TaxFight Privacy Policy — v1 (DRAFT)
STATUS: DRAFT v1 — counsel review required before launch. Author: pink-bot (compliance research lane) Effective date: 2026-06-15 Last updated: 2026-06-15
NOT LEGAL ADVICE
This document is a working draft prepared by the TaxFight compliance research lane. It is not legal advice and has not been reviewed or approved by a licensed Texas attorney. It is published here as the first-version privacy notice required by the Texas Data Privacy and Security Act (Tex. Bus. & Com. Code Ch. 541, eff. July 1, 2024) for the live /api/waitlist endpoint at windmayor.com. Counsel review is required before commercial launch (target: pre-March 2027 protest season). No statement in this document creates an attorney-client relationship.
1. Who we are
"TaxFight" (also referred to as "we," "us," "our") is a Texas-only property-tax protest service operated under the WindMayor umbrella at windmayor.com and windmayor.com/taxfight/. Our service is a Registered Property Tax Consultancy under Tex. Occ. Code Ch. 1152 (when registration completes — see tdlr-property-tax-consultant.md). Our work is limited to administrative protests before County Appraisal Review Boards (ARBs) under Tex. Tax Code Ch. 41.
Contact for privacy matters: privacy@windmayor.com (alias to be provisioned before public launch — see pink-30 follow-up ticket).
Mailing address: TBD (founder to provide before public launch).
Data controller (TDPSA terminology): TaxFight / WindMayor. Data processors we use: see Section 5.
2. Scope of this policy
This policy applies to:
- The marketing site at
windmayor.com/taxfight/ - The interactive coverage map at
windmayor.com/taxfight/map/ - The savings estimator at
windmayor.com/taxfight/estimate/ - The waitlist API endpoint at
windmayor.com/api/waitlist - Any future intake, payment, or document-signing surfaces operated by TaxFight
- All server-side data we collect, store, or process about visitors and customers
This policy does not apply to:
- The broader
windmayor.compublic-records or methodology pages (separate policy) - Third-party sites we link to (CAD portals, the Texas Comptroller, OpenStreetMap, etc.)
- Communications you choose to send us through channels we don't operate (e.g., personal email to the founder)
3. What we collect
We collect only what we need to operate the service. The following table is the complete inventory as of the effective date. Any new collection will be added here and disclosed via the change-notification process in Section 13.
3.1 Waitlist data (live as of commit 715ba4b, 2026-06-13)
When you submit the waitlist form on windmayor.com/taxfight/, we collect and store:
| Field | Source | Purpose |
|---|---|---|
| Email address | You type it | Notify you when 2027 intake opens; service updates |
| County | You type it | Match you to coverage rollout; capacity planning |
| IP address | HTTP request header | Abuse prevention, audit trail, geographic sanity check |
| User-Agent string | HTTP request header | Bot detection, browser-compat troubleshooting |
| Submission timestamp | Server clock at receipt | Chronological audit trail, dedupe |
3.2 Savings-estimator queries (live on /taxfight/estimate/)
When you use the address-to-savings estimator we collect:
| Field | Source | Purpose |
|---|---|---|
| Address autocomplete query | You type it | Lookup against Texas-bounded OpenStreetMap Nominatim |
| Selected address / parcel | You select it | Match against our indexed CAD parcel data |
| IP address | HTTP request header | Rate-limiting, abuse prevention |
| Timestamp | Server clock | Audit trail |
We do not persist address queries beyond ephemeral request logs unless you also submit the waitlist form. Estimator queries are not associated with an identified user.
