Privacy Policy

Derek Middlebrook PLLC ("Company," "we," "us," or "our") operates the RecruitingOS platform available at realestaterecruitingos.com (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

By accessing or using RecruitingOS, you agree to this Privacy Policy. If you do not agree, please do not use the Service.

1. Information We Collect

1.1 Information You Provide

• Account Information: Name, email address, phone number, and password when you create an account.
• Business Information: Brokerage name, team size, market area, MLS ID, and other professional details provided during onboarding or profile setup.
• Payment Information: Credit card or payment details processed securely through Stripe. We do not store full credit card numbers on our servers.
• Contact Data: Information about recruiting prospects you import or add, including names, phone numbers, email addresses, production data, and notes.
• Communication Content: Messages, emails, and text messages you send or receive through the platform, including AI-generated messages and templates.
• AI Conversation Transcripts: Recordings and transcripts of AI voice calls made through the platform (via Vapi), including call duration, outcomes, and agent responses.
• Support Communications: Information you provide when contacting our support team.

1.2 Information Collected Automatically

• Device & Browser Data: IP address, browser type, operating system, device identifiers, and screen resolution.
• Usage Data: Pages visited, features used, click patterns, session duration, and interaction logs.
• Cookies & Tracking: We use cookies, web beacons, and similar technologies to enhance your experience and collect analytics (see Section 8).
• Log Data: Server logs including access times, referring URLs, and error reports.

2. How We Use Your Information

We use collected information for the following purposes:

• Provide the Service: Operate the CRM, AI calling, AI texting, AI email, pipeline management, event management, and all other platform features.
• Process Payments: Manage subscriptions, billing, invoicing, and refunds through Stripe.
• AI Features: Power AI voice calling, AI text messaging, AI email drafting, and AI ISA automation using your contact data and preferences.
• Improve the Service: Analyze usage patterns, fix bugs, develop new features, and optimize performance.
• Communicate: Send transactional emails (account verification, password resets, billing), product updates, and optional marketing communications.
• Security: Detect, prevent, and respond to fraud, abuse, and security incidents.
• Legal Compliance: Comply with applicable laws, regulations, and legal processes.

3. How We Share Your Information

We do not sell your personal information. We share data only in these circumstances:

3.1 Third-Party Service Providers

We use trusted third parties to operate the Service:

• Supabase — Database hosting, authentication, and backend infrastructure.
• Stripe — Payment processing and subscription management.
• Twilio — SMS messaging and phone number management.
• Vapi — AI voice calling and conversation processing.
• Resend — Transactional and marketing email delivery.
• Netlify — Web hosting and CDN delivery.
• Analytics providers — Website analytics and performance monitoring.

Each provider processes data only as necessary to perform their services and is subject to their own privacy policies.

3.2 Legal Requirements

We may disclose information if required by law, subpoena, court order, or governmental request, or to protect the rights, property, or safety of our company, users, or the public.

3.3 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.

4. Data Retention

• Account Data: Retained for as long as your account is active, plus 30 days after deletion request for backup purposes.
• Contact & CRM Data: Retained while your account is active. Deleted within 30 days of account closure.
• AI Call Transcripts: Retained for up to 12 months for service improvement, then anonymized or deleted.
• Communication Logs: SMS and email logs retained for 24 months for compliance and auditing purposes.
• Payment Records: Retained as required by tax and financial regulations (typically 7 years).
• Analytics Data: Aggregated and anonymized usage data may be retained indefinitely for product improvement.

5. Your Rights & Choices

5.1 Access & Portability

You can access, download, or export your personal data at any time from your account settings, or by contacting us at support@realestateos.com.

5.2 Correction

You can update your account information directly in the platform or by contacting us.

5.3 Deletion

You may request deletion of your account and personal data by emailing support@realestateos.com. We will process your request within 30 days, subject to legal retention requirements.

5.4 Opt-Out

• Marketing Emails: Unsubscribe via the link in any marketing email, or contact us directly.
• Cookies: Adjust your browser settings to refuse cookies. Note that some features may not function properly without cookies.
• Analytics: You may opt out of analytics tracking by enabling "Do Not Track" in your browser.

5.5 Restriction of Processing

You may request that we restrict processing of your personal data in certain circumstances, such as when you contest the accuracy of the data.

6. CCPA Rights (California Residents)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to Know: Request details about the categories and specific pieces of personal information we have collected about you.
• Right to Delete: Request deletion of your personal information, subject to certain exceptions.
• Right to Opt-Out: We do not sell personal information. If this changes, we will provide a "Do Not Sell My Personal Information" link.
• Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.

To exercise these rights, contact us at support@realestateos.com with the subject line "CCPA Request."

7. GDPR Rights (European Economic Area Residents)

If you are located in the EEA, you have the following rights under the General Data Protection Regulation (GDPR):

• Lawful Basis: We process your data based on (a) your consent, (b) performance of our contract with you, (c) our legitimate interests, or (d) compliance with legal obligations.
• Right of Access: Obtain a copy of your personal data.
• Right to Rectification: Correct inaccurate personal data.
• Right to Erasure: Request deletion of your personal data ("right to be forgotten").
• Right to Restrict Processing: Limit how we process your data.
• Right to Data Portability: Receive your data in a structured, machine-readable format.
• Right to Object: Object to processing based on legitimate interests or for direct marketing.
• Right to Withdraw Consent: Withdraw consent at any time without affecting prior processing.

To exercise these rights, contact us at support@realestateos.com. We will respond within 30 days.

Data Controller: Derek Middlebrook PLLC, based in Arizona, United States.

8. Cookies & Tracking Technologies

8.1 Types of Cookies We Use

• Essential Cookies: Required for authentication, security, and basic functionality. Cannot be disabled.
• Analytics Cookies: Help us understand how visitors interact with the platform (page views, feature usage, session duration).
• Preference Cookies: Remember your settings and preferences (e.g., language, theme).

8.2 Third-Party Cookies

Our analytics and advertising partners may set cookies on your device. These are governed by their respective privacy policies.

8.3 Managing Cookies

You can manage cookies through your browser settings. Most browsers allow you to block or delete cookies. Blocking essential cookies may impair Service functionality.

9. Data Security

We implement industry-standard security measures to protect your data:

• TLS/SSL encryption for all data in transit.
• Encryption at rest for sensitive data in our database.
• Row-level security (RLS) policies ensuring users can only access their own data.
• Regular security audits and vulnerability assessments.
• Secure authentication with password hashing (bcrypt) and optional magic link login.
• PCI-DSS compliant payment processing through Stripe.

While we strive to protect your data, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

10. Children's Privacy

RecruitingOS is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will delete it promptly.

11. International Data Transfers

Your data may be processed in the United States and other countries where our service providers operate. By using the Service, you consent to the transfer of your data to these locations. We ensure appropriate safeguards are in place for international transfers.

12. Third-Party Links

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to read their privacy policies.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the updated policy.

14. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us:

• Email: support@realestateos.com
• Company: Derek Middlebrook PLLC
• Website: realestaterecruitingos.com