Introduction

Welcome to Realestic ("we," "our," or "us"). We respect your privacy and are committed to protecting your personal data. This privacy policy explains how we collect, use, store, and protect your information when you use our real estate SaaS platform (the "Service").

Information We Collect

1. Account Information

When you create an account, we collect:

• Full name
• Email address
• Password (encrypted)
• Profile picture (optional)

2. Google Account Information

When you sign in with Google or connect Google Calendar:

• Google account email address
• Profile information (name, profile picture)
• Calendar events (titles, dates, times, descriptions, locations)
• OAuth access and refresh tokens

3. Usage Information

• Property listings and project information you create
• Client information you add
• Tasks and transactions you manage
• Calendar events you create
• Files and images you upload
• Notes and communications within the platform

4. Automatically Collected Information

• IP address
• Browser type and version
• Device information
• Pages visited and time spent
• Referring URLs

How We Use Your Information

Service Delivery

• Create and manage your account
• Provide access to platform features
• Sync your Google Calendar events
• Create calendar events for showings and meetings
• Store and display your client and property information
• Generate AI-powered content descriptions
• Analyze property images using AI

Communication

• Send you important service updates
• Respond to your inquiries
• Send appointment reminders
• Notify you of calendar events

Improvement

• Analyze usage patterns to improve our service
• Debug technical issues
• Develop new features

Third-Party Services We Use

Supabase

We use Supabase for:

• User authentication and account management
• Database storage
• File storage for uploaded images and documents

Data stored: User profiles, calendar events, client information, property data, uploaded files

Privacy Policy: https://supabase.com/privacy

Google APIs

We integrate with Google services for:

• Google Sign-In (authentication)
• Google Calendar (reading and creating events)

Scopes requested:

• calendar.readonly - Read your calendar events to display and check for conflicts
• calendar.events - Create and modify calendar events for showings and meetings
• userinfo.email - Identify you during sign-in

Compliance: We comply with Google's API Services User Data Policy, including the Limited Use Requirements. We only use your Google data to provide the features you've explicitly requested.

Google's Privacy Policy: https://policies.google.com/privacy

OpenAI

We use OpenAI's services to:

• Generate property descriptions
• Analyze property images
• Refine and enhance marketing content

Data sent to OpenAI: Property information and images you explicitly request us to process

OpenAI Privacy Policy: https://openai.com/policies/privacy-policy

Vercel

We host our application on Vercel for deployment and performance.

Vercel Privacy Policy: https://vercel.com/legal/privacy-policy

How We Protect Your Data

Security Measures

• All data transmission is encrypted using SSL/TLS
• OAuth tokens are encrypted at rest
• Passwords are hashed using industry-standard algorithms
• Database access is restricted and monitored
• Regular security audits and updates

Access Control

• Only you can access your account and data
• We never share your data with third parties for marketing
• Our team only accesses data for support or debugging with your permission

Data Retention

• Active accounts: We retain your data for as long as your account is active
• Inactive accounts: We may delete accounts inactive for 2+ years after notice
• Deleted accounts: Data is permanently deleted within 30 days of account deletion
• Backups: Backup copies are retained for 90 days for disaster recovery

Your Rights and Choices

Access and Control

You have the right to:

• Access all your personal data
• Update or correct your information
• Delete your account and data
• Export your data
• Disconnect third-party integrations (Google Calendar)

Google Calendar Integration

You can:

• Disconnect Google Calendar at any time from your Settings page
• Revoke access via your Google Account settings
• Stop sync immediately - no further access to your calendar

How to Exercise Your Rights

• Update data: Use your account Settings page
• Delete account: Contact us at privacy@realestic.com
• Data export: Contact us at privacy@realestic.com
• Questions: Email us at support@realestic.com

Cookies and Tracking

We use essential cookies to:

• Keep you logged in
• Remember your preferences
• Ensure security

We do not use advertising or tracking cookies.

Children's Privacy

Our Service is not intended for users under 18. We do not knowingly collect information from children. If you believe we have collected data from a child, contact us immediately.

International Data Transfers

Your data may be processed in countries outside your own. We ensure appropriate safeguards are in place to protect your data in compliance with applicable laws.

Changes to This Policy

We may update this privacy policy from time to time. We will notify you of significant changes via:

• Email notification
• Prominent notice on our website
• In-app notification

Continued use of the Service after changes constitutes acceptance of the updated policy.

Legal Basis for Processing (GDPR)

If you are in the European Economic Area (EEA), our legal bases for processing your data are:

• Contract: To provide the Service you signed up for
• Consent: When you explicitly consent (e.g., connecting Google Calendar)
• Legitimate interests: To improve and secure our Service
• Legal obligation: To comply with applicable laws

California Privacy Rights (CCPA)

If you are a California resident, you have additional rights:

• Right to know what personal information we collect
• Right to delete your personal information
• Right to opt-out of sale of personal information (we don't sell your data)
• Right to non-discrimination for exercising your rights

Contact Us

For privacy-related questions or to exercise your rights:

Compliance

We comply with:

• General Data Protection Regulation (GDPR)
• California Consumer Privacy Act (CCPA)
• Google API Services User Data Policy
• Other applicable data protection laws