3.3 Future intake-form data (NOT YET LIVE — disclosed for transparency)
When intake opens (target: March 2027), we will additionally collect for engaged customers only:
| Field | Source | Purpose | Legal basis (TX or federal) |
|---|---|---|---|
| Legal name | You provide it | Form 50-162 agent designation (Tex. Tax Code § 1.111); identity verification | Tex. Tax Code § 1.111 |
| Mailing address | You provide it | CAD service of process; correspondence | Tex. Tax Code Ch. 41 service requirements |
| Phone number | You provide it | Hearing notifications, urgent updates | Operational |
| TX driver's license number OR last 4 digits of SSN | You provide it | Identity verification per Tex. Tax Code § 1.111(c) requirements for owner authentication on agent-of-record filings | Tex. Tax Code § 1.111(c); IRS 1099-NEC TIN match (Tax Code 26 U.S.C. § 6109) |
| Date of birth | You provide it | Disambiguate identical-named owners; age verification (18+ only) | Operational; child-data avoidance |
| Property parcel ID | You select from our index | Identify the property under protest | Tex. Tax Code § 41.44 |
| Property address | You select / we look up | Service of CAD notices | Tex. Tax Code Ch. 41 |
| Owner-occupant status | You provide it | Homestead-exemption interaction with protest | Tex. Tax Code § 11.13 |
| Property-condition notes + photos | You provide it | Evidence for hearing — condition adjustments | Tex. Tax Code Ch. 41 evidence rules |
| Signed engagement agreement | You e-sign it | Contract formation; agent designation | Tex. Bus. & Com. Code Ch. 322 (TUETA) |
| Signed Form 50-162 (Appointment of Agent) | You e-sign it | Statutory agent designation | Tex. Tax Code § 1.111; Comptroller Rule 9.3044 |
| Bank account / ACH credentials (via processor) | You provide it to our processor | Refund disbursement; contingency-fee draw | UCC Art. 4A; NACHA Operating Rules |
| 1099-NEC payee data (after refund) | Derived from above | IRS 1099-NEC reporting (26 U.S.C. § 6041A) | IRC § 6041A; 4-year retention |
We will publish a v2 of this policy with any material change to Section 3.3 before intake actually opens.
3.4 Web-server logs (all surfaces)
We retain standard web-server access logs containing IP address, User-Agent, request path, response code, and timestamp for 90 days for security, abuse-prevention, and operational debugging. These logs are not used for marketing or sold.
3.5 What we do NOT collect
- No third-party fingerprinting analytics. We do not embed Google Analytics, Facebook Pixel, Segment, Mixpanel, Hotjar, Fullstory, or any cross-site tracker on our taxfight surfaces as of the effective date.
- No social-graph data. We do not import contacts from any address book or social network.
- No biometric data. We do not collect fingerprints, facial scans, voice prints, or other biometric identifiers covered by Tex. Bus. & Com. Code § 503.001 (Texas Capture or Use of Biometric Identifier Act, "CUBI").
- No sensitive health, religious, sexual-orientation, or immigration-status data. None of these is operationally required and we do not solicit them.
- No precise geolocation beyond ZIP-level. We use the IP address only to ensure visitors are in the United States and (loosely) Texas; we do not derive lat/long beyond what you voluntarily provide as your property address.
4. Why we collect each item
This section maps every field in Section 3 to a specific operational or legal purpose. Under TDPSA § 541.102, we must specify "the express purposes for which personal data are processed."
4.1 Operational purposes
- Service delivery. Email and county let us tell you when 2027 intake opens in your county. Without them we cannot perform the service you signed up for.
- Identity verification. Legal name, DOB, driver's license number (or last 4 SSN), and mailing address let us confirm you are the property owner with statutory standing to protest under Tex. Tax Code § 41.413, and let us truthfully execute Form 50-162 under Tex. Tax Code § 1.111. If we file a protest in the name of someone who is not the owner, the CAD will reject it (Tex. Tax Code § 41.44(a-1)) and we will have wasted your protest window.
- Property identification. Parcel ID, property address, and owner-occupant status let us pull the correct CAD record and apply the correct homestead, over-65, disabled, or agricultural-use exemption interactions.
- Hearing preparation. Condition notes and photos are evidence introduced at the informal review and (if needed) the ARB hearing under the Comptroller's ARB hearing-procedure rules.
- Payment. Bank-account / ACH credentials are required to disburse your refund and draw the contingency fee.
- Tax reporting. TIN-equivalent fields support 1099-NEC reporting (required by IRC § 6041A for non-employee compensation of $600+).
- Security. IP and User-Agent strings let us detect credential-stuffing attacks, abuse, and bot signups.
- Audit + compliance. Timestamps and signed-document hashes let us reconstruct what was filed, when, and with what authority — required to defend against complaints to the Texas Department of Licensing and Regulation (TDLR), which regulates property-tax consultants under Tex. Occ. Code Ch. 1152.
