GC RADAR LLC — PRIVACY POLICY

Version 1.0 | Effective: May 4, 2026

This Privacy Policy explains how GC Radar LLC, a South Carolina limited liability company (“GC Radar,” “we,” “us,” or “our”), collects, uses, shares, and protects information in connection with the GC Radar platform, website, mobile and desktop applications, integrations, communications, and related services (collectively, the “Services”).

This Privacy Policy applies to all users of the Services, visitors to gcradar.io, and individuals whose information appears in our databases (including property owners and other natural persons identified through public-record permit data and contact-information enrichment). It is incorporated by reference into our Terms of Service.

By using the Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree, do not use the Services.

TABLE OF CONTENTS

Scope and Roles

Information We Collect

How We Use Information

How We Share Information

SMS and Text Messaging (A2P 10DLC Disclosures)

Cookies, Analytics, and Tracking

Data Security

Data Retention

Your Rights and Choices

California Privacy Rights (CCPA / CPRA)

Other State Privacy Rights

Third-Party Data and Permit Subjects

Children’s Privacy

International Users

Changes to This Privacy Policy

Contact Information

1. SCOPE AND ROLES

1.1 Two Categories of Individuals

This Privacy Policy describes how we handle information about two categories of individuals:

Subscribers and Visitors: Trade contractors, business owners, and authorized users who sign up for, use, or visit the Services. We act as the data controller (or business, under California law) for this information.

Permit Subjects: Property owners, permit applicants, and other natural persons whose information appears in our databases as a result of public-record permit data ingestion and third-party contact enrichment. We act as a data controller (or business) for this information when we determine the purposes and means of processing.

1.2 What This Policy Does Not Cover

This Privacy Policy does not cover:

Information collected by third parties (for example, payment processors, integration partners, or third-party websites linked from our site), which is governed by their own privacy policies

How our Subscribers use Permit Subject information after they obtain it through the Services. Once a Subscriber accesses Permit Subject data through the Services, the Subscriber becomes an independent data controller (or business) for that data and is responsible for its own compliance with applicable privacy laws

2. INFORMATION WE COLLECT

2.1 Information You Provide to Us

When you sign up for, configure, or use the Services, we collect information you provide directly, including:

Identifiers: Name, business name, email address, phone number, mailing address

Account credentials: Username, password (stored in hashed form), and authentication factors

Business and configuration information: Trade type, county selection, seat count, role, integration preferences

Payment information: Last four digits of payment card, billing address, ACH bank account information (collected and stored by our payment processors Stripe and Helcim, not by GC Radar directly)

Communications: Messages you send to support, setup-call recordings (where consented and as disclosed at the start of the call), survey responses, feedback

Marketing preferences and consent records (including SMS opt-in records)

Content you upload: Notes, configurations, files, and other User Content as defined in our Terms of Service

2.2 Information Collected Automatically

When you use the Services, we automatically collect:

Device and connection data: IP address, browser type and version, operating system, device identifiers, language settings, time zone

Usage data: Pages viewed, features used, search queries, click patterns, session duration, login times, navigation paths, error logs

Cookies and similar technologies: See Section 6 for details

Inferred location: Approximate location derived from IP address

2.3 Information We Obtain From Third Parties

We obtain information from third-party sources, including:

Public-record sources: County, municipal, and state permit portals, tax assessor records, deed and title records, and other government databases

Third-party data providers: Skip-tracing services, contact-information aggregators, identity-matching services, phone validation services, and email verification services

Payment processors: Stripe and Helcim provide us limited information about successful and failed transactions

Integration partners: When you connect a third-party tool (such as a CRM) to GC Radar, we may receive information from that integration as configured by you

Marketing and analytics partners: We may receive aggregated or anonymized data from advertising and analytics platforms

2.4 Information About Permit Subjects

Through the sources described in Section 2.3, we collect or infer information about Permit Subjects, which may include:

Name and any business name shown on permit records

Property address and parcel identifiers

Phone numbers, email addresses, and mailing addresses obtained from public records or third-party data providers

Permit details (type, status, dates, value, contractor of record where shown)

Other property attributes available from public records

2.5 Sensitive Personal Information

GC Radar does not intentionally collect “sensitive personal information” as defined under California, Colorado, or other state privacy laws (such as Social Security numbers, driver’s license numbers, financial account numbers other than payment card metadata, precise geolocation, racial or ethnic origin, religious beliefs, union membership, genetic data, biometric identifiers, or sexual orientation). If we receive sensitive personal information unintentionally, we will delete or de-identify it consistent with our retention practices.

