Privacy Policy

InspectAI is a professional inspection productivity tool. This policy explains what data we collect, how we use it, what leaves your device, and what controls you have. We're a small company — this is a plain-English document, not lawyer theater.

1. Who we are

InspectAI is operated by Steps Ventures LLC, a Delaware limited liability company ("we," "us," "our"). Our registered address is on file with the Delaware Division of Corporations. For privacy inquiries, contact us at privacy@inspectai.app.

"InspectAI" refers to the iOS mobile application, the web platform at inspectai.app, and any related APIs or services we operate.

2. Data we collect

Account information

When you create an inspector account we collect: email address, password (hashed, never stored in plain text), full name (optional), inspection license number (optional), and company name (optional). This information appears on inspection reports you generate.

Inspection data

Each inspection you create is stored in our database and includes: property address, property characteristics (type, size, year built), room names, findings you log (title, description, severity, category, cost estimate), and any notes or annotations you add.

Media uploads

Photos and audio files you capture or select during an inspection are uploaded to our servers for report generation. See Section 5 for details.

Room scans & spatial data

LiDAR room scans (RoomPlan) and AR finding pins (ARKit) are captured and processed on your device. We store the resulting room dimensions and each pin's position relative to the scan, not GPS coordinates. See Section 4.

Device and usage data

We collect standard server logs including IP address, browser/device type, pages visited, and timestamps. We use this for security monitoring, debugging, and aggregate analytics. We do not use session replay tools or behavioral tracking SDKs beyond standard server logs.

API keys

If you create API keys for programmatic access, we store a hashed version of each key. Raw keys are shown once at creation and never stored in recoverable form.

3. Third-party AI processing (Gemini)

Specifically, the following data is sent to Gemini:

• Photo analysis: When you capture a photo during an inspection, the image is sent to Google's Gemini Vision API to identify defects and generate captions. The image is sent as an API call; we do not control Google's retention policies for API inputs.
• Report generation: When you trigger report generation, the audio transcript from your inspection session, all logged findings, and room information are sent to Gemini to produce the narrative report.

We use Google's Gemini API under a commercial agreement, which includes data processing terms limiting Google's use of API inputs to providing the service and prohibited from using your data to train Google's general models without additional consent. However, we encourage you to review Google AI's Terms of Service directly.

Practical implication: If an inspection involves sensitive personal information about property owners or occupants, be mindful that this information may be included in transcript text that is sent to Gemini. Use the minimum necessary identifying detail in spoken notes.

4. On-device capture & processing

InspectAI's spatial features run on Apple's on-device frameworks. LiDAR room scans use Apple's RoomPlan, and AR finding pins use ARKit world tracking. These use the device's camera and motion sensors to build a local 3D understanding of the room you are standing in; the coordinates are relative to that scan session, not global GPS positions.

The app does not request location ("Location Services") permission and does not collect GPS coordinates. The camera and motion data used for scanning are processed on your device; we store the resulting room dimensions and the relative position of each finding pin alongside the inspection record, plus any room-scan model file you choose to keep. No raw camera feed or sensor stream is uploaded.

5. Audio recordings and photos

Photos taken during inspection are uploaded to our servers and stored in association with your inspection record. They are used to generate the report and are visible in the inspection's media library. Photos are retained for the life of the account unless you delete the inspection or close your account.

Audio recordings are transcribed on-device using Apple's on-device Speech Recognition (no data leaves your device during transcription). The resulting text transcript is then synced to our servers and, when you generate a report, sent to Gemini. The raw audio file is stored on our servers and retained for the life of the inspection record.

On-device AR processing: Room scanning and AR pin placement run entirely on-device via Apple's RoomPlan and ARKit. No raw images or video frames are transmitted to any server during scanning or AR capture.

6. Your clients' data — your responsibility

When you enter client names, emails, or agent information into an inspection, you are collecting personal data about third parties. You are acting as the data controller for that information; InspectAI is the processor.

You are responsible for:

• Having a lawful basis to collect and store your clients' personal information
• Obtaining any necessary consent before sharing a report link with clients or other stakeholders
• Complying with applicable privacy laws (state licensing requirements, CCPA, etc.) in your jurisdiction
• Notifying your clients that their property data and inspection findings will be processed using AI tools, including transmission to Google Gemini

7. How we use data

We use the data we collect to:

• Provide the InspectAI service — storing inspections, generating reports, serving the web report viewer
• Send AI-generated content to third-party models (Gemini) on your behalf when you trigger those features
• Authenticate your account and manage sessions
• Detect abuse, fraud, and security incidents
• Improve our service based on aggregate, de-identified usage patterns
• Communicate with you about your account, including service announcements and billing

We do not use your inspection data for advertising, sell it to third parties, or share it with other customers.

8. Who we share data with

• Google LLC — Gemini API (AI report generation, photo analysis, and code-citation suggestions). Google Privacy Policy.
• Report stakeholders you designate — When you share a report link, the recipient can view the report (including all findings and photos) without authentication. You control who receives the link.
• Cloud infrastructure providers — Our servers run on Google Cloud Platform. Data is stored in Google Cloud Storage and a managed database, both in the US.
• Legal requirements — We may disclose data if required by law, court order, or to protect the rights and safety of InspectAI, our users, or the public.
• Business transfers — In the event of a merger, acquisition, or asset sale, inspection data may be transferred to the acquiring entity, subject to the same protections described in this policy.

9. Retention and deletion

Inspection data (findings, notes, media, reports) is retained as long as your account is active. If you delete an inspection from within the app, all associated data including media files is permanently deleted within 30 days.

To close your account and request deletion of all your data, email privacy@inspectai.app. We will delete your account and all associated inspection data within 30 days, except where retention is required by law (e.g., billing records) or where data has been aggregated and de-identified.

Note: We cannot delete data that has already been transmitted to Google Gemini as part of an API call. Google's data retention policies for API inputs apply.

10. Security

We use HTTPS for all data in transit. Passwords are hashed using bcrypt. API keys are stored as hashes; raw keys are irrecoverable after creation. Database backups are encrypted. Access to production systems is restricted to authorized personnel via two-factor authentication.

No internet-connected system is perfectly secure. We cannot guarantee that data breaches will never occur. If a breach affects your account data, we will notify you as required by applicable law.

11. California residents (CCPA/CPRA)

If you are a California resident, you have the right to: (a) know what personal information we have collected about you; (b) delete personal information we hold about you; (c) correct inaccurate personal information; and (d) opt out of the "sale" or "sharing" of your personal information. We do not sell or share your personal information for cross-context behavioral advertising.

To exercise your California rights, email privacy@inspectai.app with the subject line "California Privacy Request." We will respond within 45 days.

12. Children's privacy

InspectAI is a professional tool intended for licensed inspectors and industry professionals. It is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, contact us at privacy@inspectai.app and we will delete it promptly.

13. Changes to this policy

We may update this policy as the product evolves. If we make material changes, we will notify you by email (at the address on your account) at least 14 days before the change takes effect. Continued use of InspectAI after the effective date constitutes acceptance of the revised policy.

The date at the top of this document reflects the most recent revision.

14. Contact us

For privacy questions, data requests, or concerns:
Steps Ventures LLC — InspectAI Privacy
Email: privacy@inspectai.app

We aim to respond to all privacy inquiries within 5 business days.