Privacy Policy

We collect the following categories of information:

• Account information. Name, business name, email address, phone number, billing address, and password (hashed). For buyers in the Buyer Network, we also collect proof of funds documentation or a verification statement.
• Deal data. Subject property addresses, listing details, comps you review, underwriting inputs and outputs, max-offer numbers, LOIs you generate, signed contracts you upload, and assignment-fee data you enter.
• Buyer mandates. For network buyers: buy-box geography, beds/baths/price band, cap-rate or yield targets, financing posture, preferred deal types, and contact preferences.
• Email content. When you connect a mailbox to send LOIs and follow-ups, we ingest the messages we send on your behalf, the replies we receive, and the metadata around them (subjects, send times, open/reply classification). We do not scan unrelated mail in your inbox.
• Usage analytics. Pages viewed, features used, device and browser type, IP address (truncated for analytics), session duration, error traces, and similar telemetry.
• Communications with us. Support tickets, chat transcripts, calls you record with us, and feedback you submit.

We collect this information directly from you, automatically from your use of the Service, from authorized integrations you connect (Google, Stripe, county assessor data providers, HUD data feeds), and from public records.

We use the information we collect to:

• Deliver, operate, and maintain the Service, including underwriting, max-offer calculation, and pipeline management.
• Run our 27-feature deal-quality engine and produce sell-through, RTV, CoC, and grade outputs.
• Match locked contracts to active private buyer mandates and coordinate optional dispo handoffs.
• Process payments, subscriptions, and co-wholesale fee routing.
• Provide customer support and respond to your requests.
• Detect, investigate, and prevent fraud, abuse, security incidents, and violations of our Terms of Service.
• Improve our models, features, and product — including by training internal models on aggregated, anonymized usage and deal patterns. We do not train models on the substantive content of your private emails.
• Send transactional and service emails (account alerts, billing, security notices). We may send occasional product update emails; you can opt out of marketing emails at any time without losing access to transactional communications.
• Comply with legal obligations and enforce our agreements.

We do not sell personal information. We share information in the limited circumstances below:

• Service providers. We use vetted subprocessors to operate the Service, including: Stripe, Inc. for payments and billing; Postmark and/or SendGrid for transactional email; Amazon Web Services (S3, RDS, EC2) for hosting and file storage; Google LLC for OAuth authentication and Gmail API access; PostHog for product analytics; and OfferConsole (the error-tracking company) for crash and error reporting. Each receives only the data needed to perform its function and is contractually bound to confidentiality.
• Private dispo counterparties. When you upload a locked contract for matching, we share redacted deal details with privately matched buyers so they can decide whether to engage. We do not share your contact information until you authorize introduction.
• Legal compliance. We may disclose information when we believe in good faith that disclosure is required to comply with a subpoena, court order, or other legal process; to enforce our Terms; or to protect the rights, property, or safety of OfferConsole, our users, or others.
• Business transfers. If OfferConsole is involved in a merger, acquisition, or sale of assets, information may be transferred as part of that transaction. We will notify you and post any material change to this Policy.

We do not sell your personal data. We do not share personal data with third-party advertising networks or data brokers.

We use a small number of cookies and similar technologies:

• Essential cookies. Required for the Service to function — for example, to keep you signed in, remember your preferences, and protect against CSRF attacks. These cannot be disabled.
• Analytics. We use PostHog (self-hosted-equivalent configuration) to measure how the Service is used, where bottlenecks exist, and which features need improvement. PostHog does not share data with third-party advertising networks. You can opt out via the cookie banner on your first visit.

We do not use third-party advertising trackers, retargeting pixels, or cross-site behavioral profiling.

We retain your information for as long as your account is active and as needed to provide the Service. When you delete your account, we delete or de-identify your personal data within 30 days, except where (a) law or regulation requires longer retention (for example, financial records retention obligations), (b) the data is necessary to resolve an open dispute, (c) the data is contained in aggregated, anonymized analytics that cannot reasonably be re-associated with you, or (d) deletion is technically infeasible — in which case we will isolate the data and delete on a periodic schedule.

You have the following rights over your personal data:

• Access. Request a copy of the personal data we hold about you.
• Correction. Update or correct inaccurate information.
• Deletion. Request that we delete your personal data, subject to the exceptions described in the Retention section.
• Portability. Export your deal pipeline, contracts, and account data in a machine-readable format from your account settings, or by emailing us.
• Opt-out of marketing. Use the unsubscribe link in any marketing email or update your preferences in account settings.

To exercise these rights, email privacy@offerconsole.com. We will respond within 30 days. We may need to verify your identity before fulfilling certain requests.

OfferConsole primarily serves customers in the United States, and we are not a covered "business" under every state privacy law. We nevertheless honor the following on request, regardless of your jurisdiction:

• The right to know what personal data we collect and how we use it.
• The right to access and obtain a copy of your personal data.
• The right to request deletion of your personal data.
• The right to correct inaccurate data.
• The right to opt out of sale or sharing of personal data — although we do not sell or share personal data for cross-context behavioral advertising.
• The right to non-discrimination for exercising any of these rights.

For California residents under the CCPA/CPRA, you may designate an authorized agent to make requests on your behalf. For residents of the European Economic Area, the United Kingdom, or Switzerland: if you submit personal data through the Service, you acknowledge it will be transferred to and processed in the United States. The lawful basis for our processing is the performance of our contract with you (or a legitimate interest where no contract applies). You may lodge a complaint with your local supervisory authority.

The Service is intended for real estate professionals aged 18 or older. We do not knowingly collect personal data from anyone under 18. If we learn we have collected data from a person under 18, we will delete it promptly.

We use industry-standard safeguards to protect your data, including:

• TLS 1.2+ for all data in transit.
• AES-256 encryption at rest for our primary databases and S3 storage.
• Row-level security (RLS) on tenant-scoped tables so one customer cannot access another customer's data.
• Principle-of-least-privilege access controls for employees, with audit logging.
• Secrets management via a dedicated vault; OAuth tokens encrypted at the row level.
• Regular dependency scanning, vulnerability patching, and infrastructure hardening reviews.

No system is perfectly secure. If you believe your account has been compromised, contact security@offerconsole.com immediately. We will notify affected users of confirmed security incidents involving personal data in accordance with applicable breach-notification laws.

We may update this Privacy Policy from time to time. We will post the updated version on this page with a new "Last updated" date. If the changes are material, we will notify you by email or in-app notice at least 14 days before they take effect.

For privacy questions, requests, or concerns, contact us at privacy@offerconsole.com.

OfferConsole LLC
Delaware, USA