Privacy Policy

Effective Date: April 8, 2026

1. Introduction

Trovato ("we," "us," or "our") operates an AI-powered lead qualification platform for residential real estate professionals. This Privacy Policy describes how we collect, use, share, and protect personal information when you use our website and services at trovatoai.com (the "Service").

By using our Service, you agree to the collection and use of information as described in this policy. If you do not agree, please do not use the Service.

This policy applies to users of the Trovato platform (real estate professionals who create accounts). Prospect data entered by our users — such as names, phone numbers, and property preferences of potential renters or buyers — is processed on behalf of our users. Prospects do not create accounts or sign in to Trovato directly.

2. Information We Collect

Information from Google Sign-In

When you sign in with Google, we receive your:

  • Name and email address
  • Profile picture
  • Google OAuth tokens (to maintain your session and access Google Calendar on your behalf)

Information You Provide Directly

  • Waitlist sign-up: Name and work email address
  • Account profile: Full name, phone number, company/organization name, title, license number and state, LinkedIn URL, profile image
  • Property data: Property addresses, type, pricing, availability, square footage, touring hours, and other listing details
  • Prospect/contact data: Names, phone numbers, email addresses, budget and credit score ranges, yearly income, pet information, move-in dates, lease preferences, number of occupants, and other qualification details
  • Bot customizations: Greeting messages, qualification questions, FAQ responses, and scheduling messages
  • Calendar preferences: Tour scheduling availability and calendar event details

Information from Third Parties

  • Zillow: When you connect Zillow as a lead source, we receive prospect contact information, property interest details, and qualification answers submitted through Zillow inquiry forms

Information Collected Automatically

  • IP address, browser type, and device information
  • Server logs and usage data
  • Authentication session cookies

3. How We Use Your Information

We use the information we collect to:

  • Authenticate your account via Google Sign-In and manage your session
  • Provide CRM services including contact management, property listings, and lead tracking
  • Send SMS messages to your prospects on your behalf for lead qualification and tour scheduling
  • Operate AI chatbot conversations with your prospects to qualify leads and answer property questions
  • Send transactional emails such as welcome messages and team invitations
  • Integrate with your calendar for scheduling property tours
  • Improve the Service by analyzing usage patterns and fixing issues

4. Third-Party Services and Data Sharing

We share information with the following third-party service providers, solely to operate and deliver the Service:

ServicePurposeData Shared
GoogleAuthentication and calendar integrationOAuth tokens, profile data, calendar events
TwilioSMS deliveryProspect phone numbers and message content
BotpressAI chatbot for lead qualificationProspect names, contact details, conversation data
SupabaseDatabase and authentication infrastructureUser account data, property listings, and prospect data for database storage and authentication
ResendEmail deliveryEmail addresses and email content
VercelApplication hostingServer logs and request metadata

We do not sell your personal information. We only share data with third parties as described above to provide and improve the Service.

We may also disclose your information if required by law, legal process, or government request, or to protect the rights, property, or safety of Trovato, our users, or the public.

5. Google API Services Disclosure

Trovato's use and transfer of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Trovato's use of information received from Google APIs is limited to providing or improving user-facing features that are prominent in our application's user interface. We do not use this data for serving advertisements or for any purpose beyond what is described in this policy.

Specifically, we:

  • Only use Google user data for the purposes described in this Privacy Policy
  • Do not use Google user data for advertising purposes
  • Do not sell Google user data to third parties
  • Do not use Google user data to build user profiles for advertising or market research
  • Only access Google Calendar data with your explicit consent to facilitate tour scheduling
  • Do not allow humans to read Google user data unless we have your affirmative agreement, it is necessary for security purposes, it is necessary to comply with applicable law, or our use is limited to internal operations

Google API Scopes We Request

  • openid, email, profile — for authentication and account creation
  • https://www.googleapis.com/auth/calendar.events — to create and manage tour scheduling events on your behalf

6. AI and Automated Communications

Our Service uses AI-powered chatbots to qualify leads and communicate with prospects on your behalf. When prospects interact with our chatbot, they are communicating with an artificial intelligence system, not a human. The chatbot may:

  • Send initial greeting messages to prospects via SMS
  • Ask qualification questions about budget, timeline, and property preferences
  • Answer frequently asked questions about properties
  • Assist with scheduling property tours

All chatbot conversations are stored and accessible to you through the Service dashboard.

7. SMS and Text Messaging

Our Service sends SMS text messages to prospects on your behalf using Twilio. Messages are sent only to contacts that have been added to the platform by authorized users of the Service.

Prospects may opt out of receiving text messages at any time by replying STOP to any message. Standard message and data rates may apply. Message frequency varies based on conversation activity.

8. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. Specifically:

  • Account data: Retained while your account is active. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it by law.
  • Prospect and conversation data: Retained while the associated account is active. Account owners may delete individual contacts and conversations at any time.
  • Waitlist data: Retained until you unsubscribe or request deletion.
  • Google OAuth tokens: Retained for as long as your account is active and revoked immediately upon account deletion or when you disconnect Google from your account.
  • Server logs: Automatically purged on a rolling basis by our hosting provider.

9. Data Deletion and Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate or incomplete data
  • Delete your account and associated personal data
  • Export your data in a portable format
  • Revoke Google access at any time through your Google Account permissions

To exercise any of these rights, contact us at privacy@trovatoai.com. We will respond to your request within 30 days.

California Residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act:

  • The right to know what personal information is collected, used, and shared
  • The right to request deletion of your personal information
  • The right to opt out of the sale of personal information (we do not sell personal information)
  • The right to non-discrimination for exercising your privacy rights

10. Data Security

We implement appropriate technical and organizational measures to protect your personal information, including:

  • All data transmitted between your browser and our servers is encrypted via HTTPS/TLS
  • Access to data is role-controlled and restricted to authorized users
  • All API endpoints require authentication and are protected against unauthorized access
  • OAuth tokens are stored securely and refreshed automatically
  • External integrations are verified before processing

While we strive to protect your data, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

11. Cookies

We use essential cookies to maintain your authentication session and keep you signed in. These cookies are necessary for the Service to function and cannot be disabled.

We do not use third-party tracking cookies, advertising cookies, or analytics cookies that track you across other websites.

12. Children's Privacy

Our Service is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13, we will take steps to delete that information promptly. If you believe a child under 13 has provided us with personal information, please contact us at privacy@trovatoai.com.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we make changes, we will update the "Effective Date" at the top of this page. If we make material changes, we will notify you by email or through a notice on the Service. Your continued use of the Service after changes are posted constitutes your acceptance of the updated policy.

14. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at:

© 2026 Trovato. All rights reserved.