← Zuelly

Legal

Privacy Policy

Last updated: June 19, 2026

This Privacy Policy explains how Zuelly Inc. ("Zuelly," "we," "us," or "our") collects, uses, shares, and protects information when you use our Service. It also explains your rights regarding your personal information.

Who this policy covers. This policy covers two groups of people: (1) Advisors — real estate professionals who create an account and use Zuelly to build and share property briefs; and (2) Clients — individuals who receive and view briefs or collections shared by Advisors. If you are a Client viewing a brief, Section 7 applies specifically to you.

1. Information we collect

1.1 Information Advisors provide directly

  • Account data: name, email address, brokerage or agency name, profile photo, and password (stored as a hash — we never store your plain-text password).
  • Content: briefs, listing collections, notes, photos, AI commentary, and other materials you create or upload.
  • Billing data: payment card details, billing address, and transaction records. Payment card data is processed and stored by our third-party payment processor; we do not store full card numbers.
  • Communications: messages you send to us via email or support channels.

1.2 Information collected automatically from Advisors

  • Usage data: pages visited, features used, session duration, clicks, and actions taken within the Service.
  • Device and technical data: IP address, browser type, operating system, and device identifiers.
  • Cookies and similar technologies: see Section 8.

1.3 Third-party integrations

  • Google Calendar: if you connect your Google Calendar, we receive OAuth tokens to read and write calendar events solely for the purpose of scheduling property tours. We do not access other Google account data.

1.4 Information collected from Clients (brief recipients)

When an Advisor shares a brief or collection link with a Client, and the Client views that link, we may collect:

  • Link activity data: whether the link was opened, when, how many times, and from what general location (derived from IP address at the city/region level).
  • In-brief interactions: clicks, pages viewed, time spent on specific listings, and other engagement signals within the brief.
  • Submitted data: name, email address, phone number, and tour preferences submitted voluntarily by the Client through a brief's contact or tour-request form.
  • Device and technical data: IP address, browser type, and device type.

Clients interact with briefs created by Advisors. The Advisor — not Zuelly — determines what content is shown in the brief and is responsible for disclosing to their clients that link activity may be tracked. See Section 7 for more on Client data.

2. How we use information

We use the information we collect to:

  • Provide and operate the Service: generate briefs, host collections, process tour bookings, and deliver analytics to Advisors.
  • Deliver link analytics: provide Advisors with engagement data on their shared briefs (open rates, click behavior, tour requests).
  • Authenticate and secure accounts: verify identity, prevent unauthorized access, and detect abuse.
  • Process payments: charge subscription fees and manage billing through our payment processor.
  • Communicate with Advisors: send transactional emails (account confirmations, password resets, tour notifications, billing receipts) and, where you have opted in, product updates.
  • Improve the Service: analyze usage patterns to fix bugs, prioritize features, and improve performance. We use aggregated or de-identified data where possible.
  • Meet legal obligations: comply with applicable law, respond to legal process, and enforce these Terms.

We do not use personal data for automated decision-making that produces legal or similarly significant effects without human review.

3. Legal bases for processing (GDPR)

If you are located in the European Economic Area, United Kingdom, or Switzerland, we process your personal data on the following legal bases:

  • Contract: processing necessary to provide the Service under our Terms of Service (account management, brief generation, billing).
  • Legitimate interests: link analytics delivered to Advisors, security and fraud prevention, and Service improvement — where those interests are not overridden by your rights.
  • Consent: marketing communications and non-essential cookies, where we request your consent.
  • Legal obligation: compliance with applicable law and legal process.

4. Sharing and disclosure

We do not sell your personal data.

We share data only in the following circumstances:

4.1 Service providers (processors)

We share data with vendors who process it on our behalf under data processing agreements that restrict their use of the data:

VendorPurpose
SupabaseDatabase hosting and authentication
ResendTransactional email delivery
StripePayment processing and billing

We will update this list when we add or change vendors. Current vendor list is always available at hello@zuelly.com on request.

4.2 Advisors receiving Client data

When a Client submits their name, email, or tour request through a brief, that information is shared with the Advisor who created the brief. Advisors must handle this data in accordance with applicable law.

4.3 By design: shared brief links

When an Advisor publishes a brief or collection and shares the link, the listing content on those pages is accessible to anyone with the link. Advisors control what is included and who receives the link.

4.4 Legal and safety disclosures

We may disclose information if required by law, court order, or government authority, or if we believe disclosure is necessary to prevent imminent harm, fraud, or illegal activity.

4.5 Business transfers

If Zuelly is acquired, merges with another company, or sells substantially all of its assets, personal data may be transferred as part of that transaction. We will notify affected users before personal data is transferred and becomes subject to a materially different privacy policy.

