Privacy Policy
Effective Date: March 12, 2026
1. Introduction
AIDeal (“Company,” “we,” “us,” or “our”) operates the AIDeal AI-powered real estate analysis platform (the “Service”). This Privacy Policy explains what personal data we collect, how we use and protect it, and your rights regarding that data.
We are committed to transparency and data minimization. We collect only the information strictly necessary to operate the Service and never sell your personal data to third parties. By using the Service, you agree to the collection and use of information as described in this Privacy Policy and our Terms of Service.
2. Information We Collect
2.1 Account Information (via Google OAuth)
When you sign in using Google, we receive and store the following basic profile information provided by Google's OAuth 2.0 service:
- Full name (as displayed on your Google account)
- Email address
- Profile photo URL
We do not receive, request, or store your Google password, contacts list, calendar data, Drive files, or any other Google account information beyond the items listed above. Authentication tokens are managed securely via industry-standard OAuth 2.0 and JWT protocols and are never exposed to client-side code.
2.2 User-Submitted Content
When you use the Service, you may submit the following:
- Property URLs — Links to real estate listings you want analyzed.
- Custom prompts — Optional free-text instructions or questions about a property (e.g., specific investment criteria, comparison parameters).
This content is transmitted to third-party AI providers (see Section 4) for processing. We store property URLs and generated analysis reports in our database so you can access your report history. We do not share your submitted URLs or custom prompts with other users.
2.3 Usage & Analytics Data
We automatically collect limited technical data to operate and improve the Service:
- Timestamps of analyses and account activity
- Subscription plan type and credit balance
- Browser type, device category, and preferred language (via the
Accept-Languageheader) - General usage patterns (e.g., queries run, features accessed)
We do not use third-party advertising trackers, pixel tags, or behavioral profiling services.
2.4 Payment Information
All payment processing is handled exclusively by Stripe, Inc., our PCI-DSS-compliant payment gateway. When you purchase a subscription or Pay-As-You-Go credit:
- Your credit card number, CVC, and billing details are collected and processed directly by Stripe. This data never touches AIDeal's servers.
- AIDeal receives only: a Stripe customer ID, subscription status, plan type, and payment confirmation metadata.
- We do not store, log, or have access to your full card number at any time.
Stripe's privacy practices are governed by Stripe's Privacy Policy.
3. How We Use Your Information
We use the collected information strictly for the following purposes:
- Service delivery — To authenticate your identity, process your property analyses, manage your credits and subscription, and display your report history.
- Service improvement — To monitor system performance, debug errors, and improve the accuracy and quality of AI-generated reports.
- Communication — To send transactional emails (e.g., payment receipts, account notifications) and, with your consent, product updates. You may opt out of non-essential communications at any time.
- Legal compliance — To comply with applicable laws, respond to lawful requests, and enforce our Terms of Service.
4. Third-Party Data Processors
To deliver the Service, we share limited data with the following categories of trusted third-party processors:
| Provider | Purpose | Data Shared |
|---|---|---|
| Google OAuth | User authentication | OAuth flow; we receive name, email, photo |
| Stripe | Payment processing | Payment details (handled directly by Stripe) |
| Google Gemini | AI report generation | Property URLs, scraped listing data, custom prompts |
| Groq | AI report generation | Property URLs, scraped listing data, custom prompts |
We require all third-party processors to handle data in accordance with applicable data protection laws. Property data sent to AI providers is used solely for generating your analysis report and is not used to train third-party AI models (subject to each provider's API data usage policies).
5. Data We Do Not Collect
For clarity, AIDeal does not:
- Store Google passwords or OAuth tokens beyond the session lifecycle.
- Store credit card numbers, CVCs, or full billing addresses.
- Use advertising trackers, Facebook Pixel, or similar profiling technologies.
- Sell, rent, or trade personal data to data brokers or advertisers.
- Access your Google Drive, Gmail, contacts, or any Google service beyond basic profile info.
6. Data Retention
We retain your personal data for as long as your account is active or as needed to provide the Service. Specifically:
- Account data (name, email) is retained until you request deletion.
- Analysis reports are retained for the duration of your account to allow re-access and history retrieval.
- Payment records (transaction IDs, plan history) are retained for a minimum of 7 years to comply with tax and accounting obligations.
Upon account deletion, we will permanently delete your personal profile data and analysis reports within 30 days, except where retention is required by law.
7. Data Security
We implement the following security measures to protect your data:
- Encryption in transit — All data is transmitted over HTTPS/TLS.
- Authentication — Secure OAuth 2.0 and JWT-based session management with server-side token validation.
- Access controls — Internal data access is restricted to authorized personnel on a need-to-know basis.
- Payment isolation — Card data is handled exclusively by Stripe's PCI-DSS Level 1 certified infrastructure.
While we strive to use commercially acceptable means to protect your personal data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security but will promptly notify affected users in the event of a data breach as required by applicable law.
8. Your Rights
Depending on your jurisdiction (including under the EU General Data Protection Regulation, UK GDPR, California Consumer Privacy Act, and similar laws), you may have the following rights:
- Right of access — Request a copy of the personal data we hold about you.
- Right to rectification — Request correction of inaccurate or incomplete data.
- Right to erasure — Request deletion of your personal data (“right to be forgotten”).
- Right to restriction — Request that we limit the processing of your data under certain circumstances.
- Right to data portability — Request to receive your data in a structured, machine-readable format.
- Right to object — Object to processing based on legitimate interests or direct marketing.
- Right to withdraw consent — Where processing is based on consent, withdraw it at any time without affecting prior processing.
To exercise any of these rights, please email privacy@aidealhome.com with the subject line “Data Rights Request.” We will respond within 30 days (or sooner if required by applicable law).
9. Cookies & Local Storage
AIDeal uses the following essential cookies and browser storage:
- Session token (
next-auth.session-token) — Authenticates your session. Expires on sign-out or after the session period. - Locale preference (
NEXT_LOCALE) — Stores your preferred language. Persists for 365 days. - Session storage — Temporarily caches in-progress analysis data in your browser. Cleared when you close the tab or sign out.
We do not use third-party advertising, tracking, or analytics cookies. Because our cookies are strictly necessary for the Service to function, we do not display a cookie consent banner, in accordance with applicable privacy regulations.
10. International Data Transfers
Your data may be processed by third-party providers (Google, Stripe, Groq) located outside your country of residence, including in the United States. Where such transfers occur, we ensure that appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) or equivalent mechanisms recognized by applicable data protection authorities.
11. Children's Privacy
The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from minors. If we become aware that we have collected data from a child under 18 without verified parental consent, we will take steps to delete such information promptly. If you believe a minor has provided us with personal data, please contact us at privacy@aidealhome.com.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:
- Update the “Effective Date” at the top of this page.
- Post a notice within the Service or send an email notification to registered users.
Your continued use of the Service after the revised Privacy Policy takes effect constitutes your acceptance of the changes. We encourage you to review this page periodically.
13. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:
- Privacy inquiries: privacy@aidealhome.com
- General support: support@aidealhome.com