Privacy & security

We only collect what is necessary to provide the service. Here is exactly what we store:

• Profile information — your name, company name, phone number, location, and tagline. All entered by you and editable at any time from your profile.
• Listing drafts — AI-generated copy (title, subtitle, intro, description, highlights, location story, buyer angle, CTA), your uploaded media files, layout and style selections, and property details (type, intent, price, bedrooms, bathrooms, area).
• Usage metrics — aggregate page views on your published listings, WhatsApp CTA tap counts, and activity events (listing created, published, edited, shared). These power your Insights dashboard.
• Session and authentication data — login tokens for keeping you signed in. Passwords are never stored in plain text.
• Device preferences — your selected theme (light/dark), notification settings, and WhatsApp-ready CTA toggle. These are stored locally on your device.

• Buyer or visitor personal information — the WhatsApp CTA connects buyers directly to your phone. We never see, intercept, or store their messages or contact details.
• Browsing history or cross-site tracking — we do not use third-party trackers, advertising pixels, or fingerprinting.
• Financial details — plan upgrades and payments are handled by our payment processor. Your card number never touches our servers.
• Precise device location — we do not request GPS or geolocation permissions. The location field in your listings is text you type manually.

• Listing copy is generated server-side using Groq (LLaMA 3.3 70B). Your property details, rough notes, and media summary are sent to the AI only during generation.
• Groq does not retain your data after the response is returned. Your content is not used to train or fine-tune any AI model.
• AI output is validated through strict Zod schemas before it reaches your listing page. Any HTML tags, scripts, or markup in the AI response are automatically rejected — not sanitised, rejected entirely.
• If the AI returns invalid output, we automatically retry once with a repair prompt. If it fails a second time, the request is rejected and you are notified.
• AI fair-use limits are enforced per plan (e.g. 5 full generations on Trial, 40 on Pro). When limits are reached, manual editing remains fully available.

• All connections between your device and our servers are encrypted with HTTPS/TLS. There is no fallback to unencrypted HTTP.
• API keys and secrets (including the Groq API key) are stored server-side only and never exposed to the browser. The AI client module explicitly imports 'server-only' to prevent accidental bundling.
• Every piece of user input is validated through Zod schemas with strict length limits and content rules. The safeText validator rejects any string containing < or > characters to block HTML injection at the schema level.
• AI generation endpoints are rate-limited to 6 requests per minute per IP address to prevent abuse.
• The listing renderer whitelists all layout recipe IDs, hero variants, gallery variants, and section types. Any ID not in the approved set is silently dropped — unknown values can never reach the rendered page.
• No use of dangerouslySetInnerHTML anywhere in the application. All text content is rendered through React JSX, which escapes special characters by default.
• Public listing pages sanitise all rendered content to prevent cross-site scripting (XSS). Content is always treated as plain text, never as HTML.

• Public listing pages are accessible at /p/your-slug to anyone with the link. They are not indexed by search engines by default.
• Published pages display the property details, media, and broker contact information you have chosen to include. Nothing is shown that you did not provide.
• The broker card on public pages shows your name, company, tagline, and WhatsApp number — all fields you control from your profile and listing editor.
• You can unpublish a listing at any time from the editor, which removes it from public access immediately. You can also delete it entirely.
• Every public listing page includes a 'Powered by Listings Studio' footer. This is non-removable across all plans.

• Listing drafts are stored in your browser's localStorage under the key listings-studio:drafts:v1. A maximum of 24 drafts are retained — older drafts are automatically removed when the cap is reached.
• Theme preference, notification settings, and other UI state are stored locally and never sent to our servers.
• Clearing your browser cache or using a different device will remove locally-stored drafts. Published listings are stored on our servers and are not affected.
• Media uploaded during listing creation uses temporary blob URLs that are lost on page refresh. Published media is persisted server-side.

• We do not sell, rent, or trade your personal data or listing content to any third party.
• Your listing content is not shared with or used by any AI training pipeline, data broker, or advertising network.
• The only third-party service that receives your data is Groq (for AI generation), and only the specific property details needed for that generation request. Groq does not retain this data.
• WhatsApp links on your listing pages open the buyer's own WhatsApp app — the conversation happens entirely within WhatsApp, not through our platform.

• Active listings and their associated data are retained as long as your account is active.
• Deleted listings are removed from public access immediately. Associated data may be retained in backups for up to 30 days before permanent deletion.
• If your trial expires without upgrading, your existing listings remain accessible but you cannot create new ones or use AI generation until you upgrade.
• Inactive accounts (no login for 12 months) may be flagged for review. We will notify you by email before taking any action.

• Access — you can view all data we hold about you from your profile and listings pages at any time.
• Edit — you can update your profile information, listing content, and preferences at any time.
• Delete — you can delete individual listings from the editor. To request full account deletion including all associated data, contact us.
• Export — you can copy your listing links and share them freely. Full data export is available on request.
• Withdraw consent — you can stop using the service at any time. Deleting your account removes your data as described above.

You can delete individual listings from the listing editor at any time. To request complete account deletion — including your profile, all listings, media, analytics data, and any backups — contact us at support@listingsstudio.com. We will process deletion requests within 7 business days and confirm once complete.

We may update this page as the product evolves. Material changes will be communicated via email or an in-app notification. Continued use of Listings Studio after changes constitutes acceptance of the updated policy.