Back to Home

Privacy Policy

Last Updated: October 10, 2025

1. INTRODUCTION

A100 Arms LLC ("A100 Arms," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our hospitality investment information platform (the "Platform"). Please read this policy carefully.

By using the Platform, you consent to the data practices described in this Privacy Policy.

If you do not agree with the terms of this Privacy Policy, please do not access or use the Platform.

2. INFORMATION WE COLLECT

We collect information about you in various ways when you use our Platform. The information we collect includes:

2.1 Personal Information You Provide

A. Account Registration Information

When you create an account, we collect:

  • Name: First and last name
  • Email Address: Primary contact email
  • Phone Number: Mobile or business phone
  • Company Information: Company name, title, role
  • Password: Encrypted authentication credentials

B. Investment Buybox Profile

We collect your investment preferences and criteria to match you with suitable properties:

  • Market Scope: Geographic preferences (states, regions, cities, MSAs), market tiers, location types, demand generators
  • Brand Preferences: Preferred hotel parent companies, specific brand flags, chain scales, service levels
  • Property Specifications: Preferred key range (room count), corridor type, vintage preferences, PIP status, conversion opportunities, deal exposure preferences
  • Financial Metrics: Preferred deal size range, minimum going-in cap rate, minimum stabilized cap rate, minimum ADR, minimum RevPAR, minimum occupancy rate, target IRR, minimum cash-on-cash return, minimum DSCR, target GRM, preferred debt yield, total liquidity, minimum equity check size

C. Electronic Signature and Disclosure Information

  • Legal Disclosures: Consent records for the 5 required ESIGN Act disclosures
  • Digital Signature: Your electronic signature captured through the Platform
  • Signature Metadata: Timestamp, IP address, device information, session ID for each signature event

D. Transaction-Related Information

  • Confidentiality Agreements (CAs): Signed agreements, execution timestamps, property associations
  • Letters of Intent (LOIs): Offer submissions, terms, conditions, negotiation history
  • Property Interests: Properties viewed, saved, or for which you've requested information
  • Document Requests: Requests for detailed financial packages or property materials

E. Communication Data

  • Messages: Correspondence with administrators and property sellers through Platform messaging
  • Inquiries: Questions about specific properties or general platform support
  • Feedback: Survey responses, feature requests, bug reports
  • Document Uploads: Files you upload through the Platform

2.2 Automatically Collected Information

A. Usage Data

We automatically collect information about how you interact with the Platform:

  • Pages Viewed: Which pages and features you access
  • Search Queries: Properties searched, filters applied, sorting preferences
  • Click Behavior: Links clicked, buttons pressed, navigation patterns
  • Time Metrics: Time spent on pages, session duration, frequency of visits
  • Property Interactions: Properties viewed, saved, or for which detailed information was requested

B. Device and Browser Information

  • Device Type: Desktop, mobile, tablet specifications
  • Operating System: Windows, macOS, iOS, Android versions
  • Browser Information: Browser type and version
  • Screen Resolution: Display size and pixel density
  • Language Settings: Preferred language and locale

C. Technical Data (ESIGN Act Compliance)

For electronic signature events, we collect:

  • IP Address: Internet Protocol address of your device
  • Timestamp: Exact date and time of signature execution (with timezone)
  • User Agent: Browser and device identification string
  • Session ID: Unique identifier for the signing session
  • Location Data: Approximate geographic location derived from IP address
  • Authentication Status: Confirmation of user identity at time of signature

This data is collected to comply with the Electronic Signatures in Global and National Commerce Act (ESIGN Act, 15 U.S.C. ยง 7001) and to maintain legally valid audit trails.

