Skip to main content

Privacy Policy

CVC Intelligence LLC (d/b/a Code Violation Check)

Last Updated: April 7, 2026

PRIVACY POLICY

CVC Intelligence LLC (d/b/a Code Violation Check)

Effective Date: April 7, 2026
Last Updated: April 7, 2026

1. ABOUT THIS PRIVACY POLICY

This Privacy Policy describes how CVC Intelligence LLC, a Wyoming limited liability company doing business as Code Violation Check ("CVC Intelligence," "CVC," "we," "us," or "our"), collects, uses, discloses, sells, licenses, and otherwise processes information in connection with our websites, products, services, and data licensing operations.

This Policy applies to:

  • codeviolationcheck.com
  • buildingcodeviolation.com
  • defectalerts.com
  • Any other websites, mobile applications, APIs, or digital properties we operate that link to or reference this Policy (collectively, the "Services")

This Policy covers two distinct categories of information:

  1. Visitor and User Information — personal information that individuals provide directly to CVC or that we collect automatically when they visit our websites or use our Services (e.g., name, email address, IP address, browsing behavior).

  2. Public Records Data and Derived Analytics — property records, building permit data, code violation records, inspection reports, and related government-sourced data that CVC collects, compiles, enhances, and licenses to third-party customers as part of its core business activities.

The treatment of these two categories differs materially under this Policy and applicable law. Please read Section 8 carefully for a full explanation of that distinction.

By accessing or using the Services, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy. If you do not agree, please discontinue use of the Services.

2. WHO WE ARE AND HOW TO CONTACT US

Legal Entity:
CVC Intelligence LLC (Wyoming Limited Liability Company)

Doing Business As:
Code Violation Check

Principal Place of Business:
1712 Pioneer Ave, Suite 500
Cheyenne, WY 82001

Websites:
- codeviolationcheck.com
- buildingcodeviolation.com
- defectalerts.com

General Contact:
Email: info@codeviolationcheck.com

Privacy Rights Requests:
Email: privacy@codeviolationcheck.com (or use the general contact above and include "Privacy Request" in the subject line)
Mail: CVC Intelligence LLC, Attn: Privacy Compliance, 1712 Pioneer Ave, Suite 500, Cheyenne, WY 82001

Data Broker Compliance:
Email: databrokercompliance@codeviolationcheck.com

CVC Intelligence LLC is a data services company that collects, compiles, enhances, and licenses publicly available property data, building code violation records, permit data, and related analytics. Our customers include licensed contractors, permit expediters, property maintenance companies, real estate professionals, insurance companies, financial institutions, government agencies, and research organizations.

3. INFORMATION WE COLLECT

We collect information from multiple sources and through multiple methods, as described below.

3.1 Information You Provide Directly

When you register for an account, subscribe to our Services, submit a data inquiry, fill out a form, or otherwise interact with us, you may provide:

  • Contact information: Full name, company name, job title, mailing address, email address, telephone number
  • Account credentials: Username, password (stored in hashed/encrypted form)
  • Payment information: Credit card numbers, billing address, bank account information (processed through PCI-DSS-compliant third-party payment processors; CVC does not store full card numbers)
  • Professional information: License numbers, business registration numbers, professional affiliations
  • Communications: Messages, inquiries, support tickets, and other content you send to us
  • Survey and research responses: Feedback, ratings, and survey answers you submit voluntarily
  • Identity verification information: Government-issued identification when required for account verification or compliance purposes

3.2 Information Collected Automatically

When you visit our websites or use our digital Services, we and our third-party partners automatically collect:

  • Device and browser information: Browser type and version, operating system, device type, device identifiers (UDID, IDFA, advertising identifiers), screen resolution, language settings
  • Internet Protocol (IP) address: Including approximate geolocation derived therefrom (city, state, country)
  • Log files and server logs: Pages visited, links clicked, referring URLs, exit pages, date/time stamps, HTTP status codes, bandwidth consumed
  • Cookies and similar technologies: See Section 9 for a full description
  • Web beacons, pixels, and clear GIFs: Used to track email open rates and page-level analytics
  • Local storage and session storage: Information stored in your browser's local or session storage
  • Device fingerprinting: A combination of device and browser attributes used to identify returning visitors and detect fraud
  • Clickstream data: The sequence of pages you visit within our websites
  • Usage data: Features accessed, search queries entered, data reports generated, time spent on pages

3.3 Information from Third-Party Sources

We receive information about visitors and users from third parties, including:

  • Identity verification and fraud prevention services: To verify the identity of account applicants and detect fraudulent activity
  • Data enrichment providers: To append business and professional information to our business customer records
  • Advertising and marketing partners: Demographic, behavioral, and interest-based data used for targeted marketing
  • Analytics providers: Aggregated and segmented audience data
  • Social networks: If you connect your social media account to our Services or interact with our social media pages
  • Public government sources: Secretary of State filings, professional license databases, business registrations
  • Credit bureaus and financial data providers: To assess business creditworthiness for enterprise licensing arrangements (business entities only)

3.4 Public Records Data We Compile

As a core part of our business, CVC Intelligence collects, aggregates, normalizes, and enhances the following categories of public records data from government sources. This data is obtained from municipal, county, and state government agencies and is publicly available under applicable open records laws:

  • Building code violation records and notices of violation
  • Building permit applications, issuances, and final inspections
  • Certificate of occupancy records
  • Zoning variance applications and decisions
  • Environmental and health code violations
  • Property tax assessments and delinquency records
  • Liens, judgments, and encumbrances recorded against real property
  • Property ownership records, deed transfers, and chain of title
  • Homeowners association (HOA) enforcement actions where publicly recorded
  • Foreclosure filings and lis pendens notices
  • Contractor license and disciplinary action records
  • Demolition orders and condemnation notices
  • Fire inspection reports where publicly available
  • Historic landmark designations and restrictions
  • Flood zone, hazard, and environmental overlay data

CVC derives analytics, risk scores, property condition indices, and predictive models from this public records data. These derived products are also licensed and sold to third-party customers.

