Privacy Policy

Last updated: April 9, 2026

RealBooks, Inc. ("RealBooks," "we," "us," or "our") is committed to protecting the privacy of our users ("you" or "your"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website at realbooks.io, our web application at app.realbooks.io, our mobile application, and any related services (collectively, the "Services").

By accessing or using our Services, you agree to this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Services.

1. Information We Collect

1.1 Personal Information You Provide

We may collect personally identifiable information that you voluntarily provide when you:

  • Register for an account (name, email address, phone number, password)
  • Subscribe to a paid plan (billing address, payment information)
  • Complete your profile or account settings
  • Contact us through our contact form or email
  • Participate in surveys, promotions, or other interactive features

1.2 Financial and Property Data

To provide our core services, we collect and process:

  • Real estate property details (addresses, purchase prices, property types)
  • Financial transaction data (income, expenses, receipts)
  • Bank account connection data via third-party providers (e.g., Plaid)
  • Tax-related information (depreciation schedules, cost basis, entity structures)
  • Documents you upload (receipts, closing statements, tax forms)

1.3 Automatically Collected Information

When you access our Services, we automatically collect:

  • Device and browser information (IP address, browser type, operating system)
  • Usage data (pages visited, features used, click patterns, session duration)
  • Log data (access times, error logs, referring URLs)
  • Location data (approximate location based on IP address)
  • Cookies and similar tracking technologies (see Section 5)

1.4 Information from Third Parties

We may receive information about you from:

  • Financial data aggregators (e.g., Plaid) when you link bank accounts
  • Authentication providers when you use single sign-on (SSO)
  • Analytics and advertising partners
  • Public databases and data brokers for fraud prevention

2. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain our Services
  • Process transactions, manage your account, and send related notices
  • Track and categorize financial transactions for your properties
  • Generate tax reports, depreciation schedules, and cost segregation analyses
  • Power AI-driven features, including PennyAI, for automated categorization, insights, and recommendations
  • Improve, personalize, and expand our Services
  • Communicate with you about updates, support, and promotional offers
  • Detect, investigate, and prevent fraudulent or unauthorized activity
  • Comply with legal obligations and enforce our terms
  • Conduct analytics and research to improve our products

3. Artificial Intelligence and Machine Learning

RealBooks uses artificial intelligence ("AI") and machine learning ("ML") technologies to enhance our Services. This section describes how these technologies interact with your data.

3.1 How We Use AI/ML

  • Transaction Categorization: Our AI automatically categorizes financial transactions based on merchant data, descriptions, and patterns.
  • PennyAI Assistant: Our AI-powered assistant answers questions about your finances, provides tax optimization suggestions, and helps navigate our platform.
  • Insights and Recommendations: AI analyzes your financial data to provide personalized recommendations for tax savings and property management.
  • Document Processing: AI extracts data from uploaded receipts and documents.

3.2 AI Data Practices

  • Your personal financial data is not used to train general-purpose AI models shared with other users or third parties.
  • AI processing occurs on secure, encrypted infrastructure.
  • AI-generated insights are recommendations only and do not constitute financial, tax, or legal advice.
  • You may contact us to request information about AI-driven decisions affecting your account.

4. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

4.1 Service Providers

We share information with third-party vendors who perform services on our behalf, including cloud hosting, payment processing, analytics, email delivery, and customer support. These providers are contractually obligated to protect your data and use it only for the purposes we specify.

4.2 Financial Data Partners

When you link a bank account, we share necessary credentials and tokens with financial data aggregators (e.g., Plaid) to retrieve your transaction data. These partners have their own privacy policies governing data use.

4.3 Legal Requirements

We may disclose your information if required to do so by law or in response to:

  • Subpoenas, court orders, or other legal processes
  • Requests from government or regulatory agencies
  • To protect the rights, property, or safety of RealBooks, our users, or others
  • To investigate or prevent fraud, security issues, or technical problems

4.4 Business Transfers

If RealBooks is involved in a merger, acquisition, asset sale, or bankruptcy, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our Services before your information is transferred and becomes subject to a different privacy policy.

4.5 With Your Consent

We may share your information with third parties when you have given us your explicit consent to do so.

5. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect and store information. These include:

  • Essential Cookies: Required for the Services to function (authentication, security, preferences).
  • Analytics Cookies: Help us understand how users interact with our Services (e.g., Google Analytics).
  • Functional Cookies: Remember your preferences and settings.
  • Marketing Cookies: Used to deliver relevant advertisements and track campaign performance.

You can manage cookie preferences through your browser settings. Disabling certain cookies may affect the functionality of our Services. Most browsers allow you to refuse or delete cookies. Please refer to your browser's help documentation for instructions.

5.1 Do Not Track Signals

Some browsers transmit "Do Not Track" (DNT) signals. Because there is no industry-standard interpretation of DNT signals, our Services do not currently respond to DNT browser signals. We will update this policy if a standard for DNT compliance is established.

6. Data Security

We implement industry-standard technical and organizational security measures to protect your personal information, including:

  • Encryption of data in transit (TLS/SSL) and at rest (AES-256)
  • Secure cloud infrastructure with SOC 2 compliant hosting providers
  • Role-based access controls and multi-factor authentication for internal systems
  • Regular security assessments and vulnerability testing
  • Employee security training and confidentiality agreements
  • Automated monitoring and anomaly detection

While we strive to protect your information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security, but we are committed to promptly addressing any security incident.

