Privacy Policy

NuAgent, LLC

Effective Date: May 22, 2026
Last Updated: May 22, 2026

1. Introduction

NuAgent, LLC (“Company,” “we,” “us,” “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered real estate CRM platform (the “Service”). Please read this Privacy Policy carefully. If you do not agree with our policies and practices, please do not use our Service.

This Privacy Policy applies to information we collect through our website at www.nuagent.co, our mobile applications, and all related services, features, and content (collectively, the “Platform”).

2. Definitions and Key Terms

For purposes of this Privacy Policy:

“Personal Data” means any information relating to an identified or identifiable natural person; it includes, but is not limited to, names, email addresses, phone numbers, postal addresses, transaction data, financial information, and any other information that directly or indirectly identifies you.

“Account Data” means personal data associated with your user account, including login credentials, profile information, preferences, and usage history.

“Sensitive Data” means financial information (credit reports, bank statements, financial statements), transaction documents, deal contacts, leases, and other confidential business information.

“Third-Party Services” means external platforms including Gmail, Outlook, Amazon S3, and SendGrid that integrate with our Platform.

3. What Data We Collect

3.1 Information You Provide Directly

When you create an account and use our Service, you provide us with:

• Registration and account information (name, email address, password, company name, phone number)
• Profile information and preferences
• Financial and transaction data (when uploaded or shared via our Platform)
• Contact information for deal partners, clients, and third parties
• Documents (credit reports, bank statements, financial statements, leases, transaction documents)
• Communications with our support team

3.2 Information from Integrated Email and Calendar Services

With your authorization, we access and process data from your email and calendar services:

• Gmail Integration: Email messages, sender/recipient information, email metadata, attachments, drafts, and calendar events. We read, write, edit, and delete emails and calendar entries as directed by you.
• Outlook Integration: Emails, calendar events, contacts, and meeting information from Microsoft Outlook and Microsoft 365 accounts (including enterprise accounts).
• Contact Data: Names, email addresses, phone numbers, and other contact information from your email and calendar systems.

3.3 Information Collected Automatically

We automatically collect certain information about your interactions with our Platform:

• Usage Data: Pages visited, features used, time spent on the Platform, clicks, scrolls, and navigation patterns
• Device Information: Device type, operating system, browser type and version, IP address, and mobile device identifiers
• Log Data: Access logs, error messages, and system performance metrics
• Cookies and Similar Technologies: Session cookies, persistent cookies, and tracking pixels for authentication and analytics

4. How We Use Your Data

We use collected data for the following purposes:

• Service Delivery: Providing, maintaining, updating, and improving the Platform and delivering the features and functionality you request
• Account Management: Creating and managing your account, authentication, and password recovery
• AI and Agentic Processing: Training and improving our AI models for email writing, email templates, marketing materials, transaction assistance, scheduling, and coaching features
• Communication: Sending service updates, technical notices, security alerts, and responding to your inquiries
• Marketing and Promotions: With your consent, sending promotional emails, newsletters, and product updates. We use SendGrid for mass marketing emails with corporate branding from different tenants.
• Analytics and Performance: Understanding user behavior, optimizing features, and analyzing trends to enhance our Service
• Security and Fraud Prevention: Detecting, preventing, and addressing fraud, abuse, security breaches, and technical issues
• Legal Compliance: Complying with laws, regulations, and legal processes; establishing, exercising, or defending legal claims
• Business Operations: Processing transactions, handling billing and payments, and managing customer relationships

5. Data Storage and Retention

5.1 Storage Infrastructure

We store your data using Amazon Web Services (AWS), specifically Amazon S3 (Simple Storage Service), a secure cloud storage solution. Data stored on S3 includes:

• Sensitive business documents (credit reports, bank statements, financial statements, leases)
• Deal contact information and transaction data
• AI-processed content and training data
• Backup copies of email and calendar data

5.2 Data Retention Periods

We retain your personal data as follows:

• Account Data: Retained during your account tenure and for a reasonable period afterward to comply with legal obligations
• Sensitive Data (financial documents): Retained as long as necessary for transaction completion and legal/tax requirements (typically 7 years or as required by law)
• Email and Calendar Data: Retained for the duration of your account; you may request deletion subject to legal holds
• AI Training Data: Retained separately from production systems; anonymized and aggregated data may be retained indefinitely for model improvement
• Usage and Log Data: Typically retained for 12 months unless extended by law
• Marketing Communications: Retained until you unsubscribe; then retained for a limited period to honor your preference

