Privacy Policy
CA Fire Defense — Privacy Policy
Version 1.2 Effective Date: April 28, 2026 Last Updated: April 28, 2026
Privacy Policy at a Glance
This summary is for your convenience and is not a substitute for the full Privacy Policy below. The full policy controls.
- Who we are. CA Fire Defense is a California-based online marketplace that connects homeowners with licensed contractors for wildfire mitigation services.
- What we collect. Account details, contact information, property addresses and photos for quote requests, contractor business information, payment information processed through Stripe, messages you send on the platform (including to our Scout AI assistant), and standard web traffic data such as IP address and browser type.
- Why we collect it. To run the platform, match homeowners with contractors, process payments, send service-related communications, comply with the law, and improve the service.
- What we do not do. We do not sell your personal information. We do not share it for cross-context behavioral advertising. We do not knowingly collect information from anyone under the age of 18.
- Who we share with. A limited set of service providers that help us operate, including our marketplace platform, hosting, payments, email, mapping, and AI providers. Each is contractually limited in what they may do with your information.
- Your rights. California residents have rights under the CCPA and CPRA, including the right to know, delete, correct, and opt out of sale or sharing. Instructions for exercising these rights are below.
- Contact. [email protected]. Mailing address available upon request.
1. Introduction
This Privacy Policy describes how CA Fire Defense ("CA Fire Defense," "we," "us," or "our") collects, uses, shares, and protects personal information when you visit our website at www.cafiredefense.com, use our marketplace services, communicate with our Scout AI assistant, or otherwise interact with us (collectively, the "Service").
This Privacy Policy applies to homeowners who use the Service to find or hire contractors, contractors who list their services on the Service, and visitors who browse the Service without registering. By using the Service, you confirm that you have read and understood this Privacy Policy. If you do not agree with our practices as described in this Privacy Policy, please do not use the Service.
2. Information We Collect
We collect personal information in three ways: information you provide to us directly, information that is generated automatically through your use of the Service, and information we receive from third parties.
2.1 Information You Provide Directly
Account information. When you create a homeowner account or a contractor account, we collect your name, email address, password (stored in hashed form, never in plain text), and optionally your phone number. Contractor accounts also collect your business name, business contact information, CSLB license number, service areas, and a description of services you offer.
Quote request information. When you submit a quote request as a homeowner, we collect your property address, details about the project you are requesting (such as the type of work, size of property, and timeframe), and any photos you choose to upload. Photos may include property photos, structures, vegetation, or anything else you choose to include.
Photos and uploaded files. Photos uploaded to the Service may include property photos submitted with quote requests, contractor profile photos and business photos, and project photos that may be uploaded after a job is completed. Where technically feasible, we strip embedded location metadata (EXIF data) from uploaded photos before storage so that GPS coordinates from your device are not retained. We are working to ensure this is consistently applied across all upload paths. The visual content of photos is retained.
Payment information. When you complete a paid transaction, payment information is collected and processed by our payment processor, Stripe. Stripe collects payment card information directly through Stripe-hosted payment forms; CA Fire Defense does not see, receive, or store full payment card numbers on our servers. We receive limited transaction information from Stripe, including the last four digits of cards used, transaction amounts, transaction timestamps, and Stripe-generated identifiers needed to associate transactions with accounts.
Communications. When you send messages through the Service, including direct messages between homeowners and contractors and conversations with our Scout AI assistant, we collect the content of those messages. We discuss Scout-specific practices in Section 4.
Feedback and support. If you contact us with feedback, support requests, or other communications, we collect what you choose to send us, which may include your name, email address, and the content of your message.
2.2 Information Collected Automatically
When you use the Service, we and our service providers automatically collect certain information using cookies, web beacons, and similar technologies.
Device and connection information. IP address, approximate geographic location derived from your IP address, browser type and version, operating system, device type, screen resolution, language preference, and referring URL.
Usage information. Pages you visit, features you use, links you click, the time and duration of your visits, and the order in which you interact with pages.
Cookies and similar technologies. We use cookies and similar technologies to operate the Service, remember your preferences, keep you signed in, secure the Service against fraud and abuse, and understand how the Service is used. We will publish a separate Cookie Notice with detailed information about each cookie used on the Service. The categories of cookies we use are:
- Strictly necessary cookies. Required for the Service to function (for example, to keep you signed in or to maintain a session). These cannot be disabled.
