Privacy Policy

1. Introduction

KRCA LLC, doing business as Roffy ("Roffy," "we," "us," or "our"), operates the website roffy.io and related services. Roffy is a business-to-business (B2B) roofing lead generation platform that helps roofing contractors identify homeowners who may need roof replacement or repair services.

This Privacy Policy explains what personal information we collect, how we collect it, how we use and share it, and what rights you have regarding your data. This policy applies to:

• Homeowners and property owners whose data we collect from publicly available sources
• Roofing contractors and business customers who purchase leads through our platform
• Website visitors who browse roffy.io
• Consumers who submit information through our opt-in forms (e.g., requesting roofing quotes)

By using our website or services, you acknowledge that you have read and understood this Privacy Policy. If you are a roofing contractor or business customer, your use of the platform is also governed by our Terms of Service.

2. Information We Collect

A. Homeowner & Property Owner Data

We collect information about residential property owners from publicly available sources in order to generate roofing leads. This may include:

• Full name
• Residential address and property address
• Phone number(s)
• Email address(es)
• Property characteristics (age, square footage, roof type)
• Building permit history (permit type, date, issuing authority)
• Satellite imagery analysis results (roof condition scores, estimated age, visible damage indicators)

We do not collect sensitive personal information such as Social Security numbers, financial account numbers, health data, or biometric data from homeowners.

B. Contractor & Business Customer Data

When you create an account or purchase leads, we collect:

• Business name, contact name, and job title
• Business address, phone number, and email address
• Payment and billing information (processed through Stripe; we do not store full card numbers)
• Account credentials
• Service areas and preferences
• Communication history with our team

C. Website Visitor Data

When you visit roffy.io, we may automatically collect:

• IP address
• Browser type and version
• Device type and operating system
• Pages visited, time spent, and referral source
• Cookies and similar tracking identifiers (see Section 10)

D. Consumer Opt-In Data

If you voluntarily submit information through our quote request form or other opt-in mechanisms, we collect the data you provide, which may include your name, address, phone number, email, and details about your roofing needs.

3. Data Sources

We obtain homeowner and property data from the following categories of sources:

• Public building permit records — Filed with local municipalities and county governments. These records indicate recent or planned construction activity, including roof-related permits.
• County property and parcel records — Publicly available tax assessor and recorder data, including ownership information, property characteristics, and assessed values.
• Satellite and aerial imagery — We use Google Maps satellite imagery in conjunction with AI-powered computer vision (Google Gemini Vision API) to analyze roof conditions, estimate roof age, and identify potential damage or deterioration.
• People-search and data enrichment services — We use skip tracing and people-search APIs to locate current phone numbers and email addresses associated with property owners based on publicly available data.
• Directly from you — If you submit information through our website forms.

All data sourced for lead generation comes from publicly accessible records or commercially available databases. We do not use illegal or deceptive means to collect personal information.

4. How We Use Your Information

Homeowner Data

• To generate roofing leads by analyzing property data, permit records, and satellite imagery
• To enrich lead profiles with current contact information
• To sell or license those leads to roofing contractors and related service providers
• To improve our AI models and lead scoring accuracy
• To respond to data access and removal requests

Contractor Data

• To provide access to our platform and deliver purchased leads
• To process payments and manage billing
• To communicate about your account, orders, and product updates
• To provide customer support
• To improve our services

Website Visitor Data

• To operate, maintain, and improve our website
• To analyze usage patterns and optimize user experience
• To detect and prevent fraud or abuse

Legal Bases

Where applicable, we process personal information based on: (a) our legitimate business interests in providing lead generation services using publicly available data, (b) your consent where you have opted in, (c) the performance of a contract with our business customers, and (d) compliance with legal obligations.

5. Third-Party Sharing & Service Providers

We share personal information with the following categories of third parties:

A. Roofing Contractors (Our Customers)

Homeowner data is sold or licensed to roofing contractors who purchase leads through our platform. Contractors receive contact details and property information to facilitate outreach for roofing services. Once leads are delivered, the contractor's use of that data is governed by their own privacy practices.

B. Service Providers

We use the following third-party service providers who may process personal information on our behalf:

• Stripe — Payment processing for contractor subscriptions and purchases. Stripe handles payment card data directly and is PCI-DSS compliant. See Stripe's Privacy Policy.
• Google Maps Platform / Gemini Vision API — Satellite imagery retrieval and AI-powered roof analysis. See Google's Privacy Policy.
• Skip Trace / People-Search APIs — Contact information enrichment (phone numbers, emails) sourced from publicly available databases.
• Email service providers — For transactional emails, marketing communications, and customer notifications.
• Hosting and infrastructure providers — For website hosting, data storage, and application delivery.
• Analytics providers — For website usage analysis and performance monitoring.

C. Legal & Compliance

We may disclose personal information if required by law, regulation, legal process, or enforceable governmental request, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

D. Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of assets, personal information may be transferred as part of that transaction. We will notify affected individuals of any change in ownership or use of their personal information.

6. Sale of Personal Information

We sell the following categories of personal information to roofing contractors:

• Identifiers (name, address, phone number, email)
• Property-related information (address, roof condition analysis, permit history)

We do not sell personal information of individuals who are minors under the age of 16. We do not sell sensitive personal information such as Social Security numbers, financial account details, or health information.

If you are a California resident or a resident of another state with applicable privacy laws, you have the right to opt out of the sale of your personal information. See Section 7 for details.

