Privacy policy

HaleAI ("HaleAI," "we," "us," or "our") provides an AI-native team operating system for US real estate teams. This privacy policy describes the personal information we collect, how we use and share it, and the choices the people whose information we hold can make. By using HaleAI you accept the practices in this policy.

1. Who is the data controller

HaleAI is the data controller for the personal information described below, except where a real estate team that uses HaleAI is independently responsible for the contacts and leads they import or create on the platform. In that case the team is the controller of those records and HaleAI is a processor acting on the team's instructions.

2. Information we collect

From the team account holder and team members

• Account identifiers when an owner signs up: name, email address, phone number (if provided), and a hashed password or Google OAuth identifier.
• Multi-factor authentication factors that the user enrolls (TOTP secret, backup codes).
• Tenant settings: state code, specialist names, brand voice configuration, daily LLM cost cap, brief schedule, and connected integration credentials (described in section 3).
• Activity: chat turns sent to Kai and the specialists, drafts produced, audit-log entries, and the trust-history record per specialist scope.

From contacts and leads imported by the team

• Names, email addresses, phone numbers, mailing addresses, lead source, lead score, deal stage, tags, notes, and consent flags as the team supplied them or as a connected source returned them.
• Communication history: subject and body of email drafts produced by HaleAI specialists, Send-time records of email actually delivered (the body is not retained beyond the SpecialistAction row when an outbound is sent), and inbound messages received via configured channels.

Voice memos and transcripts

• When a team member uploads or records a voice memo for the showing-follow-up flow, we transmit the audio to OpenAI's Whisper transcription service. We store the resulting transcript and the Lōkahi- generated draft for up to 7 days; we do not store the audio file itself beyond the size in bytes.

Inbound SMS via Twilio

• When a team has connected Twilio and a third party sends an SMS to the team's number, we receive the sender's phone number, the message body, the Twilio MessageSid, and timestamp. We store these values in the audit log scoped to the receiving tenant.
• Outbound SMS consent. Outbound SMS from HaleAI to a contact requires that the team holds prior express consent from the recipient under TCPA. The platform's Kupono compliance gate enforces consent flags before allowing outbound; teams are responsible for accuracy of the consent record.
• STOP / opt-out. Recipients of automated SMS from a HaleAI-connected Twilio number may reply STOP, UNSUBSCRIBE, CANCEL, END, or QUIT to opt out. Twilio applies the opt-out at the carrier level; HaleAI also reflects the opt-out on the matching Contact's consent record.
• HELP. Recipients may reply HELP for assistance information. Reply rates may vary; message and data rates from the recipient's carrier may apply.

SMS consent and data sharing

HaleAI will not sell, rent, share, lease, or transfer SMS opt-in data or consent information to any third party or affiliate for any purpose, including marketing or promotional purposes. Mobile phone numbers collected for SMS communication and consent records will be used solely to send the messages you have opted in to receive, and will not be shared with third-party marketers or data brokers. This SMS consent restriction applies in addition to the broader limits on personal-information sharing described in section 5. Categories of messages you may receive after opting in are listed on the SMS opt-in page (appointment confirmations and reminders, listing matches, document-signing notifications, deal updates, and account security alerts). Message frequency varies; message and data rates may apply. Consent is not a condition of any purchase. Reply HELP for help, STOP to opt out.

Telemetry

• We log every LLM call (provider, model, tokens, latency, status) so operators can debug failures and the cost-cap gate can sum per-tenant spend. We log audit rows for outbound actions, compliance verdicts, suppression events, and platform configuration changes. We log standard web-server request metadata (IP, user agent, status code).

3. Third-party services we use

• Anthropic (Claude) for the orchestrator and specialist drafting. Prompts and responses pass through Anthropic; Anthropic's terms govern that processing.
• OpenAI for compliance-ensemble voting and Whisper transcription of voice memos.
• Google (Generative Language and Gmail OAuth). When a user connects Gmail, we request only gmail.send and userinfo.email scopes. We do not read the user's inbox. The user can disconnect at any time on their settings page.
• xAI as the fourth peer in the compliance ensemble.
• Resend for outbound email when Gmail OAuth is not connected. Bounce and complaint webhooks update the matching Contact's consent flags automatically.
• Twilio for SMS (and voice in a future release). When a team connects Twilio, outbound SMS sends through the team's own Twilio account and inbound SMS posts to /api/webhooks/twilio/sms.
• MLS providers (HiCentral, Bright, MetroList, Stellar, NTREIS, Bridge, Trestle, and others) where a team has configured a connection. We pull listing data through the RESO Web API and are bound by each MLS's data licensing rules.
• Stripe for subscription billing.

4. How we use the information

• To operate the platform and the AI specialists.
• To execute outbound communication that the team authorizes, gated by the Kupono compliance check.
• To compute trust scores and the daily LLM cost running total per tenant.
• To maintain audit trails as required by Fair Housing, MLS rules, state advertising rules, and CAN-SPAM / TCPA.
• To debug, secure, and improve the platform. We do not sell the personal information of contacts or leads to third parties. We do not use a customer's imported contact data to train AI models.

5. How we share the information

We share personal information only with the third-party services listed in section 3 strictly to perform the functions described, and with law enforcement when legally required. Each provider has its own privacy practices; the third-party service acts as a sub-processor for the data it touches.

6. Retention

• Account data is retained for the life of the tenant and 30 days after cancellation, then deleted on a rolling basis.
• Audit logs are retained for 7 years to satisfy broker oversight and Fair Housing audit needs.
• Voice-memo transcripts and drafts: 7 days after creation, then deleted.
• Llm-call telemetry is retained for 90 days for cost accounting and debugging, then aggregated and the row-level records deleted.

7. Your choices

• Account holders can edit their information on their settings page or request deletion by emailing privacy@hihale.com.
• Contacts whose information was imported by a team may contact the team that controls their record or email privacy@hihale.com to be put in touch.
• California residents have additional rights under the CCPA / CPRA, including the right to know what we hold, to delete, and to opt out of "sale" or "sharing." We do not sell or share personal information for cross-context behavioral advertising.

8. Security

We use Postgres row-level security to isolate every tenant's data. We require multi-factor authentication for owner accounts. We log every action to an append-only audit table. Tokens for connected integrations are stored at-rest in our database; database-level encryption is provided by the hosting provider. We are working toward SOC 2 Type II certification.

9. Children

HaleAI is not directed to children under 18 and we do not knowingly collect personal information from children.

10. Changes to this policy

We will post material changes to this page and update the "Last updated" date above. Continued use after a change constitutes acceptance.

11. Contact

privacy@hihale.com.