Privacy Policy

Introduction

Welcome to Realestic ("we," "our," or "us"). We respect your privacy and are committed to protecting your personal data. This privacy policy explains how we collect, use, store, and protect your information when you use our real estate SaaS platform (the "Service").

Information We Collect

1. Account Information

When you create an account, we collect:

• Full name
• Email address
• Password (encrypted)

2. Google Account Information

When you sign in with Google or connect Google Calendar:

• Google account email address
• Profile information (name)
• Calendar events (titles, dates, times, descriptions, locations)
• OAuth access and refresh tokens

2b. Microsoft/Outlook Account Information

When you connect Outlook Calendar:

• Outlook account email address
• Calendar events (titles, dates, times, descriptions, locations)
• OAuth access and refresh tokens

3. AI Assistant Conversation Data

When you use our AI Assistant feature, we collect and store:

• Your messages and prompts sent to the AI
• AI-generated responses and content
• Complete conversation history to maintain context across multiple exchanges
• Images you attach to conversations for analysis
• Auto-generated conversation titles based on your first message
• Conversation metadata (creation date, last updated, pinned status)

Note: Conversations are stored in your account and you can delete them at any time from the AI Assistant page.

4. Property Lookup Search Data

When you use the Property Lookup feature, we process:

• Property addresses you search for
• Search history stored locally in your browser session

Important: Property lookup results — including owner names, contact information, and property details — are retrieved in real time from third-party data providers (Rentcast, BatchData) and are not stored in your account. This data originates from county public records and third-party databases and may be inaccurate or outdated. We do not guarantee its accuracy.

5. Other Usage Information

• Property listings and project information you create
• Client information you add
• Transactions you manage
• Calendar events you create
• Files and images you upload
• Notes and communications within the platform

6. Payment Information

• Payment method details (processed by Stripe)
• Billing address
• Transaction history
• Subscription plan information

Note: We do not store your full credit card numbers. Payment processing is handled securely by Stripe.

7. Automatically Collected Information

• IP address
• Browser type and version
• Device information
• Pages visited and time spent
• Referring URLs

How We Use Your Information

Service Delivery

• Create and manage your account
• Process subscription payments
• Provide access to platform features
• Sync your Google Calendar events
• Create calendar events for showings and meetings
• Store and display your client and property information
• Generate AI-powered content descriptions
• Analyze property images and documents using AI
• Provide task assistance and document analysis
• Query third-party property data APIs to return property owner, contact, and listing information

Communication

• Send you important service updates
• Respond to your inquiries
• Send appointment reminders
• Notify you of calendar events

Improvement

• Analyze usage patterns to improve our service
• Debug technical issues
• Develop new features

Third-Party Services We Use

Supabase

We use Supabase for:

• User authentication and account management
• Database storage
• File storage for uploaded images and documents

Data stored: User profiles, calendar events, client information, property data, uploaded files

Privacy Policy: https://supabase.com/privacy

Google APIs

We integrate with Google services for:

• Google Sign-In (authentication)
• Google Calendar (reading and creating events)

Scopes requested:

• calendar.readonly - Read your calendar events to display and check for conflicts
• calendar.events - Create and modify calendar events for showings and meetings
• userinfo.email - Identify you during sign-in

Compliance: We comply with Google's API Services User Data Policy, including the Limited Use Requirements. We only use your Google data to provide the features you've explicitly requested.

Google's Privacy Policy: https://policies.google.com/privacy

OpenAI

We use OpenAI's GPT-4 services to:

• Generate property descriptions and marketing content
• Analyze property images and documents
• Refine and enhance content
• Provide AI-powered conversational assistance with conversation memory
• Generate descriptive titles for your conversations
• Maintain conversation context across multiple messages
• Extract information from uploaded documents and images

Data sent to OpenAI: Your conversation messages, property information, images, and documents you explicitly request us to process. Your full conversation history is sent to OpenAI to maintain context and provide relevant responses. We store conversation history in our database to enable you to resume conversations later. AI responses are for informational purposes only and do not constitute financial, legal, or professional advice.