D. Cookies and Tracking Technologies

We use cookies, web beacons, and similar technologies to:

  • Maintain your login session
  • Remember your preferences and settings
  • Analyze Platform usage and performance
  • Prevent fraud and enhance security

Types of Cookies:

  • Essential Cookies: Required for Platform functionality (cannot be disabled)
  • Functional Cookies: Remember your preferences and settings
  • Analytics Cookies: Measure Platform performance and user behavior
  • Authentication Cookies: Maintain your logged-in status

You can control cookie preferences through your browser settings, but disabling certain cookies may limit Platform functionality.

2.3 Information from Third-Party Sources

A. Monday.com CRM Integration

If you submitted our pre-qualification form through Monday.com, we may receive:

  • Form responses and investment criteria
  • Contact information and professional details
  • Investment preferences and property criteria
  • Communication history

B. Social Media Authentication (If Applicable)

If you sign in using Google, LinkedIn, or other social media:

  • Profile information (name, email, photo)
  • Public profile data you authorize us to access
  • Authentication tokens (not passwords)

2.4 Information We Do NOT Collect

Important: We do NOT collect or store:

  • Payment Card Information: We do not process payments; no credit card or banking details are collected
  • Social Security Numbers: Not required or collected
  • Government-Issued ID Copies: We do not verify identity documents
  • Full Financial Statements: We do not collect bank statements, tax returns, or detailed financial records
  • Passwords to Other Services: If you use social login, we do not have access to your social media passwords

3. HOW WE USE YOUR INFORMATION

3.1 Primary Uses

We use collected information for the following purposes:

A. Platform Operation and Service Delivery

  • Account Management: Create, maintain, and secure your user account
  • Property Matchmaking: Connect you with properties matching your investment criteria
  • Personalized Experience: Customize property recommendations based on your preferences
  • Communication: Respond to inquiries, provide support, send transactional notifications
  • Access Control: Manage Confidentiality Agreement (CA) status and property access levels

B. Investment Opportunity Delivery

  • Property Alerts: Notify you of new properties matching your buybox criteria
  • Deal Flow Management: Present properties in order of relevance to your preferences
  • Saved Searches: Maintain your favorite properties and search criteria
  • Document Delivery: Provide access to property financial packages and materials

C. Legal Compliance and Security

  • ESIGN Act Compliance: Maintain audit trails for electronically signed documents (7-year retention)
  • Fraud Prevention: Detect and prevent unauthorized access or suspicious activity
  • Dispute Resolution: Provide evidence in case of disputes or legal proceedings
  • Regulatory Reporting: Comply with legal obligations if required by authorities
  • Security Monitoring: Protect against cyber threats and data breaches

D. Platform Improvement and Analytics

  • Usage Analysis: Understand how users interact with the Platform to improve features
  • Performance Optimization: Identify and fix bugs, improve loading times, enhance reliability
  • Feature Development: Prioritize new features based on user behavior and feedback
  • A/B Testing: Test variations of features to improve user experience

E. Business Operations

  • Market Research: Analyze investment trends and market demand
  • Quality Assurance: Monitor service quality and user satisfaction
  • Internal Reporting: Generate anonymized statistics for business planning
  • Partner Coordination: Share relevant information with property sellers when authorized

3.2 Marketing Communications (Opt-In)

With your consent, we may use your information to:

  • Send newsletters about platform updates and new features
  • Provide investment market insights and hospitality industry trends
  • Announce special property listings or exclusive opportunities
  • Request feedback on Platform experience

You can opt out of marketing communications at any time by:

  • Clicking "unsubscribe" in any marketing email
  • Updating preferences in your account settings
  • Emailing support@a100arms.com with your request

Note: You cannot opt out of transactional communications (account notifications, security alerts, CA/LOI status updates) as these are necessary for Platform operation.

