MyAgentEstate
AgentsHow it worksIntegrationsPricingFAQContact
Sign inGet started

Data Processing

Data Processing Addendum

Last updated May 8, 2026. The terms under which MyAgentEstate processes data on your behalf.

This Data Processing Addendum (“DPA”) supplements our Terms of Serviceand applies when MyAgentEstate (“Processor”) processes Personal Data on behalf of a customer firm (“Controller”) in the course of providing the Service. This DPA governs the relationship between us as Processor and you as Controller for the purposes of applicable data protection laws.

1. Definitions

  • Personal Data: any information relating to an identified or identifiable natural person processed by the Service.
  • Processing: any operation performed on Personal Data, including collection, storage, retrieval, use, and erasure.
  • Sub-processor: any third party we engage to process Personal Data on our behalf in providing the Service.

2. Roles and responsibilities

For Personal Data submitted to or processed through the Service, you are the Controller and we are the Processor. You determine the purposes and means of processing; we process Personal Data only according to your instructions, the Terms, and this DPA.

3. Scope of processing

  • Subject matter: providing the MyAgentEstate platform — AI agents for real estate workflows.
  • Duration: for the term of your subscription, plus a 90-day post-termination retention window for recovery.
  • Nature and purpose: hosting, transmitting, and processing Personal Data necessary to operate the Service.
  • Categories of data subjects: your brokers, their clients, prospective clients, and anyone whose information is contained in your uploaded documents or agent conversations.
  • Categories of data: contact info, communication content, document content, transactional records, and any other data you choose to process via the Service.

4. Security measures

We maintain technical and organizational measures appropriate to the risk, including:

  • Encryption in transit (TLS 1.3) and at rest (AES-256).
  • Database-level row isolation enforced by Postgres Row-Level Security.
  • Encrypted storage of third-party connector credentials.
  • Access controls, authentication, and audit logging.
  • Regular backups with 7-day point-in-time recovery.

See our Security page for a detailed breakdown.

5. Sub-processors

We use the following sub-processors to provide the Service:

  • Vercel (United States) — application hosting
  • Supabase (United States) — database, authentication, and file storage
  • Stripe (United States) — payment processing
  • Resend (United States) — transactional email
  • OpenAI and Anthropic (United States) — AI model inference, accessed via Vercel AI Gateway with zero-data-retention agreements; Personal Data sent during inference is not retained or used for model training.
  • Any third-party service you connect (Gmail, Google Calendar, Zillow, Higgsfield, ElevenLabs, DocuSign) — only with your authorization.

We will provide at least 30 days' notice before adding or replacing any sub-processor. You may object to changes by ceasing use of the Service.

6. International transfers

Personal Data is stored and processed in the United States. If you process Personal Data of EU/UK residents, we rely on the EU-US Data Privacy Framework where applicable, or Standard Contractual Clauses (SCCs) executed by our sub-processors as required.

7. Data subject rights

We will assist you in responding to data subject requests (access, correction, deletion, portability) within reasonable time, taking into account the nature of the processing and information available to us. Most requests can be fulfilled directly through the dashboard.

8. Breach notification

We will notify you without undue delay (within 72 hours of confirmation) of any Personal Data breach affecting your data, with a description of the breach, categories of data affected, likely consequences, and measures taken or proposed.

9. Audits

We provide third-party audit reports of our sub-processors (where available) on request. For deeper audits beyond standard documentation, we are willing to discuss reasonable arrangements with brokerage customers on enterprise plans.

10. Deletion or return of data

Upon termination of your subscription, we will retain your data for 90 days to allow recovery, then permanently delete it. You may request immediate deletion at any time by emailing us. Backups containing your data are also purged on the same schedule.

11. Confidentiality

We treat Personal Data as confidential information and ensure that anyone we authorize to process it is bound by appropriate confidentiality obligations.

12. Conflict

In the event of any conflict between this DPA and the Terms of Service, this DPA controls with respect to the processing of Personal Data.

13. Contact

For data-protection questions or to request a signed copy of this DPA, email bendanzim@gmail.com with the subject line “DPA request.” We respond to all DPA requests within one business day.

Note: this DPA is provided as a starting framework. Brokerages with specific compliance requirements (HIPAA, GDPR, state-specific real estate regulations) should review with their own counsel and contact us about a customized DPA.

MyAgentEstate

The AI workforce for modern real estate firms. Six agents, one dashboard, your firm's voice.

Product updates. Roughly monthly. Unsubscribe in one click.

Product

  • Agents
  • How it works
  • Integrations
  • Pricing
  • Contact
  • Changelog

Company

  • About
  • Blog
  • Careers
  • Contact

Resources

  • Docs
  • Help center
  • Status
  • Security

Legal

  • Privacy
  • Terms
  • DPA

© 2026 MyAgentEstate. All rights reserved.

myagentestate.com