← Back to home

Privacy Policy

Effective date: April 24, 2026 Last updated: April 24, 2026

Relea Technologies Inc. ("Relea," "we," "us," or "our") operates relea.ai and the relea software-as-a-service platform (together, the "Service"). This Privacy Policy explains what personal information we collect, how we use and share it, how long we keep it, and what choices you have. It applies to the marketing site (relea.ai), the authenticated product (app.relea.ai), and any related APIs and emails.

Please read it alongside our Terms of Service (https://relea.ai/terms) and Disclaimer (https://relea.ai/disclaimer). Capitalized terms not defined here have the meanings given in the Terms.

1. Summary

2. Information We Collect

2.1 Information you give us

Lead forms on relea.ai. When you apply for the Private Test or sign up for the mailing list, we collect the fields you submit, such as your name, email, company or brokerage, persona, deal volume, markets, tools you use today, and free-text answers. We also store whether you checked the "I agree to the Terms and Privacy Policy" box.

Account information. If you create an account, we collect your name, email, password hash (we never store plaintext passwords; authentication is managed through our Keycloak identity service), and any profile information you choose to add.

Content you submit. Listings, URLs, offering memoranda, rent rolls, inspection reports, PDFs, photos, notes, and assumptions you upload or type into the Service ("User Content"). Some User Content may itself contain personal information about tenants, sellers, brokers, or other third parties.

Communications. If you email us, schedule a call, or respond to a survey, we keep a record of the exchange.

2.2 Information we collect automatically

Device and log data. Server logs record your IP address, user-agent, referring URL, the pages and API endpoints you hit, timestamps, HTTP status codes, and similar diagnostic data.

Usage and product telemetry. We log events such as page views, funnel steps (form starts, submissions), feature interactions, errors, and performance metrics (web vitals). These events may include your user ID when you are signed in, but do not include the contents of your deal models.

Cookies and similar technologies. See Section 6.

Hashed identifiers. We apply a one-way salted hash to your IP address for abuse prevention (rate limiting, duplicate detection) and retain the hash rather than the raw IP where feasible.

2.3 Information from third parties

To populate the models you ask us to build, the Service fetches data from third-party sources, including:

  1. public listing pages (scraped HTML, photos, and attachments);
  2. public county assessor and recorder records;
  3. the U.S. Census Bureau (vacancy and demographic statistics);
  4. third-party rental comp services;
  5. interest-rate and public-benchmark feeds;
  6. public court, floodplain, and environmental data; and
  7. email you forward to our intake addresses.

Some of this data may identify individuals (for example, a property owner's name on a public deed). We handle it under this Policy and our agreements with each source.

3. How We Use Information

We use personal information to:

  1. Provide the Service: authenticate you, build and update your models, run analyses, generate reports, and deliver sharing and collaboration features;
  2. Communicate: respond to your applications and inquiries, send product and Private Test updates, and send service notifications (for example, when someone shares a deal with you);
  3. Secure the Service: prevent abuse, fraud, and unauthorized access; detect bots; enforce rate limits; and investigate incidents;
  4. Improve the Service: evaluate usage, debug errors, measure performance and funnel health, and develop new features. We may use de-identified and aggregated data for this purpose, and may retain it after your account is closed;
  5. Operate our business: manage billing (once paid tiers launch), maintain books and records, and comply with law and accounting obligations;
  6. Comply with legal obligations, respond to lawful requests from authorities, and enforce our Terms;
  7. Evaluate and run AI models that power the Service. We use AI to extract data from your uploads, search relevant public records, flag risks, and generate narrative commentary. When we send content to third-party AI providers (see Section 8), it is under commercial-use terms that prohibit the provider from using that content to train their general-purpose models. We do not use your User Content to train third-party foundation models or publicly released models without your consent. We may use your User Content to evaluate, tune, and operate private models used exclusively to deliver the Service to you.

4. Legal Bases for Processing (EEA/UK visitors)

If you are in the European Economic Area, the United Kingdom, or Switzerland, we rely on the following legal bases under the GDPR:

  1. Contract (Art. 6(1)(b)): to provide the Service you have signed up for;
  2. Legitimate interests (Art. 6(1)(f)): to secure the Service, prevent abuse, communicate about the product, and improve it, balanced against your rights;
  3. Consent (Art. 6(1)(a)): for marketing emails where required, and for any processing we specifically request your consent for; and
  4. Legal obligation (Art. 6(1)(c)): to comply with applicable law.