- Functional cookies. Remember your preferences and settings.
- Performance and analytics cookies. Help us understand how the Service is used so we can improve it.
- Security cookies. Provided by Cloudflare to detect and mitigate threats.
We do not currently use third-party advertising cookies or cross-site tracking pixels. If we add any in the future, we will update this Privacy Policy and provide appropriate notice and choices.
2.3 Information from Third Parties
From contractors. If you are a homeowner who is matched with a contractor, that contractor may share information about you with us in connection with their use of the Service (for example, status updates on a project).
From service providers. Our service providers may provide us with information that supports the Service. For example, Stripe provides transaction confirmation data and Cloudflare provides security threat intelligence.
Public sources. We may query the publicly available California Contractors State License Board (CSLB) database to check the status of a license number a contractor has self-certified at signup. CSLB license information is public.
3. How We Use Your Information
We use personal information for the following purposes.
3.1 To Operate the Service
- Create and manage your account;
- Match homeowners with contractors based on service area and project type;
- Display contractor listings and homeowner requests in accordance with user choices;
- Process payments and facilitate transactions between homeowners and contractors;
- Provide the Scout AI assistant;
- Display weather and fire-risk information relevant to your location; and
- Maintain platform functionality and ensure the Service operates as intended.
3.2 To Communicate with You
- Send service-related communications, including account confirmations, quote request notifications, transaction confirmations, and updates about the Service;
- Respond to your inquiries and support requests; and
- Send important notices, including notices about changes to our terms or policies.
3.3 To Check Public CSLB Records
Contractors self-certify their CSLB license number at signup. We may, but are not obligated to, query the public CSLB database to confirm a license number is associated with an active license. Such queries are administrative checks of public records and do not constitute vetting, endorsement, verification, or any guarantee of the contractor's qualifications, fitness, licensure, insurance, or compliance with law. We may flag for further attention contractor accounts whose license number does not appear in the public CSLB database or whose license status changes, but we are not obligated to do so. Homeowners are solely responsible for evaluating and verifying any contractor before engaging them, as further described in our Terms of Service.
3.4 To Improve the Service
- Analyze how the Service is used to identify problems and improve features;
- Develop new features and services; and
- Improve the accuracy and helpfulness of our Scout AI assistant.
3.5 To Protect the Service and Comply with the Law
- Detect, prevent, and respond to fraud, abuse, security incidents, and violations of our Terms of Service;
- Comply with applicable laws and regulations, respond to legal process, and cooperate with law enforcement when legally required; and
- Establish, exercise, or defend legal claims.
3.6 With Your Consent
For any other purpose with your consent, which you may withdraw at any time.
4. Scout AI Assistant
We provide an AI-powered assistant called Scout that answers questions about wildfire preparedness, defensible space, and the Service. We want to be transparent about how Scout works.
How Scout processes your messages. When you send a message to Scout, the message content is transmitted to Anthropic, the provider of the underlying AI model, for processing. Scout returns a response that is displayed to you in the chat interface.
What we send to Anthropic. We send the content of your messages to Scout and the conversation history within your current session. We do not send your name, email address, account identifiers, payment information, or other identifying information to Anthropic unless you choose to include it in the content of your message to Scout. If you choose to share personal information with Scout in conversation (for example, your address or phone number), that information will be transmitted to Anthropic as part of your message.
Anthropic's handling. Anthropic processes API messages under their own privacy practices and contractual commitments to us. Anthropic states that it retains API logs for a limited period (currently approximately 30 days) for abuse monitoring and operational purposes, after which they are deleted, and that it does not use API content to train its models. CA Fire Defense relies on these representations; users may review Anthropic's current terms directly.
How we retain Scout conversations. We retain Scout conversation transcripts for up to 30 days after the conversation ends, after which they are automatically deleted. We retain conversations to debug issues, respond to user complaints, iterate Scout's prompts and responses, and comply with legal obligations. We do not contribute Scout conversations to AI model training. If you would like a Scout conversation deleted before the 30-day period ends, contact us using the information in Section 11.
Scout limitations. Scout is an AI assistant and may produce inaccurate or incomplete information. Scout does not provide legal, financial, medical, or professional engineering advice. Information provided by Scout is for general informational purposes only.
5. How We Share Information
We share personal information only as described in this Privacy Policy.
5.1 With Other Users of the Service
The Service is a marketplace, and certain information is shared between users in the ordinary course of how the marketplace works.