5. Data retention

We retain personal data for as long as necessary to provide the Service and meet legal obligations:

  • Account data: retained for the life of your account and deleted within 30 days of account closure, except where retention is required for legal, security, or fraud-prevention purposes.
  • Billing records: retained for 7 years as required for tax and accounting purposes.
  • Brief content and listing data: deleted within 30 days of account closure or upon your earlier request.
  • Link analytics data: retained for 24 months from collection, then aggregated or deleted.
  • Client-submitted form data: retained for 12 months from submission, or until the Advisor deletes it.

6. Security

We implement industry-standard security measures including:

  • Encrypted data transmission (TLS/HTTPS) for all data in transit.
  • Encryption at rest for sensitive data.
  • Row-level security controls in our database.
  • Least-privilege access for Zuelly personnel.
  • Regular review of access controls and third-party vendor security.

No system is perfectly secure. If you discover a security vulnerability, please report it to security@zuelly.com. We do not pursue legal action against good-faith security researchers.

7. Client data and Advisor responsibilities

Zuelly provides tools that allow Advisors to share property briefs with their own clients. In this context:

  • Advisors are data controllers for the personal data of their own clients. Zuelly acts as a data processor on the Advisor's behalf.
  • Advisors are responsible for ensuring they have a lawful basis (such as consent or legitimate interest) to share their clients' information through the Service and to track client engagement with shared links.
  • Advisors should disclose to their clients that briefs shared through Zuelly include link-tracking features that record when and how the brief is accessed.

Suggested disclosure for Advisors to include when sending a brief:

"This property brief is powered by Zuelly. When you open or interact with this link, basic engagement data (such as opens and clicks) is recorded to help me understand your preferences. No personal data is shared with third parties."

If you are a Client and have questions about how your data is handled by the Advisor who sent you a brief, please contact that Advisor directly. If you have questions about data Zuelly itself collects, contact privacy@zuelly.com.

8. Cookies and tracking technologies

We use the following types of cookies:

  • Strictly necessary cookies: required for authentication, session management, and security. These cannot be disabled without breaking the Service.
  • Functional cookies: remember your UI preferences (e.g., display settings). You can disable these without affecting core functionality.
  • Analytics cookies: used by Zuelly to understand how the Service is used in aggregate. We use first-party analytics only — no third-party advertising networks.

We do not use cookies for cross-site behavioral advertising.

Tracked brief links use server-side logging, not cookies, to record Client engagement. Clients can disable JavaScript in their browser to limit the tracking signals available, though this may affect how the brief is displayed.

9. International data transfers

Zuelly is based in the United States. If you access the Service from outside the United States, your data may be transferred to and processed in the United States or other countries where our vendors operate.

For transfers from the EEA, UK, or Switzerland to the US, we rely on Standard Contractual Clauses (SCCs) with our vendors where applicable. You may request a copy of applicable SCCs by contacting privacy@zuelly.com.

10. Your rights

Depending on your location, you may have the following rights regarding your personal data:

All users

  • Access: request a copy of the personal data we hold about you.
  • Correction: request correction of inaccurate data.
  • Deletion: request deletion of your data, subject to legal retention requirements.
  • Portability: request your data in a structured, machine-readable format.

EEA / UK / Switzerland (GDPR)

In addition to the above:

  • Restriction: request that we restrict processing of your data in certain circumstances.
  • Objection: object to processing based on legitimate interests.
  • Withdraw consent: where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing.
  • Lodge a complaint: you have the right to lodge a complaint with your local data protection authority.

California (CCPA / CPRA)

  • Know: right to know what personal information we collect, use, and share.
  • Delete: right to request deletion of personal information, subject to exceptions.
  • Correct: right to correct inaccurate personal information.
  • Opt out of sale or sharing: we do not sell or share personal information for cross-context behavioral advertising. No opt-out is required, but you may contact us to confirm.
  • Non-discrimination: we will not discriminate against you for exercising your privacy rights.

To exercise any of these rights, email privacy@zuelly.com. We will respond within 30 days (or 45 days where permitted by law). We may need to verify your identity before processing your request.

11. Children's privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal information, contact privacy@zuelly.com and we will delete it promptly.

12. Changes to this policy

We will notify you of material changes to this policy by email or in-app banner at least 14 days before they take effect. The "last updated" date at the top of this policy reflects the most recent revision. Continued use of the Service after the effective date constitutes acceptance of the revised policy.

13. Contact

General privacy questions: privacy@zuelly.com

Security reports: security@zuelly.com

DMCA notices: legal@zuelly.com

Zuelly Inc.