4. HOW WE USE INFORMATION

We use the information we collect for the following purposes:

4.1 Service Delivery and Operations

  • To create, maintain, and manage user accounts and subscriptions
  • To process transactions, fulfill orders, and provide access to our data products and reports
  • To respond to inquiries, support requests, and customer service communications
  • To verify the identity and professional credentials of users
  • To send transactional emails, invoices, receipts, and service notifications
  • To enforce our Terms of Service and applicable user agreements

4.2 Analytics and Product Improvement

  • To analyze usage patterns, feature adoption, and user behavior to improve our websites and Services
  • To conduct internal quality assurance testing
  • To develop new data products, features, and capabilities
  • To evaluate the effectiveness of our data compilation and enhancement methodologies
  • To build, train, validate, and improve predictive models and analytics derived from public records data
  • To monitor and improve the performance, reliability, and security of our technology infrastructure

4.3 Marketing and Communications

  • To send promotional emails, newsletters, and information about our products and services (you may opt out at any time)
  • To conduct targeted advertising campaigns on third-party platforms using first-party data and lookalike audiences
  • To re-target website visitors through cookie-based advertising
  • To personalize the content and offers presented to you on our websites and in our communications
  • To measure the effectiveness of our marketing campaigns

4.4 Data Licensing to Third Parties

  • To compile, package, enhance, and license public records data, property analytics, risk scores, and derived data products to third-party customers — including licensed contractors, permit expediters, property maintenance companies, real estate professionals, insurance carriers, financial institutions, government agencies, law firms, research organizations, due diligence firms, and marketing partners — as more fully described in Section 5
  • To create and sell aggregated, de-identified, or anonymized data products and reports
  • To enter into data licensing agreements, API access agreements, and bulk data supply arrangements with enterprise customers
  • To provide data to marketing companies and lead generation firms for commercial purposes
  • To comply with applicable federal, state, and local laws and regulations
  • To respond to lawful requests from government authorities, law enforcement, and courts
  • To detect, investigate, and prevent fraud, unauthorized access, and other illegal or harmful activities
  • To protect the rights, property, and safety of CVC Intelligence, our users, and the public
  • To maintain records required by law and to defend against legal claims

4.6 Research

  • To conduct and support industry research, academic research, and policy analysis using aggregated or de-identified data
  • To generate statistical analyses, market reports, and benchmarking studies
  • To support investigative journalism and public interest research where legally permissible

4.7 Business Transactions

  • In connection with the evaluation or consummation of a merger, acquisition, financing, restructuring, sale of assets, or similar corporate transaction, in which case user information and data assets may be transferred to a successor entity

Legal Bases for Processing (GDPR/International): Where applicable law requires a legal basis for processing, we rely on: (a) performance of a contract with you; (b) our legitimate business interests (including data licensing operations, fraud prevention, security, and analytics), subject to your rights; (c) compliance with legal obligations; and (d) your consent, where required and obtained.

5. THIRD-PARTY SHARING AND SALE OF DATA

CVC Intelligence LLC is in the business of licensing, selling, and sharing data. This section describes how and with whom we share or sell information. Please read carefully.

5.1 Sale and Licensing of Public Records Data and Analytics

CVC Intelligence explicitly sells, licenses, transfers, and otherwise commercially distributes public records data, property analytics, risk scores, violation indices, and derived data products to third-party customers. This is a core function of our business. Categories of third-party customers to whom we sell or license data include:

Customer Category Types of Data Provided Purposes
Licensed contractors and trade professionals Code violation records, permit status, property condition data Lead generation, work identification, compliance
Permit expediters and expediting firms Permit applications, open permits, expired permits, violation status Client service, permit management
Property maintenance and management companies Violation history, open work orders, property condition scores Maintenance targeting, risk assessment
Real estate professionals (agents, brokers, investors) Violation records, permit history, lien data, property analytics Due diligence, investment analysis, disclosure
Insurance carriers and underwriters Property condition scores, violation history, risk indices Underwriting, loss prevention, premium setting
Financial institutions (lenders, servicers, banks) Property condition, lien status, open violations, hazard data Origination risk, portfolio monitoring, servicing
Government agencies Aggregated analytics, cross-jurisdiction violation patterns Code enforcement, policy analysis, planning
Law firms and litigation support Property records, permit history, violation documentation Due diligence, evidence compilation
Research organizations and universities Aggregated and de-identified datasets Academic research, policy analysis
Marketing partners and lead generation firms Property owner contact data derived from public records Direct mail, digital marketing, outreach campaigns
Data aggregators and resellers Raw and enhanced public records data Further licensing and distribution
HOA and community management companies Violation records, property owner information from public records Compliance enforcement, community management

5.2 Sale and Sharing of Visitor/User Personal Information

With respect to personal information collected from website visitors and registered users:

  • Marketing and advertising partners: We may share or sell identifiers, internet activity, and inferred demographic information with advertising networks, social media platforms, data analytics providers, and marketing partners for targeted advertising and lead generation purposes. California residents have the right to opt out; see Section 11.
  • Data enrichment and co-marketing partners: We may share contact information with business partners for joint marketing activities.
  • Data brokers and aggregators: We may sell or share visitor and user information with data aggregators that compile consumer profiles for marketing and commercial purposes.

5.3 Service Providers and Contractors

We disclose information to service providers and contractors that perform services on our behalf, including:

  • Cloud hosting and infrastructure providers (e.g., Amazon Web Services, Microsoft Azure, Google Cloud)
  • Payment processors (PCI-DSS compliant)
  • Email and marketing automation platforms
  • Analytics and business intelligence tools
  • Customer support software providers
  • Identity verification and fraud prevention services
  • Legal, accounting, and professional services firms
  • Government data access and licensing intermediaries

Service providers are contractually required to use information only as necessary to perform services for us or as required by law, except where otherwise disclosed.

5.4 Corporate Transactions

If CVC Intelligence undergoes a merger, acquisition, asset sale, financing, reorganization, dissolution, or similar transaction, user information and data assets (including our public records database) may be disclosed to and transferred to the successor or acquiring entity.

We may disclose information when we believe in good faith that disclosure is necessary to:

  • Comply with applicable law, regulation, or valid legal process (subpoena, court order, regulatory request)
  • Protect the rights, property, or safety of CVC Intelligence, our users, or the public
  • Detect and prevent fraud, security incidents, or illegal activity
  • Enforce our Terms of Service or other agreements

5.6 Aggregated and De-Identified Data

We may freely share, sell, publish, or otherwise distribute aggregated, de-identified, or anonymized data that does not reasonably identify any individual. We maintain technical and organizational safeguards designed to prevent re-identification.

6. CATEGORIES OF INFORMATION SOLD OR SHARED — CCPA TABLE

The following table describes categories of personal information we have sold or shared in the preceding 12 months, the categories of third parties to whom such information was sold or shared, and the business or commercial purpose. This table is provided pursuant to the California Consumer Privacy Act (Cal. Civ. Code § 1798.100 et seq.) and California Privacy Rights Act.

6.1 Categories of Personal Information Sold

Category Specific Data Elements Sold To Purpose
Identifiers Name, postal address, email address, phone number, IP address, account name, unique personal identifiers Insurance companies, financial institutions, real estate data aggregators, marketing partners, lead generation firms, data resellers Data licensing, marketing, analytics
Personal information (Cal. Civ. Code § 1798.80) Name, address, telephone number, email address, professional license number Contractors, property professionals, data aggregators, marketing partners Lead generation, direct marketing
Internet/electronic network activity Browsing history on CVC websites, search queries, pages viewed, interaction data Advertising networks, analytics providers, social media platforms, marketing partners Targeted advertising, audience building, analytics
Geolocation data Approximate location derived from IP address Advertising networks, analytics providers Targeted advertising, regional marketing
Professional/employment information Company name, job title, industry, professional role B2B marketing partners, data aggregators B2B marketing, list licensing
Inferences and derived data Propensity scores, interest profiles, audience segments derived from website behavior Advertising networks, marketing partners Targeted advertising, audience modeling

6.2 Categories of Personal Information Shared (for Cross-Context Behavioral Advertising)

Category Specific Data Elements Shared With Purpose
Identifiers Online identifiers, IP addresses, cookie IDs, advertising IDs Advertising networks, social media platforms, analytics providers Behavioral advertising, retargeting, lookalike audiences
Internet/network activity Pages visited, time on site, content interacted with Advertising networks, analytics providers Behavioral advertising, conversion tracking
Geolocation data Approximate location from IP Advertising networks Geotargeted advertising
Inferences Audience segments, interest categories Advertising networks, demand-side platforms Programmatic advertising

6.3 Public Records Data — Data Licensing (Not "Personal Information" Under Most Privacy Laws)

Category Specific Data Sold/Licensed To Purpose
Property violation records Code violations, notices of violation, enforcement history Contractors, property managers, insurers, lenders, real estate professionals Due diligence, risk assessment, compliance
Permit data Permit applications, issuances, expirations, expired permits Contractors, permit expediters, property managers Lead generation, service identification
Property ownership data Owner names from public deed records, parcel numbers, property addresses Real estate professionals, insurers, lenders, marketing partners Contact identification, outreach, due diligence
Lien and judgment data Recorded liens, UCC filings, tax liens, mechanic's liens Financial institutions, real estate professionals, law firms Risk assessment, underwriting
Analytics and derived scores Property condition indices, risk scores, violation frequency scores Insurers, lenders, government agencies, research organizations Risk modeling, policy, underwriting

Note on Public Records Data: Property owner names and addresses appearing in government records — such as deed records, tax assessment rolls, permit applications, and violation notices — are disclosed and maintained by government agencies as a matter of law. CVC's compilation and licensing of this information does not constitute a "sale of personal information" under the CCPA or CPRA because (a) this information is lawfully made available from government records, falling within the "publicly available information" exception under Cal. Civ. Code § 1798.140, and (b) CVC licenses this information for legitimate business purposes consistent with the purpose for which it was made available. Nevertheless, CVC provides an opt-out mechanism for individuals who wish to request suppression of their personal information from CVC's commercial licensing activities; see Section 11.

7. OUR ROLE AS A DATA BROKER

CVC Intelligence LLC operates in whole or in part as a data broker as that term is defined under applicable state laws. A data broker is a business that knowingly collects and sells or licenses to third parties the personal information of consumers with whom the business does not have a direct relationship.

State Data Broker Registrations:

  • California (AB 1202): CVC Intelligence LLC may be required to register with the California Attorney General as a data broker. CVC will register and maintain registration as required under California Business and Professions Code § 22757 et seq. Registered California data brokers are listed at the California Attorney General's Data Broker Registry.
  • Vermont (9 V.S.A. § 2430): CVC Intelligence LLC may be required to register as a data broker with the Vermont Secretary of State. CVC will register and maintain such registration as required. Vermont data broker registrants are listed at the Vermont Secretary of State's website.
  • Oregon (ORS Chapter 646A): CVC Intelligence LLC may be subject to Oregon's data broker registration requirements. CVC will register as required. Oregon data broker registrants are listed at the Oregon Attorney General's website.
  • Texas (Tex. Bus. & Com. Code § 503A): CVC Intelligence LLC is a data broker under Texas law. To conduct business in Texas, data brokers must register with the Texas Secretary of State. Information about data broker registrants is available at https://www.sos.state.tx.us.
  • Other states: As additional state data broker registration requirements take effect, CVC Intelligence LLC will comply with all applicable registration obligations.

Consumer Opt-Out of Data Broker Activities: Many state laws provide consumers with a right to opt out of the sale of their personal information by data brokers. Please see Section 11 (California), Section 12 (other states), and Section 21 (contact) for instructions on exercising your opt-out rights.

8. PUBLIC RECORDS DATA VS. PERSONAL INFORMATION

This section explains a distinction that is central to understanding CVC Intelligence's business and this Privacy Policy.

8.1 Personal Information Collected from Website Visitors and Users

When individuals visit our websites or register for our Services, we collect personal information directly from those individuals — including name, email address, IP address, and usage data. This information is subject to the full scope of applicable privacy laws, including CCPA/CPRA rights (right to know, delete, correct, and opt out of sale), GDPR rights for EU/EEA visitors, and equivalent rights under other applicable state laws. Users may exercise those rights as described in Sections 11–12.