6. Data Security

We implement comprehensive technical, administrative, and physical safeguards to protect your personal data against unauthorized access, alteration, disclosure, or destruction:

• Encryption: Data in transit is encrypted using TLS/SSL protocols. Data at rest on S3 is encrypted using AWS Key Management Service (KMS) with customer-managed or AWS-managed encryption keys.
• Access Controls: Role-based access control (RBAC), multi-factor authentication (MFA), and principle of least privilege limit access to sensitive data
• Network Security: Firewalls, intrusion detection systems, virtual private cloud (VPC) isolation, and DDoS protection
• Audit and Logging: Comprehensive logging of data access and modifications; regular security audits and penetration testing
• Staff Training: Regular security awareness training for all employees
• Data Isolation: Customer data is logically isolated; encryption keys are never shared between customers
• API Security: OAuth 2.0 authentication with third-party services (Gmail, Outlook); scoped token permissions; token rotation and revocation mechanisms

While we implement robust security measures, no system is completely secure. We cannot guarantee absolute security of your data.

7. Data Sharing and Disclosure

7.1 Third-Party Service Providers

We share data with trusted third-party service providers who assist us in operating the Platform:

• Google (Gmail API): To enable email and calendar access and management
• Microsoft (Outlook API and Microsoft 365): To enable email, calendar, and contact integration
• Amazon Web Services (AWS S3): For secure cloud storage of sensitive documents and data
• SendGrid: To deliver marketing emails and transactional communications
• Cloud infrastructure providers: For hosting, compute, databases, and related services

All service providers are contractually obligated to use your data only as necessary to provide services to NuAgent and to maintain appropriate security standards.

7.2 Tenant-Specific Branding and Communications

NuAgent operates as a multi-tenant SaaS platform. SendGrid is used to send mass marketing emails using corporate branding from different tenants. Each tenant’s branding and communications are separate and distinct; your personal data is shared only with SendGrid for delivery purposes, not with other tenants.

7.3 Legal Obligations and Enforcement

We may disclose your personal data when required by law or when we have a good faith belief that disclosure is necessary to:

• Comply with legal obligations, court orders, subpoenas, or regulatory requests
• Protect the rights, privacy, safety, or property of NuAgent, our users, or the public
• Prevent or investigate fraud, security breaches, or violations of our Terms of Service
• Enforce our agreements and policies

7.4 Business Transitions

In the event of a merger, acquisition, bankruptcy, dissolution, reorganization, or similar transaction involving NuAgent, your personal data may be transferred as part of that transaction. We will provide notice of such change and any choices you may have regarding your data.

8. Cookies and Tracking Technologies

8.1 Cookie Usage

We use cookies and similar tracking technologies for the following purposes:

• Essential Cookies: Necessary for authentication, session management, and security
• Analytics Cookies: To understand how you use the Platform and improve features
• Preference Cookies: To remember your settings and preferences
• Marketing Cookies: To deliver targeted content and advertising (only with your consent)

8.2 Cookie Management

Most web browsers allow you to control cookies through their settings. You may refuse cookies or delete them; however, this may limit your ability to use certain features of the Platform. For more information about cookies, visit www.allaboutcookies.org.

8.3 Do Not Track Signals

Some browsers include a “Do Not Track” (DNT) feature. Currently, there is no industry standard for recognizing DNT signals. We do not respond to DNT browser signals at this time, but we are committed to providing you with meaningful choices about your personal data.

9. Your Rights and Choices

9.1 General Rights

Depending on your jurisdiction and applicable law, you may have the following rights:

• Right to Access: Request a copy of the personal data we hold about you
• Right to Rectification: Request correction of inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data, subject to legal retention obligations
• Right to Data Portability: Request your data in a structured, commonly used format
• Right to Opt-Out: Withdraw consent for direct marketing communications and non-essential processing
• Right to Object: Object to certain processing of your data

9.2 CCPA and California Residents

If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) provide you with the following rights:

• Right to Know: Request what personal information we collect, use, and share
• Right to Delete: Request deletion of personal information collected from you, subject to exceptions
• Right to Correct: Request correction of inaccurate personal information
• Right to Opt-Out:Opt out of the “sale” or “sharing” of personal information and targeted advertising
• Right to Non-Discrimination: Exercise privacy rights without discrimination or penalty

To exercise CCPA rights, contact us at privacy@nuagent.co. We will verify your identity and respond within 45 days.

