Privacy Policy

1. Information We Collect

We collect information in three ways: (1) information you provide directly to us, (2) information we collect automatically, and (3) information from third-party sources.

1.1 Information You Provide to Us

When you use the Service, you may provide us with the following types of information:

Account Information:

• Name
• Email address
• Phone number
• Company/agency name
• Real estate license information
• Job title
• Billing address
• Payment information (processed by third-party payment processors)

Profile Information:

• Professional biography
• Profile photo
• Business location
• Areas of specialization
• Website or social media links
• Preferences and settings

Customer and Lead Data:

• Contact information for your customers and leads (names, emails, phone numbers)
• Communication histories and interactions
• Lead sources and status
• Property preferences and inquiries
• Appointment information
• Feedback and survey responses
• Notes and custom fields you create

Communications:

• Messages and conversations with the REA AI assistant
• Support requests and correspondence with us
• Feedback and survey responses
• User-generated content

User Content:

• Files, documents, and images you upload
• Templates and custom responses
• Property information and listings
• Marketing materials

1.2 Information We Collect Automatically

When you access or use the Service, we automatically collect:

Device and Usage Information:

• IP address
• Device type, model, and operating system
• Browser type and version
• Unique device identifiers
• Mobile network information
• Time zone and language settings

Activity Information:

• Pages and features accessed
• Time, frequency, and duration of activities
• Search queries and interactions
• Clickstream data
• Feature usage patterns
• Performance and error logs

Location Information:

• Approximate geographic location based on IP address
• Precise geolocation (only if you grant permission)

Cookies and Similar Technologies:

• Session cookies
• Persistent cookies
• Web beacons and pixels
• Local storage
• Analytics identifiers

For more information, see Section 12: Cookies and Tracking Technologies.

1.3 Information from Third-Party Sources

We may receive information about you from third parties, including:

Integration Partners:

• CRM systems (customer lists, interaction histories)
• Email marketing platforms (campaign data, engagement metrics)
• Calendar services (appointment information)
• MLS platforms (property data)
• Social media platforms (profile information if you connect accounts)

Business Partners:

• Lead generation services
• Referral partners
• Co-marketing partners

Publicly Available Sources:

• Real estate license databases
• Professional directories
• Public social media profiles
• Business registries

Payment Processors:

• Transaction information
• Payment status
• Fraud detection data

2. How We Use Your Information

We use the information we collect for the following purposes:

2.1 Provide and Improve the Service

• Create and manage your account
• Deliver the features and functionality of the Service
• Process and complete transactions
• Provide the REA AI assistant capabilities
• Automate customer interactions and lead management
• Generate insights, analytics, and reports
• Personalize your experience
• Respond to your requests and provide customer support
• Send transactional communications (confirmations, receipts, updates)

2.2 Service Improvement and Development

• Analyze usage patterns and trends
• Conduct research and development
• Improve and optimize the Service
• Develop new features and functionality
• Train and improve our AI models and algorithms
• Test and troubleshoot
• Perform quality assurance

2.3 Communication

• Send administrative and account-related messages
• Provide customer support
• Send marketing and promotional communications (with your consent where required)
• Send newsletters and updates about the Service
• Conduct surveys and request feedback
• Respond to your inquiries

2.4 Safety and Security

• Verify your identity
• Detect, prevent, and investigate fraud and abuse
• Protect against security threats and malicious activity
• Enforce our Terms of Service
• Comply with legal obligations
• Protect our rights, property, and safety and that of our users

2.5 Legal and Compliance

• Comply with applicable laws, regulations, and legal processes
• Respond to lawful requests from public authorities
• Establish, exercise, or defend legal claims
• Conduct audits and investigations

2.6 Aggregated and Anonymized Data

We may aggregate and anonymize your information to create statistical or demographic data that cannot reasonably identify you. We may use and share this anonymized data for any purpose, including:

• Industry research and analysis
• Benchmarking and reporting
• Product development
• Marketing and business purposes

3. Third-Party AI Service Providers and Data Processing

3.1 Overview

The Service relies on third-party artificial intelligence (AI) and machine learning service providers to deliver core functionality, including:

• Natural language processing and understanding
• Conversational AI capabilities (the REA assistant)
• Content generation and recommendations
• Sentiment analysis and insights
• Lead qualification and analysis
• Predictive analytics

3.2 Third-Party AI Providers

We currently use or may use the following categories of third-party AI service providers:

• Large Language Model (LLM) Providers: Including but not limited to OpenAI (GPT models), Anthropic (Claude), Google (Gemini/PaLM), and similar providers
• Cloud AI Services: Including Microsoft Azure AI, AWS AI Services, Google Cloud AI
• Specialized AI Tools: For speech recognition, translation, image analysis, and other specialized functions
• Analytics and ML Platforms: For data analysis and machine learning operations

Note: The specific providers we use may change over time as we optimize our Service. We will update this Privacy Policy to reflect material changes in our use of third-party AI providers.