8.2 Public Records Data About Properties and Property Owners

CVC Intelligence's core product is a database of property-level information derived entirely from publicly available government records — building departments, county assessors, county recorders, courts, and other government agencies that create and maintain property records as a matter of law and public duty.

Key characteristics of this public records data:

  • Government origin: Every record in CVC's property database originates with a government agency, which created and disclosed the record pursuant to its official duties and applicable open records law.
  • Publicly available: These records are legally accessible by any member of the public, under state public records acts, FOIA, and similar laws.
  • Property-centric, not person-centric: The primary subject of these records is the property (parcel, structure, address), not the individual. Owner names appear incidentally as a legal attribute of ownership.
  • CCPA publicly available exception: Under Cal. Civ. Code § 1798.140(ae)(2), "personal information" does not include "information that is lawfully made available from federal, state, or local government records." Property tax assessment records, permit records, deed records, and violation records are squarely within this exception.
  • Legitimate purpose: CVC licenses this data for legitimate commercial, compliance, safety, and research purposes consistent with the purposes for which government agencies make the data publicly available.

8.3 Derived Analytics

CVC creates analytics, risk models, condition scores, and predictive indices derived from public records data. These derived products are intellectual property of CVC Intelligence and are licensed to customers as data products. To the extent these products contain or are derived from personally identifiable information, the same consumer rights described in this Policy apply.

8.4 Individual Suppression Requests

Notwithstanding the publicly available nature of the underlying data, CVC Intelligence maintains a voluntary suppression list for individuals who request that their personal information be excluded from CVC's commercial data licensing activities (to the extent technically feasible). Suppression requests can be submitted at: privacy@codeviolationcheck.com. Note that suppression from CVC's commercial products does not affect the underlying government records, which remain publicly available from their original sources.

9. COOKIES AND TRACKING TECHNOLOGIES

9.1 What We Use

CVC Intelligence and its third-party partners use the following tracking technologies on our websites:

Technology Description Purpose
First-party cookies Cookies set by CVC's own domains Session management, preferences, authentication
Third-party cookies Cookies set by partner domains while you visit our site Analytics, advertising, social media integration
Session cookies Cookies that expire when you close your browser Maintaining session state during a single visit
Persistent cookies Cookies that remain on your device for a set period Remembering preferences, returning user recognition, advertising frequency capping
Web beacons / pixels Transparent image files embedded in pages or emails Tracking page views, email opens, conversions
Local storage Data stored in your browser's local storage API Application state, performance optimization
Session storage Data stored in your browser's session storage Temporary session data
Device fingerprinting Collection of browser and device attributes to create a probabilistic identifier Fraud detection, returning visitor recognition
Conversion tracking pixels Code placed on confirmation pages Measuring advertising campaign effectiveness

9.2 Third-Party Analytics and Advertising Technologies

We use the following specific third-party tools, among others:

  • Google Analytics / Google Analytics 4 (GA4): We use Google Analytics to analyze website traffic and user behavior. Google Analytics collects data about your visits, including pages viewed, time spent, referring websites, and device information. Google may use this data in accordance with Google's own privacy policy. To opt out of Google Analytics, visit https://tools.google.com/dlpage/gaoptout.

  • Google Ads / Google Tag Manager: We use Google advertising products for conversion tracking, remarketing, and audience targeting. Google Ads cookies allow us to show you CVC advertisements on Google's network after you visit our site.

  • Meta Pixel (Facebook Pixel): We use the Meta Pixel to measure the effectiveness of our advertising on Facebook and Instagram, to build custom audiences for advertising, and to enable conversion tracking. The Meta Pixel collects data about your activity on our site and reports it to Meta. To opt out, visit https://www.facebook.com/settings?tab=ads or use Meta's Ad Preferences tool.

  • LinkedIn Insight Tag: We may use the LinkedIn Insight Tag to track conversions and build retargeting audiences on LinkedIn for B2B marketing purposes.

  • Other advertising and analytics tags: We may deploy additional advertising, analytics, or performance monitoring tags from time to time. Our Cookie Preferences tool (where available) will reflect active tags.

You may control cookies and tracking technologies through:

  • Browser settings: Most web browsers allow you to refuse new cookies, delete existing cookies, or receive alerts before cookies are set. Consult your browser's help documentation for instructions. Note that disabling cookies may affect the functionality of our Services.
  • Cookie preference center: Where available on our websites, you may use our cookie preference/consent manager to accept or reject non-essential cookies.
  • Opt-out tools: You may opt out of interest-based advertising from many advertising networks through the Network Advertising Initiative (NAI) opt-out tool at https://www.networkadvertising.org/choices/ or the Digital Advertising Alliance (DAA) tool at https://www.aboutads.info/choices/.
  • Global Privacy Control (GPC): We recognize and honor GPC signals as opt-out of sale/sharing signals for California residents, consistent with CPRA requirements.

10. DO NOT TRACK SIGNALS

Some web browsers have a "Do Not Track" (DNT) feature that sends a signal to websites requesting that user activity not be tracked. CVC Intelligence's websites do not currently respond to DNT browser signals in a manner that changes our data collection practices, as there is no universally accepted standard for interpreting or honoring DNT signals.

However, California residents and residents of other applicable states may exercise their right to opt out of the sale or sharing of personal information through the methods described in Sections 11 and 12 of this Policy. We honor Global Privacy Control (GPC) signals as opt-out of sale/sharing requests for California residents, consistent with CPRA and Attorney General guidance.

11. CALIFORNIA PRIVACY RIGHTS (CCPA/CPRA)

This section applies to residents of California and supplements the rest of this Privacy Policy. It is provided pursuant to the California Consumer Privacy Act of 2018 ("CCPA") as amended by the California Privacy Rights Act of 2020 ("CPRA"), and their implementing regulations.