3. HOW WE USE INFORMATION

We use the information described in Section 2 for the following purposes:

3.1 Service Operation and Improvement

To provide, configure, deliver, and operate the Services

To authenticate users and secure accounts

To process transactions, manage subscriptions, and send billing communications

To respond to support requests and troubleshoot issues

To monitor performance, debug errors, and improve features

To develop new features, products, and services

3.2 Communications

To send transactional emails (account confirmations, billing receipts, security alerts, renewal reminders, password resets)

To send service notifications (changes to features, scheduled maintenance, policy updates)

To send marketing emails about GC Radar products, features, promotions, and content (subject to your right to opt out)

To send SMS messages, subject to the disclosures in Section 5

To respond to your inquiries, feedback, and requests

3.3 Data Aggregation, Enrichment, and Delivery

To ingest, normalize, and structure permit data from public-record sources

To enrich permit records with contact information using third-party data providers

To match permit records to properties and to natural persons where data supports the match

To make permit data and enriched contact information available to authorized Subscribers in accordance with our Terms of Service and our agreements with data providers

3.4 Security, Fraud Prevention, and Abuse Detection

To detect and prevent fraud, payment abuse, chargeback abuse, and unauthorized access

To detect and prevent automated, AI-mediated, scraping, or bot access in violation of our Terms of Service

To protect the rights, property, and safety of GC Radar, our users, and others

To investigate violations of our Terms of Service or applicable law

3.5 Legal and Compliance

To comply with applicable laws, regulations, court orders, subpoenas, and legal process

To respond to lawful requests from public authorities

To enforce our Terms of Service and other agreements

To establish, exercise, or defend legal claims

3.6 Aggregated and De-Identified Use

We may aggregate, anonymize, or de-identify information in a manner that no longer reasonably identifies a specific individual, and we may use such data for any lawful purpose, including analytics, business intelligence, marketing, product development, and benchmarking.

4. HOW WE SHARE INFORMATION

4.1 Categories of Recipients

We share information only as described below:

4.1.1 Service Providers and Vendors

We share information with vendors that perform services on our behalf, such as:

Cloud hosting and infrastructure providers

Payment processors (Stripe, Helcim)

Email, SMS, and notification platforms

Customer support and ticketing platforms

Analytics and product-monitoring tools

Data enrichment, validation, and skip-tracing providers

Security, fraud-prevention, and bot-detection vendors

Professional advisors (legal, accounting, audit)

These vendors are contractually obligated to use the information only as needed to provide services to us and consistent with this Privacy Policy.

4.1.2 Authorized Subscribers

Permit data and enriched contact information are made available to authorized Subscribers as part of the Services. Once a Subscriber accesses such data, the Subscriber becomes an independent controller of the data and is responsible for its own compliance with applicable laws.

4.1.3 Legal and Safety Disclosures

We may disclose information when we believe in good faith that disclosure is necessary to:

Comply with applicable law, legal process, or government request

Enforce our Terms of Service or other agreements

Protect the rights, property, or safety of GC Radar, our users, or others

Detect, investigate, prevent, or respond to fraud, security incidents, or technical issues

Defend against legal claims

4.1.4 Business Transfers

If GC Radar is involved in a merger, acquisition, financing, reorganization, bankruptcy, sale of assets, or transfer of control (including to any successor entity), information may be transferred as part of that transaction. We will provide notice consistent with applicable law.

4.1.5 Affiliates

We may share information with our affiliates for purposes consistent with this Privacy Policy.

