ProPilot

ProPilot Privacy Policy

Last updated: June 24, 2026

This Privacy Policy explains how ProPilot ("ProPilot," "we," "our," or "us") collects, uses, discloses, and safeguards personal information when individuals ("users" or "you") access or use our real estate investment platform and related services ("the Service").

By using the Service, you agree to the practices described in this Privacy Policy.

1. Information We Collect

1.1 Information You Provide

We collect personal information that you voluntarily provide, including:

  • Name, email address, and phone number
  • Account login credentials
  • Business details (company name, role, industry)
  • Payment information (processed securely by third-party processors; ProPilot does not store full card numbers)
  • Property notes, uploaded documents, and communication logs
  • Google account connection details when you opt to connect Gmail to send email from ProPilot (see Section 1.4)

1.2 Information Automatically Collected

When you interact with the Service, we automatically collect:

  • Device details, browser type, operating system
  • IP address and approximate geolocation
  • Usage activity: pages viewed, actions taken, session duration
  • Authentication events, access logs
  • Error logs, diagnostic information, and performance metrics

1.3 SMS and Communication Data

If you use ProPilot's SMS or communication tools, we collect:

  • Phone numbers of message recipients
  • Message content, delivery status, timestamps
  • Opt-out data and suppression list status
  • SMS consent whitelist status and consent outcomes (press 1 / press 2)
  • Voice consent call logs, including call metadata, timestamps, and keypress records
  • Outbound call recording metadata and audio files when a user explicitly enables call recording

This information is required for compliant messaging, fraud prevention, and platform functionality.

1.4 Google User Data (Gmail)

ProPilot offers an optional feature that lets you send email directly from the platform using your own Gmail account. When you choose to connect your Google account, you authorize ProPilot through Google's OAuth consent screen. The points below describe exactly how ProPilot accesses, uses, stores, shares, retains, and deletes Google user data for this feature.

  • What we access: We request only the Gmail "send email" permission (the gmail.send scope), which allows ProPilot to send email on your behalf. We do not read, store, or analyze the contents of your inbox, sent mail, drafts, labels, or any other mailbox data. ProPilot does not currently offer any inbox-reading functionality.
  • How we use it: This permission is used solely to send emails that you initiate from within ProPilot — a prominent, user-facing feature. We do not use it for any other purpose.
  • What we store: We store a Google OAuth refresh token, encrypted at rest using AES-256-GCM and tied to your ProPilot account. We do not store the contents of your mailbox.
  • Sharing: We do not sell, transfer, or share Google user data with third parties. We do not use it for advertising, and we do not use it to develop, train, or improve any generalized artificial intelligence or machine learning models.
  • Retention and deletion: Your encrypted refresh token is retained only while your Gmail connection is active. When you disconnect your Google account or delete your ProPilot account, the token is deleted and ProPilot's access is revoked.

ProPilot's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

2. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Service
  • Analyze properties, run deal scoring, and support real estate workflows
  • Enable and track SMS communications
  • Process payments and send transactional notifications
  • Offer technical support and respond to inquiries
  • Improve performance, user experience, and product functionality
  • Detect, prevent, and investigate misuse, fraud, or security incidents
  • Meet legal, regulatory, and compliance obligations

We do not sell personal data or use it for targeted advertising.

3. SMS Privacy Practices

3.1 No Selling or Sharing of Messaging Data

We do not sell, share, or rent:

  • Phone numbers
  • SMS content
  • Opt-in or consent records

Your messaging data is used strictly for Service functionality and compliance.

3.2 Consent and Opt-Out

Messages sent through ProPilot are one-to-one, property-specific professional communications to licensed real estate professionals regarding active property listings. Before any SMS is enabled, ProPilot places an automated voice consent call to the listing agent contact number publicly provided on the property listing. The script states: "This is an automated message from ProPilot. An investor is interested in your listing at [Property Address]. Press 1 to receive this inquiry via SMS, Press 2 to decline. You can reply STOP to any message to opt out." SMS is enabled only when a Press 1 consent keypress is captured. If Press 2 is captured, or consent is not captured, SMS remains blocked and no SMS is sent.

