Privacy Policy

Last updated: March 25, 2026

1. Information We Collect

Information You Provide

  • Account data: Name, email address, and password when you create an account, or profile information from Google or Facebook if you sign in via OAuth
  • Agent profile: Professional details (phone, office name, license number, headshot, logo) you choose to add
  • Social account connections: When you connect a Facebook Page, we store your Facebook Page ID, Page name, and a long-lived Page access token for publishing on your behalf
  • Watched areas: Locations you configure for automated listing monitoring
  • Contact form submissions: Name, email, phone (optional), and message content
  • Payment information: Processed securely by Stripe β€” we never store your card details

Information Collected Automatically

  • Usage data: Pages viewed, features used, videos/graphics created, social posts published
  • Device information: Browser type, operating system, screen resolution
  • Cookies: Session cookies for authentication, guest usage tracking cookie (HttpOnly, signed), cookie consent preference
  • Error reports: When errors occur, we may collect technical details (stack traces, request metadata) via Sentry or similar error-monitoring services to diagnose and fix issues

Third-Party Data

  • Listing data: Property information from Redfin via RapidAPI (addresses, prices, photos, descriptions)
  • AI analysis: Photo analysis and marketing description generation via OpenAI Vision
  • Social platform data: Facebook Page metadata and publishing permissions obtained through Meta OAuth

2. How We Use Your Information

  • To generate marketing content (videos, graphics, social posts) based on your inputs
  • To publish content to your connected social media accounts on your behalf when you enable automation
  • To monitor listing activity in your watched areas and generate event-driven content
  • To maintain, diagnose issues with, and improve the Service
  • To process payments and manage subscriptions
  • To send service-related communications (account changes, billing, video completion, render failures)
  • To respond to your support inquiries
  • To enforce our Terms of Service

3. Information Sharing

We do not sell your personal information. We share data only in these circumstances:

  • Service providers: Stripe (payments), OpenAI (AI features), RapidAPI/Redfin (listing data), Meta/Facebook (social publishing), Resend (transactional email), Sentry (error monitoring), Cloudflare R2 (media storage), and infrastructure hosting (Vercel, Railway)
  • Social platforms: When you connect a Facebook Page and enable publishing, we post content to that Page using your authorized access token
  • Legal requirements: When required by law, subpoena, or legal process
  • Business transfers: In connection with a merger, acquisition, or sale of assets

4. Data Storage & Security

Your data is stored on secure servers in the United States. We use industry-standard security measures including encrypted passwords (scrypt hashing with unique salts), signed cookies, and HTTPS encryption. However, no system is 100% secure β€” we cannot guarantee absolute security.

5. Your Rights

You have the right to:

  • Access your personal data through your account settings
  • Correct inaccurate information in your profile
  • Delete your account and all associated data directly from Settings β†’ Data & Privacy (GDPR Art. 17 β€” Right to Erasure)
  • Export a complete copy of your personal data as JSON from Settings β†’ Data & Privacy (GDPR Art. 20 β€” Right to Portability)
  • Disconnect connected social accounts at any time from your Settings page
  • Opt out of non-essential communications via notification preferences in Settings

6. Cookies

We use the following cookies:

  • Session cookie: Required for authentication (NextAuth.js JWT)
  • CSRF token cookie: Required for security (prevents cross-site request forgery)
  • Guest usage cookie: Tracks free video creation count (HttpOnly, signed, 30-day expiry)
  • Cookie consent: Remembers your cookie preferences (localStorage)

You can accept or decline non-essential cookies via the cookie banner shown on your first visit. We do not currently use third-party advertising cookies. If we add analytics tracking (e.g., Google Analytics), we will update this policy accordingly.

7. Children's Privacy

Retly is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us immediately.

8. Changes to This Policy

We may update this Privacy Policy periodically. We will notify registered users of material changes via email or in-app notification. The β€œLast updated” date at the top indicates the most recent revision.

9. Contact Us

For privacy-related questions or data requests, contact us at privacy@retly.ai or through our contact page.