Privacy Policy

We collect only the data needed to make the Service work for you. We do not sell your data, and we do not use it to build advertising profiles.

When you sign in, we receive an account identifier and the basic profile (name, email) from our auth provider. We use it to scope your saved data to your account and to send you important Service notifications.

When you save a lead or deal, we store the property snapshot, your notes, follow-up dates, status, outreach log entries, and any tags you add. These rows are private to your account.

We record how many searches, contacts, and AI analyses you run so we can enforce your plan's monthly limits and credit any usage packs you purchase. We may also log non-identifying technical data (errors, response times, feature usage counts) to maintain reliability.

When paid plans are enabled, payments are processed by Stripe. We never see or store your full card details. We receive a Stripe customer reference, subscription status, and the productKey of what you bought so we can apply the right plan or usage pack to your account.

The Service depends on the following third-party services. Each has its own privacy policy that governs the data they handle.

• Clerk — authentication and account management.
• Supabase — database hosting for saved leads / deals / usage / buyer list when cross-device sync is enabled.
• OpenAI — generates outreach drafts you can review and copy.
• RentCast — supplies property listing data and sold-comp records for the CMA engine.
• Stripe (when enabled) — payment processing and subscription management.

We use cookies (set by our auth provider) to keep you signed in. We use browser localStorage to keep a local copy of your saved leads, saved deals, buyer list, and usage counters so the app works even when the database is unavailable. You can clear localStorage from your browser at any time; doing so removes the local copy but does not affect any rows that have already synced to the database.

You can request a copy of the data we hold about you, request deletion of your account, or correct inaccurate data, by contacting us at the address below. We will respond within a reasonable time, subject to verification of your identity and any legal retention requirements that apply.

We use industry-standard practices to protect your data, including encryption in transit, server-only storage of service-role keys, and per-user scoping on every database read and write. No system is perfectly secure; we will promptly notify affected users if a breach occurs as required by law.

We keep your account data as long as your account is active. When you delete your account, we delete or anonymize your personal data within a reasonable period, except where we are required to retain records (e.g. payment records for tax or accounting purposes).

The Service is not directed to children under 18 and we do not knowingly collect personal data from children.

We may update this policy from time to time. Material changes will be communicated through the Service or by email.

Privacy questions or data requests can be sent to [your privacy contact email]. Replace the bracketed placeholder with your real contact channel before launch.