similar services

Usage information

• Pages visited, features used, click events
• Device, browser, operating system, IP address
• Error reports collected by Sentry

3. How we use information

• Provide, maintain, and improve the Service
• Process payments and send billing notices
• Authenticate users and prevent abuse
• Send transactional email (verification, password reset, receipts, product updates relevant to your account)
• Respond to support requests
• Monitor performance, debug issues, and improve product quality
• Comply with legal obligations

We do not sell your personal information, and we do not use Customer Data to train AI models.

4. Sub-processors

We use the following sub-processors to operate the Service:

• Stripe, Inc. - payment processing and billing
• Resend - transactional email delivery
• Anthropic, PBC - AI features (Claude)
• OpenAI, L.L.C. - AI features (GPT)
• DigitalOcean, LLC - application hosting and storage
• Sentry (Functional Software, Inc.) - application error monitoring
• Buildium (RealPage, Inc.) - optional property data sync
• OpenPhone Technologies, Inc. - optional telephony integration
• Cloudflare, Inc. - DNS, CDN, and DDoS protection

We will give customers at least 30 days’ advance notice of new sub-processors that handle personal data.

5. Cookies and similar technologies

We use a small number of strictly necessary cookies (session, CSRF, theme preference). We do not use third-party advertising or tracking cookies. We do not currently use Google Analytics or similar broad-spectrum analytics.

6. Data retention

• Active accounts. We retain Customer Data for the duration of your subscription.
• Cancelled accounts. Customer Data is available for export for 30 days after cancellation; after that we may permanently delete it.
• Backups. Encrypted backups are retained for up to 90 days for disaster recovery.
• Legal hold. We may retain data longer where required by law (for example, financial records).

7. Your rights

You have the right to:

• Access the information we hold about you
• Correct inaccurate information
• Delete your information (subject to legal retention requirements)
• Export your data in a portable format (JSON / CSV bundle)
• Withdraw consent where processing is based on consent
• Object to certain processing

To exercise these rights, email chris@woosunginvestments.com. We will respond within 30 days.

8. California (CCPA/CPRA) notice

If you are a California resident, you have additional rights under the California Consumer Privacy Act, including the right to know what personal information we have collected, the right to delete it, and the right not to be discriminated against for exercising these rights. We do not sell or share personal information for cross-context behavioral advertising.

9. European Economic Area (GDPR) notice

If you are in the EEA, UK, or Switzerland, our legal bases for processing are (a) performance of a contract with you, (b) compliance with legal obligations, and (c) our legitimate interests in operating and securing the Service. You have the right to lodge a complaint with your local supervisory authority.

10. Security

• All traffic encrypted in transit via TLS 1.2+
• Passwords stored using industry-standard hashing (bcrypt-class)
• Database encrypted at rest by our hosting provider
• Daily encrypted backups
• Application-level audit logs for sensitive actions
• Principle of least privilege for internal access

No system is perfectly secure. If you believe your account has been compromised, contact us immediately.

11. Children

The Service is not directed to children under 16, and we do not knowingly collect personal information from them. If you believe a child has provided us information, contact us and we will delete it.

12. Changes to this Policy

We may update this Privacy Policy from time to time. We will post the updated version at this URL and notify customers by email at least 14 days before material changes take effect.

13. Contact

Privacy questions or requests? Email chris@woosunginvestments.com or write to Woosung Investments LLC, Chicago, Illinois, USA.