Privacy Policy

Last updated: March 31, 2026

1. Introduction and Definitions

ListingBooster.ai ("we," "us," "our") operates the ListingBooster.ai platform (the "Service"). This Privacy Policy describes how we collect, use, disclose, and protect your information when you use our Service.

For the purposes of this Privacy Policy:

  • "Personal Information" means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or household.
  • "Processing" means any operation performed on Personal Information, including collection, recording, organization, storage, adaptation, retrieval, use, disclosure, dissemination, erasure, or destruction.
  • "Service Provider" means a third party that processes Personal Information on our behalf for a business purpose pursuant to a written contract.

This Privacy Policy is effective as of the "Last updated" date shown above and applies to all information collected through the Service.

2. Information We Collect — Account and Profile Data

When you create an account or update your profile, we collect:

  • Full name, email address, phone number;
  • Professional headshot and avatar images;
  • Brokerage name and brokerage logo;
  • Professional title;
  • Website URL;
  • Personal tagline and brand voice preferences;
  • Markets served (city, state, zip code);
  • Timezone preference;
  • Branding settings (logo overlay position, custom branding assets);
  • Terms of Service acceptance timestamp and version;
  • AI disclosure acknowledgment timestamp.

3. Information We Collect — Property and Listing Data

When you add properties to the Service, we collect extensive property details, including but not limited to:

  • Full property address (street, city, state, zip code);
  • Listing price, listing status (coming soon, for sale, pending, under contract, sold);
  • Property type (single family, condominium, townhouse, multi-family, land, commercial, villa, manufactured, other);
  • Listing type (for sale, short-term rental, long-term rental);
  • Property specifications: bedrooms, bathrooms, square footage, lot size, year built, stories, garage spaces;
  • Property photos and virtual tour URLs;
  • MLS number and MLS data;
  • HOA information, school district data, amenities, and community features;
  • Tone preferences (luxury aspirational, clean factual, investor oriented, family friendly, professional);
  • Agent guidance notes (ideal buyer profile, selling strategy);
  • Generated descriptions, quality scores, and content moderation flags;
  • Authority Engine data: SEO articles, keywords, topic clusters, content briefs, featured images, and publishing history.

4. Information We Collect — CMS Credentials and Integration Data

  • CMS credentials: WordPress site URLs, usernames, application passwords, and API tokens; Webflow site IDs, collection IDs, and API tokens; Notion database IDs and integration tokens; custom webhook URLs and authentication tokens. All CMS credentials are encrypted using AES-256-GCM before storage.
  • Social media OAuth tokens: Authentication tokens for connected Instagram, Facebook, Twitter/X, LinkedIn, TikTok, and Threads accounts.
  • API keys: Hashed using a one-way hash function. The plaintext key is displayed only once at the time of creation and is never stored.
  • Webhook endpoint URLs: URLs you configure to receive publishing and event notifications.

5. Information We Collect — Billing and Financial Data

  • Stripe customer ID and subscription ID;
  • Subscription plan (Agent Edge, Authority Engine, Bundle), status (active, canceled, past due, trialing, incomplete);
  • Credit balance and usage history;
  • Promotional code and referral code usage.

We do NOT store credit card numbers, bank account numbers, or other payment card data on our servers. All payment processing is handled by Stripe, which is PCI DSS Level 1 certified.

6. Information We Collect — Usage and Automatically Collected Data

  • API usage logs and generation history (AI model used, provider, cost, quality scores);
  • Social media posting logs and scheduling data;
  • Content moderation results and compliance check outcomes;
  • Device information, browser type, and operating system;
  • IP address and approximate geolocation;
  • Authentication events and session data;
  • Audit logs (administrative actions, setting changes);
  • Support ticket content and communications;
  • Beta program feedback and survey responses.

7. How We Use Your Information

We use the information we collect for the following purposes:

  • Core service delivery: Generating listing descriptions, social media content, SEO articles, featured images, keyword research, and market research;
  • Publishing: Posting content to your connected social media accounts and CMS platforms;
  • Payment processing: Managing subscriptions, billing, credits, and usage quotas;
  • Compliance: Enforcing Fair Housing Act compliance through content moderation;
  • Quality improvement: AI quality scoring, model performance monitoring, and content distillation;
  • Backlink network: Matching participating sites based on topic overlap;
  • Transactional communications: Sending account notifications, billing receipts, and service updates via Resend;
  • Customer support: Responding to inquiries and resolving issues;
  • Security: Detecting and preventing fraud, abuse, and unauthorized access;
  • Legal compliance: Meeting applicable legal, regulatory, and tax obligations.

