Effective date: March 24, 2026
Short version: We collect only what we need to file your LL84 report. We don't sell your data. We don't share it beyond what's required to deliver the service. You can request deletion at any time.
To automate your compliance filing, we need a few categories of information:
Building information. Your property address, borough, block, and lot number, building type, and gross floor area. This is what gets entered into ENERGY STAR Portfolio Manager and submitted to NYC DOB NOW.
Utility data. Electricity, gas, and water consumption figures — either pulled directly from your utility provider via their API or extracted from bills you upload. This is the core of the LL84 report itself.
DOB NOW credentials. The username and password you use to access the NYC DOB NOW portal. We need these to submit the benchmarking report on your behalf. These credentials are stored encrypted and are only used for filing purposes.
ENERGY STAR account information. Your Portfolio Manager account details, used to create or update your property's profile and generate the required reports.
Contact and account information. Your name, email address, and company name (if applicable). We use this to create your account, send filing confirmations, and communicate about your subscription.
Payment information. Billing details are collected and processed by Stripe. We don't store your full card number — Stripe handles that. We keep a record of your subscription plan and transaction history.
Everything we collect has a specific purpose. We use your building and utility data to prepare and submit your LL84 report. We use your DOB NOW and ENERGY STAR credentials to access those portals on your behalf. We use your email to send you filing confirmations, deadline reminders, and account-related notices. We use your payment information to manage billing.
We don't use your data to train AI models. We don't sell it to data brokers. We don't serve ads. The data exists to file your report — that's it.
BenchmarkIQ runs on Supabase, which provides SOC 2-compliant cloud infrastructure. Your data is encrypted in transit (TLS) and at rest. DOB NOW credentials get an extra layer — they're encrypted with a dedicated key before being stored, separate from your other account data.
We don't have employees browsing your credentials. Access to sensitive data is restricted, logged, and limited to what's necessary to run the filing automation.
Delivering the service requires interacting with a few external systems. Here's who we share data with and why:
We don't sell or license your data to any of these parties for their own use. They receive only what's needed for their specific role in delivering the service.
We keep your data as long as your account is active. This lets us show you historical filings, year-over-year comparisons, and compliance records — which are genuinely useful for multi-year compliance.
If you cancel your account, we'll retain your data for 90 days in case you change your mind or need to retrieve records. After that window, we delete it. You can also request immediate deletion — see the next section.
You have real control over your data. Specifically, you can:
To make any of these requests, email info@benchmarkiq.app. We'll respond within 5 business days.
If you're in the EU or California, additional rights may apply under GDPR or CCPA. We'll honor those requests in accordance with applicable law.
We don't sell, rent, or trade your personal information to third parties for their own marketing or commercial purposes. Full stop.
If we make material changes to how we handle your data, we'll notify you by email before the changes take effect. Minor clarifications may be updated without notice, but the effective date at the top of this page will always reflect the last substantive revision.
Questions, concerns, or data requests — email us at info@benchmarkiq.app. BenchmarkIQ operates out of New York, NY.