Legal

Privacy Policy

Last updated: May 2026

Overview

AVMS.AI (“we,” “us,” or “our”) operates the AVMS.AI platform for AVM compliance management. This Privacy Policy explains how we collect, use, store, and protect information when you use our platform and website.

We are committed to protecting the privacy and confidentiality of your institution's data. We do not sell your data. We do not share your data with third parties. We do not use your data to train machine learning models.

Information We Collect

Account Information

When you create an account, we collect your email address, name, institution name, and role. If you use Google Workspace or Microsoft 365 authentication, we receive your name and email from the identity provider.

Institution Data

When your institution uses the platform, we process the data you submit: loan information, AVM reports, property data, originator information, and valuation data. This data is processed solely to provide the compliance services you subscribed to and is stored within your tenant's isolated data environment.

Protocol Data

The platform generates protocol events as part of its cryptographic compliance engine: action records, hash chains, policy check results, session seals, and audit trails. This data is your compliance evidence and is stored within your tenant.

Usage Data

We collect standard web analytics: pages visited, features used, session duration, browser type, and IP address. This data is used to improve the platform and is not linked to your institution's loan data.

How We Use Your Information

  • To provide and operate the AVMS.AI compliance platform
  • To process loans and AVM data through compliance checks
  • To generate cryptographic compliance evidence
  • To authenticate users and enforce access controls
  • To provide customer support
  • To improve the platform based on usage patterns
  • To communicate service updates and security notices

We do not use your institution's loan data, AVM data, or compliance evidence for any purpose other than providing the services you subscribed to.

Data Storage and Security

All data is stored in AWS infrastructure located in the United States. Data is encrypted at rest with AES-256 and in transit with TLS 1.2+. Multi-tenant isolation ensures your data is architecturally separated from other institutions at every layer.

For detailed information about our security practices, see our Security page.

Data Sharing

We do not sell, rent, or share your institution's data with third parties. We may share information only in the following limited circumstances:

  • Service providers: AWS (infrastructure), strictly as processors acting on our behalf under contractual obligations
  • Legal requirements: When required by law, regulation, or legal process
  • With your consent: If you explicitly authorize sharing for a specific purpose

Data Retention

Your data is retained for as long as your subscription is active. After cancellation, data is retained for 90 days to allow reactivation, then securely deleted. You may request earlier deletion by contacting us.

Cryptographic compliance evidence (protocol events, session seals, hash chains) is retained with the same policy as your institutional data. These records represent your compliance history and are treated with the same care as your loan data.

Your Rights

You have the right to:

  • Access the personal information we hold about you
  • Request correction of inaccurate information
  • Request deletion of your account and associated data
  • Export your compliance data
  • Withdraw consent for optional data processing

To exercise these rights, contact us at privacy@avms.ai.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the platform. Continued use of the platform after changes take effect constitutes acceptance of the updated policy.

Contact

For questions about this Privacy Policy or our data practices, contact us at privacy@avms.ai.