You can withdraw consent at any time where consent is the legal basis. Section 12 describes your rights.

5. Disclosure of Information

We disclose personal information only as described below. We do not sell personal information, and we do not share it with third parties for their independent advertising.

  1. Collaborators you invite. When you share a deal with another user, they can view, and if granted edit permission, modify the shared content. Shared listings may show "Your Agent" cards with a broker's name, logo, and contact information that the broker has supplied.

  2. Subprocessors (Section 8). We use trusted service providers to host, operate, secure, and deliver the Service. They process information on our behalf under written agreements that restrict their use of the information.

  3. Legal and safety. We may disclose information when we have a good-faith belief that disclosure is necessary to comply with law, respond to a lawful request, enforce our Terms, protect the rights, property, or safety of Relea or others, or investigate fraud and abuse. Where permitted, we will notify you of legal requests for your data before disclosure.

  4. Corporate transactions. If we are involved in a merger, acquisition, financing, reorganization, or sale of assets, personal information may be transferred as part of the transaction. We will notify you by email or a notice on the Service if a new entity becomes the controller of your information, and we will ensure the recipient is bound by commitments consistent with this Policy.

  5. Aggregated or de-identified data. We may share aggregate statistics and de-identified data that cannot reasonably be used to identify you.

6. Cookies and Similar Technologies

Marketing site (relea.ai). We use only strictly necessary functional storage (for example, to remember that you dismissed the announcement bar) and first-party analytics events that we post to our own API. We do not load third-party advertising cookies, we do not use Google Analytics, and we do not use cross-site trackers.

Authenticated product (app.relea.ai). We use cookies and local storage to keep you signed in, remember your preferences, and operate the Service. Authentication cookies are set by our Keycloak identity service. Session cookies are necessary for the Service to function.

Cloudflare Turnstile. We use Cloudflare Turnstile to protect our forms from bots. Turnstile processes minimal technical data about your browser; it does not use persistent tracking cookies for advertising.

Google Fonts. We load typography from Google Fonts. Your browser requests font files from fonts.googleapis.com and fonts.gstatic.com; this causes your IP address and user-agent to be visible to Google during the request. We do not pass any other information to Google.

You can disable cookies in your browser, but parts of the Service may not function.

Do Not Track / Global Privacy Control. Because our tracking is limited to first-party, service-essential analytics, we treat DNT and GPC signals as informational only and do not change our behavior in response. Residents of jurisdictions that require us to honor GPC as an opt-out will have their signal honored to the extent required by law.

7. Your Content and Deal Data

Content you submit to the Service (listings, uploads, notes, assumptions, rent rolls) is private to you and to collaborators you invite. It is not shared with other users. We access it only to provide the Service, secure and debug it, and comply with law. Access by our personnel is limited to those with a need-to-know and is logged.

We treat User Content as confidential under our Terms and use encryption in transit (TLS 1.2 or higher) and at rest for our primary data stores.

8. Subprocessors

We use the following categories of service providers. Sub-lists are representative as of the effective date and may change. A current list is available at https://relea.ai/privacy on request to privacy@relea.ai.

Purpose Provider Data categories Processing location
Cloud hosting, storage, CDN, backups Google Cloud Platform (Google LLC) All categories United States
Identity and authentication Keycloak (self-hosted on Google Cloud Platform) Account credentials, session identifiers United States
Large language model inference (data extraction, narrative generation) OpenAI, L.L.C.; Anthropic, PBC Content you submit or that we fetch to build your model United States
Transactional and notification email Gmail (Google Workspace) or Resend, Inc. (configurable) Email addresses, message content United States
Bot and abuse protection on forms Cloudflare, Inc. (Turnstile) IP address, browser technical data Global edge
Typography delivery Google LLC (Google Fonts) IP address, user-agent (from font requests) Global edge
Public listing, records, comparables, and benchmark data sources County assessors and recorders; U.S. Census Bureau; rental comp services; and others Property and counterparty data that may include personal information from public records Varies
Error monitoring and observability Our self-hosted Grafana / Prometheus stack Log and telemetry metadata United States

We have data-processing or equivalent agreements in place with our commercial providers, including terms that prohibit the providers from using your content to train their generally available models. We review this list when we add or change providers.

9. Security

We take security seriously and use measures consistent with industry practice, including: encryption in transit and at rest; hardened, containerized infrastructure; role-based access controls; secrets managed through a managed secret store; salted password hashing via our identity provider; audit logging; and regular backups. No system is perfectly secure. If we learn of a breach that materially affects you, we will notify you as required by law.

