RealBooks, Inc. ("RealBooks," "we," "us," or "our") is committed to protecting the privacy of our users ("you" or "your"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website at realbooks.io, our web application at app.realbooks.io, our mobile application, and any related services (collectively, the "Services").

By accessing or using our Services, you agree to this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Services.

1. Information We Collect

1.1 Personal Information You Provide

We may collect personally identifiable information that you voluntarily provide when you:

Register for an account (name, email address, phone number, password)
Subscribe to a paid plan (billing address, payment information)
Complete your profile or account settings
Contact us through our contact form or email
Participate in surveys, promotions, or other interactive features

1.2 Financial and Property Data

To provide our core services, we collect and process:

Real estate property details (addresses, purchase prices, property types)
Financial transaction data (income, expenses, receipts)
Bank account connection data via third-party providers (e.g., Plaid)
Tax-related information (depreciation schedules, cost basis, entity structures)
Documents you upload (receipts, closing statements, tax forms)

1.3 Automatically Collected Information

When you access our Services, we automatically collect:

Device and browser information (IP address, browser type, operating system)
Usage data (pages visited, features used, click patterns, session duration)
Log data (access times, error logs, referring URLs)
Location data (approximate location based on IP address)
Cookies and similar tracking technologies (see Section 5)

1.4 Information from Third Parties

We may receive information about you from:

Financial data aggregators (e.g., Plaid) when you link bank accounts
Authentication providers when you use single sign-on (SSO)
Analytics and advertising partners
Public databases and data brokers for fraud prevention

2. How We Use Your Information

We use the information we collect to:

Provide, operate, and maintain our Services
Process transactions, manage your account, and send related notices
Track and categorize financial transactions for your properties
Generate tax reports, depreciation schedules, and cost segregation analyses
Power AI-driven features, including PennyAI, for automated categorization, insights, and recommendations
Improve, personalize, and expand our Services
Communicate with you about updates, support, and promotional offers
Detect, investigate, and prevent fraudulent or unauthorized activity
Comply with legal obligations and enforce our terms
Conduct analytics and research to improve our products

3. Artificial Intelligence and Machine Learning

RealBooks uses artificial intelligence ("AI") and machine learning ("ML") technologies to enhance our Services. This section describes how these technologies interact with your data.

3.1 How We Use AI/ML

Transaction Categorization: Our AI automatically categorizes financial transactions based on merchant data, descriptions, and patterns.
PennyAI Assistant: Our AI-powered assistant answers questions about your finances, provides tax optimization suggestions, and helps navigate our platform.
Insights and Recommendations: AI analyzes your financial data to provide personalized recommendations for tax savings and property management.
Document Processing: AI extracts data from uploaded receipts and documents.

3.2 AI Data Practices

Your personal financial data is not used to train general-purpose AI models shared with other users or third parties.
AI processing occurs on secure, encrypted infrastructure.
AI-generated insights are recommendations only and do not constitute financial, tax, or legal advice.
You may contact us to request information about AI-driven decisions affecting your account.

4. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

4.1 Service Providers

We share information with third-party vendors who perform services on our behalf, including cloud hosting, payment processing, analytics, email delivery, and customer support. These providers are contractually obligated to protect your data and use it only for the purposes we specify.

4.2 Financial Data Partners

When you link a bank account, we share necessary credentials and tokens with financial data aggregators (e.g., Plaid) to retrieve your transaction data. These partners have their own privacy policies governing data use.

4.3 Legal Requirements

We may disclose your information if required to do so by law or in response to:

Subpoenas, court orders, or other legal processes
Requests from government or regulatory agencies
To protect the rights, property, or safety of RealBooks, our users, or others
To investigate or prevent fraud, security issues, or technical problems

4.4 Business Transfers

If RealBooks is involved in a merger, acquisition, asset sale, or bankruptcy, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our Services before your information is transferred and becomes subject to a different privacy policy.

4.5 With Your Consent

We may share your information with third parties when you have given us your explicit consent to do so.

5. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect and store information. These include:

Essential Cookies: Required for the Services to function (authentication, security, preferences).
Analytics Cookies: Help us understand how users interact with our Services (e.g., Google Analytics).
Functional Cookies: Remember your preferences and settings.
Marketing Cookies: Used to deliver relevant advertisements and track campaign performance.

You can manage cookie preferences through your browser settings. Disabling certain cookies may affect the functionality of our Services. Most browsers allow you to refuse or delete cookies. Please refer to your browser's help documentation for instructions.

5.1 Do Not Track Signals

Some browsers transmit "Do Not Track" (DNT) signals. Because there is no industry-standard interpretation of DNT signals, our Services do not currently respond to DNT browser signals. We will update this policy if a standard for DNT compliance is established.

6. Data Security

We implement industry-standard technical and organizational security measures to protect your personal information, including:

Encryption of data in transit (TLS/SSL) and at rest (AES-256)
Secure cloud infrastructure with SOC 2 compliant hosting providers
Role-based access controls and multi-factor authentication for internal systems
Regular security assessments and vulnerability testing
Employee security training and confidentiality agreements
Automated monitoring and anomaly detection

While we strive to protect your information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security, but we are committed to promptly addressing any security incident.

