Privacy Policy
Legal

Privacy Policy

Your privacy is important to us. Learn how we collect, use, and protect your information.

Effective date: June 2, 2025
Controller: Propel HQ
Contact: partners@propelhq.io

Propel HQ (“we”, “us”, “our”) provides an AI CRM/prospecting platform for property management and real-estate teams to manage inbound and outbound leads (the “Service”). This policy explains how we collect, use, disclose, and protect personal information when you visit propelhq.io or use the Service.

2. Scope / What We Do

We offer a B2B service. Our customers are businesses and agents in real estate and property management. Customers may upload or sync lead, prospect, and property data. We process that “customer content” on their behalf.

3. Personal Data We Collect

We collect and process the following categories:

  1. Account & profile data

    • Name, business email, password (hashed), role/team info.

  2. Business/organization data

    • Brokerage/company name, team memberships, admin/owner status.

  3. Billing & subscription data

    • Plan, payment status, identifiers from Stripe. (Stripe processes card data.)

  4. Service usage & technical data

    • IP address, device/browser type, pages/features used, timestamps, log data, error events (Sentry), auth events (Supabase), and approximate location from IP.

  5. Customer content / lead & property data

    • Leads and prospects, conversations with prospects, property information, MLS exports/CSVs you upload, team-member availability/status, and other data your organization stores in the Service.

  6. Communications

    • Emails, support requests, and service emails sent via our email provider (Resend).

  7. Cookies and similar technologies

    • We use Google Analytics and Sentry to understand usage and performance.

Uploads: You can upload documents/CSVs/contact lists; we treat that as customer content.

Children: The Service is for adults/business users only.

Where GDPR applies, we rely on performance of a contract, legitimate interests, and legal obligations.

  1. Provide and operate the Service

    • Create/manage accounts, authenticate (Supabase), host (Vercel/AWS), process payments (Stripe), send system emails (Resend).
    • Legal basis: contract; legitimate interests.

  2. Team/collaboration features

    • Let team owners see members and, in some cases, prospect conversations/activity and availability.
    • Legal basis: contract; legitimate interests.

  3. Process customer content you upload

    • Leads, property data, conversations, and other B2B data supplied by your organization.
    • Legal basis: contract; we largely act as processor for your organization.

  4. Monitoring, security, and improvements

    • Usage analytics, diagnostics (Sentry), measuring feature adoption, preventing abuse.
    • Legal basis: legitimate interests.

  5. Communications

    • Service and transactional emails, changes to terms or privacy.
    • Legal basis: contract; legal obligation.

  6. Marketing / product updates (future)

    • Onboarding and product emails, where permitted; you can opt out.

  7. Compliance and legal

    • Respond to lawful requests, tax/audit.
    • Legal basis: legal obligation.

5. AI / Model Providers

We use third-party AI services (currently Google Gemini and OpenAI) to power certain features. That may involve sending the minimum necessary data (which may include personal data if you included it in the lead/prospect context) to those providers.

We instruct providers to process this data on our behalf and only for providing their service to us, subject to the configuration we choose.

6. Who We Share Data With

We do not sell personal information.

We share data with service providers that help us run the Service:

  • Hosting & infrastructure: AWS (US), Vercel
  • Authentication/database: Supabase
  • Payments: Stripe
  • Email delivery: Resend
  • Error/performance monitoring: Sentry
  • Product analytics / tracing: Langfuse
  • AI providers: Google Gemini, OpenAI
  • Professional advisors: if needed (legal/accounting)

These parties may only process data according to our instructions.

Team visibility: If you are in an organization account, the team owner/admin can see information about users on that account and, depending on configuration, conversations or prospect interactions tied to the team. This is core to how the Service works.

We may disclose information if required by law or in connection with a merger, acquisition, or other corporate transaction.

7. International Transfers

We host primarily in the United States (AWS US). If you access the Service from the EU/EEA/UK, your personal data may be transferred to the US.

Where required, we use appropriate safeguards (e.g. Standard Contractual Clauses) with our processors to protect data transferred from the EU/EEA/UK.

8. Retention

We apply common SaaS practices:

  • Account data: kept while the account is active; limited data may be kept after closure for billing/security/legal.
  • Customer content (leads, property data, uploads): kept while your organization uses the Service or until the organization asks us to delete it.
  • Technical logs: kept for a limited period for security and diagnostics, then deleted/anonymized.
  • Backups: kept according to backup rotation schedules, then overwritten.
  • Marketing data: kept until you opt out or it’s no longer needed.

9. Your Rights

Depending on where you live, you may have the right to:

  • access and obtain a copy of your personal data;
  • correct inaccurate or incomplete data;
  • delete your data (subject to legal/contractual limits);
  • object to or restrict certain processing;
  • data portability;
  • lodge a complaint with a supervisory authority.

For California and similar US state laws, you may have rights to know, access, delete, and correct personal information. We currently do not sell or share personal information for cross-context behavioral advertising.

To exercise rights, contact partners@propelhq.io. If your account is managed by your employer/team, we may redirect your request to them.

10. Security

We use appropriate technical and organizational measures to protect personal information, including secured hosting, access controls, and protections offered by our infrastructure providers. No method of transmission or storage is fully secure, but we aim to follow industry-aligned practices.

11. Cookies & Analytics

We use cookies and similar technologies to:

  • keep you signed in;
  • understand how the Service is used (Google Analytics);
  • monitor performance and errors (Sentry).

You can adjust browser settings to refuse cookies, but some features may not work.

12. Children

The Service is intended for adults and business users and is not directed to children under 16 (or 13, where applicable). We do not knowingly collect personal information from children.

13. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will email users and/or post a notice in the Service and update the “Effective date” above.

14. Contact

If you have questions about this Privacy Policy or about your data, contact:

partners@propelhq.io