7. Your Rights Under the CCPA & State Privacy Laws

If you are a resident of California, Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, or another state with an applicable consumer privacy law, you may have the following rights:

Right to Know / Access

You have the right to request that we disclose what personal information we have collected about you, including the categories and specific pieces of data, the sources of collection, the purposes for which it is used, and the third parties with whom it has been shared or sold.

Right to Delete

You have the right to request deletion of the personal information we hold about you, subject to certain exceptions permitted by law (e.g., data needed to complete a transaction, detect fraud, or comply with legal obligations).

Right to Opt Out of Sale

When you submit an opt-out request, we will cease selling your personal information to roofing contractors within 15 business days. We will also make reasonable efforts to notify contractors who have previously purchased your data of your opt-out request.

Right to Correct

You have the right to request that we correct inaccurate personal information we hold about you.

Right to Data Portability

You have the right to receive a copy of your personal information in a structured, commonly used, and machine-readable format.

Right to Non-Discrimination

We will not discriminate against you for exercising any of your privacy rights. Exercising your rights will not affect the price or quality of any services.

How to Exercise Your Rights

You may submit a verifiable consumer request by:

• Visiting /remove-my-data on our website
• Emailing hello@roffy.io
• Writing to us at: KRCA LLC (d/b/a Roffy), 209 Hidden Meadows Dr, Mooresville, NC 28117

We will verify your identity before processing your request. Verification may require you to provide your name, address, and/or email address so we can match it against our records. We will respond to verified requests within 45 days, as required by law. If additional time is needed, we will notify you of the extension and the reason for it.

You may designate an authorized agent to submit a request on your behalf. We may require the agent to provide proof of authorization and may still verify your identity directly.

CCPA Metrics Disclosure

As required by the CCPA, we will publish annual metrics regarding the number of consumer requests received, complied with, and denied. These metrics will be made available on this page by July 1 of each year for the prior calendar year.

8. How to Request Data Removal

When you submit a removal request:

1. We will acknowledge your request within 10 business days.
2. We will delete or de-identify your personal information from our active databases within 45 days.
3. We will add your information to our suppression list to prevent re-collection from public sources in the future.
4. We will make commercially reasonable efforts to notify any contractors who received your data within the prior 90 days of your removal request.

Please note: removal from our database does not remove your information from the original public sources (e.g., county records, permit databases) from which it was obtained. To remove data from those sources, you will need to contact the relevant government agency directly.

9. Data Retention

We retain personal information for as long as it serves a legitimate business purpose or as required by law:

• Homeowner lead data: Retained in our active database for up to 24 months from the date of collection or last update. After this period, data is either refreshed from current public sources or purged. Data marked for suppression (opt-out/removal) is retained only on our suppression list to prevent re-collection.
• Contractor account data: Retained for the duration of the business relationship and for up to 36 months after account closure, or as required for tax, legal, and audit purposes.
• Payment records: Retained as required by applicable tax and financial regulations (generally 7 years).
• Website analytics data: Retained for up to 26 months.
• Opt-in form submissions: Retained for 24 months or until the consumer requests deletion.

10. Cookies & Tracking Technologies

Our website uses cookies and similar technologies to operate effectively and improve your experience.

Types of Cookies We Use

• Essential cookies: Required for basic site functionality such as session management and security. These cannot be disabled.
• Analytics cookies: Help us understand how visitors interact with our website (e.g., pages viewed, time on site). We may use services such as Google Analytics for this purpose.
• Functional cookies: Remember your preferences such as language or region settings.
• Marketing cookies: May be used to deliver relevant advertising and track campaign performance. These are only set with your consent where required by law.

Managing Cookies

Most browsers allow you to control cookies through their settings. You can configure your browser to refuse cookies, delete existing cookies, or alert you when a cookie is being set. Note that disabling cookies may affect website functionality.

Do Not Track

Some browsers offer a "Do Not Track" (DNT) signal. There is no industry consensus on how to respond to DNT signals, and our website does not currently respond to DNT signals. However, you can exercise your opt-out rights as described in Section 7.

11. Children's Privacy

Roffy's services are designed for businesses and adult property owners. We do not knowingly collect, sell, or share personal information from individuals under the age of 16. Our lead data is sourced from property records, which by their nature pertain to adult property owners.

If we learn that we have inadvertently collected personal information from a minor under 16, we will delete it promptly. If you believe we may have collected data about a minor, please contact us at hello@roffy.io.

12. Security Measures

We take the security of personal information seriously and implement industry-standard administrative, technical, and physical safeguards, including:

• Encryption of data in transit (TLS/SSL) and at rest
• Access controls and role-based permissions for employees and contractors
• Secure payment processing through PCI-DSS compliant providers (Stripe)
• Regular security assessments and monitoring
• Employee training on data handling and privacy practices
• Incident response procedures for potential data breaches

No method of transmission or storage is 100% secure. While we strive to protect your personal information, we cannot guarantee its absolute security. In the event of a data breach affecting your personal information, we will notify you and the appropriate authorities as required by applicable law.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

• Update the "Last Updated" date at the top of this page
• Post the revised policy on our website
• For material changes that affect how we use or share personal information, provide notice via email (for registered contractors) or a prominent notice on our website

We encourage you to review this page periodically. Your continued use of our services after changes are posted constitutes acceptance of the updated policy.

14. Contact Us

If you have questions about this Privacy Policy, want to exercise your privacy rights, or need to report a concern, please contact us:

• Email: hello@roffy.io
• Mail: KRCA LLC (d/b/a Roffy), 209 Hidden Meadows Dr, Mooresville, NC 28117
• Data Removal Requests: roffy.io/remove-my-data

We aim to respond to all inquiries within 10 business days.