11.1 Categories of Personal Information Collected

In the preceding 12 months, we have collected the following categories of personal information from California consumers:

Category Examples Collected?
Identifiers Name, alias, postal address, unique personal identifier, online identifier, IP address, email address, account name Yes
Personal information (Cal. Civ. Code § 1798.80(e)) Name, address, telephone number, email address Yes
Protected classification characteristics Age (40+), marital status, gender No
Commercial information Products or services purchased, transaction history Yes
Biometric information Fingerprints, voiceprints No
Internet/electronic network activity Browsing history, search history, online behavior, interaction data Yes
Geolocation data Approximate location derived from IP address Yes (approximate only)
Sensory/audio/visual information Call recordings (customer service calls, where permitted) Limited
Professional/employment information Job title, company, industry Yes (for business users)
Education information N/A No
Inferences Profiles derived from above categories regarding preferences and interests Yes
Sensitive personal information Account log-in + password (credential data) Yes

Sources of Collection: We collect personal information from you directly; from your devices automatically; from our advertising and analytics partners; from data enrichment providers; from public government sources; and from business partners and resellers.

Business and Commercial Purposes: We use personal information for the purposes described in Section 4, including service delivery, analytics, marketing, product improvement, legal compliance, fraud prevention, and data licensing.

11.2 Your California Privacy Rights

California residents have the following rights under the CCPA/CPRA:

a) Right to Know: You have the right to request that CVC disclose: (i) the categories of personal information we have collected about you; (ii) the categories of sources from which personal information was collected; (iii) the business or commercial purpose for collecting, selling, or sharing personal information; (iv) the categories of third parties with whom we disclose personal information; and (v) the specific pieces of personal information we have collected about you.

b) Right to Delete: You have the right to request that CVC delete personal information we have collected about you, subject to certain exceptions (e.g., completing a transaction, detecting security incidents, complying with legal obligations, exercising free speech or other rights, engaging in research, or other internal uses compatible with the context in which you provided the information).

c) Right to Correct: You have the right to request that CVC correct inaccurate personal information we maintain about you.

d) Right to Opt Out of Sale or Sharing: You have the right to opt out of the sale of your personal information and the sharing of your personal information for cross-context behavioral advertising. CVC Intelligence DOES sell and share personal information as described in Sections 5 and 6. To exercise this right, click "Do Not Sell or Share My Personal Information" (link to be provided on our website footer) or contact us at privacy@codeviolationcheck.com.

e) Right to Limit Use of Sensitive Personal Information: To the extent CVC processes sensitive personal information for purposes beyond those set forth in Cal. Civ. Code § 1798.121(a), you have the right to direct us to limit such use to those permitted purposes. You may submit such a request at privacy@codeviolationcheck.com.

f) Right to Non-Discrimination: CVC will not discriminate against you for exercising your CCPA/CPRA rights. We will not deny goods or services, charge different prices, provide a different level or quality of service, or suggest that you will receive a different price or quality of service for exercising your privacy rights.

g) Financial Incentive Programs: CVC may offer financial incentive programs (such as discount subscriptions or promotional pricing) in connection with the collection, sale, or deletion of personal information. Where applicable, we will provide a separate notice describing the material terms of such programs, the value of personal information to the program, and how to opt in or withdraw.

11.3 Consumers Under 16

CVC does not knowingly sell or share the personal information of consumers under 16 years of age without affirmative authorization. Consumers who are 13–15 years old must opt in; consumers under 13 are not permitted to use our Services (see Section 18). If we learn that we have collected personal information from a consumer under 16 without appropriate authorization, we will delete that information promptly.

11.4 Authorized Agents

You may designate an authorized agent to make CCPA/CPRA requests on your behalf. To do so, the authorized agent must provide written authorization signed by you, and we may require you to verify your identity directly with us even if an agent is used.

11.5 Verification

To protect against unauthorized requests, CVC will verify your identity before fulfilling rights requests. Verification typically requires you to provide your full name, email address, and mailing address. For requests to know specific pieces of personal information or to delete, we may require additional verification.

11.6 How to Submit a California Privacy Request

  • Email: privacy@codeviolationcheck.com (include "California Privacy Request" in the subject line)
  • Mail: CVC Intelligence LLC, Attn: Privacy Compliance, 1712 Pioneer Ave, Suite 500, Cheyenne, WY 82001

We will acknowledge receipt within 10 business days and respond within 45 calendar days. If necessary, we may extend the response period by an additional 45 calendar days with notice to you.

11.7 CCPA Metrics

CVC Intelligence will compile and publish annual metrics regarding consumer privacy requests, including the number of requests to know, delete, correct, and opt out received, complied with in whole or in part, and the median number of days to respond, to the extent required by applicable law and regulations.

12. VIRGINIA, COLORADO, CONNECTICUT, UTAH, TEXAS, OREGON AND OTHER STATE PRIVACY RIGHTS

This section describes privacy rights available to residents of states that have enacted comprehensive consumer data privacy laws as of the Effective Date of this Policy. CVC Intelligence will comply with additional state privacy laws as they become effective.

12.1 Applicable States and Laws

State Law Effective Date
Virginia Consumer Data Protection Act (CDPA) January 1, 2023
Colorado Colorado Privacy Act (CPA) July 1, 2023
Connecticut Data Privacy Act (CTDPA) July 1, 2023
Utah Consumer Privacy Act (UCPA) December 31, 2023
Texas Data Privacy and Security Act (TDPSA) July 1, 2024
Oregon Consumer Privacy Act (OCPA) July 1, 2024
Delaware Personal Data Privacy Act January 1, 2025
Indiana Consumer Data Protection Act January 1, 2026
Iowa Consumer Data Protection Act January 1, 2025
Montana Consumer Data Privacy Act October 1, 2024
Nebraska Data Privacy Act January 1, 2025
New Hampshire Data Privacy Act January 1, 2025
New Jersey Data Privacy Act January 15, 2025
Tennessee Information Privacy Act July 1, 2025
Minnesota Consumer Data Privacy Act July 31, 2025

12.2 Common Rights Under State Privacy Laws

Residents of the above states generally have the following rights, subject to exceptions and limitations:

  • Right to access: Confirm whether CVC processes your personal data and access that data
  • Right to correct: Request correction of inaccurate personal data
  • Right to delete: Request deletion of personal data you have provided or that we have collected about you
  • Right to data portability: Obtain a copy of your personal data in a portable, machine-readable format
  • Right to opt out of targeted advertising: Opt out of the processing of personal data for targeted advertising purposes
  • Right to opt out of sale: Opt out of the sale of your personal data to third parties
  • Right to opt out of profiling: Opt out of profiling in furtherance of decisions that produce legal or similarly significant effects (Virginia, Colorado, Connecticut, Texas, Oregon, and others)
  • Right to appeal: If CVC declines to act on your rights request, you may appeal that decision

12.3 Sensitive Data

CVC will obtain consent prior to processing sensitive personal data (as defined under applicable state law) for purposes beyond those necessary to provide our Services, to the extent required by applicable law.