Report security issues to security@relea.ai.

10. Data Retention

We retain personal information only as long as we need it for the purposes in this Policy or as required by law.

  1. Lead form submissions: retained for up to 24 months to evaluate fit, respond, and coordinate onboarding, then deleted or de-identified, unless you have an active relationship with us.
  2. Mailing list: retained until you unsubscribe, plus a suppression record to prevent us from re-adding you.
  3. Account and User Content: retained for the life of your account, plus up to 90 days after account closure for backup cycling. We may keep aggregated or de-identified data after that.
  4. Security and audit logs: up to 12 months.
  5. Billing and tax records (once paid tiers launch): retained as required by law, typically 7 years.

You can request deletion at any time (Section 12).

11. International Transfers

Relea is based in the United States, and our primary infrastructure is in the United States. If you access the Service from outside the United States, your information will be transferred to and processed in the United States. Where required by law, we rely on appropriate safeguards (such as the Standard Contractual Clauses) for transfers from the EEA, United Kingdom, or Switzerland to the United States.

12. Your Rights and Choices

12.1 All users

You can:

  1. access, review, and update your account information in the Service or by emailing privacy@relea.ai;
  2. request a copy of the personal information we hold about you;
  3. request deletion of your account and associated personal information, subject to exceptions (for example, where we must retain records to comply with law);
  4. unsubscribe from marketing emails via the link in each message or by replying "unsubscribe"; and
  5. close your account at any time.

12.2 EEA / UK / Switzerland

In addition to the above, you have the rights of access, rectification, erasure, restriction, portability, and objection under the GDPR, as well as the right to lodge a complaint with a supervisory authority in your country of residence. Where we rely on consent, you can withdraw it at any time without affecting the lawfulness of processing before withdrawal.

12.3 California

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the CPRA, gives you specific rights:

  1. Right to know what personal information we have collected about you in the previous 12 months, the categories of sources, the categories of third parties to whom we disclosed it, and the purposes for each.
  2. Right to delete personal information we hold about you, subject to exceptions.
  3. Right to correct inaccurate personal information.
  4. Right to limit use of sensitive personal information (we do not collect sensitive personal information beyond account credentials).
  5. Right to opt out of sale or share: we do not sell or share personal information as those terms are defined under the CCPA.
  6. Right to non-discrimination: we will not discriminate against you for exercising your rights.

Categories we collect, from CCPA Cal. Civ. Code § 1798.140: identifiers; commercial information (Private Test / mailing interest); internet or other electronic network activity information (log and telemetry data); geolocation (approximate, from IP); professional or employment-related information (persona, company, role); and inferences drawn from the foregoing for product personalization.

To exercise these rights, email privacy@relea.ai from the email associated with your account. We will verify your request by confirming you control that email and, where needed, by asking for additional information. You may use an authorized agent, provided we can verify the agent's authority.

12.4 Other U.S. state privacy laws

If you are a resident of Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, or another state with a comprehensive privacy law, you have rights similar to those described in Sections 12.1 and 12.2, including the right to access, correct, delete, and, where applicable, opt out of targeted advertising, sale, or profiling with significant effects. We do not engage in targeted advertising or sale of personal information as those terms are defined in those laws. To exercise rights, contact privacy@relea.ai. You may appeal a denial of your request by replying to our response; we will respond to appeals within the timeframes required by applicable law.

13. Children's Privacy

The Service is intended for real-estate professionals and investors, and is not directed to children under 18. We do not knowingly collect personal information from children under 18. If we learn that a child under 18 has provided us personal information, we will delete it.

14. Third-Party Sites

The Service may link to third-party sites, including county assessor portals, listing sites, and lender websites. We are not responsible for the privacy practices of those sites.

15. Changes to This Policy

We may update this Policy from time to time. If we make a material change, we will notify you by email to the address associated with your account or by posting a prominent notice on the Service at least 10 days before the change takes effect. Your continued use of the Service after the effective date constitutes acceptance of the revised Policy.

16. Contact Us

Relea Technologies Inc. Attn: Privacy Email: privacy@relea.ai General: hello@relea.ai Security: security@relea.ai

Our mailing address is available on request. If you prefer postal mail, email us first so we can direct your request to the right person.

If you have unresolved concerns, you have the right to complain to your local data-protection authority. We hope you contact us first so we can address your concerns directly.