NRIR Privacy Policy

Personal Information:

• Name, email address, phone number
• Company name and business address
• Account credentials (password stored securely hashed)
• Payment information (processed by Stripe - we do not store card numbers)

Business Data:

• Roofing project information (addresses, photos, installation details)
• Shingle warranty registrations
• Company license information

Automatically Collected:

• IP address and browser type
• Access times and pages viewed
• Device information

We use your information to:

• Provide and maintain our roofing registry services
• Process warranty registrations
• Verify contractor credentials
• Send service-related communications
• Process payments (via Stripe)
• Comply with legal obligations
• Improve our services

Legal Basis for Processing (GDPR):

• Contract performance: To provide our services
• Legitimate interests: To improve and secure our platform
• Legal obligation: To comply with laws
• Consent: For marketing communications (where required)

We may share your information with:

Service Providers:

• Stripe (payment processing)
• Amazon Web Services (hosting)
• Email service providers

Business Partners:

• Shingle manufacturers (for warranty registration)
• Insurance companies (with your consent)

Legal Requirements:

• When required by law
• To protect our rights or safety
• In response to valid legal process

• Account information: Duration of account + 7 years (insurance industry requirement)
• Project records: 20 years (warranty period)
• Audit logs: 7 years
• Deleted accounts: Anonymized immediately, audit trails retained

GDPR Rights (EU/EEA Residents):

• Right to access your data
• Right to rectification (correct inaccuracies)
• Right to erasure ("right to be forgotten")
• Right to data portability (export your data)
• Right to restrict processing
• Right to object to processing
• Right to withdraw consent

CCPA Rights (California Residents):

• Right to know what personal information is collected
• Right to delete personal information
• Right to opt-out of sale (we do not sell data)
• Right to non-discrimination

We implement industry-standard security measures:

• TLS 1.2/1.3 encryption for data in transit
• Encrypted backups
• Secure password hashing (bcrypt)
• Access controls and authentication
• Regular security audits
• PCI-compliant payment processing (via Stripe)

We use essential cookies for:

• Session management
• Security (CSRF protection)
• Authentication

We do not use tracking or advertising cookies.

Your data may be processed in the United States. For EU/EEA users, we ensure appropriate safeguards are in place for international transfers.

Our services are not intended for individuals under 18. We do not knowingly collect data from children.

We may update this Privacy Policy periodically. We will notify you of material changes via email or platform notification.

For privacy questions or to exercise your rights:

• Email: info@nrir.net
• Website: nrir.net

For EU residents: You have the right to lodge a complaint with your local data protection authority.

Categories of Personal Information Collected:

• Identifiers (name, email, phone)
• Commercial information (transaction history)
• Internet activity (access logs)
• Professional information (license numbers)

We have not sold personal information in the preceding 12 months. We do not sell personal information.