12.4 How to Exercise State Privacy Rights

  • Email: privacy@codeviolationcheck.com (include your state of residence and the right you wish to exercise)
  • Mail: CVC Intelligence LLC, Attn: Privacy Compliance, 1712 Pioneer Ave, Suite 500, Cheyenne, WY 82001

Response timelines vary by state but generally we aim to respond within 45 days, with a possible extension of up to 45 additional days where permitted by law.

Appeal Process: If we decline to fulfill a rights request, we will notify you of the reason. You may appeal by contacting us at privacy@codeviolationcheck.com with the subject line "Privacy Request Appeal." We will respond within 60 days of receiving an appeal. If your appeal is denied, we will provide information about how to contact the relevant state Attorney General.

13. GDPR AND INTERNATIONAL PRIVACY RIGHTS

This section applies to individuals in the European Economic Area (EEA), United Kingdom (UK), and Switzerland who access our websites or Services.

13.1 Data Controller

For purposes of the EU General Data Protection Regulation (GDPR) and UK GDPR, CVC Intelligence LLC is the data controller for personal information collected through our websites and Services.

We process personal data of EEA/UK residents on the following legal bases:

Processing Activity Legal Basis
Providing Services you requested and managing your account Performance of a contract (Article 6(1)(b))
Fraud prevention, security, legal compliance Legal obligation (Article 6(1)(c))
Analytics, marketing, data licensing, business improvement Legitimate interests (Article 6(1)(f)) — subject to balancing test
Email marketing (where required by law) Consent (Article 6(1)(a))
Any processing of special category data Explicit consent (Article 9(2)(a))

Where we rely on legitimate interests, we balance CVC's interests against your fundamental rights and freedoms. You have the right to object to legitimate-interest processing at any time.

13.3 Your GDPR Rights

If you are located in the EEA, UK, or Switzerland, you have the right to:

  • Access: Obtain a copy of the personal data we hold about you
  • Rectification: Request correction of inaccurate or incomplete personal data
  • Erasure ("right to be forgotten"): Request deletion of your personal data in certain circumstances
  • Restriction: Request that we restrict processing of your personal data in certain circumstances
  • Data portability: Receive your personal data in a structured, commonly used, machine-readable format
  • Object: Object to processing based on legitimate interests (including direct marketing)
  • Withdraw consent: Where processing is based on consent, withdraw consent at any time (without affecting the lawfulness of prior processing)
  • Lodge a complaint: File a complaint with your national data protection supervisory authority

13.4 International Data Transfers

CVC Intelligence is based in the United States. If you are located in the EEA, UK, or Switzerland, please be aware that your personal data will be transferred to and processed in the United States, which may not provide the same level of data protection as your home country.

Where required by applicable law, CVC implements appropriate safeguards for international transfers, which may include:

  • Standard Contractual Clauses (SCCs): The EU Commission's Standard Contractual Clauses (June 2021 version) for controller-to-processor and controller-to-controller transfers
  • UK International Data Transfer Addendum: For transfers of UK personal data
  • Swiss Adequacy Measures: For transfers of Swiss personal data

You may request a copy of the applicable transfer mechanism by contacting us at privacy@codeviolationcheck.com.

13.5 Data Protection Representative

CVC Intelligence LLC does not currently have an established EU/UK establishment. Individuals seeking to contact CVC about their GDPR rights may do so through the contact information in Section 21. CVC will designate an EU/UK Data Protection Representative as required by applicable law.

13.6 Response Timeframes

We will respond to GDPR rights requests within 30 calendar days. In complex or numerous cases, we may extend this period by up to 60 additional days with notice.

14. CALIFORNIA SHINE THE LIGHT (CIVIL CODE § 1798.83)

California Civil Code § 1798.83 ("Shine the Light" law) permits California residents who are customers of CVC Intelligence to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes during the immediately preceding calendar year.

CVC Intelligence may share personal information with third parties for their direct marketing purposes. California customers may request a list of the categories of personal information disclosed and the names and addresses of third parties with whom such information was shared by contacting us at:

  • Email: privacy@codeviolationcheck.com (subject line: "California Shine the Light Request")
  • Mail: CVC Intelligence LLC, Attn: Shine the Light Request, 1712 Pioneer Ave, Suite 500, Cheyenne, WY 82001

We will respond within 30 days. You may make one such request per calendar year.

15. NEVADA PRIVACY RIGHTS (SB 220)

Nevada Revised Statutes Chapter 603A, as amended by Senate Bill 220 (2019), gives Nevada consumers the right to opt out of the sale of covered information to third parties.

CVC Intelligence may sell covered information (as defined under Nevada law, including name, address, email address, telephone number, and certain online identifiers) to third parties.

Nevada residents may submit an opt-out request by:

  • Email: privacy@codeviolationcheck.com (subject line: "Nevada Opt-Out Request")
  • Mail: CVC Intelligence LLC, Attn: Nevada Privacy, 1712 Pioneer Ave, Suite 500, Cheyenne, WY 82001

We will respond to verified opt-out requests within 60 days, with an optional 30-day extension if reasonably necessary.

