Privacy Policy

This Privacy Policy explains how CURVE Reports collects, uses, discloses, stores, and protects personal information when you use curvereports.com, create an account, access building data, download reports, open shared links, receive emails, or otherwise interact with the Service.

By using CURVE, you acknowledge this Policy. If you use CURVE on behalf of an organization, you are responsible for making sure your organization and authorized users understand the applicable privacy practices.

Account information: name, email address, password authentication state, signup source, referral or invite metadata, user role/classification, selected buildings of interest, account status, subscription or access level, and related profile metadata.

Usage information: pages viewed, buildings opened, reports accessed, report modes used, downloads, shares, first-view events, search and navigation behavior, timestamps, session events, and similar product analytics that help operate and improve CURVE.

Share and referral information: recipient emails, sender emails, invite parameters, share tokens, expiration state, first-open timestamps, report/building context, and attribution events needed to power CURVE sharing and notification workflows.

Technical information: IP address, device and browser information, operating system, referring URL, approximate location derived from technical data, logs, cookies, and security telemetry.

Communications: emails, support requests, sales conversations, administrative messages, feedback, and other information you choose to provide.

We use information to create and secure accounts, authenticate users, provide building data and reports, personalize onboarding, remember selected buildings, operate subscriptions or access controls, support product features, and respond to requests.

We use usage and technical information to monitor reliability, detect abuse, prevent credential sharing or unauthorized access, debug issues, measure feature adoption, prioritize product improvements, and understand which data and reports are most valuable.

We use contact information to send transactional emails such as account verification, password reset, invite delivery, report-share notifications, administrative notices, and product or account-related communications. We may also send limited product updates where permitted by law, with unsubscribe options when required.

We do not sell personal information. We do not use your personal information for third-party advertising networks. We do not add third-party social tracking pixels to the authenticated Service.

We process information to perform our contract with users, provide requested Services, maintain account security, comply with law, protect CURVE’s rights, prevent fraud and abuse, and pursue legitimate business interests such as product analytics, customer support, and platform improvement.

Where consent is required by applicable law, we will request it. You may withdraw consent where legally applicable, but doing so may limit access to features that depend on the relevant processing.

CURVE uses a limited set of vetted operational service providers to run, secure, deliver, communicate about, and bill for the Service.

These providers process information only as needed to provide infrastructure, security, hosting, authentication, email, billing, analytics, support, or other operational services to CURVE. We do not publicly enumerate our production vendor stack because platform security and reliability matter.

We may disclose information if required by law, subpoena, court order, regulator, or legal process; to protect rights, safety, security, or property; to investigate misuse; to enforce agreements; or in connection with a merger, acquisition, financing, reorganization, or sale of assets.

If you intentionally share a report, invite another person, or use referral/share functionality, information necessary to deliver that feature may be visible to the sender, recipient, or relevant account holder as part of the product workflow.

CURVE uses first-party cookies and similar technologies to keep users signed in, protect sessions, remember preferences, and operate authenticated features. These cookies are necessary for the Service to function.

We may use server logs and product events to understand performance, adoption, and reliability. We do not use CURVE authenticated-product behavior to power third-party ad targeting.

If you block cookies, authenticated features may not work properly or may not work at all.

CURVE uses HTTPS/TLS, authentication controls, role-based server-side access patterns, managed infrastructure, and operational safeguards designed to protect information against unauthorized access, alteration, disclosure, or destruction.

No internet service, database, email provider, authentication provider, or hosting platform is perfectly secure. CURVE cannot guarantee absolute security, uninterrupted availability, or that unauthorized access will never occur.

You are responsible for keeping your credentials confidential, using secure devices, and promptly notifying CURVE if you suspect unauthorized account access.

We retain account information while your account is active and for as long as needed to provide the Service, comply with legal obligations, resolve disputes, enforce agreements, maintain security, prevent abuse, and preserve business records.

Usage logs, share events, audit events, and analytics may be retained for operational, security, product, and legal purposes. Aggregated or de-identified information that no longer reasonably identifies a person may be retained indefinitely.

If you request deletion, we will delete or de-identify personal information as required by applicable law, subject to legitimate retention needs such as security logs, billing records, legal obligations, backups, fraud prevention, and dispute records.

Depending on where you live, you may have rights to access, correct, delete, export, restrict, or object to certain processing of personal information. You may also have the right to appeal a privacy decision or lodge a complaint with a regulator.

To exercise rights, contact us using the contact information below. We may need to verify your identity and account relationship before fulfilling a request.

You can unsubscribe from non-transactional emails where required. Transactional emails such as account verification, password resets, security notices, and share notifications may still be sent when necessary to provide the Service.

CURVE is intended for professional and business users. It is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided information, contact us and we will take appropriate action.

CURVE is operated from the United States. If you access the Service from outside the United States, your information may be processed in the United States or other locations where our providers operate. Those jurisdictions may have data protection laws different from your location.

We may update this Policy to reflect changes in the Service, data practices, legal requirements, vendors, or business operations. The updated version will be posted on this page with a revised date.

Your continued use of the Service after an updated Policy is posted means you acknowledge the updated Policy.

Privacy questions or requests may be sent to wlopez@mpbos.com. Please include enough detail for us to understand and verify the request without sending unnecessary sensitive information.