Privacy Policy

We collect information to provide and improve our lead management services. The types of information we collect include:

Account Information

When you create an account, we collect your name, email address, phone number, and business details (company name, business type, investment strategy).

Lead and Contact Data

You may import property owner information into the platform, including names, addresses, phone numbers, and email addresses. This data is provided by you and remains under your control.

Communication Data

We store SMS messages, emails, call recordings, and voicemails that you send or receive through our platform. This enables you to maintain a complete communication history with your leads.

Usage Data

We automatically collect information about how you use our service, including feature usage, login times, pages visited, and device information (browser type, operating system, IP address).

Payment Information

Payment processing is handled by Stripe. We do not store your credit card numbers or bank account details. We only receive confirmation of successful payments and basic billing information (email, billing address).

Files and Attachments

You may upload documents, images, and other files to the platform. These files are stored securely and associated with your account.

We use the information we collect for the following purposes:

• Provide and improve the service: To operate the platform, deliver features, and enhance your experience based on usage patterns.
• Process transactions: To handle subscription payments, send billing notifications, and manage your account.
• Send service-related communications: To notify you about account activity, security alerts, and important updates to our service.
• Respond to support requests: To assist you when you contact our support team with questions or issues.
• Comply with legal obligations: To meet regulatory requirements, respond to legal requests, and protect our legal rights.
• Detect and prevent fraud or abuse: To identify and prevent spam, harassment, and other violations of our terms of service.

We work with trusted third-party service providers to operate our platform. These providers have access to your information only to perform specific tasks on our behalf and are obligated to protect your data.

We carefully select our service providers and require them to maintain appropriate security measures. However, we encourage you to review their privacy policies for complete information about their data practices.

When you connect your Gmail account to SavvyREI, we access your email to provide the following functionality:

What We Access

• Sending emails: We send emails on your behalf when you explicitly compose and send a message to a lead through our platform.
• Receiving replies: We sync inbound emails from your connected leads so you can view and respond to conversations within our CRM.
• Detecting potential leads: We analyze inbound emails received after you connect your account to identify potential new business leads. We store the sender information and message content for emails that pass our spam filtering.

What We Do NOT Access

• We do not access emails older than 7 days before you connected your account.
• We do not read or store emails that are clearly spam or automated marketing messages.
• We do not send any emails automatically — all outbound emails require your explicit action.

How Unknown Contacts Work

When someone emails you who is not already a lead in your CRM, we create an "unknown contact" record containing their email address, the subject line, and the message body. You can then review these in the app and decide whether to add them as a contact or dismiss them. This helps you catch potential leads who reach out via email.

Spam Filtering

We apply heuristic spam filtering to prevent your unknown contacts list from being flooded with marketing emails. Emails that appear to be automated, bulk marketing, or from known spam patterns are automatically dismissed and not stored.

Disconnecting Gmail

You can disconnect your Gmail account at any time from Settings → Email. When you disconnect, we stop syncing new emails. Previously synced conversation history remains in your account unless you request deletion.

We retain your data for as long as necessary to provide our services and comply with legal obligations. Here are our retention periods:

We implement comprehensive security measures to protect your data:

• Encryption at rest: Sensitive data is encrypted using AES-256-GCM encryption before storage.
• Encryption in transit: All data transmitted between your browser and our servers is protected using TLS 1.3.
• Encrypted fields: Phone numbers, email addresses, street addresses, and call recording URLs are encrypted at the database level.
• Key rotation: Encryption keys are rotated every 90 days to maintain security.
• Access controls: We implement role-based access controls to limit data access to authorized personnel only.
• Audit logging: All access to sensitive data is logged for security monitoring and compliance.
• Regular assessments: We conduct regular security assessments to identify and address potential vulnerabilities.

We use cookies and similar technologies to operate our service:

Essential Cookies

• Session cookies: Required for authentication and maintaining your logged-in state. Expire after 24 hours.
• CSRF protection cookies: Required for security to prevent cross-site request forgery attacks.

Optional Cookies

• Preference cookies: Remember your settings and preferences. Expire after 1 year.
• Analytics cookies: Help us understand how you use our service to improve it. Require your consent and expire after 1 year.

You can manage cookie preferences through your browser settings. Disabling essential cookies may prevent you from using certain features of our service.

You have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request that we update or correct inaccurate information.
• Deletion: Request that we delete your account and associated data.
• Export: Download your data in a standard, machine-readable format.
• Opt-out: Unsubscribe from marketing communications at any time.

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 30 days.

Our service is not intended for users under 18 years of age. We do not knowingly collect personal information from children under 18.

If you believe we have inadvertently collected information from a minor, please contact us immediately at [email protected], and we will take steps to delete the information.

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

Categories of Personal Information Collected

• Identifiers (name, email, phone number, IP address)
• Commercial information (subscription history, payment records)
• Internet activity (usage data, feature interactions, login history)
• Professional information (business name, investment strategy)

Your CCPA Rights

• Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected.
• Right to Delete: Request deletion of your personal information, subject to certain exceptions.
• Right to Opt-Out: We do not sell personal information, so this right does not apply.
• Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.

We do not sell your personal information. We only share data with service providers as described in Section 3.

As a platform primarily serving Ohio real estate investors, we provide the following disclosures:

Ohio Consumer Sales Practices Act

We comply with the Ohio Consumer Sales Practices Act (OCSPA) in our business practices and communications.

State Do Not Call Registry

We acknowledge the Ohio state Do Not Call registry. Users are responsible for ensuring their outreach complies with applicable telemarketing regulations.

Call Recording Consent

Ohio is a one-party consent state for call recording. This means only one party to a conversation needs to consent to the recording. Our platform plays a disclosure at the start of recorded calls.

Our service is primarily designed for users in the United States. If you access our service from outside the United States, please be aware that:

• Your data will be transferred to and processed in the United States.
• By using our service, you consent to this transfer and processing.
• US data protection laws may differ from those in your country of residence.

If you do not consent to having your data processed in the United States, please do not use our service.

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons.

How we notify you of changes:

• Material changes will be communicated via email to your registered email address.
• We may also display a notice within the application for significant updates.
• The "Last updated" date at the top of this page will be revised.

Your continued use of our service after changes are posted constitutes your acceptance of the updated Privacy Policy.

If you have questions about this Privacy Policy or our data practices, please contact us:

We aim to respond to all privacy-related inquiries within 30 days.