1. Information We Collect
We collect information you provide directly:
- Account information: name, email, password
- CRM data: contacts, deals, listings, documents, calendar events, call notes, and communications you enter
- Payment information: processed by Stripe; we do not store card numbers
- OAuth tokens: Google and Outlook tokens for calendar and email integration, encrypted at rest using AES-256
- Voice data: audio sent to the voice assistant is processed by AssemblyAI for transcription and is not stored after processing
- Usage data: pages visited, features used, AI message counts, error reports
2. How We Use Your Information
- Operate and maintain the Service
- Process your CRM data through AI models (Anthropic Claude, OpenAI) to power the broker assistant and document analysis
- Sync your calendar and email via authorized OAuth connections
- Process payments and manage billing
- Send transactional emails (password resets, billing receipts)
- Improve the Service based on aggregated, anonymized usage patterns
3. Third-Party Services
We use the following third-party services to operate SuiteCRE:
- Supabase: authentication, database hosting, and file storage
- Stripe: payment processing and subscription management
- Anthropic (Claude): AI broker assistant
- OpenAI: document embeddings for search
- AssemblyAI: speech-to-text transcription
- Inworld AI: text-to-speech for voice mode
- Vercel: application hosting
- Upstash: rate limiting (Redis)
Each service processes data according to their own privacy policies. We select providers with strong data protection practices.
4. Data Retention
Your CRM data is retained as long as your account is active. Upon account deletion or termination, we retain your data for 30 days to allow for export, then permanently delete it. Anonymized, aggregated analytics data may be retained indefinitely. Payment records are retained as required by financial regulations.
5. Data Security
We implement security measures including:
- AES-256 encryption for OAuth tokens at rest
- TLS encryption for all data in transit
- Row-level security (RLS) in the database
- Rate limiting on all API endpoints
- CORS and CSP headers
- JWT-based authentication with secure session management
6. Your Rights
You have the right to:
- Access the personal data we hold about you
- Request correction of inaccurate data
- Request deletion of your account and data
- Export your CRM data
- Revoke OAuth integrations at any time
- Opt out of non-essential communications
7. AI Data Processing
When you use the AI broker assistant, your messages and relevant CRM context are sent to Anthropic's Claude API for processing. Document embeddings are generated via OpenAI and stored in our database for search. Neither Anthropic nor OpenAI trains on your data when accessed via their APIs. Voice transcriptions are processed by AssemblyAI in real-time and are not stored after the session ends.
8. Cookies
We use essential cookies for authentication and session management. We do not use advertising or tracking cookies. Analytics, if enabled, use privacy-respecting tools.
9. Changes to This Policy
We may update this Privacy Policy periodically. Material changes will be communicated via email or in-app notification. The "Last updated" date at the top indicates the latest revision.