Privacy Policy
Last Updated: December 2024
Your privacy is important to us. This Privacy Policy explains how Estaro collects, uses, protects, and shares your personal information when you use our services.
1. Information We Collect
We collect the following types of information: (a) Account Information: name, email address, phone number, brokerage name, and location when you register; (b) Payment Information: billing details processed securely through Stripe (we do not store credit card numbers); (c) User Content: property listings, FAQs, business information, and conversation transcripts you upload to your knowledge base; (d) Usage Data: log data, IP addresses, browser type, pages visited, and feature usage; (e) Communications: emails, support tickets, and feedback you send us; (f) Cookies and Tracking: information collected through cookies and similar technologies as described in our Cookie Policy.
2. How We Use Your Information
We use your information to: (a) provide, maintain, and improve our services; (b) process transactions and send transactional communications; (c) generate AI responses to prospect inquiries based on your knowledge base; (d) send email notifications about new leads and account activity; (e) provide customer support and respond to your requests; (f) analyze usage patterns and optimize service performance; (g) detect, prevent, and address fraud, security, or technical issues; (h) comply with legal obligations and enforce our Terms of Use; (i) send marketing communications (you can opt out at any time).
3. Legal Basis for Processing (GDPR)
For users in the European Economic Area (EEA), we process your personal data based on: (a) Contract performance: to provide services you've subscribed to; (b) Legitimate interests: to improve our services, prevent fraud, and ensure security; (c) Consent: for marketing communications and optional cookies (you can withdraw consent at any time); (d) Legal obligations: to comply with applicable laws and regulations.
4. Information Sharing and Disclosure
We do not sell your personal information. We may share your information with: (a) Service Providers: third-party vendors who perform services on our behalf (hosting, payment processing, email delivery, analytics) under strict confidentiality obligations; (b) AI Model Providers: your knowledge base content and conversation data may be processed by AI providers (OpenAI, Anthropic, Google) to generate responses; (c) Legal Requirements: when required by law, court order, or to protect our rights and safety; (d) Business Transfers: in connection with a merger, acquisition, or sale of assets (you will be notified of any change in ownership); (e) With Your Consent: when you explicitly authorize us to share information.
5. Data Retention
We retain your information for as long as your account is active or as needed to provide services. Specifically: (a) Account data: retained until you delete your account, then for 30 days; (b) Conversation transcripts: retained indefinitely unless you delete them or close your account; (c) Payment records: retained for 7 years for tax and accounting purposes; (d) Usage logs: retained for 90 days; (e) Marketing data: retained until you unsubscribe. After the retention period, we securely delete or anonymize your information.
6. Data Security
We implement industry-standard security measures to protect your information, including: (a) encryption of data in transit (TLS/SSL) and at rest; (b) secure data centers with physical access controls; (c) regular security assessments and penetration testing; (d) employee access controls and confidentiality agreements; (e) incident response procedures. However, no method of transmission over the internet is 100% secure. You are responsible for maintaining the security of your account credentials.
7. Your Privacy Rights
You have the following rights regarding your personal information: (a) Access: request a copy of your data; (b) Correction: update or correct inaccurate information; (c) Deletion: request deletion of your account and data (subject to legal retention requirements); (d) Export: download your conversation transcripts and knowledge base content in CSV format; (e) Opt-out: unsubscribe from marketing emails at any time; (f) Data Portability (GDPR/CCPA): receive your data in a structured, machine-readable format; (g) Restrict Processing (GDPR): request limitation of how we use your data; (h) Object (GDPR): object to processing based on legitimate interests. To exercise these rights, contact us at privacy@estaro.ai.
8. California Privacy Rights (CCPA)
California residents have additional rights under the California Consumer Privacy Act (CCPA): (a) Right to Know: what personal information we collect, use, and share; (b) Right to Delete: request deletion of your personal information; (c) Right to Opt-Out: we do not sell personal information; (d) Right to Non-Discrimination: we will not discriminate against you for exercising your rights. To submit a request, email privacy@estaro.ai with your name and email address. We will verify your identity before processing requests.
9. International Data Transfers
Estaro operates globally and may transfer your data to countries outside your residence. We ensure adequate protection through: (a) Standard Contractual Clauses (SCCs) for EEA transfers; (b) Privacy Shield frameworks where applicable; (c) adequacy decisions by relevant authorities. By using our services, you consent to these transfers. We take steps to ensure your data receives equivalent protection regardless of location.
10. Children's Privacy
Estaro is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If we discover that we have inadvertently collected information from a child under 18, we will delete it immediately. If you believe we have collected information from a child, please contact us at privacy@estaro.ai.
11. Third-Party Services and Links
Our service may contain links to third-party websites or integrate with third-party services (e.g., Telegram, Stripe). This Privacy Policy does not apply to those services. We are not responsible for the privacy practices of third parties. We encourage you to review their privacy policies before providing any information.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes by email or through a notice in our service at least 30 days before the changes take effect. Your continued use of the service after changes become effective constitutes acceptance of the updated policy. We encourage you to review this policy periodically.
13. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at: Email: privacy@estaro.ai. We will respond to your inquiry within 30 days. If you are in the EEA and are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.