This is a placeholder privacy policy. Before launch, replace it with content reviewed by counsel in your jurisdiction. The structure below reflects what Listed actually handles — fill in the specifics for your operating entity.
What we collect
Listed stores the information you give us: your profile (name, license, brokerage), your client contacts, your properties, your CMAs, your tasks and calendar events, your documents, and your authentication credentials. We do not buy or rent personal data about you.
What we don't do
We do not message your contacts. Every share you initiate opens your device's native app (Messages, Mail, IG, etc.) so the send originates from your account. We have no audience list of your clients, and we don't sell to them, market to them, or contact them on your behalf.
AI keys
If you connect an AI provider (Anthropic, OpenAI, Google), your API key is encrypted in our database and decrypted only at the moment of an inference request you initiated. Token usage flows through your provider account on your billing — Listed never marks it up or relays it.
Security
Data lives in Supabase Postgres with row-level security enforced at the database. Authentication is handled by Supabase Auth. Document files live in Supabase Storage with bucket-scoped policies. We monitor with Sentry for errors and PostHog for product analytics.
Your rights
Export, edit, or delete your data at any time. Email privacy@rebeldisciple.pro and we'll respond within 7 business days.
Children
Listed is built for licensed real estate professionals and is not directed at children under 13.
Changes
If we materially change this policy we'll email all active agents at least 14 days before the change takes effect.