Privacy Policy
Rooster Capital LLC ("Rooster Capital," "we," "our," or "us") operates the website at roostercapital.land and the Rooster Flow investor/operator platform (together, the "Platform"). This Privacy Policy explains how we collect, use, disclose, and safeguard personal and financial information when you visit or use the Platform, and the rights available to you under applicable U.S. federal and state privacy laws.
Reporting dashboard, not a source of truth. The Platform is a convenience reporting surface. Official fund statements, subscription agreements, wire confirmations, and audited records — not the dashboards on this Platform — are the authoritative record of your contributions, balances, distributions, and ownership interests. Always rely on those documents for tax, legal, or regulatory purposes, and use the Report a Bug button to report any apparent discrepancy between what the Platform shows and the official records you have received.
Our privacy pledge to you.
• We will never sell your personal data, phone number, or financial information — to anyone, for any purpose.
• We will never share your mobile information, SMS opt-in data, or messaging consent status with third parties or affiliates for marketing or promotional purposes.
• We will notify you within 72 hours if we detect unauthorized access to your personal information.
• We use industry-standard encryption for data in transit (TLS 1.2 or higher) and at rest (AES-256).
• Every sensitive action on your account is recorded in a tamper-evident audit log that you can review at any time.
• The Platform is a reporting dashboard, not a source of truth; official fund statements and audited records govern for legal and tax purposes.
Contents
- Who we are
- Information we collect
- How we use information
- SMS messaging and 2FA
- How we share information
- Service providers
- Data retention
- Security practices
- Your privacy rights
- California residents
- Other U.S. state rights
- Cookies
- Children's privacy
- International users
- Financial information (GLBA)
- Changes and contact
1. Who we are
Rooster Capital LLC is a U.S. limited liability company that operates the Platform for land acquisition funding. Our primary business address and privacy contact is admin@roostercapital.land. For the purposes of applicable privacy laws, Rooster Capital is the controller of the personal information processed through the Platform.
2. Information we collect
We collect personal information in three ways: (a) directly from you, (b) automatically through your use of the Platform, and (c) from trusted third-party providers.
2.a Information you provide
| Category | Examples |
|---|---|
| Account | Full name, email address, phone number (if SMS 2FA is enrolled), password, account role (investor, operator, administrator). |
| Investor profile | Accredited-investor self-certification, investment range, investor inquiries, wiring instructions, profit-distribution bank information. |
| Operator profile / KYC | Legal name, business entity, EIN or SSN, driver's license, entity formation documents, proof of funds, bank account and routing details required for transfers. |
| Deal submissions | Parcel IDs, property addresses, comparables, purchase and sale documents, due-diligence materials you upload. |
| Communications | Messages you send via contact forms, in-platform messaging, or email correspondence. |
2.b Information we collect automatically
- Device & log data: IP address, user-agent string, operating system, browser type, pages viewed, timestamps, referring URLs, and approximate geographic region derived from IP.
- Authentication metadata: sign-in timestamps, two-factor method used (SMS or authenticator app), MFA assurance level (AAL1 vs AAL2), trusted-browser tokens you opt to save.
- Audit events: every sensitive action — role changes, wire initiation, document signing, banking edits, MFA enrollment/reset — is recorded in our internal append-only audit log with a SHA-256 chain hash for tamper-evidence.
- Cookies: strictly necessary session cookies and (if you enable it) a long-lived trust token that lets you skip SMS 2FA on a browser you've verified.
2.c Information from third parties
- Parcel and property data: from Realie.ai and public county records when you request a property analysis or comparable sales search.
- SMS delivery metadata: from Twilio, our SMS delivery provider — including delivery status, timestamps, and carrier responses.
- Bot protection: from Cloudflare Turnstile, which may collect device signals to distinguish humans from bots during form submission.
- Email delivery metadata: from Google (Gmail API), which we use to send account and deal notifications from
admin@roostercapital.land.
3. How we use information
We use the personal information listed above only to:
- Provide, operate, and improve the Platform.
- Authenticate you, including sending one-time passcodes via SMS or email for two-factor authentication.
- Underwrite, price, manage, and report on deal opportunities you submit or invest in.
- Communicate with you about your account, deals, and material Platform updates.
- Detect and prevent fraud, unauthorized access, and abuse.
- Comply with legal, regulatory, tax, and audit obligations.
We do not use your personal information for any other purpose without your consent. We do not use it for behavioral advertising, retargeting, or to train third-party machine-learning models.
4. SMS messaging and two-factor authentication
If you choose phone-based two-factor authentication, you consent to receive text messages from Rooster Capital at the number you provide only for two-factor authentication and account-security purposes. We use Twilio as our SMS delivery provider.
