Privacy
Privacy Policy
Effective June 26, 2026 (v2.0) · Fairday Technology, LLC
This Privacy Policy describes how Fairday Technology, LLC (“Fairday”, “we”, “us”) collects, uses, shares, and protects information when you use Chalais (the “Service”). This Policy applies to information collected through the Service and our related websites and emails, but not to third-party services that link to or from the Service. Capitalized terms not defined here have the meanings given in our Terms of Service.
Notice at collection (California residents)
At or before the point we collect your personal information, this notice tells you, briefly:
- What we collect: account identifiers (email, name, OAuth profile), property content (photos, addresses, listing URLs, notes), payment information (handled by Stripe), and product-usage data (IP, device, events, error reports). See Section 1 for the full breakdown by CCPA category.
- Why: to provide the Service, run AI inference, bill you, prevent abuse, improve the product, train our AI models (with de-identification where appropriate), and market the Service. See Sections 2 and 3.
- How long: for the periods described in Section 5.
- We do not “sell” personal information for monetary consideration. See Section 8 for the broader “sharing” framework under the CPRA.
- Your rights: know, delete, correct, port, opt out of sharing, limit use of sensitive personal information. See Section 8.
1. Information we collect
1.1 Information you provide directly
- Account information. When you sign in by email, we collect your email address. When you sign in with Google, we receive your name, email, and profile image from Google. You may add an optional handle, brand name, brand logo, or brand color in account settings.
- Property content. Photos you upload, addresses you enter, listing URLs you paste, audit notes, and the visibility settings you choose for each project.
- Render feedback. Any feedback or refinement instructions you submit when iterating on a Render.
- Payment information. If you start a Subscription, our payment processor (Stripe) collects and processes your payment method. We never see or store full card numbers; we receive a tokenized customer reference, billing email, postal code, and the amount and status of each charge.
- Communications. Emails you send us and feedback you submit through the product.
1.2 Information we collect automatically
- Device and usage data. IP address, approximate location derived from IP, browser type, operating system, referring URL, pages viewed, and timestamps.
- Identifiers. A pseudonymous
remagine_sessionidentifier stored in your browser's local storage so we can associate anonymous activity with your Account when you sign in. Authentication cookies set by our auth library to keep you signed in. - Product analytics.Events emitted as you use the product (e.g., “audit started,” “render completed”) captured by PostHog. These help us understand product usage; we do not use them for cross-context behavioral advertising.
- Error and performance data. Stack traces, request paths, and metadata captured by Sentry when something fails.
1.3 Information from third parties
When you sign in with Google, we receive the basic profile fields above from Google. When you paste a real-estate listing URL, the page may return public metadata about a property; we treat that metadata as Account-scoped content, not as data “collected from a third party” about you.
1.4 Sensitive personal information
Under the California Privacy Rights Act, certain categories are classified as “sensitive personal information”: government identifiers (SSN, driver's license, passport), financial-account credentials, precise geolocation, racial or ethnic origin, religious beliefs, union membership, the contents of email or text messages not addressed to us, genetic data, biometric data for unique identification, health information, and data concerning sex life or sexual orientation.
We do not knowingly collect any of these sensitive categories through the Service. Your billing information is collected directly by Stripe; we receive only a tokenized reference. The location data we derive from IP is approximate (city- or region-level), not precise. If you upload a photo that incidentally contains a sensitive item (for example, a face captured in a property photo), we treat that content under the same protections as your other photos and do not use it to derive sensitive attributes.
2. How we use information
- To provide, secure, and operate the Service.
- To run AI inference (Audits and Renders) by sending the necessary inputs to our model providers (Section 4).
- To bill you, process refunds, and detect billing fraud (via Stripe).
- To send transactional email — sign-in links, audit completion, render ready, share invitations, billing receipts. These emails are required to operate the Service and you cannot opt out of them while you have an active account.
- To send marketing and lifecycle email — for example, reactivation messages after a free audit (typically Day 1, Day 3, and Day 7 following completion), notifications when your daily free render unlocks, win-back messages after extended inactivity, and occasional product news. Every marketing email includes a one-click “Unsubscribe” link in the footer. You can also opt out at any time by emailing support@chalais.app or by visiting /account/settings. Opting out applies to marketing email only; transactional notifications continue.
