Privacy Policy
This Privacy Policy describes how AuditPoint collects, uses, and protects information in connection with the AuditPoint platform, including auditpoint.ai, careindex.ai, weighstation.io, and all associated products and services. AuditPoint is an institutional data platform. We collect minimal personal information and do not sell or share personal data with third parties for advertising purposes.
AuditPoint's core products are intelligence reports and screeners built from publicly available federal regulatory data. The entities covered in those reports — nursing facilities, home health and hospice providers, commercial carriers, FDIC-insured banks, employers, and tax-exempt organizations — are commercial or institutional entities, not individuals. Their data is sourced from federal agencies and is in the public domain.
On the personal data side, AuditPoint's footprint is intentionally small. We collect email addresses from newsletter subscribers and payment information processed through Stripe. We do not run advertising. We do not build consumer profiles. We do not sell data.
Information you provide directly:
- Email address — collected when you subscribe to The Findings newsletter or submit a contact form inquiry
- Contact form content — name, firm, and message content submitted via auditpoint.ai/contact or inquiry emails to inquiries@auditpoint.ai
- Payment information — credit card and billing details collected by Stripe at the time of report purchase. AuditPoint does not store payment card numbers. All payment data is handled by Stripe in accordance with PCI DSS standards.
- Purchase email address — the email address provided at checkout, used for report delivery
Information collected automatically:
- Server logs — IP address, browser type, pages visited, and timestamps collected by our VPS hosting provider (OVH) in standard server access logs
- No cookies or tracking pixels — AuditPoint does not deploy analytics cookies, advertising pixels, or third-party tracking scripts on any platform property
AuditPoint uses the information we collect for the following purposes only:
- Report delivery — purchase email addresses are used to deliver purchased intelligence reports
- Newsletter delivery — subscriber email addresses are used to send issues of The Findings. Subscribers may unsubscribe at any time via the link in any issue.
- Inquiry response — contact form submissions and emails to inquiries@auditpoint.ai are used to respond to the inquiry
- Payment processing — billing information is passed to Stripe to process transactions
- Platform security and operations — server logs are used for security monitoring and infrastructure maintenance
AuditPoint does not use personal information for advertising, profiling, or sale to third parties under any circumstances.
AuditPoint intelligence reports cover commercial and institutional entities — nursing facilities, home health and hospice providers, trucking companies, FDIC-insured banks, employers, and tax-exempt organizations. This data is sourced from federal agencies and is in the public domain. It is not personal data under applicable privacy frameworks.
Carrier data sourced from FMCSA includes the names and contact information of sole proprietors and owner-operators who operate as commercial carriers. Under most state and federal privacy frameworks, data about individuals acting in a commercial capacity is not considered personal information subject to consumer privacy protections. However, AuditPoint treats this data with care:
- Carrier data is used solely for commercial safety intelligence purposes
- AuditPoint does not use carrier data for consumer credit, employment, or housing purposes
- Carrier data disputes may be directed to FMCSA's DataQs system at dataqs.fmcsa.dot.gov
IRS Form 990 data includes the names and compensation figures of nonprofit executives, officers, and directors as reported in Part VII and Schedule J of their organization's annual filing. Form 990 is a public document — the IRS requires its disclosure upon request and publishes it through the TEOS system. Individual names appearing in AuditPoint's NonProfits intelligence reflect data already in the public domain by federal mandate. AuditPoint treats this data with the following limitations:
- Executive compensation data is used solely for institutional intelligence purposes — nonprofit governance analysis, grant-making due diligence, and lender risk assessment
- AuditPoint does not use Form 990 executive data for consumer credit, employment screening, or housing purposes
- Organizations that believe their Form 990 data is inaccurate should file an amended return with the IRS directly — AuditPoint reflects data as published and cannot alter federal source records
- IRS Form 990 data disputes may be directed to IRS Tax Exempt Organizations at irs.gov/charities-non-profits
AuditPoint does not sell, rent, or share personal information with third parties for advertising or commercial purposes. We share information only in the following limited circumstances:
- Service providers — we share information with service providers who help us operate the platform (see Section 06). These providers are contractually prohibited from using your information for any purpose other than providing services to AuditPoint.
- Legal compliance — we may disclose information if required by law, court order, or valid government request
- Business transfers — in the event of a merger, acquisition, or sale of substantially all assets, user information may be transferred as part of that transaction. We will notify affected users via The Findings or direct email where contact information is available.
AuditPoint uses the following third-party service providers in connection with platform operations:
- Stripe (stripe.com) — payment processing. Handles all credit card data. Subject to Stripe's Privacy Policy and PCI DSS compliance.
- Resend (resend.com) — transactional email delivery for report delivery and newsletter distribution. Email addresses are stored in Resend's system for delivery purposes.
- OVH (ovhcloud.com) — VPS hosting provider. Server access logs are retained per OVH's standard data retention policies.
- Cloudflare (cloudflare.com) — DNS and network services. Subject to Cloudflare's Privacy Policy.
- Web3Forms (web3forms.com) — contact form processing on auditpoint.ai/contact. Form submissions are transmitted via Web3Forms to our inbox.
AuditPoint retains personal information for as long as necessary to fulfill the purpose for which it was collected:
- Newsletter subscriber emails — retained until you unsubscribe. Unsubscribe requests are processed within 5 business days.
- Purchase records — retained for 7 years for accounting and tax compliance purposes
- Contact form submissions — retained for 2 years or until the inquiry is resolved, whichever is longer
- Server logs — retained per OVH's standard 30-day rolling log retention policy
AuditPoint implements reasonable technical and organizational measures to protect personal information against unauthorized access, loss, or disclosure. All platform properties use HTTPS with TLS encryption. Payment data is handled exclusively by Stripe and never stored on AuditPoint servers.
No method of transmission or storage is completely secure. AuditPoint cannot guarantee absolute security but is committed to prompt notification in the event of a data breach affecting personal information.
Under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), California residents have the following rights with respect to personal information AuditPoint holds about them:
- Right to know — you may request disclosure of what personal information we have collected about you and how it is used
- Right to delete — you may request deletion of personal information we hold about you, subject to limited exceptions
- Right to opt out of sale — AuditPoint does not sell personal information. No opt-out is required.
- Right to non-discrimination — AuditPoint will not discriminate against you for exercising any of these rights
To exercise these rights, contact inquiries@auditpoint.ai with "California Privacy Request" in the subject line. We will respond within 45 days.
For users in the European Union or United Kingdom, AuditPoint processes personal data on the following legal bases under GDPR and UK GDPR:
- Contractual necessity — processing purchase email addresses to deliver purchased reports
- Consent — processing newsletter subscriber email addresses based on your subscription opt-in
- Legitimate interests — server log processing for security and operational purposes
EU and UK residents have the right to access, correct, delete, or port their personal data, and to withdraw consent at any time. To exercise these rights, contact inquiries@auditpoint.ai. We will respond within 30 days.
AuditPoint is based in the United States. By using our platform, EU and UK users acknowledge that their data may be transferred to and processed in the United States.
AuditPoint may update this Privacy Policy from time to time. Changes will be posted at auditpoint.ai/privacy with an updated effective date. For material changes, we will make reasonable efforts to notify subscribers via The Findings newsletter or direct email.
Your continued use of any AuditPoint property after a policy update constitutes acceptance of the revised policy.
For privacy questions, data requests, or concerns about how AuditPoint handles your information, contact us at:
AuditPoint
inquiries@auditpoint.ai
auditpoint.ai