Privacy Policy

Effective Date: February 16, 2026

Last Updated: February 16, 2026

Everre LLC (“Everre,” “we,” “us,” or “our”), an Illinois limited liability company, operates the Everre platform located at everre.co (the “Service”). This Privacy Policy describes how we collect, use, disclose, and protect your information when you use the Service.

By accessing or using the Service, you consent to the practices described in this Privacy Policy. If you do not agree with this Privacy Policy, please do not use the Service.

1. Information We Collect

1.1 Information You Provide Directly

Category	Data Elements
Account Information	Full name, email address, password (hashed), company name, job title
Organization Data	Organization name, team structure, user roles and permissions
Contact Records	Names, phone numbers, email addresses, business addresses, LinkedIn profiles, company affiliations, and other contact details for individuals and companies you add to the CRM
Property Data	Property addresses, identification numbers (PINs), ownership records, valuations, tax information, financial metrics, rent rolls, and transaction details
Financial Information	Deal pricing, underwriting models, financing scenarios, cap rates, and comparable analyses
Documents & Files	Uploaded documents (PDF, Word, Excel, PowerPoint, images), presentations, contracts, and other files (up to 100 MB per file)
Email Content	Email messages, templates, and campaign content that you compose within or sync to the Service
Digital Signatures	Signature images, signer names, email addresses, IP addresses, timestamps, and cryptographic audit trails
AI Training Materials	Brand reference documents, presentations, and images uploaded for AI brand training
Website Content	Property descriptions, images, layouts, and custom domain information for websites you publish through the Service
Payment Information	Billing address and payment method details (processed and stored by Stripe; we do not directly store credit card numbers)

1.2 Information Collected Automatically

Category	Data Elements
Usage Data	Features accessed, actions taken, timestamps, frequency of use, and interaction patterns
Device Information	Browser type, operating system, device type, screen resolution
Log Data	IP addresses, access timestamps, referring URLs, error logs
Email Tracking Data	Email open timestamps, link click events, and approximate geolocation derived from IP addresses of email recipients

1.3 Information from Third-Party Sources

Source	Data
Google OAuth	Name, email address, profile picture (when you sign in with Google)
Gmail / Outlook	Email messages, headers, attachments, and metadata from connected email accounts (with your authorization)
Public Records	Property ownership records, tax assessments, and transaction data from public county and government sources

2. How We Use Your Information

We use the information we collect for the following purposes:

Purpose	Legal Basis
Provide, operate, and maintain the Service	Contract performance
Process subscription payments and billing	Contract performance
Sync and manage email communications on your behalf	Contract performance; your consent
Process and store electronic signature transactions	Contract performance
Generate AI-powered content, analyses, and recommendations	Contract performance
Train AI models on your brand materials (for your organization only)	Contract performance; your consent
Publish property websites on your behalf	Contract performance
Send transactional emails (account verification, password resets, notifications)	Contract performance
Improve, personalize, and develop new features	Legitimate interest
Monitor for security threats and enforce our Terms of Service	Legitimate interest
Comply with legal obligations	Legal obligation
Generate aggregate, de-identified analytics about Service usage	Legitimate interest

We do not sell your personal information. We do not use your data for targeted advertising. We do not share your data with data brokers.

3. How We Share Your Information

We share your information only in the following circumstances:

3.1 Service Providers (Subprocessors)

We engage third-party companies to perform services on our behalf. These providers are contractually obligated to use your data only as necessary to provide their services to us and are bound by confidentiality obligations.

Provider	Service	Data Shared
Supabase	Database hosting, authentication, file storage	All application data (encrypted at rest and in transit)
Vercel	Frontend application hosting	Server logs, IP addresses
Stripe	Payment processing	Billing details, payment method information
Google (Gemini AI)	AI content generation, document analysis	User prompts, document contents submitted to AI features
Anthropic (Claude)	AI content generation, document analysis	User prompts, document contents submitted to AI features
OpenAI (GPT)	AI content generation	User prompts, document contents submitted to AI features
Google (Gmail API)	Email integration	Email content, headers, attachments (with your OAuth authorization)
Microsoft (Outlook API)	Email integration	Email content, headers, attachments (with your OAuth authorization)
Resend	Transactional email delivery	Recipient email addresses, email content for system notifications
Cloudflare	Website hosting, DNS, CDN	Published website content, custom domain DNS records
Mapbox	Map services	Property coordinates and addresses

3.2 Within Your Organization

Data you enter into the Service is accessible to other authorized users within your organization based on their role and permissions. Organization Administrators have broad access to organizational data.

3.3 Portal Users

When you invite external parties to your client portal, they may access deal-specific information that you have chosen to share, including documents, financials, and contact information related to that deal.

3.4 Published Websites

Content you publish on property websites through the Service is publicly accessible on the internet. This includes property descriptions, photos, contact forms, and any other content you choose to include.

3.5 Legal Requirements

We may disclose your information if required to do so by law, regulation, legal process, or governmental request, or when we believe in good faith that disclosure is necessary to: (a) comply with a legal obligation; (b) protect our rights, property, or safety, or the rights, property, or safety of others; (c) investigate fraud or respond to a government request; or (d) enforce our Terms of Service.

3.6 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you via email or a prominent notice on the Service of any change in ownership or uses of your personal information.

4. AI Data Processing

When you use AI-powered features, your data may be processed by third-party AI providers as described in Section 3.1. Important details about AI data processing:

Data sent to AI providers: Only data that you actively submit to AI features (e.g., prompts, document contents for analysis, brand training materials) is shared with AI providers. We do not send your entire database to AI providers.
No cross-organization training: AI brand training data you upload is used solely to generate content for your organization and is not used to train models for other customers.
Provider policies: Data sent to AI providers is subject to their respective data processing agreements. We select providers who commit to not using customer data to train their general-purpose models.
Opt-out: You may choose not to use AI features. Disabling AI features does not affect other functionality of the Service.

