Privacy Policy
Your privacy and data protection are fundamental to our AI-powered real estate platform.
Effective Date: January 1, 2026 | Last Updated: February 24, 2026
1. Introduction
ListingGPT Pro ("we," "us," or "our") operates an AI-powered real estate marketing platform that helps real estate professionals create listing descriptions, social media content, email campaigns, market analyses, and marketing calendars using artificial intelligence.
This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our website, applications, and services (collectively, the "Platform"). It applies to all users of the Platform, including real estate agents, brokers, property managers, and any other individuals who access our services.
We are committed to complying with applicable data protection laws, including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), the Personal Information Protection and Electronic Documents Act (PIPEDA), and other applicable privacy regulations.
By using our Platform, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with the practices described herein, please discontinue use of our services.
2. Information We Collect
We collect the following categories of information to provide and improve our services:
2.1 Account Information
When you register for an account, we collect your full name, email address, phone number, company name, and profile photo. This information is necessary to create and manage your account.
2.2 Property Data
To generate listing content, we collect property information you provide, including property addresses, listing prices, number of bedrooms and bathrooms, square footage, property features and amenities, and property photos. This data is essential for our AI content generation services.
2.3 AI-Generated Content
We store the content generated by our AI tools on your behalf, including listing descriptions, social media posts, email marketing campaigns, and marketing calendars. This content is associated with your account.
2.4 Payment Information
Payment processing is handled by Stripe, our PCI DSS Level 1 certified payment processor. We do not store your credit card numbers, CVV codes, or full payment card details on our servers. We retain only transaction identifiers, subscription status, and billing history for account management purposes.
2.5 Usage Data
We automatically collect information about how you interact with the Platform, including tool usage counts, feature interactions, login timestamps, pages visited, and actions performed within the application.
2.6 Device & Technical Data
We collect technical information including your IP address, browser type and version, device type and operating system, referring URLs, and cookie data. This helps us ensure platform security and optimize performance.
2.7 Communication Data
When you contact us, we collect information from support tickets, feedback submissions, and chat interactions with our AI support assistant. This data helps us resolve issues and improve our services.
3. How We Use Your Information
We process your personal information for the following purposes, each with a corresponding GDPR legal basis:
| Purpose | Legal Basis (GDPR) |
|---|---|
| Provide and improve our Platform services | Performance of Contract |
| Process payments and manage subscriptions | Performance of Contract |
| AI content generation (property data sent to AI providers) | Performance of Contract |
| Usage analytics and platform improvement | Legitimate Interest |
| Marketing communications and promotional content | Consent |
| Security monitoring and fraud prevention | Legitimate Interest |
| Legal and regulatory compliance | Legal Obligation |
4. AI Data Processing Disclosure
This section is critical to understanding how your data is processed by artificial intelligence systems on our Platform.
- •OpenAI Content Generation: Property data including addresses, listing prices, property features, and descriptions is sent to OpenAI's API for generating listing descriptions, social media posts, email campaigns, and other marketing content.
- •Quality Improvement: AI-generated content may be reviewed internally for quality assurance and to improve our prompt engineering and content accuracy.
- •Market Intelligence: Market data queries, including location and property type information, are sent to Perplexity for real-time market intelligence and comparable property analysis.
- •Voice & Chat Support: Voice and chat interactions with our AI support assistant are processed by ElevenLabs for natural language understanding and voice synthesis.
- •Opt-Out: You can opt out of AI data processing by choosing not to use AI-powered features. Core account management features remain available without AI processing.
- •Fair Housing Compliance: All AI-generated listing content undergoes automated Fair Housing Act compliance scanning to prevent discriminatory language before delivery to users.
5. Third-Party Data Sharing
We share your data only with the following service providers, strictly for the purposes described below:
| Provider | Data Shared | Safeguard |
|---|---|---|
| OpenAI | Property details (addresses, prices, features) for content generation | Data Processing Agreement (DPA) in place |
| Stripe | Payment and billing information | PCI DSS Level 1 certified |
| Perplexity | Location queries for market intelligence | API terms of service |
| ElevenLabs | Voice and chat support interactions | API terms of service |
| Neon (via Replit) | All stored platform data | Encryption at rest; managed PostgreSQL |
We do not sell, rent, or trade your personal information to any third parties. Data is shared only as necessary to provide the services described above.
6. Data Retention Periods
We retain your data for the following periods, after which it is securely deleted or anonymized:
| Data Type | Retention Period |
|---|---|
| Account data | Duration of account + 90 days after deletion |
| Property listings | Duration of account |
| AI-generated content | Duration of account |
| Payment records | 7 years (tax/legal obligation) |
| Security & audit logs | 3 years |
| Password reset tokens | 24 hours |
| Rate limiting records | 30 days |
| Cookie consent records | 2 years |
| Support tickets | 3 years |
| Deleted account data | Purged after 14-day grace period |
7. Your Rights
7.1 GDPR Rights (EU/EEA Residents)
If you are located in the European Union or European Economic Area, you have the following rights under the General Data Protection Regulation:
- Right of Access (Article 15) — Request a copy of all personal data we hold about you.