7. Data Breach Notification

In the event of a data breach that compromises your personal information, we will:

Notify affected users within 72 hours of becoming aware of the breach, where required by law
Provide details about the nature of the breach, the data affected, and steps we are taking to address it
Notify applicable regulatory authorities as required by law
Offer guidance on steps you can take to protect yourself

8. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you with our Services. We may also retain your information as necessary to:

Comply with legal obligations (e.g., tax recordkeeping requirements)
Resolve disputes and enforce our agreements
Maintain business records as required by applicable regulations

When your information is no longer needed, we will securely delete or anonymize it in accordance with our data retention schedule. Financial records may be retained for up to seven (7) years to comply with IRS recordkeeping guidelines.

9. Your Privacy Rights

We respect your privacy and give you meaningful choices over how we use your personal information. As a user of our Services, you can:

Access your data: Request a copy of the personal information we hold about you.
Correct your data: Update or correct inaccurate or incomplete information through your account settings or by contacting us.
Delete your data: Request deletion of your personal information, subject to legal retention requirements (for example, financial records the IRS requires us to retain).
Export your data: Request a copy of your data in a portable, commonly used format.
Opt out of marketing: Unsubscribe from promotional emails at any time. See Section 13.

To exercise any of these rights, contact us at privacy@realbooks.io. We will respond to your request within 30 days. We may need to verify your identity before processing certain requests, and we will not discriminate against you for exercising your privacy rights.

RealBooks operates from and serves the United States. We do not actively market or solicit our Services to individuals located outside the U.S. State and federal privacy laws applicable to your residency continue to govern your relationship with us, and we will honor any rights granted to you under those laws as they apply to RealBooks.

10. Children's Privacy

Our Services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete that information promptly. If you believe a child has provided us with personal information, please contact us at privacy@realbooks.io.

11. Third-Party Links and Services

Our Services may contain links to third-party websites, services, or applications that are not operated by us (e.g., Plaid, payment processors, social media platforms). We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party services you access through our platform.

12. Mobile Application

When you use our mobile application, we may additionally collect:

Device identifiers (device ID, advertising ID)
Camera access (only when you choose to scan receipts or documents)
Push notification tokens (only if you enable notifications)
App usage and crash analytics

You can manage app permissions through your device settings at any time.

13. Email and Communication Preferences

We send two types of emails:

Transactional emails related to your account, payments, and the operation of the Services (e.g., password resets, billing receipts, security alerts). These are necessary to operate your account and cannot be opted out of without closing your account.
Marketing emails about new features, products, offers, educational content, and related services. We may target marketing communications to specific U.S. regions, including Florida, Georgia, and Texas, where we focus our outreach. We do not target marketing to individuals outside the United States.

Our marketing emails comply with the federal CAN-SPAM Act of 2003. Every promotional email we send includes:

Accurate sender information identifying RealBooks as the sender
A clear, conspicuous unsubscribe link
Our valid physical postal address
A truthful subject line that accurately reflects the email content

You can opt out of marketing communications at any time by:

Clicking the "unsubscribe" link in any marketing email — we honor opt-out requests within 10 business days, as required by CAN-SPAM
Updating your notification preferences in your account settings
Contacting us at privacy@realbooks.io

We do not currently send marketing SMS or text messages. If we begin sending text messages in the future, we will obtain your prior express written consent and provide opt-out instructions in every message, as required by the federal Telephone Consumer Protection Act (TCPA).

14. Dispute Resolution and Arbitration

Any disputes arising out of or relating to this Privacy Policy or our data practices shall be resolved through binding arbitration in accordance with the rules of the American Arbitration Association (AAA), conducted in Sarasota, Florida. You agree to waive your right to participate in a class action lawsuit or class-wide arbitration regarding claims related to this Privacy Policy.

Notwithstanding the above, either party may seek injunctive or equitable relief in a court of competent jurisdiction to prevent the actual or threatened violation of intellectual property rights or confidentiality obligations.

15. Limitation of Liability

To the maximum extent permitted by applicable law, RealBooks shall not be liable for any indirect, incidental, special, consequential, or punitive damages arising out of or related to any breach of this Privacy Policy or unauthorized access to your data, except where such limitation is prohibited by law. Our total liability shall not exceed the amount you have paid to RealBooks in the twelve (12) months preceding the event giving rise to the claim.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will:

Update the "Last updated" date at the top of this page
Notify you via email or a prominent notice within our Services
Obtain your consent where required by applicable law

We encourage you to review this Privacy Policy periodically. Your continued use of the Services after changes are posted constitutes your acceptance of the revised policy.

17. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: privacy@realbooks.io
Mail: RealBooks, Inc., Sarasota, FL 34236
Website: realbooks.io/contact

We aim to respond to all privacy inquiries within 30 days.