How we handle your data.
Short version: we only collect what we need to run the product, we never sell it, and you can ask us to delete it any time.
What we collect
To deliver the reports you signed up for, BrokerOS holds:
- Your brokerage's MLS data, via read-only access you authorize.
- Your roster, typically a CSV of agents and their basic contact info.
- Account details for the people on your team who receive reports — names, emails, role.
- Usage data from our own systems (when reports go out, whether they're opened) so we can show you delivery history and improve the product.
- Payment information, processed by Stripe. We don't store your card details ourselves.
Connected Google Workspace and Microsoft 365 accounts
Connecting a work account is optional. Calendar and email are separate connections, and BrokerOS asks for each permission only when you choose that feature.
- Account identity. We receive the connected account's provider ID and email address so the authorization can be bound to the correct BrokerOS user and brokerage.
- Calendar. If you connect a calendar, BrokerOS uses calendar-event access only to create, update, and remove private BrokerOS task and meeting events. BrokerOS does not list, copy, or analyze your unrelated calendar events and does not add recruits or other people as attendees.
- Email. If you connect email, BrokerOS requests send-only access so it can send a message from your work account after you explicitly approve that message. BrokerOS does not request permission to read, search, download, or monitor your mailbox.
- Authorization credentials. BrokerOS stores the refresh token needed to maintain the connection using authenticated encryption. Short-lived access tokens are used only on the server and are never sent to the browser or written to an audit record.
How connected-account data is used
Google and Microsoft account data is used only to provide the user-facing connection you requested: identifying the connected account, synchronizing BrokerOS-owned calendar events, sending an explicitly approved message, and maintaining the security and reliability of that connection.
We do not use connected-account data for advertising, retargeting, credit decisions, surveillance, or training general-purpose AI models. We do not sell it or transfer it to data brokers or information resellers.
Google API data
BrokerOS's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including its Limited Use requirements.
What we don't do
We don't sell your data. We don't share it with advertisers. We don't use it to train AI models. We don't pass it to other brokerages. We don't write back to your MLS or any of your other systems.
Who we share it with
Only the vendors we need to actually run the service — our hosting provider, Stripe for payments, and the email service that delivers your reports. Each of these handles only what's required for their piece of the work.
Connected-account credentials are processed by our application hosting and database providers only as needed to operate the connection. Calendar actions are sent to Google or Microsoft, and an approved email is sent through the provider you connected to the recipients you selected. We do not disclose Google or Microsoft account data to unrelated third parties.
How long we keep it
While your account is active, we keep the data needed to provide BrokerOS. A connected-account refresh token is retained only while that connection remains active. Disconnecting Calendar or Email from BrokerOS deletes the stored token and stops future provider access. Existing calendar events remain in your calendar unless you remove them.
Connection metadata and security audit records may remain after disconnection so the brokerage can account for privileged changes, but they do not contain a usable provider token. You may also revoke BrokerOS directly from your Google or Microsoft account security settings. When a brokerage cancels BrokerOS, we delete customer data according to the applicable agreement and legal retention requirements.
Your choices
You can ask us at any time to show you what we have, correct anything that's wrong, or delete it. Email [email protected] and we'll handle it within a reasonable timeframe.
Security
We use industry-standard practices to protect the data you trust us with — encryption in transit, access controls, audit logging. No system is perfect, but we treat your data the way we'd want ours treated.
Children
BrokerOS is built for real estate brokerages and the people who work there. It's not for anyone under 18, and we don't knowingly collect data from minors.
Changes
If we make a meaningful change to this policy, we'll update the date below and let active customers know by email.
Contact
Questions about anything on this page: [email protected].