4.2 Legal-obligation purposes
The following data we collect because Texas or federal law requires it:
- Tex. Tax Code § 1.111 (Agent Designation). Owner identity and signature are statutorily required on Form 50-162. Without them we cannot lawfully file on your behalf.
- Tex. Tax Code § 41.44 (Notice of Protest). Property identification and owner identity are required on the Notice of Protest.
- Tex. Occ. Code Ch. 1152 (Property Tax Consultants). Audit-trail records — engagement letters, agent designations, communications with CADs — must be retained by registered consultants and producible to TDLR on demand.
- IRC § 6041A and § 6109 (1099-NEC reporting). Payee identification data is required for federal information reporting on payments to non-employees of $600+.
- NACHA Operating Rules. ACH origination requires authorization records sufficient to defend against unauthorized-debit claims.
- Tex. Bus. & Com. Code Ch. 541 (TDPSA). This very privacy notice and the underlying data inventory are themselves regulatory obligations.
5. Who we share data with
Our default posture: we share the minimum necessary data with the minimum number of recipients to deliver the service. We do not sell personal data to anyone for any purpose. We do not share data with marketers or data brokers. We do not allow third parties to use our service to track users across other websites.
5.1 County Appraisal Districts (CADs)
To file your protest under Tex. Tax Code Ch. 41 we transmit to your CAD:
- Your name and mailing address (as owner)
- The parcel ID under protest
- The grounds for protest (over-market-value, equal-and-uniform, or both)
- A copy of the executed Form 50-162 (Appointment of Agent)
- Any evidence packet (comps, photos, condition notes) we elect to submit
This sharing is statutorily required — CADs cannot process a protest without it. Each CAD has its own records-retention policy.
5.2 Payment processor — Stripe (PLANNED)
When billing goes live we will use Stripe for contingency-fee collection and (potentially) refund disbursement. Stripe's privacy practices are documented at stripe.com/privacy. We share with Stripe only what Stripe needs to charge: amount, currency, your name, billing address, and bank account or card token. Stripe is contractually a "processor" under TDPSA and a "service provider" under CCPA — they may not use your data for their own marketing.
5.3 ACH / bank-rail processor (PLANNED)
For ACH-rail refunds and contingency draws we will use a processor (provider TBD — see cyan-14 ticket). Same processor-only posture as Stripe.
5.4 Collections vendor (PLANNED, after non-payment escalation only)
If a customer fails to pay an earned contingency after refund delivery and after our internal collections workflow, we may refer the receivable to a TX-licensed collections agency (Tex. Fin. Code Ch. 392). Only TX-licensed agencies will be used. We will only share the minimum necessary: name, address, amount owed, basis (executed engagement). We will give you written notice before any such referral.
5.5 Independent counsel (referral only)
For matters outside our scope — district-court appeals under Tex. Tax Code § 42, or any matter constituting the practice of law — we may refer you to a licensed Texas attorney. Any such engagement is between you and the attorney directly; we do not share your data with the attorney without your separate consent.
5.6 Government compliance
We may disclose data:
- To the IRS as required for 1099-NEC reporting
- To TDLR in response to a regulatory audit or complaint under Tex. Occ. Code Ch. 1152
- To the Texas Attorney General under TDPSA § 541.155 enforcement
- To any court of competent jurisdiction in response to a valid subpoena, court order, or warrant — we will give you notice of any such request unless legally prohibited
5.7 What we will never do
- We will never sell personal data to data brokers, marketing lists, or for cross-context behavioral advertising. (TDPSA § 541.001(28) "sale" definition; CCPA § 1798.140(ad).)
- We will never share data with third parties for "targeted advertising" as defined in TDPSA § 541.001(33).
- We will never allow our customer data to be used to train external AI models. (Internal training on aggregate, non-identifying signal — e.g., "how often is the over-65 exemption underapplied" — is allowed only after de-identification per Section 11.)