4. HOW WE SHARE YOUR INFORMATION

4.1 Information Sharing with Third Parties

We do NOT sell, rent, or trade your personal information to third parties for their marketing purposes. We share information only in the following circumstances:

A. Service Providers and Technology Partners

We share information with trusted third-party service providers who assist in Platform operations:

Firebase (Google Cloud Platform)

  • Purpose: Cloud hosting, database, authentication, file storage
  • Data Shared: All user data stored on Platform
  • Location: United States (with global redundancy)
  • Security: SOC 2, ISO 27001 certified

Vercel

  • Purpose: Web hosting and content delivery
  • Data Shared: Usage logs, performance metrics
  • Location: United States

Monday.com

  • Purpose: CRM and contact management
  • Data Shared: Contact information, investment preferences, form responses
  • Location: United States and European data centers

All service providers are contractually obligated to: Use data only for specified purposes, maintain confidentiality and security, comply with applicable privacy laws, and not sell or share data with other parties.

B. Property Sellers and Hospitality Partners

Controlled Disclosure Model:

We share your information with property sellers ONLY when:

  • You have signed a Confidentiality Agreement for a specific property
  • You have explicitly requested detailed information about a property
  • You have submitted a Letter of Intent for a property
  • Your inquiry requires seller response

Information Shared:

  • Name and contact information
  • Company name and professional background
  • Investment buybox preferences (property criteria you're looking for)
  • Specific interest level and questions about their property
  • CA signing status and LOI terms (when applicable)

Information NOT Shared (Without Your Consent):

  • Other properties you've viewed or considered
  • Your complete investment buybox for properties you haven't expressed interest in
  • Communications with other sellers or administrators
  • Details beyond what's necessary for evaluating the specific property

C. Business Transfers

If A100 Arms is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets:

  • Your information may be transferred as part of that transaction
  • You will be notified via email and/or prominent notice on the Platform
  • The acquiring entity will be bound by this Privacy Policy (or you'll be given the opportunity to consent to a new policy)

D. Legal Requirements and Safety

We may disclose your information if required to do so by law or in good faith belief that such action is necessary to:

  • Comply with Legal Process: Respond to subpoenas, court orders, or legal requests from government authorities
  • Enforce Agreements: Enforce our Terms of Service or other legal agreements
  • Protect Rights: Defend against legal claims or protect our legal rights and property
  • Safety and Security: Prevent fraud, security threats, or illegal activity
  • Public Safety: Protect the safety of users, employees, or the public as required by law

4.2 Information We Do NOT Share

We will NEVER:

  • Sell your personal information to data brokers or marketing companies
  • Share your information with competitors
  • Publicly disclose your investment activities without consent
  • Provide your contact information to unrelated third parties for their own marketing
  • Share your communications with other Platform users (except as necessary for platform operations)

5. DATA RETENTION

5.1 Active User Data

While your account is active, we retain all your information to provide continuous service:

  • Account profile and preferences
  • Property viewing history and saved searches
  • Messages and communications
  • Signed documents and agreements

5.2 Inactive User Data

If your account becomes inactive (no login for 2+ years):

  • We will send email reminders about account inactivity
  • After 3 years of inactivity, we may archive or anonymize non-essential data
  • Anonymization means removing personal identifiers while retaining statistical patterns

5.3 Mandatory Retention Periods

ESIGN Act Requirements (7 Years):

For all electronically signed documents, we are legally required to retain:

  • Signed Confidentiality Agreements (CAs)
  • Signed Letters of Intent (LOIs)
  • Signature audit trails (IP addresses, timestamps, session data)
  • Electronic consent records and disclosures

This 7-year retention is mandated by federal law and cannot be shortened even upon your request.

5.4 Post-Account Deletion

If you request account deletion, we will:

Delete Within 30 Days:

  • Account credentials and login information
  • Personal profile data (name, email, phone)
  • Investment preferences and buybox settings
  • Saved properties and search history
  • Non-essential communications

Retain as Legally Required:

  • ESIGN records (7 years from signature date)
  • Records necessary for legal claims or compliance (statute of limitations period)
  • Anonymized analytics data (no personally identifiable information)
  • Financial transaction records related to real estate transactions (varies by state, typically 3-7 years)

Retain in Backup Systems (Up to 90 Days):