3.3 Data Shared with AI Providers

When you use the Service, the following types of data may be shared with third-party AI providers:

Input Data:

• Messages and prompts you send to the REA assistant
• Questions, queries, and commands
• Customer inquiries and interactions
• Context and conversation history
• Files and documents you upload for processing

Output Data:

• AI-generated responses and content
• Recommendations and suggestions
• Analysis and insights

Usage and Performance Data:

• API request metadata
• Response times and performance metrics
• Error logs
• Usage patterns

Technical Data:

• IP addresses (may be truncated or anonymized)
• Device identifiers
• Timestamps
• Session identifiers

3.4 How Third-Party AI Providers Use Your Data

Third-party AI providers may use your data for the following purposes:

Service Delivery:

• Processing your requests and generating responses
• Providing the AI functionality you request

Service Improvement:

• Improving their AI models and algorithms
• Training and fine-tuning models
• Quality assurance and safety monitoring
• Research and development

Operational Purposes:

• Detecting and preventing abuse
• Ensuring service performance and reliability
• Troubleshooting and debugging

Anonymization and Aggregation:

• Most AI providers anonymize and aggregate data for model training
• Data may be stripped of personally identifiable information
• However, no anonymization method is perfect (see Section 3.6)

3.5 Specific Provider Information

Below are links to privacy policies of major AI providers we may use:

• OpenAI: https://openai.com/privacy
• Anthropic: https://www.anthropic.com/privacy
• Google (Vertex AI): https://cloud.google.com/privacy
• Microsoft (Azure AI): https://privacy.microsoft.com/
• AWS (AI Services): https://aws.amazon.com/privacy/

We encourage you to review these policies to understand how these providers handle data.

3.6 Risks and Limitations

You should be aware of the following risks when using AI-powered services:

Data Retention:

• Third-party AI providers may retain your data for varying periods
• Some providers retain data for 30 days, others for longer periods
• Retention periods may vary based on the service tier or configuration

Anonymization Risks:

• While providers attempt to anonymize data, no method is foolproof
• There is always a theoretical risk of re-identification
• Anonymized data may be used indefinitely for model training

Third-Party Control:

• We do not control third-party providers' data practices
• Providers may change their policies or practices
• Data may be subject to legal processes in different jurisdictions

International Transfers:

• Your data may be processed in the United States or other countries
• Data protection laws may differ from those in your jurisdiction

Model Training:

• Your interactions may contribute to improving AI models
• This may benefit the AI provider's broader user base
• Contributions are typically anonymized but see anonymization risks above

3.7 Your Choices

To protect your privacy when using AI-powered features:

Use Privacy-Focused Features:

• Where available, use privacy-enhanced configurations
• Contact us to discuss enterprise options with enhanced privacy controls

Review Before Submission:

• Review all data before submitting to AI features
• Be mindful of what information you include in conversations

Opt Out (If Available):

• Some enterprise plans may offer opt-out options for model training
• Contact us at [INSERT EMAIL] to discuss options

3.8 Our Commitments

We are committed to:

• Using reputable, security-conscious AI providers
• Configuring AI services with privacy-protective settings where available
• Regularly reviewing provider practices and policies
• Providing transparency about our use of AI providers
• Offering enterprise options with enhanced privacy controls where feasible
• Notifying you of material changes to our AI provider relationships

4. How We Share Your Information

We share your information in the following circumstances:

4.1 Third-Party Service Providers

We share information with third-party service providers who perform services on our behalf, including:

• AI and Machine Learning Providers (see Section 3)
• Cloud Hosting and Infrastructure (AWS, Google Cloud, Microsoft Azure)
• Payment Processors (Stripe, PayPal)
• Customer Support Tools (Zendesk, Intercom)
• Email Services (SendGrid, Amazon SES)
• Analytics Providers (Google Analytics, Mixpanel)
• Marketing Platforms (Mailchimp, HubSpot)
• Security and Fraud Prevention Services
• Content Delivery Networks (CDNs)

These providers are contractually obligated to protect your information and may only use it for the purposes we specify.