What homeowners see about contractors. Contractor profiles are visible to homeowners and may include the contractor's business name, CSLB license number, service areas, business description, photos, and ratings or reviews if applicable.
What contractors see about homeowners. When a homeowner submits a quote request that is matched to a contractor, the contractor may see the homeowner's name, contact information, property address, project details, and any photos uploaded with the quote request. We share this information so that the contractor can respond to the request.
Messages. Messages sent between homeowners and contractors through the Service are visible to the recipient.
5.2 With Service Providers
We share personal information with service providers that perform services on our behalf and are contractually limited in how they may use that information. Our current service providers include:
- Sharetribe (marketplace platform provider). Hosts and processes most platform data on our behalf.
- Render (hosting provider). Hosts our application services.
- Cloudflare (security and content delivery provider). Routes traffic, mitigates security threats, and accelerates content delivery.
- Stripe (payment processor). Processes payments and stores payment card information securely. Stripe is a separate data controller for payment card information; their privacy practices are described at stripe.com/privacy.
- Resend (email service provider). Sends transactional and notification emails.
- Mapbox (mapping provider). Powers maps displayed on the Service.
- Anthropic (AI provider). Provides the underlying AI model for the Scout assistant. See Section 4 for details.
- California Contractors State License Board (CSLB). Public database we may query to check the status of contractor-self-certified license numbers. CSLB is a government agency, not a service provider in the commercial sense; license queries are public.
We may add or change service providers from time to time and will update this Privacy Policy accordingly.
5.3 For Legal and Safety Reasons
We may disclose personal information when we believe in good faith that disclosure is necessary to:
- Comply with applicable law, regulation, legal process, or government request;
- Enforce our Terms of Service or other agreements;
- Detect, prevent, or address fraud, security, or technical issues; or
- Protect the rights, property, or safety of CA Fire Defense, our users, or the public.
5.4 In Connection with a Business Transaction
If we are involved in a merger, acquisition, sale of assets, or similar transaction, your personal information may be transferred as part of that transaction. We will notify you before your personal information becomes subject to a different privacy policy.
5.5 With Your Consent
We may share your personal information for any other purpose with your consent.
6. Categories of Personal Information Collected and Disclosed (CCPA/CPRA)
The following table identifies the categories of personal information defined under the California Consumer Privacy Act and California Privacy Rights Act that we have collected in the past twelve months, the categories of sources, the business purposes for collection, and the categories of third parties with whom we have disclosed each category.
6.1 Categories Collected
| CCPA Category | Examples we collect | Sources | Purposes | Disclosed to | |---|---|---|---|---| | Identifiers | Name, email, phone, IP address, account ID | You, automatically | Operate Service, communicate, security | Service providers, other users | | Personal records (Cal. Civ. Code §1798.80) | Name, address, phone, payment info | You | Operate Service, process transactions | Service providers (esp. Stripe) | | Protected classification | Not intentionally collected | n/a | n/a | n/a | | Commercial information | Transaction history, services requested | You, automatically | Operate Service | Service providers, matched users | | Internet/network activity | Browsing history, interactions | Automatically | Operate, improve, security | Service providers | | Geolocation data | Approximate IP-based location, property addresses | You, automatically | Operate Service, match users | Service providers, matched contractors | | Sensory information | Photos you upload (with EXIF metadata stripped where technically feasible) | You | Operate Service | Matched contractors | | Professional/employment information | Contractor business and license info | You, CSLB public records | Operate Service, administrative checks of public records | Public on contractor profiles | | Inferences | Service preferences derived from activity | Automatically | Improve Service | Service providers | | Sensitive personal information | Account credentials (hashed); precise property addresses | You | Authentication; service matching | Not disclosed (credentials); matched contractors (addresses) |
We have not sold or shared any of the categories of personal information listed above. See Section 6.2. Retention periods for each category are described in Section 8.
6.2 Categories Sold or Shared
We do not sell personal information. We do not share personal information for cross-context behavioral advertising as those terms are defined under the CCPA and CPRA.
6.3 Sensitive Personal Information
Under the CPRA, the following categories of "sensitive personal information" may be collected through the Service:
- Account login credentials. We collect passwords (stored in hashed form) for the purpose of authenticating access to your account.
- Precise geolocation. When a homeowner submits a property address with a quote request, that address may constitute precise geolocation under the CPRA. We use this information solely to match the homeowner with contractors who serve that address and to enable the contractor to respond.