We do NOT use your information for: Selling personal data to third parties, targeted advertising, building advertising profiles, or automated decision-making that produces legal effects concerning you.

8. AI Provider Data Sharing — Per-Provider Disclosure

To generate content on your behalf, we share specific categories of data with our AI providers. Below is a detailed breakdown:

OpenAI

  • Data shared: Property details (address, features, pricing, descriptions), agent profile (name, brokerage, tagline, brand voice), custom instructions, photos (via Vision API for analysis), content (for moderation endpoint).
  • NOT shared: Email, phone, payment information, CMS credentials, API keys.
  • Image generation: DALL-E 3 receives text prompts derived from property and article data for featured image generation.

Anthropic (Claude)

  • Data shared: Property details, agent profile, custom instructions. Used as a fallback provider.
  • NOT shared: Email, phone, payment information, CMS credentials, API keys, photos.

Google (Gemini)

  • Data shared: Property details, agent profile, custom instructions. Used as a fallback provider.
  • NOT shared: Email, phone, payment information, CMS credentials, API keys, photos.

Perplexity (Sonar)

  • Data shared: Market research queries, property addresses (for neighborhood context and market analysis).
  • NOT shared: Full property details, agent profile, email, phone, payment information, CMS credentials.

All AI providers process data via their respective APIs. API data is generally not used by providers for model training. Please refer to each provider's privacy policy for their specific data handling practices.

9. Third-Party Service Providers (Non-AI)

We use the following third-party service providers to operate the Service:

  • Stripe: Payment processing. PCI DSS Level 1 certified. Receives billing-related data only.
  • Supabase: Database hosting, user authentication, and file storage. SOC 2 Type II certified.
  • DataForSEO: Keyword research, search volume data, and domain rank lookups. Rate-limited to 20 requests per hour per user.
  • Firecrawl: Web scraping of listing URLs you provide for data extraction.
  • Resend: Transactional email delivery (account notifications, billing receipts).
  • Upstash (QStash/Redis): Asynchronous job processing and caching for long-running operations (draft generation, image generation, publishing, backlink matching).
  • Vercel: Application hosting and edge network infrastructure.
  • Social media platforms: Facebook/Meta, Twitter/X, LinkedIn, TikTok, and Threads. Content is posted to these platforms on your behalf when you connect your accounts.

10. Cookies, Local Storage, and Tracking

We use only essential cookies required for the operation of the Service:

  • Supabase authentication cookies: Session management and authentication state.

We do not use third-party advertising or tracking cookies. We do not engage in cross-site tracking or browser fingerprinting. Local storage may be used for UI preferences (such as theme settings) only.

11. Data Retention

We retain your information for the following periods:

  • Account and profile data: Duration of your account plus 30 days after deletion request;
  • Property data: Soft-deleted upon your request (30-day recovery window), then permanently deleted;
  • CMS credentials: Deleted immediately upon disconnection or account deletion;
  • Social media OAuth tokens: Revoked immediately upon disconnection;
  • API usage logs: 90 days, then anonymized;
  • Audit logs: 1 year;
  • Billing records: 7 years (required for tax/accounting compliance);
  • Support tickets: 3 years;
  • AI provider data: Retention is governed by each AI provider's own data retention policy.

12. Data Security

We implement the following security measures to protect your information:

  • Encryption in transit: All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher;
  • Encryption at rest: Database storage is encrypted at rest by Supabase;
  • CMS credential encryption: All CMS credentials are encrypted using AES-256-GCM with authenticated encryption before storage;
  • API key security: API keys are hashed using a one-way hash function. The plaintext key is shown only once at creation;
  • Access controls: Role-based access controls and Supabase Row Level Security (RLS) policies restrict data access;
  • Infrastructure: Hosted on SOC 2 certified infrastructure (Vercel, Supabase);
  • Employee access: Limited to authorized personnel on a need-to-know basis.

While we implement commercially reasonable security measures, no method of transmission over the internet or method of electronic storage is 100% secure. We cannot guarantee absolute security.