- To detect, investigate, and prevent abuse, fraud, and security incidents — including detecting trial-card abuse patterns, rate-limiting at the IP level, and refusing sign-up from disposable email providers.
- To debug failures, improve performance, and develop new features. We analyze aggregate usage; we do not profile individual users for advertising.
- To comply with legal obligations and respond to lawful requests from public authorities.
3. AI training and product improvement
We use Your Content (uploaded photos, addresses, audit text, and feedback) and the Output we generate for you (Audits and Renders) to operate, improve, and train Fairday's own AI models, features, and methodology, and to create derived and aggregated works. Where appropriate, and consistent with the technique, we de-identify or aggregate this data before using it for model training and analytics — for example, by removing direct identifiers and exact street addresses. This use is also described in our Terms of Service (Sections 5.2 and 6).
Your choices. Deleting a project stops us from using that content for new training or marketing going forward, though it does not require us to retrain a model or unwind work already performed (see Section 5). You can also ask us to stop featuring your Renders in marketing at any time, and to exclude your content from model training going forward, by emailing privacy@fairday.app; we will honor reasonable requests for future use.
Subprocessors. To generate Output we send the necessary inputs to the AI subprocessors listed in Section 4 (including OpenAI, Google (Gemini), Fal.ai, and Anthropic). Those providers process the inputs under their own terms; we do not control how they use API traffic and make no representation here on their behalf. We may use anonymized, aggregated data derived from product usage (e.g., latency distributions, feature adoption rates) for our own analytics.
4. Subprocessors and recipients
We share information only with vendors and service providers who help us operate the Service, and only the data each one needs. Our material subprocessors as of the effective date above:
- Google Cloud Platform — application hosting, object storage (your uploaded photos and Renders), Cloud Tasks queue. Region: United States.
- OpenAI — receives audit prompts including the property description and may receive a URL or thumbnail of the uploaded photo for vision-enabled steps. OpenAI processes API inputs under its API terms.
- Google (Gemini API via Vertex / AI Studio) — receives the source photo and prompt to generate Renders. Google processes API inputs under its applicable API terms.
- Fal.ai — image-edit pipeline; receives the source photo and prompt.
- Anthropic — receives prompt fragments for refinement and feedback cleanup steps.
- Stripe, Inc. — processes payments and stores payment methods.
- Resend — delivers transactional email (sign-in links, share notifications).
- PostHog — product analytics. Receives pseudonymous event data.
- Sentry — error and performance monitoring. Receives stack traces and request metadata; we make best efforts to scrub high-sensitivity content from error reports.
We may also disclose information when required by law, to enforce our terms, to protect the safety of users or the public, or in connection with a corporate transaction (merger, acquisition, financing, sale of assets). In a corporate transaction we will require the recipient to honor this Policy or notify you of any material change.
5. How long we keep information
- Account information — until you delete your Account or request deletion.
- Property content (photos, audits, renders) — until you delete the project, then up to 30 days in soft-archive before permanent removal. Backups may persist up to 90 days for disaster recovery.
- Server logs and analytics events — typically 90 days, then aggregated or deleted.
- Payment and tax records — up to 7 years where required by law.
- Public Renders — remain visible on the Discover feed and on your public profile until you switch the project back to private/link visibility or delete it.
6. Security and breach notification
We use TLS for data in transit, Google Cloud-managed encryption for data at rest, signed URLs and a proxied media route for served images, and standard industry practices for credential storage. We restrict production data access to personnel who need it. No system is perfectly secure; we cannot guarantee that an unauthorized party will never access your data.
If we determine that a security incident has compromised the confidentiality, integrity, or availability of your personal information, we will notify affected users without unreasonable delay and consistent with applicable law, including California Civil Code §1798.82. Report security issues to security@fairday.app.
7. Children
The Service is not directed to children under 18. We do not knowingly collect personal information from children under 18. If you believe we have collected such information, contact privacy@fairday.app and we will delete it.
8. California privacy rights (CCPA / CPRA)
If you are a California resident, the California Consumer Privacy Act as amended by the California Privacy Rights Act (collectively, “CCPA”) gives you specific rights regarding your personal information.
