Privacy Policy

Last updated: March 16, 2026

1. Introduction

ListingAI Pro ("we," "us," or "our") is committed to protecting your personal information. This Privacy Policy explains what data we collect, how we use it, who we share it with, and your rights regarding your personal data.

This policy applies to all users of our website and Service located at https://listingai.org. By using the Service, you consent to the practices described in this policy.

2. Information We Collect

Information you provide directly:

  • Account data: email address, password (stored in hashed form)
  • Payment data: billing information processed by Stripe (we do not store card numbers)
  • Content data: property details you enter to generate listing descriptions
  • Communications: messages you send to our support team

Information collected automatically:

  • Usage data: pages visited, features used, generation history
  • Technical data: IP address, browser type, device type, operating system
  • Log data: access times, error logs
  • Cookies: session cookies required for authentication (see Section 7)

3. How We Use Your Information

We use collected data for the following purposes:

  • To provide, operate, and maintain the Service
  • To process payments and manage your subscription
  • To send transactional emails (receipts, account verification, password reset)
  • To respond to support requests and communications
  • To detect, investigate, and prevent fraud or abuse
  • To improve and develop new features
  • To comply with legal obligations

We do not use your property input data to train AI models or share it with third parties beyond what is necessary to generate your requested output.

4. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), we process your personal data under the following legal bases:

  • Contractual necessity: to provide the Service you have subscribed to
  • Legitimate interests: to improve the Service, detect fraud, and ensure security
  • Legal obligation: to comply with applicable laws
  • Consent: for optional communications (where applicable)

5. Data Sharing and Third Parties

We do not sell your personal data. We share data only with the following trusted service providers, each bound by their own privacy commitments:

Supabase

Database and authentication infrastructure. Data stored in secure, encrypted databases.

Stripe

Payment processing. PCI DSS Level 1 certified. We never store your full card details.

Vercel

Hosting and content delivery infrastructure.

Google (Gemini API)

AI content generation. Property input data is transmitted to Google's API to generate descriptions and is not retained by Google for training purposes under our API agreement.

Resend

Transactional email delivery.

We may also disclose your information if required by law, court order, or to protect the rights and safety of our users.

6. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. Specifically:

  • Account data: retained until you request account deletion
  • Billing records: retained for 7 years to comply with tax and accounting requirements
  • Generated listings: retained in your account history until deleted by you or account closure
  • Support communications: retained for 2 years

Upon account deletion, we will delete or anonymize your personal data within 30 days, except where retention is required by law.

7. Cookies

We use the following cookies:

  • Essential cookies: required for authentication and session management. Cannot be disabled without breaking the Service.

We do not use advertising, analytics, or third-party tracking cookies. You can clear cookies through your browser settings, but doing so will log you out of your account.

8. Security

We implement industry-standard technical and organizational measures to protect your personal data, including:

  • HTTPS encryption for all data in transit
  • Encrypted storage for sensitive data at rest
  • Secure authentication managed by Supabase
  • Payment data handled exclusively by Stripe (PCI DSS compliant)
  • Access controls limiting data access to authorized personnel only

No method of transmission or storage is 100% secure. If you believe your account has been compromised, contact us immediately.

9. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access: request a copy of the personal data we hold about you
  • Correction: request correction of inaccurate or incomplete data
  • Deletion: request deletion of your personal data ("right to be forgotten")
  • Portability: request your data in a structured, machine-readable format
  • Objection: object to processing based on legitimate interests
  • Restriction: request restriction of processing in certain circumstances
  • Opt-out (CCPA): California residents have the right to opt out of the sale of personal information. We do not sell personal information.

To exercise any of these rights, contact us at webservicenapit@gmail.com. We will respond within 30 days.

10. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that a child has provided personal data, we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or a prominent notice on the Service. The "Last updated" date at the top of this page reflects the most recent revision.

12. Contact

For privacy-related questions, requests, or concerns, contact us at:

webservicenapit@gmail.com