This consent flow uses a fixed scripted automated voice call and touch-tone keypress input only. It is not a live AI conversation, and AI does not make consent or messaging eligibility decisions in this flow.

When outbound call recording is enabled by a user for an eligible call, ProPilot may store the recording audio, recording metadata, and the basis used to allow recording (for example, property-state eligibility or user attestation).

  • Recipients may receive up to 2 total messages per property inquiry (initial + 1 follow-up) unless they respond
  • Messages are user-initiated, manually composed, and sent one-by-one
  • Reply STOP, STOPALL, UNSUBSCRIBE, CANCEL, END, or QUIT to unsubscribe
  • Reply HELP for assistance
  • Opt-out requests take effect immediately and are honored permanently across the platform

3.3 Message Delivery

Carrier delivery is not guaranteed. Standard message and data rates may apply.

3.4 Third-Party Messaging Providers

We use Twilio (or equivalent providers) to send and receive messages. These providers operate under Data Processing Agreements to ensure confidentiality and security.

4. How and When We Share Information

We may share information only in the following limited situations:

4.1 Service Providers

We use vendors who support the operation of the Service, such as:

  • SMS delivery providers
  • Cloud hosting and database providers
  • Payment processors
  • Analytics and error-monitoring tools
  • Google (to send email through your connected Gmail account, when you enable this feature)

These providers are restricted from using your data beyond what is necessary to perform their services.

4.2 Legal Requirements

We may disclose information if required to comply with:

  • Laws or regulations
  • Subpoenas, court orders, or legal processes
  • Government or regulatory requests

4.3 Business Transfers

If ProPilot undergoes a merger, acquisition, or asset sale, your data may be transferred to the acquiring entity. SMS consent-related and suppression records are not used for marketing purposes.

We do not sell personal information.

5. Data Security

We use industry-standard protections to secure your information, including:

  • Encryption in transit and at rest
  • Access controls and role-based permissions
  • Segregation of production and development environments
  • Regular security testing and monitoring
  • Authentication safeguards

While no system is 100% secure, we take reasonable steps to protect your data.

6. Data Retention

We retain information only as long as necessary for operational, legal, and compliance purposes.

  • SMS consent and opt-out records: 4-7 years, or longer where required
  • Opt-out records: may be retained indefinitely to enforce Do Not Contact requirements
  • Account data: retained while your account is active
  • Deleted accounts: anonymized or removed within a reasonable timeframe
  • Backups: may persist temporarily as part of normal system operations

7. Your Rights

Your privacy rights depend on your jurisdiction.

7.1 California (CCPA/CPRA)

California residents may:

  • Request to know what information we collect
  • Request deletion of personal information
  • Request correction of inaccurate information
  • Opt out of the sale or sharing of data (ProPilot does not sell or share data)
  • Limit use of sensitive personal information
  • Be free from discrimination for exercising rights

Requests: contact@propilotapp.com

We verify identity before fulfilling requests. Responses typically occur within 45 days.

7.2 GDPR (EU/EEA)

If applicable, you may have rights to:

  • Access
  • Rectification
  • Erasure
  • Restriction
  • Objection
  • Data portability

Legal bases for processing include:

  • Contract performance
  • Consent
  • Legitimate interests
  • Compliance with legal obligations

8. Do Not Track (DNT)

The Service does not currently respond to Do Not Track browser signals because no industry standard exists.

9. Third-Party Services

Links or integrations with third-party platforms are provided for convenience only. We are not responsible for their privacy practices or policies.

ProPilot integrates with Google to provide the optional Gmail sending feature described in Section 1.4. ProPilot's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

10. Children's Privacy

The Service is not intended for individuals under 18 years of age. We do not knowingly collect information from children.

11. Changes to This Policy

We may update this Privacy Policy occasionally. Updates will appear with a revised "Last Updated" date.

Continued use of the Service constitutes acceptance of updated terms.

12. Contact Us

For questions or privacy requests:

ProPilot
Email: contact@propilotapp.com

← Back to ProPilot