8.1 Categories collected, sold, or shared in the past 12 months
In the past 12 months we have collected the following CCPA categories:
- Identifiers — email, name, IP address, account ID, session identifier.
- Customer records — billing email, postal code (via Stripe).
- Internet or other electronic activity — pages viewed, events emitted, referring URLs, error reports.
- Geolocation (approximate) — derived from IP. We do not collect precise device GPS.
- Visual information — photos you upload of properties.
- Inferences — limited; we do not build advertising profiles or use personal information to predict consumer characteristics.
We have not sold personal information for monetary consideration in the past 12 months.We have not knowingly engaged in “sharing” for cross-context behavioral advertising. We have disclosed personal information for the operational purposes described in Section 2 to the service providers listed in Section 4. We do not collect or use sensitive personal information beyond what is required to provide the Service.
8.2 Your rights
- Right to know what personal information we have about you, the categories of sources, the purposes of collection, and the categories of third parties with whom we share it.
- Right to delete your personal information, subject to legal exceptions (e.g., we may retain transaction records as required by tax law).
- Right to correct inaccurate personal information.
- Right to portability — receive a copy of your information in a portable, readily-usable format.
- Right to opt out of sale or sharing for cross-context behavioral advertising. We honor the Global Privacy Control (GPC) header automatically.
- Right to limit use of sensitive personal information. Because we do not use sensitive personal information for purposes beyond providing the Service, this right is already satisfied by default; if our practices change, we will provide a clear opt-out.
- Right to non-discrimination for exercising your rights.
8.3 How to exercise your rights
Email privacy@fairday.app or write to the address in Section 12. We will verify your request by confirming control of the email address on your Account; for higher-risk requests we may ask for additional information matched against our records.
We aim to respond to verifiable consumer requests within 45 days; we may extend by an additional 45 days for complex requests, with notice. We do not charge a fee unless your request is manifestly unfounded or excessive, in which case we may charge a reasonable fee or decline to act, with notice.
8.4 Authorized agents
You may designate an authorized agent to make a request on your behalf. The agent must provide signed permission from you, and we may verify the request directly with you. For deletion or correction requests by an agent, you must also confirm your identity directly with us.
8.5 “Do Not Sell or Share My Personal Information”
To opt out of any “sharing” for cross-context behavioral advertising purposes, email privacy@fairday.appwith the subject “Do Not Sell or Share,” or send a Global Privacy Control signal from your browser — we detect and honor it for the device on which the signal is sent.
8.6 Shine the Light
California residents may request information about disclosures of personal information for direct-marketing purposes. We do not disclose personal information to third parties for their direct-marketing purposes.
9. Cookies and similar technologies
We use a small number of cookies and similar storage:
- Strictly necessary — auth-session cookies that keep you signed in; CSRF tokens.
- Functional — the
remagine_sessionidentifier in browser local storage so anonymous work can be claimed when you sign in. - Analytics — PostHog cookies for product analytics. These are not used for advertising.
You can disable analytics cookies through your browser settings or by sending the GPC header. Disabling strictly-necessary cookies will break sign-in and core features.
10. International users
The Service is operated from the United States. If you access the Service from outside the United States, your information will be transferred to and processed in the United States, where data protection laws may differ from those of your jurisdiction. We do not currently offer the Service in the European Economic Area or the United Kingdom; if you are located there, please do not use the Service.
11. Changes to this Policy
We may update this Policy from time to time. The “Effective” date at the top reflects the most recent change. Material changes will be communicated by email or in-product banner before they take effect, and your continued use of the Service on or after the effective date of a change constitutes acceptance of the updated Policy.
This version (v2.0, effective June 26, 2026) reflects a material change: Fairday now uses Your Content and Output to improve and train its own AI models (with de-identification where appropriate) and to market the Service, as described in Section 3. Existing users are being notified of this change and may exercise the choices described in Section 3 and their CCPA rights in Section 8.
12. Contact
Privacy questions and CCPA requests: privacy@fairday.app
Fairday Technology, LLC
Attn: Privacy
1968 S. Coast Hwy #1322
Laguna Beach, CA 92651