Due Dili← Back to Home

Privacy Policy

Last Updated: January 31, 2026

This Privacy Policy describes how Due Dili, operated by Alex M. doing business as Due Dili, collects, uses, and shares information about you when you use our platform at myduedili.com (the "Service"). We are committed to protecting your privacy while fulfilling our mission of real estate transparency.

By using the Service, you consent to the data practices described in this Privacy Policy. Please read this policy carefully before using our Service.

1. Information We Collect

We collect information in the following ways:

Information You Provide Directly

  • Account Information: Email address, display name, and password (stored as a hash — we never see your plain-text password).
  • Professional Profile: If you subscribe to Pro, you may provide details about your professional services, specialties, and contact preferences.
  • Uploaded Documents: Property-related documents you upload to the platform (e.g., inspection reports, appraisals, disclosures).
  • Contact Submissions: Messages or inquiries you send to Pro users through the platform.
  • Support Requests: Any communications you send to our support team.

Information Collected Automatically

  • Usage Data: Pages visited, searches performed, features used, and time spent on the platform.
  • Device Information: Browser type, operating system, device type, and screen resolution.
  • Technical Data: IP address, cookies, session tokens, and log data.
  • Location Data: General geographic location based on IP address (not precise GPS tracking).

Information from Third Parties

  • Payment Data: Stripe processes your payments and provides us with transaction confirmations. We do not store your credit card numbers or full payment details.
  • Address Data: When you search for properties, Mapbox provides geocoding and address resolution data.

2. How We Use Your Information

We use the information we collect for the following purposes:

  • Provide the Service: Create and manage your account, process uploads, and deliver platform functionality.
  • Process Payments: Handle subscription billing and payment confirmations through Stripe.
  • AI Document Processing: Scan uploaded documents using Google Vision API to automatically redact personally identifiable information (PII) before documents are made publicly viewable.
  • Send Transactional Emails: Password reset links, payment confirmations, subscription updates, and lead notifications for Pro users.
  • Improve the Service: Analyze usage patterns, fix bugs, and develop new features.
  • Security & Fraud Prevention: Detect and prevent unauthorized access, abuse, or fraudulent activity.
  • Legal Compliance: Comply with applicable laws, regulations, and legal obligations.
  • Communication: Respond to your inquiries, support requests, and feedback.

3. AI Processing & PII Redaction

A core feature of Due Dili is our AI-powered PII redaction system. When you or any user uploads a document, we process it through Google Vision API to identify and redact personally identifiable information before the document is made publicly available.

What gets redacted: Names, home addresses, Social Security Numbers, phone numbers, email addresses, dates of birth, financial account numbers, and other sensitive personal data.

How it works: Your uploaded document is sent to Google's Vision API for analysis. Google processes the document and returns detection results, which we use to create a redacted version. The original document is stored securely, and the redacted version is what is displayed publicly on the platform.

Limitations: AI-powered redaction is automated and best-effort. It is not guaranteed to catch every instance of PII. If you are uploading documents containing highly sensitive information, please review them carefully before uploading. We are not liable for any PII that is not successfully redacted.

Please review Google's Privacy Policy for details on how Google handles data processed through their APIs.

4. How We Share Your Information

We share your information only in the following circumstances:

Service Providers

We share information with third-party providers who help us operate the Service:

  • Stripe — Payment processing. See: Stripe Privacy Policy
  • Firebase (Google Cloud) — Hosting, authentication, database, and file storage. See: Google Privacy Policy
  • Google Vision API — AI-powered document analysis and PII redaction.
  • Mapbox — Property address search and geocoding. See: Mapbox Privacy Policy
  • Resend — Transactional email delivery (password resets, confirmations).

Platform Transparency

Uploaded documents (after PII redaction) are publicly viewable on the platform. This is central to Due Dili's mission of making property information accessible. By uploading a document, you consent to it being publicly displayed after redaction.

Legal Requirements

We may disclose your information if required by law, court order, or governmental authority, or to protect the rights, property, or safety of Due Dili, its users, or the public.

