Privacy Policy

Effective date: 2026-04-22 Last updated: 2026-04-22

This is BuyerFlo's privacy policy. It explains what data we handle, how we use it, where it lives, and what you can do about it.

Heads up: v1 written by the founders, not a lawyer. Legal review happens before commercial launch.

What we collect

From you directly

• Your account info: name, email, phone, company, title, license number, writing voice, signature preferences, branding assets
• Your billing status
• Every contract you upload, including all content extracted from it
• Every edit you make to deal data
• Every email you send or approve the engine to send
• Every task action you take (complete, dismiss, reopen)

From the parties on your deals

• Names, work email addresses, professional roles (agent, title, lender, etc.)
• Every email they send to the deal's routing address
• Documents they attach — disclosures, addendums, inspection reports, proof of funds, commitment letters, etc.

From BuyerFlo's own systems

• Audit log — every action the service takes (AI decisions, task transitions, emails sent, addendums applied)
• Usage analytics — which pages you visit, how long you spend, which features you use (aggregated and anonymized)
• AI-call metadata — which prompts ran, what confidence scores came back, how long calls took (used to improve the service)

Network features — what gets collected for referrals

Separate from your deal-coordination data, BuyerFlo runs a network-features pipeline designed to grow the platform by introducing it to professionals you already work with. Here's what that means:

We collect:

• Professional names and work emails of the agents, title companies, and counter-party transaction coordinators on your deals
• Their role (buyer agent, escrow officer, etc.)
• Which deals they appeared on (internally — not shared with them or each other)

We do not collect:

• Your clients' names (buyers, sellers)
• Any dollar amounts from your deals
• Contract terms, contingencies, or deal-specific details
• Any content we couldn't already see from the professional's own public communications on the deal

When we reach out:

• Professional outreach only — agents to agents, TC-to-TC framing
• CAN-SPAM compliant — unsubscribe link on every email, physical address in footer
• Max 3 touches per prospect per cadence, ever
• Honors unsubscribe globally and permanently within hours

Opt out: Network features are enabled by default per the Terms of Service. You can disable them any time from Profile → Network features. When disabled, we immediately stop collecting new professional contacts from your deals.

How we use the data

To run the service on your behalf. Contract data powers the coordination engine. Email content flows through AI classifiers. Audit logs answer your "what did the app do on my deal" questions.

To improve the service. Aggregated usage metrics, anonymized AI-call logs, and sampled extractions help us tune models, find bugs, and prioritize features.

To support you. Your account info + recent activity helps Flo (our AI support assistant) answer your questions accurately. When Flo can't, a human sees the same data.

Nothing else. We don't sell your data. We don't share it with third-party advertisers. We don't build shadow profiles for external sale.

Where data lives

• Supabase (US-hosted Postgres) — your account data, deal data, audit logs, tickets
• Resend (US-based email provider) — outbound emails we send and inbound emails to your deal addresses
• Anthropic (Claude API) — AI model calls (contract extraction, reply classification, email drafting). Anthropic's Enterprise terms prohibit them from training on your data.
• Vercel (US-based hosting) — the application runtime

All providers have SOC 2 or equivalent attestations. We don't host anything we'd be embarrassed about.

How long we keep it

• Active account data: as long as your account is active, plus 12 months after cancellation for legal/accounting compliance
• Audit logs: 24 months, then archived or deleted
• Network features pipeline: kept until you disable or request deletion
• Deleted on request: anything you ask us to delete gets deleted within 30 days, subject to legal retention requirements

Your rights

You can:

• Access your data — export a copy of everything we have on you (email support@buyerflo.com)
• Correct your data — edit profile fields, edit deal data via the Edit page
• Delete your data — close your account, request full deletion
• Disable network features — toggle in profile
• Object to a use — email us; we'll talk

If you're in a jurisdiction with stronger privacy rights (California, EU, UK, Canada), you also have:

• Right to know what categories of data we have
• Right to portability — a machine-readable export
• Right to non-discrimination — we won't penalize you for exercising your rights

International users

BuyerFlo is currently US-only. If you're outside the US:

• EU / EEA / UK: GDPR requires explicit opt-in for marketing features. Network features default to OFF for EU accounts. You'll see the toggle explicitly during signup.
• Canada / Quebec: CASL and Law 25 have similar requirements; same treatment.

(As of the effective date above, we don't yet have automated geo-detection at signup. If you're outside the US and want an EU-compliant flow, email us and we'll manually set your preferences.)

Security

• All traffic over TLS
• Passwords hashed, never stored plaintext
• Database access restricted to service-role keys, rotated per compliance guidelines
• Admin access logged, every mutation audit-captured

We haven't been audited to SOC 2 yet. We will be before scaling meaningfully.

When something goes wrong

If we have a breach affecting your data, we'll notify you within 72 hours. We'll tell you what happened, what was exposed, and what we're doing about it.

Changes

We update this policy when we ship meaningful changes. You'll see an in-app notice. Continued use constitutes acceptance.

Contact

Privacy questions, data requests, or concerns: support@buyerflo.com