16. DATA RETENTION

CVC Intelligence retains personal information and data for as long as necessary to fulfill the purposes described in this Policy, or as required by applicable law. The following table describes our general retention periods by data category:

Data Category Retention Period Basis/Notes
User account information (name, email, credentials) Duration of account + 3 years after closure Fraud prevention, dispute resolution, re-engagement
Payment and transaction records 7 years from transaction date IRS/tax record requirements, legal compliance
Customer service and support records 3 years from last interaction Dispute resolution, service improvement
Website analytics and log files 13–26 months Standard analytics platform retention; aggregate reports retained longer
Cookie and advertising tracking data 30 days to 2 years depending on cookie type Advertising platform standard retention; persistent cookies expire per setting
Email marketing data (opt-in/opt-out records) Duration of relationship + 5 years CAN-SPAM compliance, proof of consent
Public records database Indefinite (core business asset) Continuous updating; historical records retained as part of violation/permit history
Data licensing customer records Duration of contract + 5 years Contractual, legal, and audit purposes
Security and fraud prevention logs 1–3 years Security monitoring, incident investigation
Legal hold data Until hold is released Litigation, regulatory investigation
Suppression list records Indefinite (to honor ongoing suppression) Honoring opt-out/suppression requests
De-identified and aggregated data Indefinite Statistical and research value; no individual re-identification risk

When personal information is no longer required for the purposes described above, CVC securely deletes or irreversibly anonymizes it in accordance with industry-standard practices.

17. SECURITY MEASURES

CVC Intelligence implements administrative, technical, and physical safeguards designed to protect the information we maintain against unauthorized access, disclosure, alteration, and destruction.

17.1 Technical Safeguards

  • Encryption in transit: All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher (HTTPS). API communications are encrypted using industry-standard protocols.
  • Encryption at rest: Sensitive data stored in our databases and file systems is encrypted using AES-256 or equivalent encryption standards.
  • Access controls: Role-based access controls (RBAC) restrict employee and contractor access to personal information on a need-to-know basis. Privileged access requires multi-factor authentication (MFA).
  • Network security: Firewalls, intrusion detection and prevention systems (IDPS), and network segmentation protect our infrastructure.
  • Vulnerability management: Regular vulnerability scanning, penetration testing, and patch management are conducted on our systems and applications.
  • Logging and monitoring: Security information and event management (SIEM) tools monitor for anomalous activity, unauthorized access attempts, and data exfiltration.

17.2 Administrative Safeguards

  • Privacy and security training: Employees and contractors with access to personal information receive regular privacy and security awareness training.
  • Background checks: Employees in roles with access to sensitive data are subject to background screening.
  • Vendor management: Third-party service providers who access or process personal information on our behalf are required to maintain appropriate security controls and are subject to data processing agreements.
  • Incident response plan: CVC maintains a documented incident response plan for data security incidents, including breach notification procedures consistent with applicable state and federal law.
  • Privacy by design: Privacy and security considerations are incorporated into the design and development of new products and features.

17.3 Physical Safeguards

  • Our technology infrastructure is hosted in SOC 2-certified data centers with controlled physical access, environmental controls, and redundancy measures.
  • Employee workstations used to access personal information are subject to device management controls including encryption and remote wipe capability.

17.4 SOC 2 Compliance Aspiration

CVC Intelligence is committed to achieving SOC 2 Type II certification for our data management operations. We are actively implementing the controls, policies, and audit infrastructure necessary to achieve and maintain this certification. In the interim, CVC adopts the AICPA Trust Services Criteria as a framework for our internal security and privacy controls.

17.5 No Absolute Security

Despite our efforts, no security measure is perfect or impenetrable. We cannot guarantee the absolute security of your information. In the event of a data security incident that triggers notification obligations under applicable law, we will notify affected individuals and regulators as required.

18. CHILDREN'S PRIVACY

18.1 COPPA Compliance

CVC Intelligence's websites and Services are directed to adults and business professionals. We do not knowingly collect personal information from children under 13 years of age in violation of the Children's Online Privacy Protection Act (COPPA), 15 U.S.C. § 6501 et seq.

If we learn that we have inadvertently collected personal information from a child under 13, we will promptly delete such information from our systems. If you believe we have collected information from a child under 13, please contact us at privacy@codeviolationcheck.com.

18.2 Teenagers (Ages 13–15) Under CCPA

Consistent with CCPA requirements, CVC Intelligence does not sell or share the personal information of consumers between the ages of 13 and 15 without their affirmative opt-in authorization. We do not knowingly market directly to minors.

18.3 Age Verification

Our Services require users to affirmatively represent that they are 18 years of age or older (or the age of majority in their jurisdiction) to create an account or enter into data licensing arrangements. We do not perform independent age verification, and we rely on users' honest representation.

Our websites may contain links to third-party websites, resources, and services that are not operated or controlled by CVC Intelligence. These may include government agency websites (from which we source public records data), payment processors, industry associations, advertising platforms, and partner companies.

This Privacy Policy does not apply to third-party websites or services. We are not responsible for the privacy practices, data handling, or content of third parties. We encourage you to review the privacy policies of any third-party websites you visit.

Our websites also incorporate embedded content and functionality from third parties, including social media share buttons, video embeds, and analytics tools. These third parties may collect information about your interaction with their embedded content even when you are visiting our websites. Such collection is governed by those third parties' own privacy policies.

20. CHANGES TO THIS PRIVACY POLICY

CVC Intelligence LLC may update this Privacy Policy from time to time to reflect changes in our data practices, legal requirements, or business operations.

Material Changes: If we make material changes to this Policy — particularly changes that affect your rights or how we use or share your personal information — we will notify you by:

  • Posting the updated Policy on our websites with a revised "Last Updated" date
  • Sending an email notification to registered users with a valid email address on file
  • Displaying a prominent banner or notice on our websites for a reasonable period

Non-Material Changes: Minor or clarifying changes (such as corrections to grammar or formatting) may be made without specific notice beyond updating the "Last Updated" date on the Policy.

Continued Use: Your continued use of our Services after the effective date of any revised Privacy Policy constitutes your acceptance of the updated terms. If you do not agree to material changes, you should discontinue use of our Services and, where applicable, close your account.