We do not sell your personal information to third parties.

5. Data Security

We take the security of your data seriously and implement appropriate technical and organizational measures, including:

  • Encryption in Transit: All data transmitted between your device and our servers is encrypted using HTTPS/SSL.
  • Encrypted Storage: Data is stored securely in Firebase, which provides encryption at rest.
  • Password Hashing: Passwords are hashed using industry-standard algorithms — we never store or have access to your plain-text password.
  • Access Controls: Firestore security rules restrict data access based on authentication status and user roles.
  • Payment Security: We never store credit card numbers. All payment data is tokenized and handled by Stripe, which is PCI DSS compliant.
  • Regular Audits: We conduct regular security reviews of our platform rules and infrastructure.

Despite these measures, no system is 100% secure. We cannot guarantee the absolute security of your information. In the event of a data breach, we will notify affected users as required by applicable law.

6. Data Retention

We retain your information for the following periods:

Data TypeRetention Period
Account & profile dataUntil account is deleted
Uploaded documentsUntil manually deleted by uploader
Payment & billing records7 years (legal/tax requirement)
Usage & analytics logs90 days
Support communications3 years or until resolved

When you delete your account, we will remove your personal data within 30 days, except where retention is required by law (e.g., payment records).

7. Cookies & Tracking

We use cookies and similar tracking technologies to enhance your experience on the platform. These include:

  • Essential Cookies: Required for the Service to function (e.g., authentication tokens, session management).
  • Preference Cookies: Remember your settings and preferences.
  • Analytics Cookies: Help us understand how users interact with the platform so we can improve it.

You can manage cookie preferences through your browser settings. Note that disabling certain cookies may affect the functionality of the Service.

8. Your Rights & Choices

Depending on your location, you may have the following rights regarding your personal information:

All Users

  • Access: View the personal information associated with your account.
  • Update: Correct or update inaccurate information through your account settings.
  • Delete: Delete your account and associated personal data through account settings.
  • Opt Out: Unsubscribe from non-essential communications.

EU Residents (GDPR)

If you are located in the European Union or European Economic Area, you have additional rights under the General Data Protection Regulation (GDPR), including:

  • Right to Erasure ("Right to be Forgotten") — Request deletion of your personal data.
  • Right to Restriction — Limit how we process your data.
  • Right to Portability — Receive your data in a structured, machine-readable format.
  • Right to Object — Object to processing of your data for certain purposes.
  • Right to Withdraw Consent — Withdraw consent at any time where processing is based on consent.

California Residents (CCPA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act:

  • Right to Know — Know what personal information we collect and how it is used.
  • Right to Delete — Request deletion of your personal information.
  • Right to Opt-Out — Due Dili does not sell personal information, so this right does not currently apply.
  • Right to Non-Discrimination — We will not discriminate against you for exercising your CCPA rights.

To exercise any of these rights, you can manage most settings directly in your account. For requests that cannot be fulfilled through the platform, please contact us at privacy@myduedili.com.

9. Children's Privacy

Due Dili is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children under 18. If you believe that a child under 18 has provided us with personal information, please contact us immediately at privacy@myduedili.com so we can take steps to delete that information.

10. International Data Transfers

Due Dili is operated from the United States. If you access the Service from outside the United States, your information may be transferred to, stored in, and processed in the United States. By using the Service, you consent to such transfers.

For EU residents, we rely on appropriate legal mechanisms (such as Standard Contractual Clauses) to ensure your data is protected when transferred internationally.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make changes, we will update the "Last Updated" date at the top of this page. We encourage you to review this policy periodically.

Continued use of the Service after changes to this Privacy Policy constitutes acceptance of the updated policy. If you do not agree with the changes, please discontinue use of the Service.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our handling of your personal information, please contact us:

Due Dili — Operated by Alex M.

Privacy Inquiries: privacy@myduedili.com

General Support: support@myduedili.com

Website: myduedili.com

We aim to respond to all privacy-related requests within 30 days of receipt.

← Back to Due DiliTerms of Service →