4.1.6 With Your Consent

We may share information with other parties when you direct us to do so or otherwise consent.

4.2 We Do Not Sell Personal Information

GC Radar does not “sell” personal information for monetary consideration as that term is commonly understood. To the extent any data sharing constitutes a “sale” or “sharing” of personal information under applicable state law, we describe those activities and your opt-out rights in Section 10 (California) and Section 11 (other states).

4.3 SMS Data Is Not Shared for Marketing

GC RADAR DOES NOT SHARE OR SELL SMS OPT-IN DATA, MOBILE PHONE NUMBERS, OR SMS CONSENT INFORMATION WITH THIRD PARTIES OR AFFILIATES FOR THEIR OWN MARKETING OR PROMOTIONAL PURPOSES. PHONE NUMBERS COLLECTED FOR SMS PURPOSES ARE USED ONLY AS DESCRIBED IN SECTION 5.

This commitment is required by carrier and CTIA guidelines for A2P 10DLC messaging and is honored by GC Radar at all times.

5. SMS AND TEXT MESSAGING (A2P 10DLC DISCLOSURES)

This Section 5 describes our SMS and text messaging practices and is intended to comply with The Campaign Registry (TCR) requirements, the CTIA Short Code Monitoring Handbook and Messaging Principles, the Telephone Consumer Protection Act (TCPA), the Telemarketing Sales Rule (TSR), and applicable state telemarketing laws.

5.1 SMS Programs

GC Radar may operate one or more A2P 10DLC SMS programs to communicate with Subscribers and prospective Subscribers. Our SMS programs include the following message types:

Account and transactional messages: Setup-call reminders, login verification codes, payment receipts, renewal reminders, billing failures, security alerts, and similar account-related notifications

Customer support messages: Replies and follow-ups in connection with your support inquiries

Service notifications: Outage notices, scheduled maintenance, and material updates to the Services

Marketing messages (separate opt-in required): Promotional content about GC Radar features, new counties or trades, pricing offers, and educational content

5.2 Consent and Opt-In

We obtain prior express consent before sending SMS messages. Consent is collected through one or more of the following:

A checkbox during account signup or onboarding configuration

A separate marketing-consent checkbox for marketing-only campaigns (consent for transactional messages does not constitute consent for marketing messages)

A keyword opt-in (for example, texting a specified keyword to a specified number)

Verbal opt-in during a setup call, recorded with timestamp and consent language

We retain records of consent for not less than four (4) years, including timestamp, opt-in mechanism, and the consent language presented.

5.3 Opt-Out and Help

OPT-OUT: You may opt out of any SMS program at any time by replying STOP, UNSUBSCRIBE, CANCEL, END, or QUIT to any message from us. Once you opt out, you will receive a confirmation message and you will not receive further messages from that program.

HELP: For help, reply HELP to any message from us, and we will respond with our contact information and program details. You may also email [email protected] for support.

Opting out of one SMS program does not automatically opt you out of other programs you have separately consented to. To opt out of all SMS communications from GC Radar, contact [email protected].

5.4 Message Frequency

Message frequency varies by program. Transactional messages are sent based on the events that trigger them (for example, when you request a login code). Marketing messages are typically sent no more than four (4) times per month per opted-in user, although frequency may vary based on campaign and user activity.

5.5 Carriers and Costs

Message and data rates may apply. Your carrier’s standard messaging rates apply to all SMS interactions. Carriers (including AT&T, Verizon, T-Mobile, and others) are not liable for delayed or undelivered messages. GC Radar is not responsible for any carrier-related charges.

5.6 Phone Number Use

Phone numbers collected for SMS purposes are used only for:

Sending the SMS messages described in Section 5.1, in accordance with your applicable consent

Account security and fraud prevention

Customer support communications

Compliance and audit purposes

PHONE NUMBERS AND SMS CONSENT INFORMATION ARE NOT SHARED OR SOLD TO ANY THIRD PARTY OR AFFILIATE FOR THIRD-PARTY MARKETING PURPOSES. SMS-RELATED INFORMATION IS NOT USED FOR ANY PURPOSE OTHER THAN AS DESCRIBED IN THIS PRIVACY POLICY.