  • Data in automatic backup systems purged according to backup retention schedule
  • Not accessible for operational use during this period

6. DATA SECURITY

6.1 Security Measures

We implement industry-standard security measures to protect your information:

Technical Safeguards

  • Encryption in Transit: All data transmitted using TLS 1.3 encryption (HTTPS)
  • Encryption at Rest: Sensitive data encrypted in database storage
  • Secure Authentication: Password hashing using bcrypt or Argon2
  • Multi-Factor Authentication: Available for enhanced account security
  • Session Management: Secure session tokens, automatic timeout after inactivity
  • API Security: Rate limiting, request validation, authentication tokens

Administrative Safeguards

  • Access Controls: Role-based access, principle of least privilege
  • Employee Training: Security awareness and data privacy training for all team members
  • Background Checks: Screening of personnel with access to sensitive data
  • Third-Party Audits: Regular security assessments of service providers
  • Incident Response Plan: Documented procedures for security breach response

Physical Safeguards

  • Cloud Infrastructure: Data hosted in SOC 2 and ISO 27001 certified facilities (Firebase, Vercel)
  • Redundancy: Automatic backups and disaster recovery procedures
  • Monitoring: 24/7 system monitoring and intrusion detection

6.2 Your Security Responsibilities

You play a critical role in protecting your information:

  • Strong Passwords: Use unique, complex passwords (minimum 12 characters, mix of letters, numbers, symbols)
  • Password Confidentiality: Never share your password with anyone
  • Secure Devices: Keep your devices and software updated with latest security patches
  • Public Networks: Avoid accessing sensitive information on public Wi-Fi without VPN
  • Phishing Awareness: Be suspicious of emails or messages requesting login credentials
  • Report Suspicious Activity: Immediately notify us of unauthorized account access

6.3 Data Breach Notification

In the event of a data breach:

  • Investigation: We will promptly investigate the scope and impact
  • Containment: Take immediate action to prevent further unauthorized access
  • Notification: Notify affected users within 72 hours of discovery (or as required by law)
  • Remediation: Implement measures to prevent future occurrences
  • Regulatory Reporting: Report to authorities as required by applicable law

6.4 Limitations of Security

Important Notice: Despite our security measures, no system is 100% secure:

  • Internet transmission carries inherent risks
  • Unauthorized access can occur despite safeguards
  • You assume some risk when using any online service
  • We cannot guarantee absolute security

We are not liable for unauthorized access resulting from circumstances beyond our reasonable control.

7. YOUR PRIVACY RIGHTS

7.1 Access and Portability Rights

You have the right to:

Access Your Information

  • Request a copy of all personal information we hold about you
  • Review your account profile, preferences, and settings
  • Access your communications and document history

Data Portability

  • Request your data in a machine-readable format (JSON or CSV)
  • Transfer your data to another service (where technically feasible)

How to Request: Email support@a100arms.com with subject line "Data Access Request"
Response Time: Within 30 days of verified request

7.2 Correction and Update Rights

You have the right to:

  • Update your profile details, contact information, or preferences
  • Correct errors in your investment criteria or buybox settings

How to Update: Directly through your account settings (most information) or email support@a100arms.com for information you cannot self-update

7.3 Deletion Rights ("Right to Be Forgotten")

You have the right to:

  • Request permanent deletion of your account and associated data
  • Subject to legal retention requirements (see Section 5.3)

How to Request: Email support@a100arms.com with subject line "Account Deletion Request"
Verification Required: We must verify your identity before deletion
Processing Time: Deletion completed within 30 days (except legally required retention)

Note: Deletion is permanent and cannot be undone. You will lose access to all signed documents, property viewing history, saved searches, and communications.