6. How long we keep your data
We retain personal data only as long as needed to deliver the service and to satisfy the longest applicable legal-retention requirement.
| Data class | Retention | Why this period |
|---|---|---|
| Waitlist email + county | Until you opt out, or 7 years from last contact, whichever is sooner | Aligns with general TX statute-of-limitations for written-contract claims (Tex. Civ. Prac. & Rem. Code § 16.004) |
| Web-server logs | 90 days | Operational + abuse-investigation window |
| Estimator queries (un-engaged) | Ephemeral; not persisted beyond access logs (90 days) | No operational need to keep |
| Engaged-customer file (engagement letter, Form 50-162, intake data, evidence packet, filings, hearing outcome) | 7 years from end of engagement | Tex. Occ. Code Ch. 1152 records-retention; IRS general retention; defense window for TDLR complaints |
| Signed engagement + agent designation | 7 years | Same as above |
| Payment authorization (ACH) | 7 years | NACHA dispute window + IRS retention |
| 1099-NEC information returns | 4 years | IRC § 6501(a) general statute on assessments |
| Audit-required fields (timestamped signatures, filing receipts, ARB orders) | 7 years, immutable | Regulatory; cannot be deleted even on user request — see Section 7.2 carveouts |
| Breach-investigation logs | 7 years after breach close | Defense against derivative civil claims |
If any retention period changes, the new period applies prospectively to data not yet at the old end-of-life; data already past its retention deadline is deleted on the existing schedule.
7. Your rights
This section consolidates your rights under the Texas Data Privacy and Security Act (TDPSA, Tex. Bus. & Com. Code Ch. 541) and the California Consumer Privacy Act / California Privacy Rights Act (CCPA/CPRA, Cal. Civ. Code § 1798.100 et seq.). We extend these rights to all U.S. visitors regardless of state of residence — administering different rules per state is operationally unworkable and our customers deserve the strongest baseline.
7.1 Right to access (TDPSA § 541.051(b)(1); CCPA § 1798.110)
You may request a copy of the personal data we hold about you. We will respond within 45 days of receiving a verified request (TDPSA timeline), with one 45-day extension if reasonably necessary and we tell you why. We will provide the data in a portable, machine-readable format (JSON or CSV). The first two requests in any 12-month period are free.
7.2 Right to delete (TDPSA § 541.051(b)(3); CCPA § 1798.105)
You may request deletion of your personal data. We will comply within 45 days, subject to the following carveouts (TDPSA § 541.052 exceptions and CCPA § 1798.105(d)):
- Statutory-retention carveout. Data we are required by law to keep — Tex. Occ. Code Ch. 1152 audit-trail records, IRS 1099-NEC information returns, signed agent designations, executed engagement letters, ACH authorizations — is retained until its statutory retention period expires.
- Pending-matter carveout. If your protest is open (filed but not resolved), we retain the file through resolution + the appeal window.
- Defense carveout. If there is an active TDLR complaint, attorney-general inquiry, civil claim, or government investigation involving your file, we preserve the file under a litigation hold until released.
- Fraud-prevention carveout. IP / User-Agent records associated with documented abuse are retained for 7 years.
We will tell you in writing which fields we deleted, which we retained, and which carveout applies to each retained field.
7.3 Right to correct (TDPSA § 541.051(b)(2); CCPA § 1798.106)
You may request correction of inaccurate personal data. We will correct on receipt of a verified request, within 45 days. Some fields — signed-document content, regulator-submitted filings — cannot be retroactively altered; for those we will append a correction note rather than rewrite history.
7.4 Right to data portability (TDPSA § 541.051(b)(4); CCPA § 1798.130)
The export under Section 7.1 satisfies portability. Format: JSON or CSV; on request we will provide an alternative format reasonably available to us.
7.5 Right to opt out of sale of personal data
Not applicable to us — we do not sell personal data. (TDPSA § 541.051(b)(5)(A); CCPA § 1798.120.)
7.6 Right to opt out of targeted advertising
Not applicable to us — we do not engage in targeted advertising. (TDPSA § 541.051(b)(5)(B).)
7.7 Right to opt out of profiling for legally-significant decisions
Not applicable to us — we do not use automated profiling for decisions with legal or similarly significant effects. Our protest filings are reviewed by a human (the senior consultant) before submission. (TDPSA § 541.051(b)(5)(C).)
7.8 Right to appeal a refused request (TDPSA § 541.053)
If we deny a rights request in whole or in part, you may appeal within 60 days of the denial by emailing privacy@windmayor.com with the subject line "TDPSA appeal." We will respond to the appeal within 60 days, in writing, explaining the action taken or the reasons for no action. If the appeal is denied, we will tell you how to file a complaint with the Texas Attorney General's Consumer Protection Division (which has enforcement authority under TDPSA § 541.155).