Required carrier disclosure (CTIA / The Campaign Registry): No mobile information will be shared with third parties/affiliates for marketing/promotional purposes. Information sharing to subcontractors in support services, such as customer service, is permitted. All other use case categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.

5.7 Subscriber Outreach Is Not GC Radar SMS

When a Subscriber uses contact information obtained through the Services to send SMS, calls, or emails to Permit Subjects, the Subscriber (and not GC Radar) is the sender, the calling party, and the responsible party for compliance with TCPA, TSR, A2P 10DLC, CAN-SPAM, and applicable state laws. GC Radar does not initiate, send, or transmit those communications. Subscribers must register their own brands and campaigns with The Campaign Registry, obtain proper consents, and comply with all applicable telemarketing rules. See our Terms of Service, Section 11.1, for details.

5.8 Prohibited Content

GC Radar SMS programs do not include content prohibited by carriers, the CTIA, or applicable law, including unauthorized SHAFT-C content (Sex, Hate, Alcohol, Firearms, Tobacco, and Cannabis), high-risk financial products, illegal substances, or other categories restricted by The Campaign Registry. Promotional messages comply with applicable advertising laws.

6. COOKIES, ANALYTICS, AND TRACKING

6.1 What Are Cookies

Cookies are small text files placed on your device when you visit a website. We use cookies and similar technologies (including local storage, pixels, and SDKs) for the purposes described below.

6.2 Categories of Cookies We Use

Strictly Necessary: Required to operate the Services (authentication, session management, security)

Functional: Remember preferences and settings (language, last-viewed county, dashboard layout)

Analytics: Help us understand how the Services are used and how to improve them

Marketing: Help us deliver relevant marketing and measure campaign performance

6.3 Your Choices

Most browsers allow you to manage cookie preferences through their settings. You can also use browser-level “Do Not Track” or “Global Privacy Control” signals; we honor Global Privacy Control signals where required by applicable law as a request to opt out of “sale” or “sharing” of personal information.

6.4 Third-Party Analytics and Marketing

We may use third-party analytics and marketing platforms (which may include Google Analytics, Meta/Facebook Pixel, LinkedIn Insight Tag, and others) to understand site usage and to deliver advertising. These third parties may collect information about your activity over time and across different websites. Their use of information is governed by their own privacy policies.

7. DATA SECURITY

We implement reasonable administrative, technical, and physical safeguards to protect information from unauthorized access, disclosure, alteration, and destruction, including:

Encryption of data in transit (TLS) and at rest where feasible

Access controls, role-based permissions, and authentication requirements

Logging, monitoring, and intrusion detection

Vendor due diligence and contractual data-protection terms

Routine backups and disaster-recovery testing

No security measures are perfect. You are responsible for maintaining the confidentiality of your account credentials and for promptly notifying us of any suspected unauthorized access at [email protected].

8. DATA RETENTION

We retain information for as long as needed to provide the Services and for the additional periods required by law or our legitimate business interests, including:

Account and Subscriber information: For the duration of your account and for a reasonable period thereafter to comply with legal obligations and to defend potential claims

Transaction and billing records: At least seven (7) years to comply with tax and accounting requirements

SMS consent records: At least four (4) years from the date of last contact, consistent with TCPA recordkeeping standards

Permit and enrichment data: For as long as needed to provide and improve the Services, subject to deletion requests under applicable law

Backups and archives: For limited periods consistent with our backup-rotation schedules

When information is no longer needed, we delete, anonymize, or de-identify it consistent with our retention practices and applicable law.

9. YOUR RIGHTS AND CHOICES

9.1 Account Settings

You can review and update most of your account information through your account settings. You can also email [email protected] for assistance.

9.2 Marketing Communications

You can opt out of marketing emails by clicking the unsubscribe link in any marketing email or by emailing [email protected]. You can opt out of marketing SMS as described in Section 5.3. Opting out of marketing does not affect transactional or service-related communications.