7.4 Opt-Out Rights

You have the right to opt out of:

Marketing Communications

  • Unsubscribe from newsletters and promotional emails
  • Method: Click "unsubscribe" in any marketing email or update account settings

Cookies (Non-Essential)

  • Control cookie preferences through browser settings
  • Note: Essential cookies required for Platform functionality cannot be disabled

7.5 California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act:

  • Right to Know: Categories of personal information collected, sources, business purposes, and third parties with whom information is shared
  • Right to Delete: Request deletion of personal information (with exceptions)
  • Right to Opt-Out of Sale: We do NOT sell personal information, so no opt-out is necessary
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights

How to Exercise: Email privacy@a100arms.com
Response Time: Within 45 days (may extend by 45 days if necessary)

7.6 European Privacy Rights (GDPR)

If you are in the European Economic Area (EEA) or UK, you have rights under the General Data Protection Regulation:

Legal Basis for Processing

  • Contract Performance: Necessary to provide Platform services
  • Legitimate Interests: Platform improvement, security, fraud prevention
  • Consent: Marketing communications, optional features
  • Legal Obligations: ESIGN compliance, regulatory requirements

Additional Rights

  • Right to withdraw consent at any time (for consent-based processing)
  • Right to lodge a complaint with your local data protection authority
  • Right to data portability in structured, commonly used format

Data Controller: A100 Arms LLC
How to Exercise: Email gdpr@a100arms.com

8. CHILDREN'S PRIVACY

The Platform is NOT intended for individuals under 18 years of age.

  • We do not knowingly collect personal information from children under 18
  • Investment opportunities are only for accredited investors (adults)
  • If we discover we have collected information from a child, we will delete it immediately

If you believe we have collected information from a child under 18, please contact us immediately at privacy@a100arms.com.

9. INTERNATIONAL DATA TRANSFERS

9.1 Data Storage Location

Your information is primarily stored on servers located in the United States:

  • Firebase (Google Cloud Platform): U.S. data centers with global redundancy
  • Vercel: U.S.-based hosting with global CDN
  • Monday.com: U.S. and European data centers

9.2 Cross-Border Transfers

If you access the Platform from outside the United States:

  • Your information will be transferred to, stored in, and processed in the United States
  • U.S. data protection laws may differ from those in your country
  • We rely on approved transfer mechanisms (Standard Contractual Clauses, adequacy decisions) where applicable

By using the Platform, you consent to transfer of your information to the United States.

10. CHANGES TO THIS PRIVACY POLICY

10.1 Right to Modify

We reserve the right to update this Privacy Policy at any time to reflect changes in our data practices, new features or services, legal or regulatory requirements, or industry best practices.

10.2 Notice of Changes

We will notify you of material changes by:

  • Posting the updated Privacy Policy on the Platform with a new "Last Updated" date
  • Sending email notification to your registered email address
  • Displaying a prominent notice on the Platform homepage

10.3 Continued Use as Acceptance

Your continued use of the Platform after changes are posted constitutes acceptance of the revised Privacy Policy.

If you do not agree to the changes, you must stop using the Platform and may request account deletion.

11. CONTACT US

For questions about this Privacy Policy, to exercise your privacy rights, or for any general Platform inquiries, please contact us at:

A100 Arms LLC
Email: support@a100arms.com
Subject Line: Please include "Privacy Request," "CCPA Request," "GDPR Request," or "General Support" as applicable

Response Time

We will respond to inquiries within:

  • 30 days for general privacy questions and support requests
  • 45 days for CCPA requests (with possible 45-day extension)
  • 30 days for GDPR requests (with possible 60-day extension in complex cases)

12. ACKNOWLEDGMENT

BY USING THE PLATFORM, YOU ACKNOWLEDGE THAT:

  • You have read and understand this Privacy Policy
  • You consent to the collection, use, and disclosure of your information as described
  • You understand that Platform access is granted on an invite-only basis
  • You accept the risks associated with electronic data transmission
  • You are responsible for maintaining the confidentiality of your account credentials
  • You understand your rights and how to exercise them

If you do not agree, please do not use the Platform.

END OF PRIVACY POLICY