Privacy Policy

1. Information We Collect

We collect the following categories of information when you use Flat:

• Account information: Name, email address, phone number, and profile photo you provide during registration or in your account settings.
• Transaction data: Property details, documents, communications, and other information you add to transactions within the platform.
• Integration data: When you connect Gmail, Outlook, or calendar services, we access emails and calendar entries relevant to your transactions as authorized by your granted permissions.
• Usage data: Access logs, IP addresses, browser type, and interaction patterns collected automatically to maintain security and improve the service.

2. How We Use Your Information

• Provide, operate, and maintain the Flat platform and its features.
• Process and manage real estate transactions on your behalf.
• Power AI-driven features such as document analysis, transaction summaries, and proactive alerts.
• Send transactional emails (e.g., notifications, onboarding, and compliance reminders).
• Detect, prevent, and address security issues and abuse.

3. AI & Data Processing

Flat uses third-party AI models (such as OpenAI) to analyze documents, generate summaries, and assist with transaction workflows. Data sent to AI providers is used solely for processing your request and is not used to train third-party models. You can control which AI features are enabled in your account settings.

4. Data Sharing

We do not sell your personal information. We may share data with:

• Service providers: Hosting (Vercel), database (Supabase), email delivery (Resend), file storage (Vercel Blob), and AI processing (OpenAI) — only as needed to operate the platform.
• Your brokerage: Transaction data may be visible to brokerage administrators within your organization.
• Buyer portals: Information you choose to publish to a buyer-facing portal is accessible via the portal link.
• Legal obligations: When required by law, subpoena, or regulatory request.

5. Data Retention

We retain your data for as long as your account is active. When you delete your account, your personal data and associated records are permanently removed, subject to any legal retention requirements. Access logs may be retained for up to 90 days for security purposes.

6. Security

We implement industry-standard security measures including encrypted connections (TLS), hashed passwords (bcrypt), JWT-based session management, and access logging. Integration tokens are stored encrypted at rest.

7. Your Rights

You may:

• Access and update your personal information in Settings.
• Disconnect third-party integrations at any time.
• Delete your account and all associated data from the Danger Zone in Settings.
• Contact us with questions or requests regarding your data.

8. Contact

For privacy-related inquiries, contact us at hello@flatre.ai.