4.2 Business Transfers

If we are involved in a merger, acquisition, sale of assets, financing, bankruptcy, or other business transaction, your information may be transferred as part of that transaction. We will notify you via email and/or prominent notice on our Service of any change in ownership or use of your personal information.

4.3 Legal Requirements and Protection

We may disclose your information if required to do so by law or in response to:

• Legal processes (subpoenas, court orders, warrants)
• Requests from government authorities
• National security or law enforcement requirements
• Protection of our rights, property, or safety
• Protection of the rights, property, or safety of our users or the public
• Detection and prevention of fraud, security breaches, or illegal activity

4.4 With Your Consent

We may share your information with third parties when you explicitly consent or direct us to do so, such as:

• When you authorize integrations with third-party services
• When you participate in co-marketing or promotional activities
• When you share content publicly through the Service

4.5 Aggregated and Anonymized Data

We may share aggregated, anonymized, or de-identified data that cannot reasonably identify you with:

• Business partners
• Advertisers
• Researchers
• Industry groups
• The public

4.6 Integration Partners

If you connect third-party services (CRM, email marketing, calendar apps), we will share relevant data with those services as necessary to provide the integration. Your use of third-party services is governed by their privacy policies.

4.7 Professional Advisors

We may share information with lawyers, accountants, auditors, and other professional advisors in connection with business operations, legal advice, or compliance activities.

5. Data Retention

5.1 Retention Periods

We retain your information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

Active Accounts:

• We retain your information for as long as your account is active
• Account data is retained to provide ongoing Service

Inactive and Closed Accounts:

• After account closure or termination, we retain data for up to 30 days for recovery purposes
• After 30 days, we delete or anonymize your data from active systems
• Some data may remain in backups for up to 90 days

Legal and Compliance:

• We may retain certain information longer when required by law
• Billing and transaction records: 7 years (for tax and accounting purposes)
• Legal hold: Indefinitely when required for litigation or investigations

Anonymized Data:

• Anonymized and aggregated data may be retained indefinitely

5.2 Deletion Requests

You may request deletion of your personal information at any time (subject to legal requirements). See Section 7: Your Privacy Rights.

6. Data Security

6.1 Security Measures

We implement industry-standard security measures to protect your information, including:

Technical Safeguards:

• Encryption in transit (TLS/SSL)
• Encryption at rest for sensitive data
• Secure authentication and access controls
• Regular security audits and penetration testing
• Intrusion detection and prevention systems
• Firewall protection
• Secure backup procedures

Organizational Safeguards:

• Employee training on data security
• Access controls and role-based permissions
• Confidentiality agreements
• Incident response procedures
• Vendor security assessments

Physical Safeguards:

• Secure data center facilities (through cloud providers)
• Environmental controls
• Physical access restrictions

6.2 Third-Party Security

We select service providers that maintain appropriate security measures. However, we cannot guarantee the security practices of third parties. Please review their security and privacy policies.

6.3 Limitations

6.4 Data Breach Notification

In the event of a data breach that affects your personal information, we will:

• Notify you as required by applicable law (typically within 72 hours)
• Provide information about the nature of the breach
• Describe steps we are taking to address the breach
• Provide recommendations to protect yourself
• Cooperate with authorities and affected individuals

6.5 Your Responsibility

You are responsible for:

• Maintaining the confidentiality of your password
• Using strong, unique passwords
• Enabling two-factor authentication (if available)
• Promptly notifying us of any security concerns
• Logging out of shared devices

7. Your Privacy Rights

Depending on your location, you may have certain rights regarding your personal information:

7.1 Access and Portability

• Right to Access: Request a copy of the personal information we hold about you
• Right to Data Portability: Receive your data in a structured, commonly used format
• How to Exercise: Email [INSERT EMAIL] or use your account settings

7.2 Correction

• Right to Correct: Request correction of inaccurate or incomplete information
• How to Exercise: Update information in your account settings or contact us

7.3 Deletion

• Right to Deletion: Request deletion of your personal information (subject to legal requirements)
• Exceptions: We may retain information required for legal compliance, fraud prevention, or legitimate business purposes
• How to Exercise: Email [INSERT EMAIL] with "Data Deletion Request" in the subject line

