Who we are
OverAssessed Real Estate (“OverAssessedRE,” “we,” “us”) is operated by Steven Ellis, based in the United States. We provide commercial property tax appeal lead intelligence to attorneys, consultants, and property owners. You can reach us at [email protected].
What we collect
We collect three categories of data:
- Account information you provide: email address, firm name (if applicable), and any payment information processed through our payment provider.
- Usage data automatically collected: IP address, browser type, pages viewed, leads accessed, leads rejected, and pipeline status changes — logged in our application's audit trail for security and product improvement.
- Property and owner data we deliver to you: publicly available county assessment records, market valuations, comparable sales, and owner contact information sourced from public records and licensed third-party providers (see Data Sources).
How we use it
We use your account information to provide and bill for the service. We use usage data to operate the platform, prevent abuse, surface bugs, and improve our screening. We do not sell your account or usage data to third parties.
The property and owner data we deliver is for your professional use in evaluating tax appeal opportunities. You may not resell, repackage, or redistribute that data outside your firm without written permission.
Cookies
We use a single first-party authentication cookie (named session) to keep you logged in. The cookie is HttpOnly, Secure, SameSite=Strict, and expires after 30 days. We do not use third-party advertising cookies or tracking pixels on the application or marketing site.
Data sharing
We share data only with the service providers we use to operate the product:
- Cloudflare (hosting, edge compute, DNS, storage)
- Resend (transactional email — magic-link login, signup notifications)
- Anthropic (AI-generated appeal narratives — we send property characteristics and never your account credentials)
- Stripe (payment processing, when applicable)
- Google Maps Platform (satellite and street-view imagery served per request to authenticated users)
Each provider is bound by their own privacy commitments. We do not sell, rent, or trade your data to anyone for advertising or marketing.
Data retention
Account records are retained while your account is active and for 12 months after deletion (for billing and audit obligations). Magic-link tokens older than 24 hours are purged automatically. Sessions older than 30 days expire automatically. Audit logs are retained for 24 months.
Your rights
You can request a copy of your account data, correct inaccuracies, or delete your account at any time by emailing [email protected]. We respond within 30 days.
If you are a California or EU/UK resident, you have additional rights under CCPA / GDPR (right of access, rectification, erasure, portability, and restriction of processing). The same email reaches us.
Security
Authentication is via passwordless magic links with a 15-minute expiration. All data is encrypted in transit (TLS 1.2+) and at rest. Access to our production database is limited to the operator and is audit-logged. We do not store passwords.
Children
OverAssessedRE is not intended for use by anyone under 18. We do not knowingly collect data from children.
Changes to this policy
We will post any material changes to this page and update the “last updated” date. If a change materially affects how we handle your data, we will notify active accounts by email at least 14 days before the change takes effect.
Contact
Questions about this policy or how we handle your data: [email protected].