We use sensitive personal information only for the purposes described above, which are permitted business purposes under CPRA Section 1798.121 and do not require an opt-out. We do not collect Social Security numbers, driver's license numbers, financial account information (other than what Stripe processes directly), racial or ethnic origin, religious beliefs, union membership, genetic data, biometric information for unique identification, health information, sex life or sexual orientation information, or contents of mail, email, or text messages other than to and from us.
7. Your Privacy Rights
7.1 Rights Under the CCPA and CPRA (California Residents)
If you are a California resident, you have the following rights under the CCPA and CPRA:
Right to know. You have the right to request information about (a) the categories of personal information we have collected about you, (b) the specific pieces of personal information we maintain about you, (c) the categories of sources from which the information was collected, (d) the business or commercial purposes for collecting the information, and (e) the categories of third parties with whom we have shared it.
Right to delete. You have the right to request deletion of personal information we have collected from you, subject to certain exceptions (for example, we may retain information needed to complete a transaction, comply with a legal obligation, or detect fraud).
Right to correct. You have the right to request correction of inaccurate personal information we maintain about you.
Right to opt out of sale or sharing. You have the right to opt out of the sale or sharing of your personal information. We do not sell or share personal information as those terms are defined under the CCPA/CPRA. If this changes, we will update this Privacy Policy and provide an opt-out mechanism.
Right to limit use of sensitive personal information. You have the right to limit our use of sensitive personal information to certain permitted purposes. As described in Section 6.3, we use sensitive personal information only for permitted purposes that do not require an opt-out.
Right to non-discrimination. We will not discriminate against you for exercising any of your privacy rights.
How to exercise these rights. Submit a request by emailing us at [email protected] with "Privacy Request" in the subject line. We will confirm receipt of your request within 10 business days and provide information about how we will process it. We will verify your identity before responding to substantive requests by, for example, asking you to confirm specific information associated with your account. We will respond to verifiable consumer requests within 45 days. If we need more time, we may extend the response period by an additional 45 days as permitted by law, and we will notify you in writing of the extension and the reason for the delay.
Authorized agents. You may designate an authorized agent to make a request on your behalf. We will require the agent to provide written authorization signed by you and may require you to verify your own identity directly with us.
7.2 Do Not Track Signals
Some browsers transmit "Do Not Track" signals. Because there is not yet a common industry standard for how to interpret these signals, we currently do not respond to them. We will update this Privacy Policy if our practices change.
7.3 Global Privacy Control (GPC)
We respect Global Privacy Control signals as a valid opt-out request from California residents who have it enabled. We do not currently sell or share personal information for cross-context behavioral advertising; if this changes in the future, your GPC signal will be honored as an opt-out of that sale or sharing.
8. Data Retention
We retain personal information for as long as is necessary to provide the Service to you, comply with our legal obligations, resolve disputes, enforce our agreements, and for other legitimate business purposes. Specifically:
- Active accounts. We retain account information for as long as your account is active.
- Inactive accounts. If your account has been inactive for two years and you have not affirmatively requested its retention, we may delete or anonymize it.
- Quote requests. We retain quote requests for two years from the date of submission, after which they may be deleted or anonymized.
- Transaction records. We retain transaction records for at least seven years for tax and financial reporting purposes.
- Scout conversations. We retain Scout conversation transcripts for 30 days, after which they are automatically deleted.
- Support communications. We retain support communications for two years after they are resolved.
- Cookies and similar technologies. Each cookie has its own retention period as described in our Cookie Notice (when published).
After the applicable retention period ends, we either delete the information or de-identify it so that it can no longer be associated with you.
9. How We Protect Your Information
We take the security of personal information seriously and use a variety of administrative, technical, and physical safeguards to protect it. These include:
- HTTPS encryption for all traffic between your device and the Service;
- Encrypted storage of sensitive information at rest where technically feasible;
- Hashed storage of passwords (we never store passwords in plain text);
- Stripe handling of payment card information in compliance with PCI DSS standards (CA Fire Defense does not store full payment card numbers);
- Cloudflare-provided protections against common web threats;
- Stripping of GPS metadata (EXIF data) from uploaded photos before storage where technically feasible;
- Access controls limiting employee and service provider access to personal information; and
- Regular review of our security practices.
