Version 0.1 (draft) · Last updated 2026-06-25 · Not yet in effect
⚠ DRAFT — for review only. This document is a working draft provided for completeness while the
Service is in pre-release/beta. It has not been reviewed or approved by legal counsel, is not
legal advice, and is not currently in effect. Final terms will be published after review by a
qualified attorney. Bracketed items (e.g. [Operator]) are placeholders to be finalized.
This Privacy Policy describes how OWTS Designer (the “Service”), operated by [Operator —
legal entity, address] (“we”, “us”), collects, uses, and shares information when you use the Service,
including the public “Request a Proposal” pages, the design workspace, and the in-app assistant
(“Septic Sam”).
1. Information we collect
Information you provide
Property & project details — the address you enter, the resolved tax parcel / SBL, and
design inputs (e.g. number of bedrooms, water supply, existing-system details, site notes).
Contact details — your name, email, and phone number when you submit a proposal request or
feedback, used to follow up with you.
Feedback & assistant messages — bug reports, feature requests, and the questions you ask
Septic Sam, which we log to operate and improve the Service.
Uploaded files — any site photos or documents you choose to upload.
Information collected automatically
Usage & device data — pages visited, and (when you file a bug) your browser type and
viewport size, to help us reproduce issues.
Cookies — a single first-party session cookie is used only to keep an authenticated
administrator signed in. We do not use third-party advertising or tracking cookies.
Approximate location — derived from the property address you enter; the Service does not
collect precise device GPS unless you use an explicit field-capture feature and grant permission.
2. How we use information
To provide the Service — resolve your parcel, generate a preliminary assessment, prepare proposals,
and support the design workflow.
To respond to your proposal requests, feedback, and assistant questions.
To operate, secure, debug, and improve the Service.
To comply with legal obligations.
We do not sell your personal information. We do not use your information for third-party
advertising.
3. AI processing (Septic Sam & site assessment)
Some features send information to Anthropic, PBC (the Claude AI provider) for processing — for
example, your assistant questions, a property address for cleanup, or a publicly available aerial image of a
parcel for a preliminary read. These are processed to return a result to you and may be logged by us to
operate the Service. Do not submit sensitive personal information in assistant messages. AI output may be
inaccurate and is not professional advice — see the Terms of Service.
4. Third-party services & data sources
The Service relies on third-party providers and public data sources, including: Anthropic (AI),
Fly.io (hosting), and public mapping/geospatial services such as Esri imagery, USGS
(3DEP/NHD), FEMA (flood), NRCS (soils), and New York State GIS / tax-parcel services.
Address and parcel queries necessary to provide the Service are sent to these services. Each provider
operates under its own privacy terms.
5. How we share information
We share information only: (a) with the service providers above, to operate the Service; (b) with the
licensed design professional handling your request, so they can prepare your proposal/design; (c) if
required by law or to protect rights and safety; or (d) in connection with a business transfer. We do not
sell personal information.
6. Data retention
We retain information for as long as needed to provide the Service and for legitimate business or legal
purposes (for example, project records that a design professional must keep). You may request deletion of
personal information that we are not required to retain.
7. Your choices & rights
Access / correction / deletion — you may request a copy, correction, or deletion of your
personal information, subject to legal and professional record-keeping obligations.
Communications — transactional messages (e.g. outcomes on your own submission, account/security
notices) are part of the Service. Marketing communications, where offered, are opt-in. Email sending is
not yet live; preferences will be honored when it is.
Depending on your location, you may have rights under the GDPR, CCPA/CPRA, or similar
laws. To exercise any right, contact us below.
8. Security
We use reasonable technical safeguards. Administrator credentials are salted and hashed, and secrets
(such as API keys) are encrypted at rest. No method of transmission or storage is 100% secure.
9. Children
The Service is intended for adults and is not directed to children. We do not knowingly collect personal
information from children under 13 (or the applicable age in your jurisdiction).
10. Changes
We may update this Policy. Material changes will be reflected by a new version number and “last updated”
date on this page.
11. Contact
Questions or requests: [privacy contact email], [Operator mailing address].