13. Children's Privacy (COPPA)

The Service is not directed to children under the age of 13 (as defined by the Children's Online Privacy Protection Act, or COPPA) or under the age of 16 (as defined by enhanced protections under the California Consumer Privacy Act). We do not knowingly collect Personal Information from children.

If we discover that we have inadvertently collected Personal Information from a child, we will promptly delete that information. If you believe a child has provided us with Personal Information, please contact us at support@listingbooster.ai.

14. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

  • Right to Know: You may request that we disclose the categories and specific pieces of Personal Information we have collected about you;
  • Right to Delete: You may request that we delete Personal Information we have collected from you, subject to certain exceptions;
  • Right to Correct: You may request that we correct inaccurate Personal Information;
  • Right to Opt-Out of Sale: You have the right to opt out of the "sale" of your Personal Information. We do not sell your Personal Information to third parties;
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

CCPA categories of information we collect: Identifiers (name, email, phone, IP address); professional or employment-related information (brokerage, title, license); commercial information (subscription plan, billing history, credit usage); internet or electronic network activity (API logs, usage data, device information); geolocation data (IP-based approximate location, markets served).

Verification: We verify your identity through your authenticated Supabase account session. If you submit a request through an authorized agent, we may require additional verification.

We will respond to verified requests within 45 calendar days. If additional time is needed, we will notify you and may extend the response period by an additional 45 days. To submit a CCPA request, contact us at support@listingbooster.ai with the subject line "CCPA Request."

15. Other State Privacy Laws

Residents of Virginia (CDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), Texas (TDPSA), Oregon, Montana, and other states with comprehensive privacy laws may have similar rights to those described in Section 14, including:

  • Right to access and obtain a copy of your Personal Information;
  • Right to request deletion;
  • Right to correct inaccuracies;
  • Right to opt out of targeted advertising (we do not engage in targeted advertising);
  • Right to opt out of profiling that produces legal effects (we do not engage in such profiling).

If your request is denied, you may appeal by contacting support@listingbooster.ai. We will respond to appeals within the timeframe required by your state's applicable law.

16. International Users

The Service is operated from the United States. All data is stored and processed in the United States. If you access the Service from outside the United States, you consent to the transfer of your information to the United States, which may have different data protection laws than your country of residence.

We do not currently have a representative in the European Union. For users in the EU/EEA, our legal basis for processing Personal Information is contractual necessity (to provide the Service you requested) and legitimate interest (to improve and secure the Service). EU/EEA users may exercise GDPR rights (access, rectification, erasure, restriction, portability, objection) by contacting support@listingbooster.ai.

17. Data Portability and Deletion

You may request an export of your data in JSON or CSV format. The export includes: profile information, property data, generated descriptions, social media posts, Authority Engine articles, keywords, and content history.

Upon receiving a deletion request, we will soft-delete your account (30-day recovery window) and then permanently delete your data. Exceptions to deletion include: data required for legal compliance, anonymized and aggregated data, and data related to active disputes.

For data shared with third-party AI providers, we will make best-effort requests for deletion in accordance with each provider's data deletion policies and capabilities.

18. Breach Notification

In the event of a data breach affecting your Personal Information, we will notify affected users within 72 hours of becoming aware of the breach. Notification will include:

  • The nature and circumstances of the breach;
  • Categories of data affected;
  • Approximate number of individuals affected;
  • Remedial measures taken and recommended;
  • Contact information for further inquiries.

Notifications will be sent via email to the address on your account. For widespread breaches, we may also post a notice on our website and provide in-app notifications.

19. Do Not Track Signals

The Service does not currently respond to Do Not Track (DNT) browser signals, as we do not engage in cross-site tracking. If your browser transmits a Global Privacy Control (GPC) signal, we will honor it as an opt-out of the sale of Personal Information, although we do not sell Personal Information.

20. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. For material changes, we will provide at least thirty (30) days' advance notice via email. Non-material changes become effective upon posting to the Service. The "Last updated" date at the top of this page will be revised accordingly. Previous versions of this Privacy Policy are available upon request.

21. Contact Information

For questions or requests regarding this Privacy Policy:

  • General inquiries: support@listingbooster.ai
  • CCPA requests: support@listingbooster.ai — subject line "CCPA Request"
  • Mailing address: 3997 Commons Drive West, Suite I, Destin, FL 32541

Response times: General inquiries within 10 business days. CCPA and state privacy law requests within 45 calendar days.