Menu

Log in

Request a Demo

Last update:May 27, 2026

Privacy Policy

This Privacy Policy explains how RETS AI INCORPORATED ("Rets AI," "we," "us," or "our") collects, uses, stores, and shares information when you
use our commercial real estate intelligence platform, including our website, applications, and related services (collectively, the "Services"). By
using the Services, you agree to the practices described in this Privacy Policy.

If you have entered into a separate Master Service Agreement or other written agreement with Rets AI, the data-handling terms of that agreement govern
to the extent of any conflict with this Policy.

1. Who We Are

Rets AI provides a commercial real estate intelligence platform that helps investment firms screen, evaluate, and pursue acquisition opportunities. We
are headquartered at 2001 Ross Ave, Dallas, TX 75201. You can reach us at team@rets.ai for general questions or legal@rets.ai for
privacy-related requests.

2. Information We Collect

We collect the following categories of information:

  • Account Information. Name, email address, organization name, role, and authentication credentials when you register or are provisioned an
    account.

  • Billing Information. Billing contact, address, payment method, and transaction history. Payment card data is processed by our payment processor
    (Stripe) and is not stored on Rets AI systems.

  • Business Content. Documents, spreadsheets, images, notes, comments, and other content you upload, paste, or otherwise submit to the Services.

  • Email Integration Content. If you connect a Gmail, Outlook, or other email mailbox, we read inbound email messages and download attachments
    associated with deal-related correspondence. Connecting a mailbox is optional and may be revoked at any time. Our handling of data received from
    Google APIs is further described in Section 6.

  • Usage Data. Log data including IP address, browser type, device information, pages visited, features used, timestamps, and error reports
    automatically collected when you interact with the Services.

  • Cookies and Similar Technologies. We use cookies for authentication, security, preferences, and analytics. You can control cookies through your
    browser settings, though some functionality may not work without them.

  • Communications. Messages you send to us (support tickets, emails, in-app chat) and feedback you provide.

3. How We Use Information

We use the information we collect to:

  1. Provide, operate, maintain, and improve the Services, including processing documents and email content, extracting structured data, generating
    analytical outputs, and personalizing your experience.

  2. Authenticate users, manage accounts, and provision access.

  3. Process payments and manage billing.

  4. Communicate with you about your account, security alerts, product updates, support, and marketing (with the ability to opt out of marketing).

  5. Train, develop, and improve our machine learning models and document-processing systems, subject to the restrictions in Section 6 (Google User
    Data) and using Anonymized Data as described in Section 7.

  6. Monitor, detect, prevent, and respond to security incidents, fraud, abuse, or violations of our Terms of Service.

  7. Comply with legal obligations and respond to lawful requests from government authorities.

4. How We Share Information

We do not sell your personal information, and we do not share it for cross-context behavioral advertising. We share information only as described
below.

Service Providers. We share information with vendors that process data on our behalf to operate the Services. Current categories and named
providers include:

  • Cloud infrastructure and storage: Vercel, Supabase, Cloudflare

  • Authentication: Clerk

  • Payments: Stripe

  • Email integration and notifications: Composio, Resend

  • Document parsing: Reducto, Marker

  • Vector search and embeddings: Qdrant, Voyage AI

  • LLM inference: Anthropic, OpenAI, Voyage AI

  • Background processing: Inngest

  • Error monitoring: Sentry

  • Product analytics: PostHog

These vendors operate under data processing agreements that limit their use of data to providing services to Rets AI and prohibit use for their own
marketing or, where applicable, for training generative AI models on submitted data.

Within Your Organization. Information you submit through the Services is accessible to other members of your Rets AI organization to the extent
permitted by your organization's settings and administrator-controlled permissions.

Legal and Safety. We may disclose information when we believe in good faith that disclosure is required by law, legal process, or government
request, or is necessary to protect the rights, property, or safety of Rets AI, our users, or the public.

Business Transfers. If Rets AI is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, information may be
transferred as part of that transaction, subject to standard confidentiality protections.

With Your Consent. We may share information with third parties when you direct or consent to the sharing.

5. How We Store, Retain, and Protect Information

Information is stored in encrypted production databases (AES-256 at rest, TLS 1.2 or higher in transit) hosted on cloud infrastructure operated by
Vercel, Supabase, and Cloudflare in the United States. We implement administrative, technical, and physical safeguards including access controls,
audit logging, and periodic security reviews. No security program is perfect, and we cannot guarantee absolute security.

We retain information for as long as your account is active, as needed to provide the Services, or as required to comply with legal obligations. When
you delete content or terminate your account, we delete or anonymize the corresponding records within thirty (30) days, except where longer retention
is required by law.

6. Use of Google User Data

This section describes commitments specific to data received from Google APIs when you connect a Gmail account to the Services. To the extent anything
in Sections 2 through 5 conflicts with this Section 6, this Section 6 controls for Google user data.

Scope Requested. We request a single Google OAuth scope: gmail.readonly (View your email messages and settings). We do not request the ability
to send, modify, delete, or label messages, and we do not request access to Gmail settings beyond what is required for read access.

