SpeedToLead AI

Real Estate Agency Platform

 Back to Home

Privacy Policy

Last Updated: May 23, 2026. This policy explains how we collect, isolate, and secure buyer phone numbers and SMS chat logs for your agency.

1. SMS Phone Number Handling & Lead Ingestion

When you connect SpeedToLead AI with your lead generation channels (e.g. Zillow, Facebook Ads, Realtor.com), we ingest incoming buyer names, phone numbers, and inquiry details:

  • Zero Spying: We only process messages received on Twilio numbers linked to your designated tenant account. We never monitor your personal text messages.
  • Third-party routing: Text messages are dispatched via Twilio's delivery rails and parsed using secured Google Gemini AI endpoints. No content is stored or sold to external third-party advertisers.
  • Strict Isolation: In accordance with our row-level security policy, lead phone numbers are isolated by your companyId. Competitors cannot access or view your contact records.

2. Data Storage, Hosting & Encryption

We leverage enterprise SQLite and secure hosting options to secure your dashboard records:

  • Password Hashing: User account credentials are encrypted with bcryptjs salted hashes. Standard plaintext passwords are never saved.
  • Database Records: SQLite databases securely log the message timestamps, qualified budget, and timelines mapped to each unique lead record.
  • Backup Protocols: Database configurations are regularly backed up on secure, encrypted volume drives to prevent disruption or data loss.

3. GDPR & CCPA Compliance Standards

We support standard compliance controls for global and regional operations:

  • Right to Erasure ("Right to be Forgotten"): Your buyers can request the complete deletion of their conversation logs. You can delete lead logs instantly inside the dashboard panel.
  • Data Portability: You can export full conversations and qualifying checkmarks at any time for transfer to your personal CRM systems.

4. Cookie Enforcements & Session Security

We completely eliminate Cross-Site Scripting (XSS) and token hijacking by storing JWT session tokens strictly inside **HttpOnly, Secure, and SameSite=Strict cookies**.

*Note: Client-side JS code is blocked from accessing session cookies, making it virtually impossible for unauthorized browser extensions to leak your workspace keys.*