9.3 Privacy Rights Requests

Depending on your jurisdiction, you may have rights to:

Access or know what personal information we hold about you

Correct inaccurate personal information

Delete personal information, subject to legal exceptions

Receive a portable copy of your information

Opt out of certain uses or sharing of your information

Limit the use of sensitive personal information (where applicable)

Withdraw consent for processing based on consent

Appeal a denial of a privacy rights request (where required by law)

To exercise these rights, email [email protected] with the subject line “Privacy Rights Request” and provide enough information for us to verify your identity. We will respond within the timeframes required by applicable law (typically 45 days for state privacy laws, with possible extensions). We will not discriminate against you for exercising your privacy rights.

9.4 Authorized Agents

You may designate an authorized agent to submit a privacy rights request on your behalf. We may require verification of the agent’s authority and your identity.

10. CALIFORNIA PRIVACY RIGHTS (CCPA / CPRA)

10.1 Categories of Personal Information Collected

In the past twelve (12) months, we have collected the following categories of personal information from California residents (as defined under the California Consumer Privacy Act, as amended by the California Privacy Rights Act):

Identifiers (name, email, phone, IP address, account ID)

Customer records (billing information, transaction history)

Commercial information (subscription details, usage patterns)

Internet or network activity (browsing on our Services, interactions with email and SMS)

Geolocation (approximate, derived from IP)

Audio information (setup-call recordings where consented)

Professional or employment information (trade, role, business details)

Inferences drawn from the foregoing (preferences, characteristics, behavior predictions)

We do not knowingly collect “sensitive personal information” as defined under California law (see Section 2.5).

10.2 Sources of Personal Information

We collect personal information from the sources described in Section 2.

10.3 Purposes of Use

We use personal information for the purposes described in Section 3.

10.4 Disclosure for Business Purposes

In the past twelve (12) months, we have disclosed all categories of personal information described in Section 10.1 to the categories of recipients described in Section 4.1 (service providers, authorized Subscribers, legal recipients, and affiliates) for business purposes.

10.5 Sale or Sharing of Personal Information

GC Radar does not sell personal information for monetary consideration. To the extent that our use of analytics or marketing tools constitutes “sharing” of personal information for cross-context behavioral advertising under California law, you may opt out by:

Submitting a request to [email protected] with the subject “Do Not Sell or Share My Personal Information”

Enabling Global Privacy Control (GPC) in your browser, which we honor as an opt-out signal

Using any opt-out link provided on our website

10.6 California Rights

California residents have the right to:

Know what personal information we collect, use, disclose, and share

Delete personal information, subject to exceptions

Correct inaccurate personal information

Opt out of “sale” or “sharing” of personal information

Limit the use and disclosure of sensitive personal information (we currently do not collect such information)

Non-discrimination for exercising privacy rights

To exercise these rights, follow the procedure in Section 9.3.

10.7 Shine the Light

California residents may request information about our disclosure of personal information to third parties for direct marketing purposes by emailing [email protected]. GC Radar does not disclose personal information to third parties for their direct marketing purposes.

11. OTHER STATE PRIVACY RIGHTS

Residents of Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, Iowa, Tennessee, Indiana, Delaware, New Hampshire, New Jersey, Minnesota, and other states with comprehensive privacy laws have rights similar to those described in Section 10, including:

Right to know and access personal data

Right to correct inaccurate personal data

Right to delete personal data

Right to data portability

Right to opt out of targeted advertising, sale of personal data, and certain profiling activities

Right to appeal a denial (where applicable)

Specific rights and procedures vary by state. To exercise rights under any applicable state law, follow the procedure in Section 9.3 and identify your state of residence. We will respond within the timeframes required by applicable law.

11.1 Nevada

Nevada residents may opt out of the future “sale” of certain “covered information” as defined under Nevada law by emailing [email protected]. As stated in Section 4.2 and Section 10.5, GC Radar does not sell personal information.

12. THIRD-PARTY DATA AND PERMIT SUBJECTS

12.1 What This Section Covers

This Section addresses information about Permit Subjects: property owners, permit applicants, and other natural persons whose information appears in our databases as a result of public-record permit data and third-party contact enrichment.