Data Retention: Conversation history is stored indefinitely until you manually delete conversations from the AI Assistant page. You have full control to delete any or all conversations at any time.

OpenAI Privacy Policy: https://openai.com/policies/privacy-policy

Stripe

We use Stripe for payment processing:

• Processing subscription payments
• Managing billing and invoices
• Handling refunds and payment disputes

Data shared with Stripe: Your payment method details, billing address, and transaction information. Stripe maintains PCI DSS compliance for secure payment processing.

Stripe Privacy Policy: https://stripe.com/privacy

Rentcast

We use Rentcast's property data API to:

• Retrieve verified property owner names from county assessor/recorder records
• Retrieve property details (beds, baths, sq ft, year built, assessed value, sale history)
• Check active and recent MLS listings for a searched property

Data sent to Rentcast: The property address you search. Results are returned in real time and are not stored in your account.

Rentcast Privacy Policy: https://rentcast.io/privacy

BatchData (Skip Tracing)

We use BatchData's skip tracing API to:

• Retrieve phone numbers and email addresses associated with a property owner

Data sent to BatchData: The property address and verified owner name (obtained from county records via Rentcast). Results are returned in real time and are not stored in your account. Contact information returned may be inaccurate, outdated, or belong to a previous owner. Always verify before use.

BatchData Privacy Policy: https://batchdata.com/privacy

Vercel

We host our application on Vercel for deployment and performance.

Vercel Privacy Policy: https://vercel.com/legal/privacy-policy

How We Protect Your Data

Security Measures

• All data transmission is encrypted using SSL/TLS
• OAuth tokens are encrypted at rest
• Passwords are hashed using industry-standard algorithms
• Database access is restricted and monitored
• Regular security audits and updates

Access Control

• Only you can access your account and data
• We never share your data with third parties for marketing
• Our team only accesses data for support or debugging with your permission

Data Retention

• Active accounts: We retain your data for as long as your account is active
• Inactive accounts: We may delete accounts inactive for 2+ years after notice
• Deleted accounts: Data is permanently deleted within 30 days of account deletion
• Backups: Backup copies are retained for 90 days for disaster recovery

Your Rights and Choices

Access and Control

You have the right to:

• Access all your personal data
• Update or correct your information
• Delete your account and data
• Export your data
• Disconnect third-party integrations (Google Calendar)

Google Calendar Integration

You can:

• Disconnect Google Calendar at any time from your Settings page
• Revoke access via your Google Account settings
• Stop sync immediately - no further access to your calendar

How to Exercise Your Rights

• Update data: Use your account Settings page
• Delete account: Contact us at privacy@realestic.com
• Data export: Contact us at privacy@realestic.com
• Questions: Email us at support@realestic.com

Cookies and Tracking

We use essential cookies to:

• Keep you logged in
• Remember your preferences
• Ensure security

We do not use advertising or tracking cookies.

Children's Privacy

Our Service is not intended for users under 18. We do not knowingly collect information from children. If you believe we have collected data from a child, contact us immediately.

International Data Transfers

Your data may be processed in countries outside your own. We ensure appropriate safeguards are in place to protect your data in compliance with applicable laws.

Changes to This Policy

We may update this privacy policy from time to time. We will notify you of significant changes via:

• Email notification
• Prominent notice on our website
• In-app notification

Continued use of the Service after changes constitutes acceptance of the updated policy.

Legal Basis for Processing (GDPR)

If you are in the European Economic Area (EEA), our legal bases for processing your data are:

• Contract: To provide the Service you signed up for
• Consent: When you explicitly consent (e.g., connecting Google Calendar)
• Legitimate interests: To improve and secure our Service
• Legal obligation: To comply with applicable laws

California Privacy Rights (CCPA)

If you are a California resident, you have additional rights:

• Right to know what personal information we collect
• Right to delete your personal information
• Right to opt-out of sale of personal information (we don't sell your data)
• Right to non-discrimination for exercising your rights

Contact Us

For privacy-related questions or to exercise your rights:

Compliance

We comply with:

• General Data Protection Regulation (GDPR)
• California Consumer Privacy Act (CCPA)
• Google API Services User Data Policy
• Other applicable data protection laws