5. Cookies and Tracking Technologies

5.1 Cookies We Use

Cookie / Technology	Type	Purpose	Duration
Supabase auth tokens	Essential	User authentication and session management	Session / 30 days
Theme preference	Functional	Remember your light/dark mode preference	Persistent
Google OAuth	Essential	Single sign-on authentication flow	Session
Stripe	Essential	Secure payment processing	Session

We do not use advertising or marketing cookies. We do not use third-party analytics services such as Google Analytics. All usage analytics are collected internally through our own systems.

5.2 Email Tracking Pixels

When our users send emails through the Service, those emails may contain a small transparent image (a “tracking pixel”) that records when the email is opened and links that track click activity. This tracking is initiated by our users, not by Everre directly. If you receive an email from an Everre user and wish to avoid tracking, you may disable image loading in your email client.

6. Data Retention

Data Type	Retention Period
Account information	Duration of account + 30 days after deletion
User Content (files, documents, presentations)	Duration of account; deleted within 30 days of account closure
Email data (synced emails)	Duration of email account connection + 30 days after disconnection
Signature audit trails	7 years (for legal compliance purposes)
Payment records	As required by tax and financial regulations (typically 7 years)
Server logs	90 days
Backup copies	Up to 30 days after source data deletion

When you delete data within the Service, it is marked for deletion and removed from active systems promptly. Backup copies may persist for up to 30 additional days before being permanently purged.

7. Data Security

We implement industry-standard technical and organizational measures to protect your data, including:

Encryption in transit: All data transmitted between your device and our servers is encrypted using TLS/HTTPS.
Encryption at rest: Data stored in our database and file storage is encrypted at rest.
Row-Level Security: Database access is enforced at the row level, ensuring strict data isolation between organizations.
Password security: Passwords are salted and hashed using bcrypt; we never store plaintext passwords.
OAuth token encryption: Third-party OAuth tokens (Gmail, Outlook) are encrypted before storage.
Cryptographic audit trails: Signature transactions include SHA-256 document hashes for tamper detection.

While we strive to protect your information, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security.

8. Your Rights and Choices

8.1 All Users

Regardless of your location, you have the right to:

Access: Request a copy of the personal data we hold about you.
Correction: Request that we correct inaccurate or incomplete personal data.
Deletion: Request that we delete your personal data, subject to legal retention requirements.
Data Portability: Request your data in a structured, commonly used, machine-readable format.
Withdraw Consent: Where processing is based on consent, you may withdraw consent at any time (e.g., disconnect email integrations, disable AI features).
Opt-Out of Email Tracking: You may disable email tracking features within your account settings.

To exercise these rights, contact us at privacy@everre.co. We will respond to verifiable requests within 45 days.

8.2 California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (“CCPA”) as amended by the California Privacy Rights Act (“CPRA”):

Right to Know: You have the right to request that we disclose the categories and specific pieces of personal information we have collected, the categories of sources, the business or commercial purpose for collecting, and the categories of third parties with whom we share your personal information.
Right to Delete: You have the right to request deletion of your personal information, subject to certain exceptions.
Right to Correct: You have the right to request correction of inaccurate personal information.
Right to Opt-Out of Sale or Sharing: We do not sell your personal information, nor do we share it for cross-context behavioral advertising. Therefore, there is no need to opt out.
Right to Limit Use of Sensitive Personal Information: We use sensitive personal information (such as account login credentials) only as necessary to provide the Service.
Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights.

To submit a CCPA/CPRA request, contact us at privacy@everre.co or call us at the number listed in Section 14. We will verify your identity before processing your request. You may designate an authorized agent to make a request on your behalf.

8.3 Other U.S. State Privacy Rights

Residents of Colorado, Connecticut, Virginia, Utah, Texas, Oregon, Montana, and other states with consumer privacy laws may have similar rights to those described in Section 8.2. To exercise your rights under applicable state privacy law, contact us at privacy@everre.co.

8.4 International Users

If you are located outside the United States, please note that your data is transferred to and processed in the United States, where our servers and service providers are located. By using the Service, you consent to this transfer. If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, data transfers are conducted in accordance with applicable data protection laws.

9. Children’s Privacy

The Service is a business-to-business platform designed for commercial real estate professionals. It is not directed to individuals under the age of 18. We do not knowingly collect personal information from anyone under 18. If we become aware that we have collected personal information from a minor, we will take steps to delete that information promptly. If you believe that a child has provided us with personal information, please contact us at privacy@everre.co.

10. Third-Party Links

The Service may contain links to third-party websites or services that are not owned or controlled by Everre. We are not responsible for the privacy practices of third-party websites. We encourage you to review the privacy policies of any third-party service you access through or in connection with the Service.

11. Data Breach Notification

In the event of a data breach that compromises the security, confidentiality, or integrity of your personal data, we will notify affected users and applicable regulatory authorities as required by law. Notification will be provided via email and/or a prominent notice on the Service without unreasonable delay.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on the Service with a revised “Last Updated” date and, for significant changes, by sending an email notification to the address associated with your account at least 30 days before the changes take effect. Your continued use of the Service after the updated Privacy Policy becomes effective constitutes your acceptance of the changes.

13. Do Not Track Signals

Some browsers transmit “Do Not Track” (DNT) signals. Because there is no industry standard for how to respond to DNT signals, we do not currently respond to them. However, as stated above, we do not use third-party advertising or marketing tracking technologies.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Everre LLC
Email: privacy@everre.co

For CCPA/CPRA requests or formal privacy complaints, you may also contact us at the email address above with the subject line “Privacy Request.”