7.9 Right to non-discrimination (CCPA § 1798.125)
We will not discriminate against you for exercising any of these rights. We will not charge you more, give you a worse service, deny service, or deny refund money on the basis of your exercising a privacy right.
7.10 How to exercise your rights
Email privacy@windmayor.com (alias being provisioned) with:
- Your name and the email you used to interact with us
- The right you are exercising (access, delete, correct, port, appeal)
- Enough detail for us to find your record (waitlist email, parcel ID, or engagement ID)
We will verify the request by either replying to the email on file or by a signed link, depending on the sensitivity of the request. (We will not require you to create an account just to exercise a privacy right — CCPA § 1798.130(a)(2).)
If you are an authorized agent making a request on behalf of someone else (CCPA-style), include a copy of the written authorization.
8. Cookies and tracking
8.1 What we set
- Session cookie (
taxfight_session, planned, HttpOnly + Secure + SameSite=Lax) — lets us keep you logged in across pages. Expires when your browser closes or at 24 hours, whichever is first. - CSRF token cookie (
taxfight_csrf, planned, SameSite=Strict) — defends form posts against cross-site request forgery. Expires with the session. - Attribution cookie (
taxfight_ref, optional, 30-day expiry) — if you arrived via a referral link we record the referring code so we can credit the referrer perreferral-program-compliance.md. You can refuse this cookie without losing any service functionality.
8.2 What we do NOT set
- No third-party analytics cookies (no
_ga, no_fbp, no_hjSessionUser, etc.) - No advertising cookies (no
IDE,MUID,personalization_id, etc.) - No cross-site fingerprinting beacons
- No "supercookies" via localStorage, IndexedDB, or service workers used for tracking
8.3 "Do Not Track" + Global Privacy Control
We honor the Global Privacy Control (GPC) signal as an opt-out of sale + targeted advertising (CCPA § 999.315(c) regs). Since we do neither, GPC compliance is automatic. We do not currently honor the older DNT header but we behave as if it were always on (no cross-site tracking).
8.4 Third-party services that may set their own cookies
- OpenStreetMap Nominatim (
nominatim.openstreetmap.org) — when you use the address autocomplete on the estimator. Their cookie policy is atosmfoundation.org/wiki/Privacy_Policy. We request only US/Texas-bounded lookups; we do not pass them your identity. - (Future) Stripe — Stripe's checkout will set its own anti-fraud cookies when the billing surface goes live. Documented at
stripe.com/cookies-policy-legal.
9. Children's data
This service is for adults 18 and over only. Texas property ownership and the right to designate an agent under Tex. Tax Code § 1.111 are functionally limited to adults (a minor cannot lawfully convey signing authority). Our waitlist and intake will both include an 18-or-over attestation.
We do not knowingly collect personal data from anyone under 18. If we learn that we have collected data from a child under 13 we will delete it immediately (COPPA, 15 U.S.C. § 6501 et seq.). If we learn we have collected data from a person aged 13–17 we will delete it within 7 days unless their parent or guardian explicitly authorizes continued retention.
If you believe we have collected data from a minor, email privacy@windmayor.com with the subject "Minor data report" and we will act within 24 hours.
10. Data security
We treat your data the way we would want our own data treated.
10.1 What we do today (as of the effective date)
- TLS 1.3 in transit for all browser-server traffic on
windmayor.com. - HSTS enabled (
Strict-Transport-Securitywith one-year max-age) so browsers refuse to fall back to HTTP. - AES-256 at rest on our managed Postgres (the database that holds the waitlist and parcel data).
- SSH-tunneled DB access only. Production database is not exposed to the public internet; access is via 127.0.0.1:5433 over an SSH tunnel from authorized operator workstations.
- Principle-of-least-privilege. Application credentials have only the minimum SQL privileges required (INSERT into
waitlist_signup, SELECT on parcel data). No application credential can drop a table or alter schema. - Audit log on every administrative data access — who logged in, when, and what tables they touched.
- No production data in dev or staging. Lower environments use synthetic or anonymized data only.
