Privacy Policy

Converrta (“Converrta,” “we, ” “us”) is a California business that operates a business-to-business software service for licensed real estate professionals. Our service surfaces property ownership records from public sources and licensed data vendors and, at a user’s request, enriches those records with skip-trace contact information so real estate agents can identify and communicate with potential clients.

This policy describes how we collect, use, share, and protect personal information in connection with our service. It covers two distinct categories of individuals:

• Users — licensed real estate agents and brokers who create accounts, pay for access, and use the service.
• Property Owners — the individuals whose real-estate records appear within the service. Property owners are generally not Users and do not have a direct relationship with Converrta; nevertheless, their personal information is subject to California privacy law and the rights described in this policy.

Converrta’s service is intended for use only by licensed real estate professionals operating in the United States. It is not directed at consumers, minors, or individuals located outside the United States.

When you create an account or use the service as a User, we collect the following categories of personal information:

• Account information: name, email address, password credential, profile photo (if provided), and account preferences.
• Billing information: when paid subscriptions are enabled, payment processing is handled by an industry-standard third-party payment processor. We receive subscription metadata and payment tokens; we do not receive or store complete payment card numbers.
• Service usage: records of your activity within the service, including items you have viewed or saved, features you have used, and login activity.
• Technical information: IP address, user-agent string, device information, session cookies and authentication tokens, and standard server logs.
• Communications: email correspondence with our support team and any feedback you submit.

We collect this information directly from you, automatically from your use of the service, or from the service providers we use to authenticate accounts, host the service, and process payments.

The service discovers and enriches information about real property and its owners. Converrta does not collect this information directly from property owners. Instead, we ingest it from licensed third-party data vendors and public records, then surface matching records to authenticated Users when they perform a search.

The categories of personal information we process about property owners include identifiers such as name and postal address; real-property records associated with an address; and, where a User requests it, commercially available contact information such as telephone numbers and email addresses.

We treat property-owner personal information as personal information under the California Consumer Privacy Act, even where portions of it derive from public records, and we honor the rights described in this policy with respect to it.

We use the information described above to:

• Provide, operate, and maintain the service, including account creation, authentication, and customer support.
• Enforce the terms of a User’s subscription, including applicable usage limits.
• Power AI-assisted features offered within the service. Where we use a third-party model provider to do so, we do so only under terms that prohibit the provider from using the submitted data to train its models.
• Bill Users, prevent fraud and abuse, enforce our terms of service, and comply with legal obligations.
• Communicate with Users about account, service, and security matters; send transactional messages.
• Improve the service, diagnose issues, and build new features, using aggregated or de-identified information where we can.

Automated decision-making. Converrta uses automated analysis to help Users prioritize their work. These tools support User judgment; they do not make decisions that produce legal or similarly significant effects concerning property owners.

We do not sell personal information for money.We do not “share” personal information for cross-context behavioral advertising as those terms are defined under the California Consumer Privacy Act.

Converrta uses third-party service providers to help run the service. The categories include hosting and infrastructure, authentication, payment processing, and licensed data providers.

Each provider is bound by contractual confidentiality and data-protection obligations, and processes data only on our instructions and for the purpose we have engaged it to perform. We do not name individual vendors in this policy. If you are a California resident exercising a right to know under the CCPA, we will identify the applicable processors and the categories of personal information disclosed to each in response to a verified request.

We use only the cookies and storage required to operate the service:

• Essential cookies for authentication, session management, and CSRF protection.
• Preference storage for theme and interface settings.
• Server and edge request logs retained by our hosting provider per its standard retention policy.

Converrta does not use advertising cookies, cross-site tracking pixels, third-party analytics providers, or any other mechanism that would constitute a “sale” or “share” of personal information under California law. If we add an analytics provider in the future, we will update this policy before deployment and, where required, provide an opt-out mechanism.

California residents have the following rights under the California Consumer Privacy Act as amended by the California Privacy Rights Act (together, the “CCPA”). These rights apply to both Users and property owners whose personal information we process.

How to submit a request. Submit a verifiable consumer request by email to support@converrta.com. We will acknowledge receipt within ten business days and will respond substantively within forty-five days, with one additional forty-five-day extension where reasonably necessary, as permitted by the CCPA.

Verification.For Users, we will verify your identity using the email address associated with your account and, where appropriate, additional account-specific details. For property owners who do not have an account with us, we will require a higher level of verification, which may include a government-issued identification document or a notarized declaration, as permitted under the CCPA’s implementing regulations.

Authorized agents. You may designate an authorized agent to submit a request on your behalf. The agent must provide proof of authorization, and we may require you to confirm your identity directly.

California law requires every covered business to provide a clearly labeled notice regarding the sale or sharing of personal information, regardless of whether the business currently engages in either activity.