7. Data Breach Notification

In the event of a data breach that compromises your personal information, we will:

  • Notify affected users within 72 hours of becoming aware of the breach, where required by law
  • Provide details about the nature of the breach, the data affected, and steps we are taking to address it
  • Notify applicable regulatory authorities as required by law
  • Offer guidance on steps you can take to protect yourself

8. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you with our Services. We may also retain your information as necessary to:

  • Comply with legal obligations (e.g., tax recordkeeping requirements)
  • Resolve disputes and enforce our agreements
  • Maintain business records as required by applicable regulations

When your information is no longer needed, we will securely delete or anonymize it in accordance with our data retention schedule. Financial records may be retained for up to seven (7) years to comply with IRS recordkeeping guidelines.

9. Your Privacy Rights

9.1 General Rights

Depending on your jurisdiction, you may have the right to:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request that we correct inaccurate or incomplete information
  • Deletion: Request that we delete your personal information, subject to legal retention requirements
  • Portability: Request your data in a structured, commonly used, machine-readable format
  • Opt-Out: Opt out of marketing communications at any time
  • Restriction: Request that we restrict processing of your personal information in certain circumstances
  • Objection: Object to processing of your personal information for specific purposes

To exercise any of these rights, please contact us at privacy@realbooks.io. We will respond to your request within 30 days (or sooner if required by applicable law).

9.2 California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

  • Right to Know: You have the right to request that we disclose the categories and specific pieces of personal information we have collected, the sources, the business purposes, and the third parties with whom we share it.
  • Right to Delete: You have the right to request deletion of personal information we have collected from you, subject to certain exceptions.
  • Right to Correct: You have the right to request correction of inaccurate personal information.
  • Right to Opt-Out of Sale/Sharing: We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising.
  • Right to Limit Use of Sensitive Personal Information: You may limit the use of sensitive personal information to purposes necessary to provide the Services.
  • Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

To submit a request, contact us at privacy@realbooks.io. We may need to verify your identity before processing your request. You may designate an authorized agent to make a request on your behalf.

9.3 European Economic Area (EEA) and UK Rights (GDPR)

If you are located in the EEA or UK, our legal bases for processing your information include your consent, the performance of a contract with you, compliance with legal obligations, and our legitimate business interests. In addition to the general rights listed above, you have the right to:

  • Withdraw your consent at any time where we rely on consent for processing
  • Lodge a complaint with your local supervisory authority

9.4 Other State Privacy Laws

If you reside in a state with consumer privacy legislation (e.g., Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, or others), you may have similar rights to access, delete, correct, and opt out of certain data processing. Please contact us at privacy@realbooks.io to exercise your rights.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States. These countries may have data protection laws that differ from those in your jurisdiction. When we transfer data internationally, we implement appropriate safeguards, including:

  • Standard contractual clauses approved by the European Commission
  • Data processing agreements with all service providers
  • Encryption and access controls on all transferred data

By using our Services, you consent to the transfer of your information to the United States and other jurisdictions where we operate.

11. Children's Privacy

Our Services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete that information promptly. If you believe a child has provided us with personal information, please contact us at privacy@realbooks.io.

12. Third-Party Links and Services

Our Services may contain links to third-party websites, services, or applications that are not operated by us (e.g., Plaid, payment processors, social media platforms). We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party services you access through our platform.

13. Mobile Application

When you use our mobile application, we may additionally collect:

  • Device identifiers (device ID, advertising ID)
  • Camera access (only when you choose to scan receipts or documents)
  • Push notification tokens (only if you enable notifications)
  • App usage and crash analytics

You can manage app permissions through your device settings at any time.

14. Email and Communication Preferences

We may send you emails related to your account, transactions, and service updates (transactional emails). We may also send promotional emails about new features, products, or offers. You can opt out of promotional communications at any time by:

  • Clicking the "unsubscribe" link in any promotional email
  • Updating your notification preferences in your account settings
  • Contacting us at privacy@realbooks.io

Please note that you cannot opt out of transactional emails necessary for the operation of your account (e.g., password resets, billing notices, security alerts).

15. Dispute Resolution and Arbitration

Any disputes arising out of or relating to this Privacy Policy or our data practices shall be resolved through binding arbitration in accordance with the rules of the American Arbitration Association (AAA), conducted in Sarasota, Florida. You agree to waive your right to participate in a class action lawsuit or class-wide arbitration regarding claims related to this Privacy Policy.

Notwithstanding the above, either party may seek injunctive or equitable relief in a court of competent jurisdiction to prevent the actual or threatened violation of intellectual property rights or confidentiality obligations.

16. Limitation of Liability

To the maximum extent permitted by applicable law, RealBooks shall not be liable for any indirect, incidental, special, consequential, or punitive damages arising out of or related to any breach of this Privacy Policy or unauthorized access to your data, except where such limitation is prohibited by law. Our total liability shall not exceed the amount you have paid to RealBooks in the twelve (12) months preceding the event giving rise to the claim.

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will:

  • Update the "Last updated" date at the top of this page
  • Notify you via email or a prominent notice within our Services
  • Obtain your consent where required by applicable law

We encourage you to review this Privacy Policy periodically. Your continued use of the Services after changes are posted constitutes your acceptance of the revised policy.

18. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

For California residents, you may also submit privacy requests through our contact form. We aim to respond to all privacy inquiries within 30 days.