- Secrets in a vault, not in source code. The
.env*family is gitignored. - Patched stack. Operating system, language runtime, and dependencies are updated on the standard maintenance cycle.
- Backups are encrypted, retained 30 days, and tested for restorability quarterly.
10.2 What we have NOT done (truth-in-disclosure)
To be clear about what we are not yet — we don't want to overclaim:
- We do not have a SOC 2 Type II audit. We may pursue one before launch; we will update this disclosure honestly.
- We do not have ISO 27001 certification.
- We do not have a third-party penetration test on file as of the effective date. We will commission one before commercial launch (target: Q4 2026).
- We do not operate a 24x7 security operations center. We rely on automated alerting and on-call rotation.
If a competitor or marketing partner makes broader security claims about us, those claims are not ours. Only this section reflects our actual posture.
10.3 Your role
No security program is complete without the user's part. We ask you to:
- Use a strong, unique password for any account you create with us (once accounts go live).
- Enable two-factor authentication on your email account (the email we send password-reset links to).
- Tell us promptly if you suspect your data has been accessed by someone unauthorized.
11. De-identified and aggregate data
We may produce de-identified aggregate statistics — for example, "average informal-review reduction in Travis County, 2027 season." Such aggregates are computed in a way that no individual property or owner can be re-identified from the published number (small-cell suppression at n < 5; no quasi-identifier joins).
De-identified data is not personal data under TDPSA § 541.001(11) and CCPA § 1798.140(m) and is not subject to the rights in Section 7. We commit not to attempt re-identification of de-identified data, and to contractually bind any third party we share it with to the same.
12. Breach notification
12.1 Our internal commitment
If we discover unauthorized access to personal data we will:
- Contain the incident immediately (revoke credentials, isolate affected systems, force re-auth).
- Investigate scope (what data, whose data, how, since when).
- Notify affected users within 30 days of discovery — regardless of breach size and regardless of whether statute would otherwise allow longer.
- Notify the Texas Attorney General as required.
- Provide affected users with credit-monitoring guidance and (where appropriate) one year of complimentary credit monitoring at our expense.
- Publish a post-mortem on
windmayor.comonce it is safe to do so, naming what failed and what we changed.
12.2 Statutory baselines we commit to beat
- TDPSA (Tex. Bus. & Com. Code Ch. 541) — controllers must establish, implement, and maintain reasonable security practices.
- Texas Identity Theft Enforcement and Protection Act (Tex. Bus. & Com. Code Ch. 521). Notification "as quickly as possible" to affected Texas residents; notice to the AG within 30 days if more than 250 Texas residents are affected. Our 30-day commitment applies regardless of count.
- State-of-residence laws. If an affected user lives in a state with shorter notification timelines (e.g., Colorado's 30-day cap, Cal. Civ. Code § 1798.82), the shorter timeline governs.
12.3 How you will hear from us
Direct email to the address on file is our primary channel. We will also post a notice on windmayor.com/taxfight/ and (if material) on the WindMayor home page until the incident is closed.
We will not send breach notices through SMS or push notification unless you have specifically opted in to that channel, because of well-documented phishing risk in those channels during a real breach.
13. Changes to this policy
We will update this policy from time to time as the service evolves, as laws change, and as counsel revisions land. We commit to:
- Email notice to every address on the waitlist and to every engaged customer at least 30 days before any material change takes effect.
- Banner notice on
windmayor.com/taxfight/for at least 30 days after any material change publishes. - Version history. Prior versions of this policy will remain accessible at versioned URLs (
/legal/privacy/v1/,/legal/privacy/v2/, etc.) so you can see what changed. - Effective-date update. The "effective date" at the top of the document moves only when changes take effect, not when drafts are written.
A "material change" includes: any new data collection, any new sharing recipient outside the categories listed in Section 5, any reduction in your rights under Section 7, or any change to retention periods.
14. Texas-specific disclosures (TDPSA)
The Texas Data Privacy and Security Act took effect July 1, 2024 (cure-period provisions per Tex. Bus. & Com. Code § 541.155). It applies to controllers that conduct business in Texas or produce products or services consumed by Texas residents and that process personal data — we qualify.
14.1 Categories of personal data we process
- Identifiers. Name, email, mailing address, IP address, phone number, government-issued ID number (DL or last-4 SSN).
