Privacy Policy

LRE Compass CRM ("the Service", "we", "us") is a customer relationship management (CRM) tool built for real estate agents at LRE Realty and their guests. The Service is operated by LRE Realty ("LRE").

This policy explains what information the Service collects, how we use it, who we share it with, and what control you have.

Information you provide directly

• Account information. When you sign in with Google, we receive your name, email address, and Google profile picture from Google.
• Contact records. Names, email addresses, phone numbers, mailing notes, statuses, sources, birthdays, anniversaries, Facebook URLs, and any other details you add to contacts in the Service.
• Communications you send. Email subjects and bodies, calendar event details, and phone call logs (manual entries you record).
• Your Anthropic API key. If you choose to enable AI drafting, you paste your own Anthropic API key into Settings. It is stored server-side and used only to make AI requests on your behalf.

Information we read from Google on your behalf

When you grant the Service permission to connect with your Google account, we use the access tokens Google issues to read or write specific data:

• Gmail (read). We read messages sent to or received from email addresses on your contacts, so the Service can show you the conversation history with each contact and so AI drafting can match the tone of prior messages. We do not read messages with people who are not in your contacts. We do not read attachments. We do not index or store the content of your inbox in our database.
• Gmail (send). We send emails on your behalf only when you click Send on a draft inside the Service. We record the subject, body, recipient, and Gmail message ID in our database for your audit history.
• Google Calendar. We create, view, edit, and delete events on your primary calendar when you take those actions in the Service. We read your calendar for the date range you are viewing in the weekly preview, so we can warn you about conflicts before scheduling. We do not read calendars other than your primary calendar.
• Google Sheets. When you connect a specific spreadsheet, we read its rows to import contacts and write rows back to keep it in sync. We only access the spreadsheet URL you provide. We do not browse your Google Drive.

We store your Google access and refresh tokens encrypted at rest in our database so you do not have to re-authenticate every hour. Tokens are scoped only to the permissions you granted and are never shared with third parties.

Information collected automatically

• Authentication cookies (set by Supabase Auth) to keep you signed in.
• Standard server logs (IP address, user agent, timestamps) for security and debugging.

• To provide the core features of the Service — managing contacts, drafting and sending messages, scheduling appointments, syncing with your sheet, showing email history.
• To run AI drafting when you request it. Drafts are generated by Anthropic's Claude API using the API key you provided. The contact name, status, source, notes, recent email content, and your direction are sent to Anthropic to generate the response.
• To compute reminders (e.g., the "stay-in-touch" nudge) by looking at when you last contacted each person.
• To detect and prevent abuse and to keep the service running.

We do not use your data to train AI models. We do not show ads. We do not sell your data.

Service providers

The Service uses the following infrastructure providers, each of whom processes data on our behalf under their own terms:

• Supabase — database and authentication hosting.
• Vercel — application hosting.
• Anthropic— only when you actively use AI drafting; receives the contact context and your direction needed to generate a draft. Anthropic's commercial terms prohibit using your inputs to train their models.
• Google — the source of your email, calendar, and spreadsheet data; receives the API requests you authorize.

Legal requests

We will disclose information if required by law or in response to valid legal process. We will not voluntarily disclose your data to third parties beyond what is described above.

What we do NOT do

• We do not sell your data.
• We do not share your data with advertisers.
• We do not allow other agents using the Service to see your contacts, emails, or calendar — each agent's data is isolated by row-level security in our database.
• We do not use the content of your Gmail messages for any purpose other than displaying the conversation history with a specific contact you have added to the Service, and (if you choose) feeding the most recent 5 messages with that contact to Anthropic for AI drafting context.

We keep your data as long as your account is active. When you delete your account, we delete the data associated with it within 30 days. You can also delete individual contacts, emails, and events at any time from within the Service.

Your Anthropic API key is stored only while you choose to keep it on file. You can remove it from Settings at any time.

• Access. You can see all of your data yourself in the Service interface.
• Export. You can export your contacts as a CSV from the Sheets sync page, or by connecting a Google Sheet and pushing your data to it.
• Correction. Edit any contact directly in the Service.
• Deletion. Delete individual records in the Service, or contact us to delete your entire account.
• Revoke Google access.You can revoke the Service's access to your Google account at any time at myaccount.google.com/permissions. Revoking access will immediately stop the Service from reading or writing any Google data.

We protect your data using standard industry practices, including TLS encryption for all data in transit, encryption at rest for the database, OAuth 2.0 for Google integration (no password is ever stored), and row-level security policies that isolate each agent's data.

No system is 100% secure. If we ever experience a data breach, we will notify affected users without unreasonable delay.

The Service is intended for licensed real estate agents and brokerage personnel. We do not knowingly collect data from anyone under 18.

If we change this policy materially, we will notify active users by email and post the updated date at the top of this page. Continued use of the Service after changes constitutes acceptance of the updated policy.

Questions about this policy or your data? Contact peter@levinsonteam.com.