California law defines a “data broker” as a business that knowingly collects and sells to third parties the personal information of a consumer with whom the business does not have a direct relationship. Cal. Civ. Code § 1798.99.80 The California Delete Act (SB 362) imposes additional registration and deletion-request obligations on data brokers and will require participation in a centralized deletion platform administered by the California Privacy Protection Agency.

Because our service makes property-owner information available to paying Users who do not have a direct relationship with the property owner, whether Converrta falls within the statutory definition of a “data broker” is a question we continue to review with counsel.

While that review is ongoing, Converrta honors the data-subject rights described in this policy, including the right to delete, for property-owner records. If we determine that registration is required, we will register with the California Privacy Protection Agency and publish our registration number here. We will update this section as the law and our posture evolve.

The service surfaces phone numbers and email addresses that Users may choose to use for outreach. Converrta does not place calls, send text messages, or operate an autodialer. Any outreach to a property owner is initiated by a User using that User’s own telephone, email, or customer-relationship management software.

We retain personal information only for as long as reasonably necessary for the purposes described in this policy. The following periods apply absent a deletion request or a legal obligation to retain longer:

• User account and profile information: for the life of the account.
• Records of User activity within the service: for the life of the account, plus ninety days after account closure, after which records are permanently deleted.
• Property-owner contact information unlocked through the service: contact-information records that have not been interacted with for twenty-four months are automatically purged from the live database. The associated property record (address, score, summary) is retained, but the contact-information layer must be re-unlocked, which incurs a fresh credit charge and returns current vendor data rather than stale records.
• Operational and diagnostic logs: up to twelve months, after which logs are pruned or anonymized.
• Billing and tax records: up to seven years, as required by applicable tax law.
• Infrastructure request logs: per the standard retention of our hosting provider, which is generally measured in days.
• Backups: up to thirty days in the normal backup rotation. Deletion requests are honored in the live database immediately; backups age out in the ordinary course.

Property-owner deletion requests are honored within the CCPA response window and result in deletion of matching records across all User accounts, unless we have a lawful basis to retain a particular record.

We take the security of personal information seriously and maintain a program of administrative, technical, and physical safeguards designed to protect it against loss, misuse, and unauthorized access, alteration, or disclosure.

• Encryption in transit via TLS 1.2 or higher on all public endpoints.
• Encryption at rest for the primary database.
• Access controls following the principle of least privilege, with elevated authorization required for administrative access and credentials stored only in encrypted form.
• Rate limiting and abuse prevention measures.
• Credential rotation on a scheduled basis and immediately on any suspected incident.

In the event of a breach of unencrypted personal information, we will notify affected California residents in the most expedient time possible and without unreasonable delay, and will notify the California Attorney General if more than five hundred California residents are affected, as required by Cal. Civ. Code § 1798.82. No method of transmission over the internet or method of electronic storage is one hundred percent secure; we cannot guarantee absolute security.

The service is intended for use by licensed real estate professionals operating in the United States, and our infrastructure is hosted in the United States. We do not specifically target individuals in the European Union, the European Economic Area, the United Kingdom, or any other jurisdiction outside the United States, and we make no representation of compliance with laws of those jurisdictions, including the General Data Protection Regulation.

If you access the service from outside the United States, you do so on your own initiative and are responsible for compliance with your local law. Personal information you provide or that we collect will be processed in the United States, where data protection laws may differ from those of your jurisdiction.

Because property owners are generally not Users of the service and do not have a login, we have established a separate channel for property-owner data-subject requests.

• Email support@converrta.com with the subject line Property Owner Data Request and include the property address, your mailing address, and a description of the request.
• We will respond within the forty-five-day window required by the CCPA and will follow up to complete identity verification if needed.
• Upon a verified deletion request, we will delete matching records across all User accounts and, to the extent technically feasible, place the affected property on a suppression list so future ingestion does not re-create the record.
• Converrta cannot delete records held by our upstream data vendors. If you wish to request deletion at the source, we will provide the privacy contact information for the applicable upstream vendor in response to a verified request.

We may update this policy from time to time to reflect changes in our practices, our service, or applicable law. When we make a material change, we will notify Users by email and update the “Last updated” date at the top of this page; material changes take effect thirty days after the notice. Non-material changes take effect when posted.

Prior versions of this policy are preserved and are available on request.

For questions about this policy or our privacy practices, or to submit a data-rights request, contact us at support@converrta.com. We respond to all written privacy correspondence within the windows described above.

This policy is governed by the laws of the State of California, without regard to its conflict-of-laws principles. Any California resident who believes their rights have not been properly addressed may contact the California Attorney General’s Office at oag.ca.gov/privacy or the California Privacy Protection Agency at cppa.ca.gov.