- Internet activity. Web-server logs, queries to the estimator and waitlist.
- Commercial. Engagement records, payment authorizations, refund history.
- Inferences. Estimated savings range computed for your parcel.
We do not process the "sensitive data" categories defined in TDPSA § 541.001(31) (racial/ethnic origin, religious beliefs, mental/physical health, sexual orientation, citizenship/immigration, genetic/biometric, precise geolocation, children's data) — see Sections 3.5 and 9.
14.2 Sources
We collect personal data directly from you (you type it into our forms), from your browser (HTTP headers), and from public records (CAD bulk-data files that contain owner names and parcel info). We do not buy personal data from data brokers.
14.3 Purposes
See Section 4.
14.4 Categories of third parties
See Section 5.
14.5 Rights and how to exercise them
See Section 7.
14.6 Notice of right to opt out (TDPSA § 541.054)
If we ever did sell personal data or process it for targeted advertising — which we do not — we would publish a "Do Not Sell or Share My Personal Information" link on every page. Because we do neither, no such link is required, but we will add one immediately if our practices ever change. (See also CCPA § 1798.135.)
15. California-specific disclosures (CCPA/CPRA)
The CCPA/CPRA applies to "businesses" meeting thresholds in Cal. Civ. Code § 1798.140(d). As a Texas-focused small business we may not meet the revenue or California-household-count thresholds today, but we extend CCPA rights to California residents regardless. The substantive disclosures below mirror the TDPSA section.
- Categories of personal information collected and disclosed — see Sections 3 and 5.
- Sources of personal information — see Section 14.2.
- Business or commercial purposes — see Section 4.
- Categories of third parties — see Section 5.
- Right to know, delete, correct, port, opt-out (N/A), limit use of sensitive PI (N/A — we don't collect it), non-discrimination, and appeal — see Section 7.
- Authorized agent requests — see Section 7.10.
- Notice of financial incentive — we do not offer any financial incentive in exchange for personal information.
- "Shine the Light" (Cal. Civ. Code § 1798.83) — we do not share personal information with third parties for their direct marketing purposes. You may request confirmation of this once per year by emailing
privacy@windmayor.com.
16. Disputes about this policy
If you believe we have violated this policy:
- Contact
privacy@windmayor.comand give us a chance to fix it. We will respond within 14 days. - If unsatisfied, you may escalate to the Texas Attorney General's Consumer Protection Division (the TDPSA enforcement authority under § 541.155). California residents may also escalate to the California Privacy Protection Agency.
- Any civil dispute about this policy is governed by Texas law and venue is Travis County (matching the Terms of Service).
17. Document control
| Field | Value |
|---|---|
| Document ID | privacy-policy-v1 |
| Status | DRAFT — counsel review required |
| Author | pink-bot (legal-research lane) |
| Reviewer | TBD (licensed Texas counsel) |
| Approved by | TBD (founder + counsel) |
| Effective date | 2026-06-15 |
| Next review | 2026-09-15 (quarterly) or on material change |
| Supersedes | none (first version) |
| Citations verified | TDPSA: Tex. Bus. & Com. Code Ch. 541, eff. 2024-07-01; TX breach: Ch. 521 (Identity Theft Enforcement and Protection Act); CCPA: Cal. Civ. Code § 1798.100 et seq.; CPRA amendments eff. 2023-01-01; CUBI: Tex. Bus. & Com. Code § 503.001; COPPA: 15 U.S.C. § 6501 et seq.; Tex. Tax Code Ch. 41 (Protest), § 1.111 (Agent Designation), § 11.13 (Homestead), § 41.413 (Standing), § 41.44 (Notice of Protest), § 42 (District Court Appeal); Tex. Occ. Code Ch. 1152 (Property Tax Consultants); IRC § 6041A (1099-NEC), § 6109 (TINs), § 6501 (Limitations); Tex. Fin. Code Ch. 392 (Debt Collection); Tex. Civ. Prac. & Rem. Code § 16.004 (4-yr SOL written contracts); Tex. Bus. & Com. Code Ch. 322 (TUETA); UCC Art. 4A (ACH); NACHA Operating Rules. |
End of Privacy Policy v1 — DRAFT — counsel review required before commercial launch.