Privacy Policy

Effective May 5, 2026

Realtai Inc., a Delaware corporation (“Charlea,” “we,” “us”) builds Charlea, an AI follow-up assistant for licensed real-estate agents. This policy explains, in plain English, what data we hold on your behalf, how we use it, and the rights you have over it.

1. The short version

  • You are the owner of every contact, message, and note in your account.
  • We do not sell your data, share it with your brokerage, or use it to train shared AI models.
  • Outbound messages are only sent after you tap approve.
  • You can export everything at any time, and delete your account whenever you want.

2. What we collect

Information you give us

  • Account profile: name, email, phone, brokerage, team, DRE license number, operating state.
  • Contacts you import: names, emails, phone numbers, source/meet context, tags, notes, and the raw CSV row if you uploaded a CSV.
  • Cadence configuration: the templates you enroll contacts into and the steps inside them.
  • Edits you make: changes to drafts before approval, used to learn your voice.

Information from connected services

  • Gmail (Google): with your consent we read message metadata and content for threads with your contacts so drafts can be grounded in real history. We send mail through your Gmail account when you approve a draft. We do not read mail outside conversations with your contacts and we do not use Gmail data for any purpose beyond providing the Charlea service.
  • iMessage (via the Charlea companion app on your Mac): the companion reads your local chat.db for messages with your contacts and sends approved drafts via the system Messages app. iMessage data is transmitted to Charlea servers over a per-user HMAC-signed channel and stored under your account.
  • Apple Contacts: if enabled, the companion syncs contacts you choose into your Charlea address book.

Automatically collected

  • Authentication: session tokens, OAuth refresh tokens (encrypted at rest by our database provider).
  • Operational logs: request timing, error traces, IP address. Used for debugging and abuse prevention; not joined back to message content for analytics.

3. Google API Services User Data Policy

Charlea’s use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

  • We use Gmail data only to provide and improve the user-facing Charlea features that you authorize.
  • We do not transfer Gmail data to third parties except as needed to provide the service, comply with applicable law, or as part of a merger or acquisition (with notice to you).
  • We do not use Gmail data for advertising, and humans at Charlea do not read it except (a) with your explicit consent, (b) for security investigations, (c) to comply with applicable law, or (d) where the data has been aggregated and anonymized for service operations.

4. How we use your data

  • To draft messages. Draft generation uses your contact data, prior conversation, and cadence step intent. Drafts are produced by Anthropic Claude under our API agreement. Anthropic does not train its models on your inputs.
  • To learn your voice. We compare what we drafted against what you actually sent. The signal is kept inside your account and used to tune future drafts for you.
  • To deliver the service. Sending email through Gmail, dispatching iMessage jobs to the companion, computing reminders.
  • To keep the service safe. Detecting abuse, debugging errors, monitoring for bugs.

5. AI sub-processors

We use the following providers to power Charlea:

  • Anthropic — Claude API, draft generation. Inputs are not used to train Anthropic models.
  • Google Cloud — application hosting (Cloud Run), database (Cloud SQL Postgres), Gmail API, Pub/Sub.

We do not sell your personal information to anyone, and we do not share it with advertising networks.

6. Where your data lives

Production data is stored in Google Cloud (United States region). Data is encrypted in transit (TLS) and at rest (AES-256, managed by Google Cloud). OAuth tokens are stored in the application database and rotated on refresh.

7. Retention

  • Active account: we keep your data as long as your account is open.
  • After deletion: when you delete your account, we erase your records from the live database immediately. Backup snapshots that include your data are overwritten on a rolling 30-day schedule.
  • Operational logs: kept up to 90 days, then deleted.

8. Your rights

You can do all of the following yourself, at any time, from Settings → Data:

  • Access & export. Download a single JSON file containing every contact, message, draft, note, cadence enrollment, and learning record we hold for your account.
  • Correct. Edit your profile, contacts, and notes directly in the app.
  • Delete. Permanently remove your account and all associated data.
  • Disconnect. Revoke Gmail access from your Google Account settings; unpair the macOS companion to stop iMessage sync.

California residents have additional rights under the CCPA/CPRA, including the right to know, delete, correct, and opt out of “sales” or “sharing” (we do neither). To exercise any right beyond what the in-app tools cover, email privacy@charlea.ai.

9. Children

Charlea is for licensed real-estate professionals and is not directed to children under 16.

10. Security

We follow practices outlined in our public SECURITY.md: encrypted transport, encrypted storage, scoped per-user data access, audit-friendly schema, and tightly scoped service credentials. To report a security issue, email security@charlea.ai.

11. Changes

We’ll post material changes here and update the effective date. If a change reduces your privacy rights, we’ll notify you by email before it takes effect.

12. Contact

Privacy questions: privacy@charlea.ai
Legal: legal@charlea.ai
Support: support@charlea.ai