listables

Privacy Policy

Last Updated: November 29, 2025

Listables ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you access our website, platform, and services ("Services").

1Information We Collect

1.1 Account Information

When you create an account, we collect:

  • Email address (required for authentication)
  • Name (if provided via Google OAuth)
  • Profile picture (if provided via Google OAuth)
  • Authentication method (magic link or Google OAuth)

1.2 Usage Information

We collect information about how you use our Services:

  • Property searches and filter preferences
  • Saved listings and bookmarks
  • Subscription tier and billing history
  • Feature usage patterns
Note: Chat conversations with our AI assistant are processed in real-time and are not stored on our servers. We do not retain your chat history.

1.3 Payment Information

All payments are processed securely by Stripe (PCI-DSS Level 1 compliant). We store only:

  • Subscription status and billing cycle
  • Stripe customer ID (for managing your subscription)
  • Transaction history (amounts and dates)

We never have access to your full credit card number, CVV, or banking details.

1.4 Technical Information

We automatically collect certain technical data:

  • IP address and approximate location
  • Browser type and version
  • Device type and operating system
  • Session identifiers and timestamps
  • Server access logs

1.5 Cookies

We use cookies and similar technologies for:

  • Authentication: Secure HttpOnly session cookies
  • Preferences: Theme settings and user preferences
  • Analytics: Google Analytics 4 for usage insights
  • Performance: CDN caching and load optimization

2How We Use Your Information

We use your information to:

  • Operate, maintain, and improve the Listables platform
  • Authenticate users and manage account security
  • Deliver AI-powered vacation rental investment insights
  • Process subscription payments via Stripe
  • Send transactional emails (magic links, subscription confirmations)
  • Analyze usage patterns to improve features
  • Detect and prevent fraud or abuse
  • Comply with legal obligations

3Third-Party Services

We integrate with the following trusted third-party services:

3.1 Authentication & Identity

  • Magic Link: Passwordless email authentication
  • Google OAuth: Sign in with Google

3.2 Payments

  • Stripe: PCI-DSS Level 1 compliant payment processing

3.3 Analytics & Monitoring

  • Google Analytics 4: Anonymous usage analytics

3.4 Email & Communications

  • Resend: Transactional email delivery

3.5 Infrastructure

  • Amazon Web Services (AWS): Hosting, database, and CDN
  • OpenAI: AI analysis (no PII sent to OpenAI)
  • RentCast: Property valuation data

4Data Retention

  • Active accounts: Data retained while your account is active
  • Inactive accounts: Data deleted after 24 months of inactivity
  • Analytics data: Retained for up to 14 months
  • Server logs: Retained for 90 days
  • Chat conversations: Not stored (processed in real-time only)

5Your Privacy Rights

Depending on your location, you may have certain rights under privacy laws such as GDPR (Europe) or CCPA (California).

5.1 Your Rights Include

  • Access: Request a copy of your personal data
  • Deletion: Request deletion of your account and data
  • Correction: Update inaccurate information
  • Portability: Export your data in a machine-readable format
  • Restriction: Limit how we process your data
  • Objection: Object to certain types of processing

5.2 How to Exercise Your Rights

To exercise any of these rights, contact us at support@listables.com. We will respond within 30 days.

6Security Measures

We implement industry-standard security measures to protect your data:

  • Encryption in Transit: All data transmitted via HTTPS/TLS
  • Encryption at Rest: Database encryption (AWS RDS)
  • Secure Cookies: HttpOnly cookies to prevent XSS attacks
  • Access Control: Role-based access control (RBAC)
  • Monitoring: Real-time security monitoring and alerting
  • Infrastructure: SOC 2 Type II compliant (AWS)

7International Data Transfers

Your data may be processed in the United States where our servers are located. By using Listables, you consent to the transfer of your data to the US. We ensure appropriate safeguards are in place for international transfers.

8Children's Privacy

Listables is not intended for users under 18 years of age. We do not knowingly collect personal information from minors. If we discover that a minor has provided personal information, we will delete it immediately.

9Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email at least 30 days before they take effect. The "Last Updated" date at the top indicates the most recent revision.

Continued use of Listables after changes take effect constitutes acceptance of the updated policy.

10Contact Us

If you have questions about this Privacy Policy, wish to exercise your data rights, or have concerns about how we handle your information:

Email: support@listables.com

Questions? Contact us at support@listables.com