Privacy Policy

This Privacy Policy explains what data Condo Intel collects, how we use it, who we share it with, and how we protect it. By using the Service you agree to the practices described here. Words capitalized but not defined here have the meaning given in our Terms of Service.

1. Who we are

Condo Intel is operated by The Home Owners Listing Team @ RESF ("we", "our", "us"), based in Florida, USA. The Service is a GoHighLevel marketplace application installed into customer sub-accounts.

2. Data we collect

• Account data: name, email, role, brokerage name, the GoHighLevel sub-account ID into which Condo Intel is installed, and the OAuth tokens issued by GHL during install.
• Document data: the PDFs and attachments you upload or forward in (contracts, listings, HOA applications, financial documents, identification documents, board correspondence). This includes the OCR-extracted text, AI-extracted structured fields, and deal records derived from them.
• Contact data: names, emails, phone numbers, and addresses of parties on your deals (buyers, sellers, agents, lenders, title companies, HOA contacts) as they appear in the documents you submit.
• Usage data: audit-log events — which authenticated user took which action on which deal at what time, including uploads, status changes, manual edits, and outbound messages.
• Billing data: the email and payment method tied to your subscription (handled by our payment processor; we do not store full card numbers).
• Technical data: IP address, browser user-agent, and request metadata captured in server logs for security and abuse detection.

3. How we use it

• To operate the Service — run OCR, extract structured data from documents, build deal records, fire HOA outreach, score approval risk, and answer your chat questions.
• To sync data to your GoHighLevel sub-account via the OAuth integration you authorized.
• To bill your subscription and prevent fraud.
• To detect, debug, and fix issues, abuse, and security incidents.
• To communicate with you about the Service (outage notices, billing receipts, material policy changes, security incidents).

We do not sell your data. We do not use Customer Data to train AI models.

4. Legal basis for processing

We process Customer Data on the basis of contract performance (delivering the Service you subscribed to), legitimate interests (security, fraud prevention, product improvement), and your consent (where required by law).

5. Sub-processors

We use the following sub-processors and pass Customer Data to them only as needed to deliver the Service:

• Supabase — database + object storage. Privacy policy
• Cloudflare — Workers, Pages, Email Routing, R2, KV. Privacy policy
• Anthropic — Claude AI extraction and chat. Privacy policy (Anthropic does not train on API customer data)
• Mistral — OCR for scanned PDFs. Privacy policy
• GoHighLevel — CRM integration (your sub-account). Privacy policy
• Stripe — payment processing. Privacy policy

6. Sharing your data

We share Customer Data with the sub-processors listed above only as needed to deliver the Service. We do not sell Customer Data to anyone, ever. We may disclose data if compelled by valid legal process (subpoena, court order) — where legally permitted, we will notify you first.

7. Retention

• Account and document data is retained for as long as your subscription is active.
• Following uninstall or cancellation, Customer Data is retained for 30 days, then permanently deleted from our primary systems.
• Backups containing Customer Data are encrypted and rotated out within 90 days.
• Audit logs and billing records may be retained longer as required for legal, accounting, or security purposes.

8. Security

• Data is encrypted in transit (HTTPS / TLS) and at rest (Supabase Postgres + Cloudflare R2 / KV native encryption).
• Per-tenant data isolation — every deal, document, and audit event is keyed to a single tenant and filtered server-side on every read.
• Access requires authenticated sessions or signed worker tokens.
• Secrets are stored in Cloudflare Workers Secrets, never in source control.
• OAuth tokens are encrypted at rest and only decrypted at request time.

9. Your rights

You may request access to, correction of, export of, or deletion of Customer Data by emailing scott@scottlehrrealtor.com. Depending on your jurisdiction (e.g. GDPR in the EU, CCPA in California), you may have additional rights including the right to object, restrict processing, or lodge a complaint with a supervisory authority. We will respond to verifiable requests within 30 days.

10. International transfers

Our sub-processors operate globally. By using the Service you consent to Customer Data being processed in the United States and other countries where our sub-processors operate. Where required, we rely on Standard Contractual Clauses or equivalent safeguards.

11. Children

Condo Intel is not directed to anyone under 18. We do not knowingly collect data from minors. If you believe a minor has provided data, email us and we will delete it.

12. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be announced on this page with an updated "Last updated" date and, where reasonable, by email.

13. Contact

Privacy questions, data subject requests, or security disclosures: scott@scottlehrrealtor.com