Privacy, in plain English
Last updated April 13, 2026.
The short version
- DirtSignal sells one thing: a weekly list of properties that just received a code violation. The data we work with is public property records — government filings that anyone can request or search directly.
- If you sign in with Google, we store your email, your name, and your profile picture. That's the complete list of what we hold on you.
- Your account information stays between you, our hosting providers, and us.
- The only scripts running on this site serve our own pages.
What we hold about you
Two categories, and they're both small.
If you visit the site without signing in: our hosting provider (Cloudflare) sees your IP address and user-agent, the way any website does. That information is used to route the request, serve the page, and defend against abuse.
If you sign in with Google: we receive your Google account's email address, display name, profile picture URL, and a stable Google user ID. Those values live in our database so we can greet you by name, let you back in next time, and send you the data you paid for.
Cookies
One functional cookie keeps you signed in: a signed session token.
During Google sign-in, two additional short-lived cookies run for about
ten minutes to protect the sign-in handshake from request-forgery attacks.
All sign-in cookies are scoped to dirtsignal.com and exist
purely to make sign-in work.
The property data we redistribute
The feed comes from county and municipal code-enforcement portals whose records are public by law. Property addresses, case numbers, violation details, and enforcement status on those portals are government records. DirtSignal normalizes them into a consistent format and redistributes them with a link back to the jurisdiction's own case page.
If you are a property owner and you believe a specific record should be corrected or suppressed, email the address below. The authoritative source is the jurisdiction that issued the record, so corrections usually begin there — but we'll help route it and update our copy once the underlying record changes.
Who processes your information on our behalf
- Cloudflare — hosting, storage, and the sign-in session cookie. Bound to processing data on DirtSignal's behalf under their data-processing terms.
- Google — identity provider for sign-in. Receives the sign-in request from your browser and returns your profile to DirtSignal after you approve.
- Amazon SES — email delivery for sign-in links, weekly brief messages, and account notifications.
- Stripe — payment processing, subscription management, billing portal, and receipts for paid accounts.
That list is exhaustive for today. If it changes, this page updates first, and active accounts get an email before the integration goes live.
Your rights
Email us to export or delete your DirtSignal account. Account rows and identity links are removed from our database within 24 hours, and backups containing them roll off within 30 days.
Privacy-law rights (GDPR, CCPA, and any other jurisdiction- specific regime) apply here whether you cite them or not. Email us and we'll handle the request on that basis.
Security
Session cookies are HMAC-signed and transmitted only over HTTPS. You can sign in with Google, an email link, or an optional DirtSignal password. Passwords are stored only as salted PBKDF2 hashes. Our signing keys and API credentials live in Cloudflare's secret store and are accessible only to the running Worker, never to source code or logs.
Changes to this policy
The date at the top of this page always reflects the current policy. When something material changes, active accounts get an email before the change takes effect.
Contact
Questions, corrections, deletions: privacy@dirtsignal.com.