No security measure is perfect, and we cannot guarantee that personal information will never be subject to unauthorized access or disclosure. If we become aware of a security breach affecting your personal information, we will notify you in accordance with applicable law, including California Civil Code Section 1798.82.
10. Service Geographic Scope
CA Fire Defense is based in California, and the Service is currently focused on serving users and Service Providers located in California. If you access the Service from outside California or the United States, you do so at your own initiative, and your personal information may be transferred to, stored, and processed in the United States and other countries where our service providers operate. By using the Service, you consent to the transfer of your personal information to the United States as described in this Privacy Policy.
11. How to Contact Us
For privacy-related questions, requests, or concerns, contact us at:
CA Fire Defense Email: [email protected] Subject line: "Privacy Request" (for privacy rights requests) Mailing address: Available upon request. To request our mailing address, email us at the address above.
12. Children's Privacy
The Service is not directed to children under the age of 18, and our Terms of Use require all registered users to be at least 18 years of age. We do not knowingly collect personal information from anyone under the age of 18. If we become aware that we have collected personal information from a person under 18, we will take prompt steps to delete that information and terminate any associated account. If you are a parent or guardian and believe that your child has provided us with personal information, please contact us at the email address in Section 11 and we will respond promptly.
13. Changes to This Privacy Policy
CA Fire Defense may update this Privacy Policy from time to time to reflect changes in our practices, the Service, or applicable law. The procedures below apply.
13.1 Material Changes Affecting Your Rights or the Use of Sensitive Personal Information
For changes that materially affect your privacy rights, the categories of personal information we collect, the purposes for which we use sensitive personal information, the categories of third parties with whom we share personal information, or the retention periods we apply, CA Fire Defense will: (i) provide notice by email to the address associated with your account at least thirty (30) days before the changes take effect; (ii) display a prominent in-Platform acknowledgment banner that you must affirmatively dismiss by clicking "I have reviewed the changes" before continuing to use the Service; and (iii) post the revised Privacy Policy with an updated "Last Updated" date. The acknowledgment banner shall be displayed during the thirty (30) day notice period and shall continue to be displayed after the effective date until you affirmatively dismiss it. Users who do not log in during the thirty (30) day notice period will be presented with the acknowledgment banner on their next login after the effective date and must affirmatively dismiss it before continuing to use the Service. A user who does not agree to the revised Privacy Policy may terminate their account at any time before or after the effective date in lieu of dismissing the banner. Dismissal of the acknowledgment banner together with continued use of the Service constitutes acceptance of the revised Privacy Policy.
13.2 Other Material Changes
For other material changes, CA Fire Defense will provide at least thirty (30) days' advance notice by email to registered users and by prominent in-Platform notice. Continued use of the Service after the effective date constitutes acceptance.
13.3 Non-Material Changes
CA Fire Defense may make non-material changes (such as clarifications, formatting, or contact information updates) at any time by posting the revised Privacy Policy with an updated "Last Updated" date.
14. Additional Disclosures for California Residents
This Section contains additional disclosures required by California law.
14.1 California "Shine the Light" Law
California Civil Code Section 1798.83 permits California residents to request information about disclosures of personal information to third parties for those third parties' direct marketing purposes. We do not disclose personal information to third parties for their direct marketing purposes.
14.2 California Minors
California Business and Professions Code Section 22581 allows California residents under 18 who are registered users of websites to request and obtain removal of content they have posted. We do not knowingly permit users under 18 to register for the Service. If a user under 18 has posted content despite this restriction, that user (or their parent or guardian) may request removal by contacting us at the email address in Section 11. We will treat removal requests in accordance with applicable law.
14.3 Notice of Financial Incentives
We do not currently offer any financial incentive in exchange for personal information.
14.4 Notice for California Users (Civil Code §1789.3)
Under California Civil Code Section 1789.3, California users are entitled to the following consumer rights notice: This Service is operated by CA Fire Defense. The mailing address of CA Fire Defense is available upon request to [email protected]. The Service is currently free to homeowners. Complaints regarding the Service may be sent to [email protected]. The Complaint Assistance Unit of the Division of Consumer Services of the California Department of Consumer Affairs may be contacted in writing at 1625 N. Market Blvd., Suite N-112, Sacramento, California 95834, or by telephone at (800) 952-5210.
15. Notice for Users of Accessibility Services
If you use assistive technologies or have difficulty accessing this Privacy Policy, contact us at [email protected] and we will work with you to provide the information in an accessible format.
— End of Privacy Policy —