Privacy Policy
1. Who We Are
Block & Pin Co. ("Block & Pin," "we," "us," or "our") operates the website blockandpin.com (the "Service"). We provide Chicago property intelligence reports that aggregate publicly available government data including zoning, permit history, building violations, deed records, and ward information.
This Privacy Policy explains what data we collect, why we collect it, how we use and protect it, and your rights regarding that data.
2. Data We Collect
We collect the minimum data necessary to operate the Service and deliver property reports to you.
| Data Type | What We Collect | Why |
|---|---|---|
| Email Address | Your email address, provided at checkout and when generating reports | To manage your credit balance, deliver reports via email, and send purchase receipts |
| Property Addresses | Chicago addresses you submit for reports | To generate your property report and maintain a usage history tied to your account |
| Payment Information | Credit card and billing details | Processed entirely by our payment processor (Maverick Payments). We never see, store, or have access to your full card number. |
| IP Address | Your IP address when you access the Service | Rate limiting and abuse prevention only. We do not store IP addresses long-term. |
| Cookies | A single functional cookie (bp_preview) used only for internal site preview access |
Not used for tracking, advertising, or analytics. Set only when explicitly triggered by an internal team member. |
| Analytics Data | Page views, referral source, device type, and general location (city-level) | Collected by Google Analytics 4 (GA4) to understand how the Service is used and improve it. No personally identifiable information is sent to GA4. |
3. How We Use Your Data
We use the data we collect exclusively to operate the Service:
To deliver property reports — we use your email and the address you submit to generate and email your report.
To manage your account — we track your credit balance, purchase history, and report usage tied to your email address.
To process payments — we pass order details to our payment processor to complete your purchase.
To prevent abuse — we use IP-based rate limiting to protect the Service from automated attacks.
To improve the Service — we use aggregated, anonymous analytics data to understand usage patterns and improve the product.
We do not sell, rent, or share your personal data with third parties for advertising or marketing purposes. We do not display ads. We do not build user profiles for targeted advertising.
4. Third-Party Services
We use the following third-party services to operate Block & Pin. Each processes limited data on our behalf:
| Service | Purpose | Data Shared |
|---|---|---|
| Maverick Payments | Payment processing | Billing details, email, purchase amount. Card data is handled entirely by Maverick and never touches our servers. |
| Resend | Transactional email delivery | Your email address and report HTML content, for the purpose of delivering your property report. |
| Google Analytics 4 | Anonymous site analytics | Page views, device type, referral source. No PII is sent. IP anonymization is enabled. |
| Railway | Application hosting | Our server and database run on Railway's infrastructure. Data is stored on a persistent volume within our Railway deployment. |
| City of Chicago & Cook County APIs | Public data retrieval | Property addresses are sent to public government APIs to retrieve zoning, permit, and violation data. No user personal data is shared. |
| HERE Maps API | Nearby places lookup | Geocoded coordinates (latitude/longitude) only. No user personal data is shared. |
| ArcGIS Geocoder | Address geocoding | The property address you submit, for the purpose of converting it to coordinates. No user personal data is shared. |
5. Cookies & Tracking
Block & Pin uses one functional cookie (bp_preview), which is set only for internal site preview purposes during maintenance windows. It is not used for tracking, analytics, or advertising.
We use Google Analytics 4 for anonymous, aggregated site analytics. GA4 may use its own cookies. You can opt out of Google Analytics by installing the Google Analytics Opt-Out Browser Add-on.
We do not use advertising cookies, remarketing pixels, or any third-party tracking for advertising purposes.
6. Data Retention
Credit and purchase records — retained as long as your account has an active credit balance or purchase history. This data is necessary to operate the credit system.
Report usage history — the addresses you've searched and the timestamps are retained indefinitely as part of your account record, so you and our support team can reference past reports.
Email address — retained as long as your account exists. To request deletion, contact us (see Section 10).
IP addresses — used transiently for rate limiting and not stored in any persistent database.
Analytics data — retained according to Google Analytics' default retention settings (14 months).
7. Data Security
We take reasonable measures to protect your data:
Payment data is processed entirely by Maverick Payments and never stored on our servers.
Our application runs on Railway with encrypted connections (HTTPS).
Email delivery is handled via Resend's API over encrypted channels.
Access to our admin panel and database is restricted by secret-key authentication.
No system is 100% secure. While we take commercially reasonable precautions, we cannot guarantee absolute security of your data.
8. Your Rights — California Residents (CCPA)
If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):
Right to Know — You can request what personal information we have collected about you.
Right to Delete — You can request that we delete your personal information. Note that this will also delete your credit balance and purchase history.
Right to Opt Out of Sale — We do not sell your personal information to third parties. There is nothing to opt out of.
Right to Non-Discrimination — We will not discriminate against you for exercising any of these rights.
To exercise any of these rights, contact us at info@blockandpin.com.
9. Your Rights — European Residents (GDPR)
If you are located in the European Economic Area (EEA) or the United Kingdom, you have additional rights under the General Data Protection Regulation (GDPR):
Lawful Basis — We process your data based on contractual necessity (delivering the service you purchased) and legitimate interest (preventing abuse, improving the Service).
Right of Access — You can request a copy of the personal data we hold about you.
Right to Rectification — You can ask us to correct inaccurate data.
Right to Erasure — You can request deletion of your data, subject to our need to retain records for legal or operational purposes.
Right to Data Portability — You can request your data in a structured, machine-readable format.
Right to Object — You can object to processing based on legitimate interest.
To exercise any of these rights, contact us at info@blockandpin.com. We will respond within 30 days.
10. Children's Privacy
Block & Pin is not directed at individuals under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.
11. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. We encourage you to review this page periodically. Continued use of the Service after changes constitutes acceptance of the updated policy.
12. Contact Us
If you have questions about this Privacy Policy, your data, or wish to exercise any of your rights, contact us: