FendLandFendLand

Privacy Policy

Effective date: March 7, 2026  ·  Last updated: April 20, 2026

1. Overview

FendLand is built for landowner privacy. This Privacy Policy explains what data we collect, how we use it, and the choices you have. We do not sell your personal information.

2. Information We Collect

Information you provide

  • Account information: email address and password
  • Message text you submit for scanning
  • Sender phone numbers you optionally provide with scans
  • Personal information for removal requests: full name, phone number, state, email address
  • Notes you add to your evidence log
  • Property inquiry form responses (if you use an inquiry link)

Information processed by the iOS SMS filter

  • The content of SMS and MMS messages from unknown senders (numbers not in your contacts)
  • The sender's phone number
  • Messages classified as non-property-related by the on-device pre-filter never leave your device
  • Messages sent to our server for classification are processed and discarded — we do not store message body content from the SMS filter
  • We store only: a hashed version of the sender's phone number, the classification verdict, confidence score, and timestamp

Information collected automatically

  • IP address (used for rate limiting only, not stored long-term)
  • Standard server logs (request paths, timestamps)
  • Authentication session tokens (stored in secure cookies)

Third-party data

  • Phone number carrier and line type data from Twilio Lookup (cached up to 60 days)

3. How We Use Your Information

  • To provide the Service: scan messages, save results to your evidence log, and submit removal requests on your behalf.
  • To classify messages using AI: for ambiguous messages, FendLand sends the message content and carrier metadata (not your phone number) to Anthropic's Claude AI API for classification. See Section 5 for details.
  • To send transactional emails: account-related emails (password reset, confirmation) and removal request submissions via Resend.
  • To enforce rate limits and prevent abuse: IP addresses are used transiently for rate limiting (stored in Redis for up to 1 minute) and are not persisted in our database.
  • To maintain audit logs: removal request actions are logged for your protection and ours.

4. Community Blocklist

When you scan a message classified as WHOLESALER or SCAM with a phone number, FendLand anonymously increments a counter for that number in our Community Blocklist. This contribution:

  • Contains no information that identifies you
  • Stores only: the phone number (E.164 format), classification type, and count
  • Is used to show aggregate reputation data to other users

You can opt out of contributing to the Community Blocklist by not providing a sender phone number when scanning.

5. How We Share Your Information

We do not sell your personal information. We share data only in these limited cases:

  • Data brokers (removal requests): When you initiate an Assisted or Hybrid removal, we send your name, phone, state, and email to the target broker on your behalf. This is the purpose of the feature.
  • Anthropic (AI classification): For messages where our regex scanner returns an ambiguous result, we send the message text and sender carrier metadata (carrier name, line type, VoIP flags) to Anthropic's Claude Haiku API to classify the message. We do not send your phone number, email, name, or any user identifier to Anthropic. Anthropic processes the request and does not retain the content for training per their API terms. See Anthropic's Privacy Policy.
  • Service providers: Supabase (database and auth), Resend (email delivery), Twilio (phone carrier lookup), Vercel (hosting). Each operates under their own privacy policies.
  • Legal requirements: We may disclose information if required by law or to protect the rights and safety of FendLand or others.

6. Data Retention

  • Scan records and evidence notes: retained while your account is active
  • Removal request records and audit logs: retained while your account is active
  • Phone number carrier cache: 60 days
  • Authentication sessions: managed by Supabase per their retention policy

When you delete your account, your personal data is deleted within 30 days, except where retention is required by law.

7. Security

We use industry-standard security practices including encrypted connections (HTTPS), secure session management, and role-based database access controls. Sensitive operations use server-side service role keys that are never exposed to the browser. No system is 100% secure. Please use a strong password and enable two-factor authentication.

8. Your Rights

You may:

  • Access and export your scan data (CSV export available in the Evidence Log)
  • Delete your account and associated data by contacting support@fendland.com
  • Request a copy of your data
  • Opt out of Community Blocklist contributions by omitting sender phone numbers

9. iOS SMS Filter

FendLand's iOS app includes an SMS filter that classifies incoming text messages from unknown senders. This section explains how it works and what data is involved.