SMS terms (Twilio A2P 10DLC compliant):
• Opt-in: You opt in only by entering your phone number during phone-based 2FA enrollment, checking the separate unchecked SMS consent box, and confirming the initial verification code. By doing so, you agree to receive one-time passcodes and account-security alerts related to sign-in and MFA protection.
• Eligibility: SMS messaging is offered only to United States phone numbers (+1, E.164 format). Non-US numbers cannot enroll — the enrollment form rejects any input that is not a valid US 10-digit mobile.
• Message frequency: message frequency varies, typically 1–2 messages per sign-in or security event.
• Message and data rates may apply depending on your carrier plan. We do not charge for the messages themselves.
• Opt-out: reply STOP to any message to stop further SMS. Opting out of 2FA messages may disable your ability to sign in. Reply HELP for assistance, or email admin@roostercapital.land.
• We will never sell, rent, share, or otherwise disclose your mobile information, phone number, SMS opt-in data, or messaging consent status to third parties or affiliates for marketing or promotional purposes. Twilio processes your number only to deliver the messages you request from us.
5. How we share information
We do not sell your personal information, and we do not share it with third parties for marketing purposes. We share personal information only in the limited circumstances below.
| Recipient | Purpose |
|---|---|
| Service providers (see §6) | Hosting, authentication, SMS and email delivery, parcel data, bot protection, analytics — each limited to what the provider needs to perform the service. |
| Internal team (Rooster Capital admins; operators via role-based access) | Deal underwriting, operator verification, customer support, and audit. Row-level security in our database restricts every query so that each role only sees the data relevant to their role. |
| Legal or regulatory authorities | Only when required by law, valid subpoena, court order, or to protect our rights, property, or the safety of users. |
| Successor entity | In the event of a merger, acquisition, bankruptcy, or sale of all or part of our assets — subject to this Privacy Policy continuing to apply or to receiving your consent to any material change. |
6. Service providers (sub-processors)
We rely on the following third-party service providers to operate the Platform. Each processes personal information only on our behalf and under written agreements that require confidentiality and data protection.
| Provider | Purpose | Data handled |
|---|---|---|
| Supabase | Database hosting, authentication, file storage | All user records, authentication factors, uploaded documents |
| Cloudflare | Web hosting, CDN, DDoS protection, Turnstile bot detection | IP, user-agent, device signals |
| Twilio | SMS two-factor authentication and account-security alerts | Phone numbers, message content, delivery metadata |
| Google (Gmail API) | Transactional email delivery | Email addresses, message content, delivery metadata |
| Google Drive | Encrypted off-site backup of documents and audit logs | Mirrored copies of our private storage buckets |
| Realie.ai | Parcel and property data lookups | Parcel IDs, state/county, lat/lon queries (not your personal identifiers) |
| Anthropic | AI underwriting drafts and market-intel blog drafting | Deal parameters (de-identified where possible); no customer identifiers sent |
7. Data retention
We keep personal information only as long as we need it for the purpose we collected it for, and as required by law.
| Category | Retention period |
|---|---|
| Active account data (profile, auth factors) | For the life of the account |
| Completed deal records, operator agreements, signed documents | 7 years after closing (SEC Rule 204-2 / IRS alignment) |
| Audit logs (app_audit_log) | Indefinite; append-only, tamper-evident, mirrored off-site |
| Authentication logs | 24 hours live (Supabase Analytics) + 7 years in our export archive |
| SMS metadata | 90 days at Twilio, 7 years in our notification_log |
| MFA trusted-browser tokens | 30 days maximum; automatically purged on expiration |
When retention expires, we permanently delete or irreversibly anonymize the data.
8. Security practices
We take reasonable administrative, technical, and physical safeguards to protect your personal information. Specifically:
- Encryption in transit: TLS 1.2 or higher for every connection to the Platform.
- Encryption at rest: AES-256 for database storage and file uploads.
- Row-level security: every database query is filtered by your authenticated role; admins never accidentally see another admin's investor list.
- Two-factor authentication: SMS-based or authenticator-app-based; required for any sensitive action (banking edits, wire approval, document signing, MFA resets).
- Tamper-evident audit log: every sensitive event is written to an append-only log with a SHA-256 chain hash, so any later edit is detectable.
- Off-site backup: nightly mirror of customer documents and logs to an encrypted Google Drive folder.
- Access control: role-based permissions; principle of least privilege; admin access recorded in the audit log.
- Breach notification: if we discover unauthorized access to your personal information, we will notify you within 72 hours of confirming the incident, and will cooperate with applicable regulatory notification requirements.
No system is perfectly secure. If you believe your account has been compromised, email admin@roostercapital.land immediately.
8.a Data accuracy and the role of the Platform
The Platform synthesizes information from multiple sources (your own submissions, third-party property data, deal-lifecycle events, underwriting calculations). We take reasonable steps to keep the displayed information accurate and timely. Because the Platform is a reporting dashboard and not the authoritative system of record, we cannot and do not warrant that every figure displayed at any given moment matches the underlying books, bank balances, or official fund statements. For any financial, legal, or tax purpose, rely on the official records described in the notice at the top of this policy. If you believe a figure on the Platform is wrong, use the Report a Bug button on the affected page and we will investigate and reconcile.
8.b Maintenance and data integrity
If a third-party data provider returns invalid or unexpected data, we prefer to display a "data temporarily unavailable" banner over showing figures we cannot verify. We may also temporarily suspend access to a view while we reconcile it with the authoritative record. You will not be charged or disadvantaged by these reconciliation holds.
9. Your privacy rights
Depending on where you live, you may have the right to:
- Access a copy of the personal information we hold about you.
- Correct inaccurate or incomplete information.
- Delete your information (subject to our legal retention obligations).
- Port your information in a machine-readable format.
- Opt out of marketing, SMS two-factor authentication/account-security messages, or any non-essential processing.
- Withdraw consent at any time for processing that is based on consent (opt-out may disable parts of the service, such as 2FA).
To exercise any of these rights, email admin@roostercapital.land with the subject line "Privacy Request." We will respond within 30 days (or sooner if required by law). We may need to verify your identity before we act on a request.
10. California residents (CCPA / CPRA)
If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), gives you additional rights:
- Right to know the categories and specific pieces of personal information we have collected about you over the past 12 months.
- Right to delete personal information we have collected, subject to exceptions.
- Right to correct inaccurate personal information.
- Right to opt out of sale or sharing. We do not sell or share personal information as those terms are defined in CCPA/CPRA. No opt-out is required.
- Right to limit use of sensitive personal information. We use sensitive personal information (such as SSN, driver's license, account log-in credentials, and financial account numbers) only for the purposes for which you provided it and the limited uses permitted by CPRA section 1798.121(a).
- Right to non-discrimination: we will not deny you services, charge you a different price, or provide a different level of service because you exercised a privacy right.
To submit a CCPA request, email admin@roostercapital.land or write to us at the address above. We will verify your identity before fulfilling the request. Authorized agents may submit requests on your behalf with written authorization.
11. Other U.S. state privacy rights (VCDPA / CPA / CTDPA / UCPA)
Virginia, Colorado, Connecticut, Utah, and several other U.S. states have enacted consumer privacy laws granting rights similar to California's. If you are a resident of one of these states, you have the rights described in §9 above. To submit a request, email admin@roostercapital.land. We will respond within 45 days (or the period required by the relevant state law).
12. Cookies and tracking technologies
We use a small number of cookies, grouped by purpose:
- Strictly necessary: session cookies that keep you signed in, CSRF tokens, and the optional 2FA trust-browser token. Disabling these will break core Platform functions.
- Preferences: interface settings you choose on your account (theme, view preferences).
- Security: Cloudflare Turnstile tokens to detect bots on form submissions.
We do not use third-party advertising cookies, retargeting pixels, or cross-site tracking. We honor Global Privacy Control signals sent by your browser as an opt-out of any non-essential data sharing.
13. Children's privacy (COPPA)
The Platform is not directed to children under 18 and we do not knowingly collect personal information from anyone under 18. If you believe we have collected information from a minor, contact admin@roostercapital.land and we will promptly delete it.
14. International users
The Platform is intended for residents of the United States. If you access the Platform from outside the U.S., you acknowledge that your information will be transferred to and processed in the U.S., which may have different data-protection laws than your country of residence. Do not use the Platform if you do not consent to this transfer.
For residents of the European Economic Area and the United Kingdom: our legal basis for processing is (i) the performance of a contract with you, (ii) our legitimate interests in operating a secure and functional platform, or (iii) your consent, depending on the processing activity. You have rights under the GDPR or UK GDPR including access, rectification, erasure, restriction, portability, and objection. You may lodge a complaint with your local data-protection authority.
15. Financial information (GLBA notice)
Rooster Capital collects non-public personal information ("NPI") from investors and operators in connection with financial products and services. In accordance with the Gramm-Leach-Bliley Act:
- We do not disclose NPI to non-affiliated third parties except as permitted by law (e.g., to service providers bound by confidentiality, or to comply with regulatory obligations).
- We maintain administrative, technical, and physical safeguards designed to protect NPI (as described in §8 above).
- You may request a copy of our full GLBA privacy notice at any time by emailing admin@roostercapital.land.
16. Changes to this policy & how to contact us
We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. If changes are material, we will provide additional notice through the Platform or by email at least 30 days before the changes take effect. Your continued use of the Platform after the effective date constitutes acceptance of the revised policy.
Questions about this Privacy Policy, or a request to exercise any right described above? Contact our privacy team:
Rooster Capital LLC
Privacy Officer
Email: admin@roostercapital.land
Website: roostercapital.land