7.4 Objection and Restriction

• Right to Object: Object to certain processing of your information (e.g., marketing)
• Right to Restrict: Request restriction of processing in certain circumstances
• How to Exercise: Contact us at [INSERT EMAIL]

7.5 Withdraw Consent

• Where processing is based on consent, you may withdraw consent at any time
• Withdrawal does not affect the lawfulness of processing before withdrawal
• How to Exercise: Adjust settings in your account or contact us

7.6 Marketing Communications

• Opt-Out: You may opt out of marketing emails by clicking "unsubscribe" in any marketing email or adjusting your account settings
• Note: You cannot opt out of transactional or service-related communications

7.7 Response Time

We will respond to your requests within:

• 30 days (general requests)
• 45 days (if extension is needed, we will notify you)
• Timeframes required by law (may vary by jurisdiction)

7.8 Verification

To protect your privacy, we may need to verify your identity before fulfilling requests. We may request:

• Email verification
• Account credentials
• Additional identifying information

7.9 Authorized Agents

You may designate an authorized agent to make requests on your behalf. The agent must provide proof of authorization.

7.10 No Discrimination

We will not discriminate against you for exercising your privacy rights.

8. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA).

8.1 Categories of Personal Information

We collect the following categories of personal information as defined by the CCPA:

• Identifiers: Name, email, phone number, IP address, device IDs
• Commercial Information: Purchase history, transaction data
• Internet Activity: Browsing history, interactions with the Service
• Geolocation Data: Approximate or precise location
• Professional Information: Employer, job title, real estate license information
• Inferences: Preferences, characteristics, behavior patterns

8.2 Business Purpose for Collection

We collect this information for the business purposes described in Section 2.

8.3 Sources of Information

We collect information from:

• Directly from you
• Automatically through your use of the Service
• Third-party integrations and partners
• Publicly available sources

8.4 Sharing for Business Purposes

We share personal information with the categories of third parties described in Section 4 for business purposes.

8.5 Sale and Sharing of Personal Information

We may "share" personal information for cross-context behavioral advertising purposes. This may include sharing with analytics and advertising partners.

8.6 California Privacy Rights

California residents have the right to:

• Know: Request information about personal information collected, used, and shared in the past 12 months
• Delete: Request deletion of personal information
• Correct: Request correction of inaccurate personal information
• Opt-Out: Opt out of the "sale" or "sharing" of personal information (if applicable)
• Limit Use of Sensitive Personal Information: Request limits on use of sensitive personal information (if applicable)
• Non-Discrimination: Exercise privacy rights without discrimination

8.7 Exercising California Rights

To exercise your California privacy rights:

• Email: [INSERT EMAIL] with "CCPA Request" in the subject line
• Online Form: [INSERT LINK TO ONLINE FORM]
• Phone: [INSERT PHONE NUMBER]

8.8 Sensitive Personal Information

We may collect sensitive personal information including:

• Precise geolocation (if you grant permission)
• Account credentials (passwords)

We use sensitive personal information only for purposes permitted by the CCPA.

8.9 Retention

See Section 5: Data Retention for information about how long we keep your data.

8.10 Shine the Light Law

California's "Shine the Light" law (Civil Code § 1798.83) permits California residents to request information about disclosures of personal information to third parties for direct marketing purposes. We do not disclose personal information to third parties for their direct marketing purposes.

9. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR).

9.1 Legal Basis for Processing

We process your personal data under the following legal bases:

• Contract Performance: To provide the Service you requested
• Legitimate Interests: To operate, improve, and secure our Service
• Consent: For marketing communications and certain optional features
• Legal Obligations: To comply with applicable laws

9.2 GDPR Rights

You have the right to:

• Access: Obtain confirmation of whether we process your data and request a copy
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion of your data ("right to be forgotten")
• Restriction: Request restriction of processing in certain circumstances
• Data Portability: Receive your data in a portable format
• Object: Object to processing based on legitimate interests or for direct marketing
• Withdraw Consent: Withdraw consent at any time (where processing is based on consent)
• Automated Decision-Making: Not be subject to solely automated decisions with legal or significant effects

9.3 Exercising GDPR Rights

To exercise your rights, contact us at:

• Email: [INSERT EMAIL]
• Data Protection Officer: [INSERT DPO EMAIL if applicable]

9.4 Response Time

We will respond to requests within one month (extendable by two months if necessary).

9.5 Supervisory Authority

You have the right to lodge a complaint with your local data protection authority if you believe we have violated your rights.