Use. We use Gmail read access solely to identify and process inbound emails sent to you by commercial real estate brokers and counterparties.
Specifically, we read message bodies, download attachments (PDFs, spreadsheets, Word documents, images), parse those messages and attachments to
extract structured deal data (property name, location, asking price, financial metrics, broker contact information), and surface the extracted data
inside your Rets AI deal pipeline. We do not send email from your account, modify or delete messages, change Gmail settings, or access messages
outside the scope of deal-related correspondence necessary to deliver the Services.

Storage. Extracted data and parsed message content are stored under the same encryption and access controls described in Section 5, accessible
only to the user who connected the account and other members of that user's Rets AI organization.

Sharing. We do not sell, rent, or share Google user data with any third party, and we do not use Google user data for advertising. We share Google
user data only with the processors listed in Section 4 that are strictly necessary to deliver the Services, under data processing agreements that
prohibit those processors from using the data for their own purposes, including training generative AI models on submitted Gmail content.

Human Access. We do not allow humans, including Rets AI employees, to read your Gmail data, except (a) with your explicit permission; (b) for
security investigations or to protect against fraud or abuse; (c) to comply with applicable law; or (d) where the data is aggregated and anonymized
for internal analytics in a manner that cannot be tied back to any individual or organization.

No Use for Generative AI Model Training. We do not use data received from Google APIs to develop, improve, or train generalized or
non-personalized artificial intelligence or machine learning models.

Revoking Access and Deletion. You may disconnect Gmail at any time from within Rets AI at Settings → Integrations, which immediately revokes our
access. You may also revoke our access at https://myaccount.google.com/permissions. To request deletion of
parsed data and extracted records derived from your Gmail, email team@rets.ai. We will delete the requested data within thirty (30) days.

Limited Use Compliance. Rets AI's use and transfer to any other app of information received from Google APIs will adhere to the Google API
Services User Data Policy, including the Limited Use requirements.

7. Aggregated and De-Identified Data

We may create aggregated, de-identified, or anonymized data ("Anonymized Data") from information we collect, including by removing or hashing
identifiers, combining data across customers, and producing statistical or analytical outputs that cannot reasonably be linked back to you or any
identified or identifiable individual or organization. We may retain, use, disclose, and commercialize Anonymized Data in perpetuity for any lawful
purpose, including improving the Services, training and improving our machine learning models, producing benchmarks and market research, operational
analytics, and product development. We will not re-identify Anonymized Data and will not represent Anonymized Data as belonging to you. Anonymized
Data derived from data received through Google APIs is handled in accordance with Section 6, including the Limited Use requirements and the
restriction on generative AI model training.

8. Your Rights

Depending on where you reside, you may have the following rights regarding personal information we hold about you:

  • Access. Request a copy of the personal information we hold about you.

  • Correction. Request that we correct inaccurate or incomplete personal information.

  • Deletion. Request that we delete personal information we hold about you, subject to retention obligations.

  • Portability. Request a copy of certain personal information in a structured, commonly used, machine-readable format.

  • Restriction or Objection. Restrict or object to certain processing of your personal information.

  • Withdraw Consent. Withdraw consent for processing where we rely on consent as the legal basis.

  • Non-Discrimination. We will not discriminate against you for exercising any of these rights.

To exercise any of these rights, email legal@rets.ai. We may need to verify your identity before responding and will respond within the time
period required by applicable law.

9. California Residents

If you are a California resident, the California Consumer Privacy Act ("CCPA"), as amended by the California Privacy Rights Act ("CPRA"), gives you
the rights described in Section 8. We do not sell or share personal information as those terms are defined under California law. To exercise your CCPA
rights, email legal@rets.ai. You may designate an authorized agent to make a request on your behalf, subject to verification.

10. European Economic Area, United Kingdom, and Swiss Residents

If you are located in the European Economic Area, United Kingdom, or Switzerland, the General Data Protection Regulation ("GDPR") and equivalent local
laws give you the rights described in Section 8. Our legal bases for processing include performance of a contract (providing the Services),
legitimate interests (operating and improving the Services, security), consent (where we rely on it), and compliance with legal obligations. Personal
information may be transferred to and processed in the United States and other jurisdictions; we rely on Standard Contractual Clauses and other lawful
transfer mechanisms where required.

11. Children's Privacy

The Services are intended for business and professional use by users at least 18 years of age. We do not knowingly collect personal information from
children under 18. If you believe we have collected information from a child, contact legal@rets.ai and we will delete it.

12. International Data Transfers

Rets AI is headquartered in the United States, and our infrastructure operates in the United States. By using the Services, you understand that your
information will be transferred to and processed in the United States and potentially other countries that may have different data protection laws
than your country of residence. Where required, we rely on Standard Contractual Clauses and equivalent lawful transfer mechanisms.

13. Third-Party Services

The Services may contain links to or integrate with third-party services. This Privacy Policy does not apply to those services, and we are not
responsible for their content or practices. We encourage you to review the privacy policies of any third-party services you use.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email, by posting a notice within the
Services, or by updating the Effective Date above. Your continued use of the Services after the Effective Date constitutes acceptance of the updated
Policy.

15. Contact Us

RETS AI INCORPORATED
2001 Ross Ave
Dallas, TX 75201