9.3 GDPR and International Residents

If you are located in the European Union, United Kingdom, or other jurisdictions with GDPR or GDPR-equivalent protections:

• We rely on your consent, contractual necessity, legal obligation, or legitimate interests to process your personal data
• You have the rights described in Section 9.1 above
• You have the right to lodge a complaint with your local data protection authority
• Data transfers outside the EEA are conducted with appropriate safeguards (Standard Contractual Clauses or adequacy decisions)

9.4 How to Exercise Your Rights

To exercise any of the above rights, please submit a request to privacy@nuagent.cowith details of your request. We will respond within the timeframe required by applicable law (typically 30–45 days). You may also submit requests through your account settings if available.

10. Children’s Privacy

Our Service is not directed to children under the age of 13 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal data from children under 13. If we become aware that a child under 13 has provided us with personal data, we will delete such data and terminate the child’s account. Parents or guardians who believe their child has provided personal data to NuAgent should contact us immediately at privacy@nuagent.co.

11. Email and Calendar API Permissions

When you connect your Gmail or Outlook account to NuAgent, you grant us specific permissions to:

• Read your email messages, including headers, body, and attachments
• Create, send, and draft emails on your behalf
• Edit and delete email messages
• Access calendar events, meeting details, and attendee information
• Modify and delete calendar events
• Access your contacts (for Gmail and Outlook/Microsoft 365)

These permissions are necessary to deliver our AI-assisted email writing, email template generation, transaction management, scheduling, and coaching features. You may revoke these permissions at any time by disconnecting your account in your settings.

12. AI and Machine Learning

NuAgent uses artificial intelligence and machine learning to provide the following capabilities:

• Email Writing Assistance: AI models help draft emails and suggest improvements
• Email Templates: AI generates customized templates based on your communication patterns
• Marketing Material Generation: AI assists in creating marketing copy and promotional content
• Transaction Assistance: AI models analyze financial documents and assist with transaction management
• Intelligent Scheduling: AI optimizes meeting scheduling based on availability and preferences
• Coaching and Performance Analytics: AI provides insights and recommendations for improvement

Your data may be used to:

• Train and improve our AI models (using anonymized and aggregated data)
• Personalize the Service for you
• Analyze trends and user behavior

We do not train our AI models on sensitive financial data without explicit consent. AI training data is stored separately and is not linked to your account identity.

13. International Data Transfers

NuAgent is headquartered in the United States (Delaware). When you use our Service, your personal data may be transferred to, processed, and stored in the United States and other countries that may not have data protection laws equivalent to your home jurisdiction.

By using NuAgent, you consent to the transfer of your personal data to countries outside your country of residence, which may have different data protection rules. We implement appropriate safeguards, such as Standard Contractual Clauses, to ensure compliance with applicable law and to protect your rights.

14. Third-Party Links and Services

Our Platform may contain links to third-party websites and services that are not operated by NuAgent. This Privacy Policy applies only to information collected through NuAgent. We are not responsible for the privacy practices of third-party services, including Google, Microsoft, Amazon, and SendGrid. We encourage you to review the privacy policies of any third-party services before providing your personal data.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. If we make material changes, we will provide notice by posting the updated Privacy Policy on our website and updating the “Effective Date” at the top of this document. Your continued use of the Platform following notice of such changes constitutes your acceptance of the updated Privacy Policy.

16. Contact Information

If you have questions about this Privacy Policy, our privacy practices, or your personal data, please contact us:

NuAgent, LLC
Privacy Officer
Email: privacy@nuagent.co
Website: www.nuagent.co
State of Incorporation: Delaware, USA

If you are located in the EU or UK and have concerns about our privacy practices, you also have the right to lodge a complaint with your local data protection authority.

This Privacy Policy is effective as of May 22, 2026 and last updated on May 22, 2026.