12.2 Sources and Lawful Basis

Permit Subject information is sourced from public records and from third-party data providers that represent and warrant they have a lawful basis to provide the data. We process Permit Subject information for the legitimate business purpose of enabling licensed trade contractors to identify and reach property owners about trade services those property owners have already initiated through the permitting process.

12.3 Permit Subject Rights

If you are a Permit Subject and you wish to:

Confirm whether we hold information about you

Request a copy of the information we hold about you

Request correction of inaccurate information

Request deletion of your information from our database (subject to legal exceptions)

Opt out of future inclusion of your contact information in Subscriber-facing records

Please email [email protected] with the subject line “Permit Subject Privacy Request.” Provide enough information for us to identify and verify you. We will respond within thirty (30) days, or within the timeframe required by applicable law if longer.

12.4 Removal Requests

When we receive a verified removal request from a Permit Subject, we will remove the relevant contact information from active Subscriber-facing records within a reasonable time. We may retain a record of the removal request and de-identified information for compliance and to prevent re-ingestion. Removal does not affect data already accessed by Subscribers, who are independent controllers responsible for honoring removal requests directed to them.

12.5 Subscriber Responsibility

Subscribers are responsible for honoring opt-out and do-not-contact requests they receive directly from Permit Subjects, maintaining their own internal Do Not Call lists, scrubbing against the National Do Not Call Registry and applicable state DNC registries, complying with TCPA and applicable state telemarketing laws, and providing required privacy notices to individuals they contact.

12.6 Data Broker Registration and Compliance

GC Radar maintains records of its data-collection and data-provision activities and will register as a data broker, and honor applicable consumer deletion and opt-out mechanisms, in each jurisdiction where, and to the extent that, applicable law requires. This includes, where applicable, California (including the data broker registration requirement and the accessible deletion mechanism established under the California Delete Act), Texas, Oregon, and Vermont, as well as other states that adopt data broker registration or centralized deletion or opt-out requirements. Where a state operates a centralized deletion or opt-out mechanism applicable to data brokers, GC Radar will process verified requests received through that mechanism in accordance with applicable law. Permit Subjects may also exercise the rights described in Section 12.3 directly with GC Radar at [email protected].

13. CHILDREN’S PRIVACY

The Services are intended solely for businesses and for individuals who are at least eighteen (18) years of age. The Services are not directed to, marketed to, or intended for use by anyone under the age of 18, and we do not permit anyone under 18 to register for, subscribe to, or use the Services.

We do not knowingly collect personal information from anyone under the age of 18. If we learn that we have collected personal information from a person under 18 — including any information that would be subject to the Children’s Online Privacy Protection Act (COPPA) or any state law protecting minors — we will delete that information and terminate any associated account promptly.

If you believe a person under 18 has provided us with personal information, contact us at [email protected] and we will take prompt action to investigate and delete it.

14. INTERNATIONAL USERS

GC Radar is operated from the United States and the Services are intended for users in the United States. If you access the Services from outside the United States, you understand and consent to the transfer, storage, and processing of your information in the United States, where data-protection laws may differ from those in your country.

GC Radar does not actively market the Services to individuals in the European Union, the United Kingdom, or other jurisdictions outside the United States. We are not currently subject to the GDPR or UK GDPR. If you are an EU/UK resident and believe your personal information has been processed by GC Radar, contact [email protected].

15. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email (to the address on your account), by in-platform notification, or by posting a notice on our website at least thirty (30) days before the effective date. Non-material changes (clarifications, formatting, typo corrections) may take effect immediately upon posting. The “Effective” date at the top of this Privacy Policy indicates when the most recent version took effect.

16. CONTACT INFORMATION

Questions, concerns, privacy rights requests, and Permit Subject removal requests should be directed to:

Mount Pleasant, South Carolina 29464

END OF PRIVACY POLICY

Version 1.0 | Effective: May 4, 2026

© 2026 GC Radar LLC. All Rights Reserved.