- Right to Rectification (Article 16) — Request correction of inaccurate or incomplete personal data.
- Right to Erasure (Article 17) — Request deletion of your personal data and account ("right to be forgotten").
- Right to Restriction of Processing (Article 18) — Request that we limit the processing of your personal data.
- Right to Data Portability (Article 20) — Receive your data in a structured, commonly used, machine-readable format and transfer it to another controller.
- Right to Object (Article 21) — Object to processing of your personal data based on legitimate interests or for direct marketing.
- Rights Related to Automated Decision-Making (Article 22) — Not be subject to a decision based solely on automated processing that produces legal or similarly significant effects.
7.2 CCPA/CPRA Rights (California Residents)
If you are a California resident, you have the following rights under the California Consumer Privacy Act and California Privacy Rights Act:
- Right to Know — Request disclosure of the categories and specific pieces of personal information we collect about you.
- Right to Delete — Request deletion of your personal information.
- Right to Opt-Out — Opt out of the sale or sharing of your personal information. Note: We do not sell personal information.
- Right to Correction — Request correction of inaccurate personal information.
- Right to Limit Sensitive Personal Information Use — Limit the use and disclosure of sensitive personal information.
- Right to Non-Discrimination — Not be discriminated against for exercising your privacy rights.
7.3 PIPEDA Rights (Canadian Residents)
If you are a Canadian resident, the Personal Information Protection and Electronic Documents Act (PIPEDA) grants you the right to access your personal information held by us, challenge its accuracy, and withdraw consent for its collection, use, or disclosure. We will respond to your request within 30 days.
7.4 How to Exercise Your Rights
You may exercise any of the rights described above by:
- • Visiting your Account Settings page within the Platform
- • Emailing our Data Protection Officer at privacy@listinggptpro.com
We will respond to verified requests within 30 days (or as required by applicable law). We may request additional information to verify your identity before processing your request.
9. International Data Transfers
Your personal data is stored and processed on servers located in the United States. If you access our Platform from outside the United States, please be aware that your data may be transferred to, stored, and processed in the United States.
For users in the European Union and European Economic Area, data transfers to the United States are protected by Standard Contractual Clauses (SCCs) approved by the European Commission, ensuring an adequate level of data protection.
We comply with all applicable data transfer regulations and take appropriate measures to ensure that your personal data receives an adequate level of protection in the jurisdictions in which we process it.
10. Children's Privacy
Our Platform is designed for real estate professionals and is not intended for anyone under the age of 16. We do not knowingly collect, use, or disclose personal information from children under 16.
If you are a parent or guardian and believe that your child has provided us with personal information, please contact us immediately at privacy@listinggptpro.com. We will take prompt steps to delete such information from our records.
11. Data Security
We implement industry-standard technical and organizational measures to protect your personal information:
- •Encryption in Transit: All data transmitted between your browser and our servers is protected using TLS/HTTPS encryption.
- •Password Hashing: User passwords are hashed using bcrypt with appropriate salt rounds and are never stored in plain text.
- •Database Encryption at Rest: All stored data is encrypted at rest using industry-standard encryption algorithms.
- •Role-Based Access Controls: Internal access to user data is restricted based on role and necessity, following the principle of least privilege.
- •Regular Security Monitoring: We conduct ongoing security monitoring, vulnerability assessments, and penetration testing.
- •Audit Logging: All access to sensitive data is logged and monitored for unauthorized activity.
12. Data Breach Notification
In the unlikely event of a personal data breach, we are committed to the following notification procedures:
- •We will notify affected users within 72 hours of confirming a data breach, in accordance with GDPR requirements.
- •We will notify the relevant supervisory authorities as required by GDPR and other applicable data protection laws.
- •Notifications will include details of what data was affected, the likely consequences of the breach, and the remediation steps we are taking to address the breach and mitigate its effects.
13. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.
- •We will notify users of material changes via email to the address associated with your account.
- •Continued use of the Platform after changes are posted constitutes your acceptance of the updated Privacy Policy.
- •Previous versions of this Privacy Policy are available upon request by contacting our Data Protection Officer.
14. Contact Information
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us through the following channels:
Data Protection Officer: privacy@listinggptpro.com
General Inquiries: support@listinggptpro.com
Mailing Address: [Company Address — to be updated]
EU Representative: [To be appointed if serving EU customers]
CCPA Requests: privacy@listinggptpro.com or via your Account Settings page
15. Consent Tracking
- •We maintain records of when and how you provided consent for data processing activities, including timestamps, the specific consent language presented, and the method of consent (e.g., checkbox, cookie banner).
- •You can withdraw consent at any time through your Account Settings page. Withdrawal of consent is straightforward and does not require more effort than giving consent.
- •Withdrawal of consent does not affect the lawfulness of processing carried out based on consent before its withdrawal.