How the filter works

When you enable FendLand in Settings > Apps > Messages > Unknown & Spam, iOS asks FendLand to classify SMS messages from numbers not in your contacts. FendLand determines whether the message is unsolicited real estate solicitation (from wholesalers, investors, or scammers targeting property owners) and routes it to your Junk folder if so.

On-device processing

Many messages are classified entirely on your device without any data leaving your phone. Messages that are clearly not property-related (verification codes, delivery notifications, bank alerts, appointment reminders) are identified locally and allowed through immediately. Only messages that contain property-related language may be sent to FendLand's server for full analysis.

What data is sent to our server

When a message passes the on-device pre-filter (i.e., contains property-related language), iOS sends the following to FendLand's server via Apple's ILMessageFilterExtension network API:

  • The full text of the SMS message
  • The sender's phone number

How our server processes the data

  1. Carrier lookup: We send the sender's phone number to Twilio Lookup to identify the carrier and line type (mobile, VoIP, landline). Results are cached for 60 days.
  2. Classification: Our regex scanner analyzes the message text. If the result is ambiguous, we send the message text and carrier metadata to Anthropic's Claude Haiku AI for classification. We do not send your phone number, email, or any user identifier to Anthropic.
  3. Response to iOS: We return a verdict ("junk" or "allow") to iOS, which routes the message accordingly.

What we store permanently

  • A truncated SHA-256 hash of the sender's phone number (first 16 hex characters). This hash cannot be reversed to recover the original number.
  • The classification verdict (e.g., WHOLESALER, UNCLEAR)
  • The confidence score (0-99)
  • Carrier type (mobile, VoIP, landline)
  • A timestamp

What we do NOT store

  • The SMS message body content — never written to our database
  • The raw phone number in the scans table — only the truncated hash
  • Any link between a specific phone number and your user account
  • Your IP address in our database (IPs are used transiently by Redis for rate limiting only, not persisted)

Per-user filter catch counts

When the iOS SMS filter routes a message to Junk, we record a timestamped row linked to your user account. This row contains only your user ID and a timestamp — no sender phone number, no message content, no verdict details. This count is used solely to power a weekly push notification summarizing how many messages FendLand filtered for you that week (e.g., "FendLand blocked 12 wholesaler messages this week"). This is the only way the filter catch is linked to your identity, and it is stored separately from all message metadata.

The per-sender community blocklist data (which phone numbers have been filtered) is stored without any user linkage.

Community Blocklist contribution

When a message is classified as WHOLESALER, the sender's phone number is recorded in our Community Blocklist counter with no user linkage. Other users querying that number see aggregate data only. You cannot opt out of contributing to the blocklist while the SMS filter is enabled, since the contribution is anonymous.

What is not sent to our servers

  • Messages from numbers in your contacts (iOS handles this before invoking the filter)
  • Messages classified as non-property-related by the on-device pre-filter (OTPs, bank alerts, delivery notifications, appointment reminders, personal texts)
  • iMessages (the filter only applies to SMS and MMS from unknown senders)

Third parties that receive your SMS data

  • Anthropic (Claude Haiku API): Receives the message text and carrier metadata for ambiguous messages. Does not receive your phone number or any identifier. Anthropic does not retain API request content for training per their commercial terms.
  • Twilio Lookup: Receives the sender's phone number to identify the carrier. Results cached for 60 days.
  • Supabase: Stores the hashed phone number, verdict, and timestamp (as listed above).

Your control

You can disable the SMS filter at any time in iOS Settings > Apps > Messages > Unknown & Spam. Disabling the filter immediately stops all message processing by FendLand. No data is collected when the filter is disabled.

10. Children

FendLand is not directed at children under 18. We do not knowingly collect personal information from anyone under 18. If you believe we have inadvertently collected such information, contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice in the Service. The effective date at the top of this page reflects the most recent update.

12. Contact

Privacy questions or data requests: privacy@fendland.com

General support: support@fendland.com

Terms of Service →← Back to home