Archived Versions: Prior versions of this Privacy Policy are available upon request by contacting privacy@codeviolationcheck.com.

21. CONTACT US AND PRIVACY RIGHTS REQUESTS

21.1 General Contact

For questions, concerns, or comments about this Privacy Policy or CVC Intelligence's privacy practices:

CVC Intelligence LLC
d/b/a Code Violation Check
1712 Pioneer Ave, Suite 500
Cheyenne, WY 82001

General Inquiries: info@codeviolationcheck.com
Privacy Inquiries: privacy@codeviolationcheck.com
Websites: codeviolationcheck.com | buildingcodeviolation.com | defectalerts.com

21.2 Privacy Rights Request Process

To submit a privacy rights request (right to know, delete, correct, opt out of sale, or other applicable rights):

  1. Email: privacy@codeviolationcheck.com — include "Privacy Rights Request" in the subject line, your full name, mailing address, email address, state of residence, and the specific right you wish to exercise
  2. Mail: CVC Intelligence LLC, Attn: Privacy Compliance, 1712 Pioneer Ave, Suite 500, Cheyenne, WY 82001

For California consumers: You may also exercise your opt-out rights by clicking the "Do Not Sell or Share My Personal Information" link in our website footer.

Response Times:
- California (CCPA/CPRA): Acknowledgment within 10 business days; response within 45 calendar days (extendable by 45 days)
- Virginia, Colorado, Connecticut, Texas, Oregon, and other state laws: Response within 45 days (extendable as permitted)
- GDPR/UK GDPR: Response within 30 calendar days (extendable by 60 days in complex cases)
- Nevada: Response within 60 days (extendable by 30 days)

21.3 Data Broker Opt-Out and Suppression

To request suppression of your personal information from CVC Intelligence's commercial data licensing activities (see Section 8.4):

Email: privacy@codeviolationcheck.com (subject line: "Data Suppression Request")
Mail: CVC Intelligence LLC, Attn: Data Suppression, 1712 Pioneer Ave, Suite 500, Cheyenne, WY 82001

Please include your full name, current and former addresses (if applicable), and any other identifying information that may help us locate your records.

21.4 Data Broker Registration and Compliance

For inquiries related to CVC Intelligence's data broker registrations or compliance obligations:

Email: databrokercompliance@codeviolationcheck.com

21.5 Appeal of Privacy Rights Decision

If CVC declines your privacy rights request, you may appeal by emailing privacy@codeviolationcheck.com with the subject line "Privacy Request Appeal." We will respond within 60 days. If your appeal is denied, we will provide instructions for filing a complaint with the relevant state Attorney General or data protection authority.

APPENDIX A — GLOSSARY OF KEY TERMS

Term Definition
CCPA California Consumer Privacy Act, Cal. Civ. Code § 1798.100 et seq.
CPRA California Privacy Rights Act, which amended and expanded the CCPA, effective January 1, 2023
GDPR EU General Data Protection Regulation (Regulation (EU) 2016/679)
UK GDPR United Kingdom General Data Protection Regulation, as retained in UK domestic law
Personal information / personal data Information that identifies, relates to, describes, or is reasonably capable of being associated with a particular individual or household
Sensitive personal information Under CPRA: SSN, driver's license, financial account credentials, precise geolocation, racial/ethnic origin, religious beliefs, health information, union membership, genetic data, biometric data, sexual orientation, content of private communications
Sale Under CCPA: disclosure of personal information for monetary or other valuable consideration; does not include transfers to service providers, sharing within a family of companies, or transfers as part of a merger/acquisition
Sharing Under CPRA: disclosure of personal information for cross-context behavioral advertising, with or without monetary consideration
Data broker A business that knowingly collects and sells or licenses to third parties personal information about individuals with whom it does not have a direct relationship
Public records data Information maintained by government agencies pursuant to their official duties and made publicly available under open records laws
De-identified data Data that cannot reasonably identify, relate to, describe, be capable of being associated with, or be linked to a particular individual
Service provider Under CCPA: a person or entity that processes personal information on behalf of a business pursuant to a written contract, subject to restrictions on further use
Third party Under CCPA: a person or entity that is not the business, the consumer, or a service provider

APPENDIX B — SUMMARY OF THIRD-PARTY DATA SALE AND LICENSING ACTIVITIES

CVC Intelligence's data licensing business is summarized below for clarity:

What CVC Licenses:
- Building code violation records compiled from municipal and county governments
- Building permit data compiled from government building departments
- Property ownership and deed data from county recorders
- Property lien, judgment, and encumbrance data from court records
- Derived analytics including property condition scores, risk indices, and violation frequency scores

Who CVC Licenses Data To:
- Licensed contractors (roofing, plumbing, electrical, HVAC, general contractors)
- Permit expediters and expediting firms
- Property maintenance and facility management companies
- Real estate investors, agents, and brokers
- Homeowners associations and property management companies
- Insurance carriers, underwriters, and actuarial firms
- Mortgage lenders, banks, and loan servicers
- Title companies and settlement agents
- Law firms and litigation support companies
- Government agencies and planning departments
- Academic researchers and policy institutes
- Data aggregators and resellers

How Customers Use This Data:
- Identifying properties with open violations for targeted service marketing
- Underwriting and loss prevention in property insurance
- Property due diligence in real estate transactions
- Loan origination and portfolio monitoring in real estate finance
- Regulatory compliance by property owners
- Urban planning and code enforcement policy analysis
- Lead generation for contractors and service businesses

CVC's Position on Public Records Data:
CVC compiles and licenses data that originates with government agencies and is made publicly available under federal, state, and local open records laws. CVC does not create this data — it compiles, normalizes, enhances, and distributes it in more accessible and useful form. This service reduces friction in accessing public information and serves legitimate commercial, safety, compliance, and research purposes.

CVC Intelligence LLC | d/b/a Code Violation Check | 1712 Pioneer Ave, Suite 500, Cheyenne, WY 82001 | privacy@codeviolationcheck.com

Effective Date: April 7, 2026 | Last Updated: April 7, 2026

© 2026 CVC Intelligence LLC. All rights reserved.