Skip to content
Segra

Privacy policy

How we handle your data, in plain language.

Effective April 19, 2026.

Who we are

Segra is operated by the product team at Segra(“we”, “us”). Privacy questions go to privacy@segra.tax. If you’d rather write: use that email to request a mailing address.

What we collect

We only collect what’s necessary to run the product:

  • Account info — email address, optional display name, the Supabase auth session token that signs you in.
  • Property records — addresses, purchase prices, acquisition dates, property types, and anything else you enter through the intake flow.
  • Documents you upload — closing disclosures, improvement receipts, property photos, and any other source documents you submit for AI extraction or engineer review.
  • Study outputs — the generated asset schedule, methodology narrative, PDF reports, and Form 3115 worksheets.
  • Payment metadata — Stripe customer and payment-intent IDs, tier paid, amount. We do not store card numbers; Stripe does.
  • Usage analytics — anonymized page views and product events for debugging and product research. No cross-site tracking.
  • Support correspondence— emails you send us stay in the thread; we don’t mine them for unrelated purposes.

What we don’t collect

  • Credit-card numbers (Stripe handles those; we never see them).
  • Social Security numbers or tax IDs (we don’t ask, don’t want them).
  • Your location beyond the property address you explicitly type in.

How we use it

Strictly to deliver the product: run your AI pipeline, route your study to the right engineer, generate your PDF, email you when it’s ready, and let your CPA see the result if you share it. We also use anonymized analytics to fix bugs and figure out which features get used. We do not sell, rent, or swap your data.

Sub-processors

We use third-party services to operate the product. Your data passes through these, so they get named here:

  • Supabase — authentication, Postgres database, encrypted object storage.
  • Vercel — web hosting and edge functions.
  • Anthropic— the Claude AI model that reads your documents directly (vision-capable, no separate OCR step) and classifies assets. Source documents are sent via Anthropic’s API; per their terms, inputs are not used to train Anthropic’s models.
  • Stripe — payments processing.
  • Resend — transactional email (your delivery emails, share invites, magic links).
  • Inngest — durable background job execution for the AI pipeline.
  • Sentry — error monitoring. We scrub stack traces for PII before indexing.
  • PostHog — product analytics. Events are tied to hashed user IDs, not email addresses.

Storage & security

Everything is encrypted at rest on Supabase Storage and encrypted in transit via TLS 1.2+. Source documents are served exclusively through short-lived signed URLs — there is no public bucket. Access is gated by your Supabase session cookie; the only other humans who can see your files are an assigned engineer (Tier 2 only) and the on-call admin responding to a support ticket you opened.

Retention

  • Source documents — 7 years from delivery, to support audit defense under the IRS statute of limitations on the affected returns.
  • Study outputs (PDFs, asset schedules, Form 3115 worksheets) — as long as your account is active, plus 1 year after closure.
  • Account metadata — until you ask us to delete it. We keep minimal records of Stripe transactions for 7 years for tax-compliance reasons.
  • Analytics — 24 months, then rolled up into anonymous aggregates.

Your rights

Regardless of where you live, we honor these rights on request:

  • Access — ask us for a copy of everything we hold about you.
  • Correction — tell us to fix anything inaccurate.
  • Deletion— ask us to delete your account and data. We retain only what we’re legally required to keep (payment records, audit-statute-bound documents if requested).
  • Portability — a machine-readable export of your studies (JSON + PDFs).
  • Opt-out of analytics— reply to any email or email us; we’ll exclude your account from product analytics.

Email privacy@segra.tax and we’ll respond within 30 days. California residents: this includes the rights granted under the CCPA and CPRA.

Automated decisions

Our AI pipeline classifies each asset into a MACRS class using a Claude model and the methodology described on the methodology page. Every decision is shown in the PDF with its rationale. You can always request a human-reviewed (Tier 2) study instead, and the engineer has final authority over classifications.

Children

Segra is for adult real-estate owners and tax professionals. We don’t knowingly collect data from anyone under 18.

Data breach

If we ever experience a breach that affects your data, we’ll notify you by email within 72 hours of confirming it — including what was exposed, what we’re doing about it, and what you should do.

Changes

We’ll post material changes here 30 days before they take effect and email everyone on the customer list.