9.6 International Data Transfers

We are based in the United States. If you are accessing the Service from the EEA, UK, or Switzerland, your data will be transferred to and processed in the United States.

We implement appropriate safeguards for international transfers, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions where applicable
• Other lawful transfer mechanisms

9.7 Data Protection Officer

If required by law, we will appoint a Data Protection Officer. Contact information will be provided here: [INSERT DPO CONTACT INFO]

10. Children's Privacy

The Service is not intended for children under the age of 18, and we do not knowingly collect personal information from children under 18.

If you are under 18, do not:

• Use or provide information on the Service
• Register for an account
• Make purchases
• Use any interactive features
• Provide any personal information

If we learn we have collected personal information from a child under 18, we will delete that information as quickly as possible. If you believe we have information from or about a child under 18, please contact us at [INSERT EMAIL].

10.1 Parental Rights

Parents or guardians who believe we have collected information from their child may contact us to:

• Review the information
• Request deletion
• Refuse further collection or use

11. International Data Transfers

We are based in the United States, and your information may be transferred to, stored, and processed in the United States and other countries where our service providers operate.

11.1 Cross-Border Transfers

Data protection laws vary by country and may be less protective than the laws in your jurisdiction. By using the Service, you consent to:

• Transfer of your information to the United States and other countries
• Processing of your information in these countries
• Application of U.S. law to disputes (see Terms of Service)

11.2 Safeguards

We implement appropriate safeguards for international transfers, including:

• Standard Contractual Clauses (SCCs)
• Adequacy decisions
• Privacy Shield principles (where applicable)
• Other lawful transfer mechanisms

11.3 Third-Party Providers

Our third-party service providers (including AI providers) may process data internationally. See Section 3 for information about third-party AI providers and international processing.

12. Cookies and Tracking Technologies

12.1 What Are Cookies?

Cookies are small text files stored on your device that help us provide and improve the Service. We use cookies and similar technologies including:

• Cookies (session and persistent)
• Web beacons and pixels
• Local storage
• Mobile device identifiers

12.2 Types of Cookies We Use

Strictly Necessary Cookies:

• Required for the Service to function
• Enable core features (authentication, security, payments)
• Cannot be disabled without affecting functionality

Performance and Analytics Cookies:

• Collect information about how you use the Service
• Help us analyze traffic and improve the Service
• Examples: Google Analytics, Mixpanel

Functionality Cookies:

• Remember your preferences and settings
• Provide enhanced features
• Enable integrations

Advertising and Marketing Cookies:

• Deliver relevant advertisements
• Track ad performance
• Support retargeting campaigns
• Examples: Google Ads, Facebook Pixel

Third-Party Cookies:

• Set by third-party services integrated into our Service
• Subject to third-party privacy policies

12.3 Managing Cookies

Browser Settings:

• Most browsers allow you to control cookies through settings
• You can block or delete cookies, but this may affect functionality
• Instructions: Check your browser's help documentation

Cookie Preferences:

• [LINK TO COOKIE PREFERENCE CENTER if you implement one]
• You can manage non-essential cookies through our preference center

Opt-Out Tools:

• Google Analytics: https://tools.google.com/dlpage/gaoptout
• Network Advertising Initiative: http://optout.networkadvertising.org/
• Digital Advertising Alliance: http://optout.aboutads.info/

12.4 Mobile Identifiers

On mobile devices, we may use device identifiers (IDFA for iOS, AAID for Android). You can:

• iOS: Settings > Privacy > Advertising > Limit Ad Tracking
• Android: Settings > Google > Ads > Opt out of Ads Personalization

13. Do Not Track Signals

Some browsers have "Do Not Track" (DNT) features. We currently do not respond to DNT signals because there is no common industry standard for DNT. We will continue to monitor developments around DNT and may adjust our practices in the future.

14. Changes to This Privacy Policy

14.1 Updates

We may update this Privacy Policy from time to time to reflect:

• Changes to our practices
• Changes in laws or regulations
• New features or services
• Feedback from users

14.2 Notice of Changes

We will notify you of material changes by:

• Posting the updated Privacy Policy on our website
• Updating the "Last Updated" date at the top
• Sending an email to your registered email address
• Displaying a notice on the Service

14.3 Acceptance

Your continued use of the Service after changes take effect constitutes acceptance of the updated Privacy Policy. If you do not agree to changes, you should stop using the Service and close your account.

14.4 Review Regularly

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us: