Total Agent LLC ("Company," "we," "us," or "our") operates an AI-powered real estate operating platform ("Platform") accessible at app.bytotalagent.com and bytotalagent.com. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you use the Platform and all related services — including all current modules and any features added in the future.
By accessing or using the Platform, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not access or use the Platform.
This policy applies to subscribing real estate agents and brokerages, their clients and contacts whose data is processed through the Platform, and visitors to our marketing website at bytotalagent.com.
When you create an account or subscribe, we collect:
Agents using the Platform may input or import information about their clients, leads, and professional contacts, including:
Contacts of subscribing agents are not Platform users and do not have accounts. Agents are independently responsible for their lawful collection and use of contact data.
When you visit bytotalagent.com or submit our waitlist form, we collect:
As the Platform grows to include a mobile application, additional integrations, brokerage-level features, MLS data connections, and other capabilities, we may collect additional categories of information necessary to provide those features. Material expansions in data collection will be disclosed through updates to this Privacy Policy.
Total Agent uses artificial intelligence across all Platform modules. AI-generated outputs may contain errors. Users should independently verify all AI-generated information before relying on it for business decisions.
Our AI engine, AGENTA, uses large language models and your per-agent AGENTA Brain profile to power features across all modules. Current and planned AI-powered capabilities that process your data include:
Data processed by AI systems may be transmitted to third-party AI service providers via API. We select providers that do not use API-submitted data to train their general models and that maintain enterprise-grade data security. We may use multiple AI models simultaneously (for example, in document analysis) and reserve the right to change AI providers without notice, provided replacement providers meet equivalent data protection standards.
Total Agent does NOT use customer data to train, fine-tune, or improve its own AI models or any third-party AI models. Your data — including AGENTA Brain profiles, communications, documents, contact information, and all other data processed through the Platform — is used solely to provide and deliver the Platform services you have subscribed to. We do not aggregate customer data for machine learning training purposes.
The Platform uses automated processing to assist with certain decisions, including:
These automated processes are designed to assist and augment agent decision-making, not replace it. No fully automated decisions with legal or similarly significant effects are made without human review. You may request human review of any automated decision, obtain an explanation of the logic involved, or opt out of automated lead scoring and prioritization by contacting us at hello@bytotalagent.com. Opting out of automated features may limit certain Platform functionality.
AI outputs may be inaccurate, incomplete, or contextually inappropriate. AI-generated content and recommendations do not constitute professional legal, financial, or real estate advice. Users are solely responsible for reviewing all AI-generated outputs before use.
We use information we collect to:
The Platform sends SMS text messages on behalf of subscribing real estate agents. By receiving SMS messages from a Total Agent subscriber, you acknowledge:
Mobile opt-in data and consent will not be sold, rented, or shared with third parties for marketing or promotional purposes.
Inbound and outbound calls through the Platform's Calls module are handled via dedicated business phone numbers. These calls may be recorded for quality assurance, training, and record-keeping.
The Platform integrates with agents' Gmail and Outlook accounts via OAuth. We do not store email account passwords. Emails sent through the Platform originate from the agent's actual email address. With agent authorization, AGENTA may also monitor the agent's inbox to detect real estate events and trigger automated actions.
Total Agent's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements:
We do not sell your personal information. We do not share mobile opt-in data or SMS consent with third parties for marketing or promotional purposes. We may share information in the following circumstances:
We implement industry-standard security measures including:
No method of internet transmission or electronic storage is 100% secure. We maintain security incident response procedures as described in Section 7.1 below.
In the event of a security breach involving your personal information, we will:
For subscribing agents who act as data controllers, we will notify you of any breach affecting data you have entrusted to the Platform within 72 hours of our becoming aware of the breach, enabling you to fulfill your own notification obligations to your clients and contacts.
| Data Type | Retention Period |
|---|---|
| Account and profile data | Duration of subscription + 90 days post-termination |
| AGENTA Brain / Voice DNA profile | Duration of subscription + 90 days post-termination |
| SMS communication logs | Up to 24 months from date of communication |
| Email correspondence logs | Up to 24 months from date of communication |
| Call recordings | Up to 12 months unless longer retention required by law or requested by agent |
| AI-generated content | Duration of subscription |
| Transaction documents | Duration of subscription + 90 days post-termination |
| E-signature audit trails | 7 years from date of signature execution, in compliance with ESIGN Act and UETA requirements |
| Billing records | As required by applicable tax and financial regulations |
| Usage and log data | Up to 12 months |
| Meta Pixel / analytics data | Governed by Meta's and Plausible's respective retention policies; our server-side logs retained up to 12 months |
Upon account termination, you may request deletion of your data by contacting us at hello@bytotalagent.com. We will process deletion requests within 30 days, except where retention is required by law (for example, e-signature audit trails must be retained for the full 7-year period regardless of account status).
Subscribing agents act as independent data controllers for personal data they input about their clients, leads, and contacts. By inputting contact data, you represent and warrant that:
The Company processes contact data on behalf of subscribing agents solely for the purpose of providing Platform services. Each subscribing agent is responsible for their own compliance with applicable privacy laws in connection with their use of the Platform.
If you are a client, lead, or contact of a real estate agent who uses the Total Agent Platform, this section describes your rights and how your data is handled, even though you do not have a Platform account.
Your agent may input or import the following information about you into the Platform:
Your data is used by the Platform solely to help your agent provide real estate services to you, including: scheduling and coordinating property showings, sending communications on behalf of your agent, processing showing feedback, managing transaction timelines, and generating AI-assisted communications and recommendations for your agent's review.
Regardless of whether you are a Platform user, you have the right to:
To exercise these rights, you may contact your agent directly or contact us at hello@bytotalagent.com. We will coordinate with the subscribing agent as needed to fulfill your request. We will respond to verified requests within 30 days.
This section serves as Total Agent's "Notice at Collection" under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA).
| Category of PI | Examples | Purpose of Collection |
|---|---|---|
| Identifiers | Name, email, phone, IP address, account ID | Provide Platform services, account management, communications |
| Commercial Information | Subscription records, transaction history, billing data | Payment processing, service delivery, financial reporting |
| Internet / Electronic Activity | Browsing history, search history, interaction with Platform | Analytics, Platform improvement, advertising measurement |
| Professional / Employment Info | Real estate license, brokerage, MLS credentials | Account verification, Platform customization |
| Geolocation Data | Approximate location from IP address | Analytics, security, content localization |
| Audio / Visual Information | Call recordings, headshot photos, brand assets | Call features, agent branding, AI transcription |
| Inferences | Lead scores, engagement predictions, content preferences | AI-powered features, lead prioritization, personalization |
| Sensitive PI (see Section 11.4) | Account credentials, financial data, precise geolocation | Authentication, payment processing, service delivery |
If you are a California resident, you have the following rights:
To submit a California privacy request, contact us at hello@bytotalagent.com with the subject line "California Privacy Request." We will verify your identity and respond within 45 days. You may also designate an authorized agent to make a request on your behalf.
We "share" (as defined under CCPA) the following categories of personal information with Meta Platforms, Inc. for cross-context behavioral advertising through the Meta Pixel: identifiers (IP address, browser/device data) and internet/electronic activity (page views, lead form submissions). We do not sell personal information for monetary consideration. We do not have actual knowledge that we sell or share personal information of consumers under 16 years of age.
Under the CPRA, certain categories of personal information are classified as "sensitive personal information." The Platform may collect the following categories of SPI:
We use sensitive personal information only as necessary to provide the Platform services you have requested and for security purposes. You have the right to limit our use of sensitive personal information to these purposes. To exercise this right, contact us at hello@bytotalagent.com with the subject line "Limit Use of Sensitive PI."
Total Agent operates primarily in Florida. Florida requires all-party consent for call recording (Section 934.03, Florida Statutes). Our Platform provides automated recording disclosures to comply with this requirement. Florida Statutes Section 501.171 requires notification of data breaches involving personal information within 30 days; our breach notification procedures (Section 7.1) are designed to meet this requirement.
As the Platform expands nationally, additional state-specific privacy and call recording laws apply. Agents operating outside Florida are responsible for understanding and complying with applicable laws in their jurisdiction. Call recording consent requirements vary significantly by state. The Company will update this policy as national expansion introduces additional jurisdiction-specific considerations.
If you are located in the European Economic Area (EEA), United Kingdom (UK), or Switzerland, this section outlines how we process your personal data in compliance with the General Data Protection Regulation (GDPR) and the UK GDPR.
Total Agent LLC is the data controller for personal data collected directly from you (such as account registration, website visits, and waitlist submissions). For personal data entered by subscribing agents about their clients and contacts, the subscribing agent is the data controller and Total Agent LLC acts as the data processor.
We process personal data under the following lawful bases:
If you are located in the EEA or UK, you have the following rights:
To exercise any of these rights, contact us at hello@bytotalagent.com. We will respond within 30 days.
The Platform is hosted in the United States. Personal data transferred from the EEA, UK, or Switzerland to the United States is protected through the following mechanisms:
For GDPR-related inquiries, you may contact our designated data protection point of contact at hello@bytotalagent.com with the subject line "GDPR Inquiry." We will respond within 30 days.
Depending on your jurisdiction, you may have the following rights regarding your personal information:
To exercise any of these rights, contact us at hello@bytotalagent.com.
The Platform integrates with third-party services. We are not responsible for the privacy practices of these providers. Current integrations include:
| Service | Purpose | Data Processing Location | Privacy Policy |
|---|---|---|---|
| Stripe | Payment processing | United States | stripe.com/privacy |
| Twilio | SMS and voice communications | United States (primary); may process in additional regions | twilio.com/legal/privacy |
| Anthropic | AI processing (AGENTA) | United States | anthropic.com/privacy |
| Vercel | Application hosting | United States (primary); edge network globally | vercel.com/legal/privacy-policy |
| Supabase | Database and authentication | United States (AWS us-east-1 region) | supabase.com/privacy |
| Gmail integration via OAuth | United States; global infrastructure | policies.google.com/privacy | |
| Microsoft | Outlook integration via OAuth | United States; global infrastructure | privacy.microsoft.com |
| Meta Platforms (Facebook) | Advertising measurement and conversion tracking via Meta Pixel | United States; global infrastructure | facebook.com/privacy/policy |
| Plausible Analytics | Privacy-focused website analytics | European Union | plausible.io/data-policy |
As the Platform adds new integrations — including MLS data providers, additional AI model providers, additional social platforms, and others — this table will be updated accordingly.
We use cookies and similar tracking technologies to collect usage data, measure advertising effectiveness, and improve the Platform and our marketing website. This section provides detailed information about the specific technologies we use.
| Cookie / Technology | Type | Purpose | Duration |
|---|---|---|---|
| Supabase auth cookies (sb-*-auth-token) | First-party, strictly necessary | User authentication and session management for the Platform | Session / up to 1 year |
| Vercel deployment cookies | First-party, strictly necessary | Application routing and deployment management | Session |
| Cookie / Technology | Type | Purpose | Duration |
|---|---|---|---|
| Plausible Analytics (script) | Third-party, cookieless | Privacy-focused website analytics. Plausible does not use cookies and does not collect personal data. Tracks page views, referral sources, and basic device information without identifying individual users. | No cookies set |
| Cookie / Technology | Type | Purpose | Duration |
|---|---|---|---|
| Meta Pixel (ID: 1482325517022904) | Third-party tracking pixel and cookies | Tracks user interactions on bytotalagent.com for advertising measurement and conversion optimization. Fires the following events: PageView — triggered on every page load Lead — triggered when a visitor submits the waitlist form |
_fbp cookie: 90 days; _fbc cookie: 90 days (set when user clicks a Facebook ad) |
The Meta Pixel transmits the following data to Meta Platforms, Inc.: your IP address, browser type and version, intelligence platform, referring URL, pages visited, actions taken (page views and lead form submissions), and a unique browser identifier. Meta may use this data for its own purposes as described in Meta's Privacy Policy. Under the CCPA, the operation of the Meta Pixel constitutes "sharing" of personal information for cross-context behavioral advertising.
You can control cookies and tracking technologies through the following methods:
Plausible Analytics does not use cookies and cannot be opted out of at the individual level, as it does not track or identify individual users.
This section describes the framework under which Total Agent processes data on behalf of subscribing agents and business customers.
Under the CCPA/CPRA, Total Agent acts as a "service provider" when processing personal information on behalf of subscribing agents. Under the GDPR, Total Agent acts as a "data processor" for contact and client data entered by subscribing agents (who act as "data controllers"). Total Agent processes this data solely to provide the Platform services as instructed by the subscribing agent.
Total Agent processes personal data only in accordance with the subscribing agent's instructions as embodied in: (a) the terms of service and subscription agreement, (b) this Privacy Policy, (c) the agent's configuration of Platform features and automation rules, and (d) any written instructions provided by the agent. Total Agent will not process personal data for any purpose other than providing the Platform services.
Total Agent engages the subprocessors listed in Section 15 (Third-Party Services) to assist in providing Platform services. We will notify subscribing agents of any material changes to our subprocessor list by updating this Privacy Policy and, for material additions, providing at least 30 days' notice via email or in-Platform notification. Subscribing agents may object to a new subprocessor by contacting us within 15 days of notification; if we cannot reasonably accommodate the objection, the agent may terminate their subscription.
Subscribing agents acting as data controllers may request, no more than once per 12-month period, reasonable information about Total Agent's data processing practices and security measures to verify compliance with this Privacy Policy and applicable data protection laws. Such requests should be submitted in writing to hello@bytotalagent.com. We will respond within 30 days and may satisfy audit requests through written responses, documentation, third-party audit reports, or certifications.
In the event of a personal data breach affecting data for which a subscribing agent is the data controller, Total Agent will notify the affected agent within 72 hours of becoming aware of the breach. The notification will include the nature of the breach, the categories and approximate number of records affected, likely consequences, and measures taken or proposed to address the breach. This notification enables the subscribing agent to fulfill their own breach notification obligations to affected individuals and supervisory authorities.
Upon termination of a subscribing agent's account, Total Agent will, at the agent's election: (a) return all personal data to the agent in a structured, commonly used format, or (b) delete all personal data within 90 days of termination, except where retention is required by law (such as e-signature audit trails). Agents may make this election by contacting us at hello@bytotalagent.com.
The Company intends to release a native mobile application (iOS and Android) as a future Platform feature. When available, the mobile application will collect additional data categories typical of mobile apps, including device identifiers, push notification tokens, and location data (if you grant permission). The mobile application's data practices will be governed by this Privacy Policy and any supplemental disclosures presented at the time of installation. Use of the mobile application may also be subject to the privacy policies of the applicable app marketplace.
The Platform is not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected information from a child under 18, we will take steps to delete such information promptly.
The Platform is hosted in the United States. If you access the Platform from outside the United States, your information may be transferred to, stored, and processed in the United States. By using the Platform, you consent to the transfer of your information to the United States. For individuals located in the EEA, UK, or Switzerland, please see Section 13.4 for information about the specific transfer mechanisms we use to protect your data.
The following disclosures specify where key service providers process and store data:
Some browsers offer a "Do Not Track" (DNT) signal. We do not currently respond to DNT signals as there is no standardized industry approach to DNT compliance. However, we do honor Global Privacy Control (GPC) signals as a valid opt-out of the "sharing" of personal information under the CCPA.
We may update this Privacy Policy to reflect new Platform features, regulatory changes, or operational updates. We will notify you of material changes by posting the updated policy and updating the "Last Updated" date. For material changes, we will provide notice through the Platform or via email at least 30 days before the changes take effect. Continued use of the Platform after any modification constitutes acceptance of the updated policy.
For questions about this Privacy Policy or to exercise your data rights, contact us:
For GDPR-specific inquiries, use the subject line "GDPR Inquiry." For California privacy requests, use the subject line "California Privacy Request." For requests to limit use of sensitive personal information, use the subject line "Limit Use of Sensitive PI."
| Version | Date | Summary of Changes |
|---|---|---|
| 1.0 | April 2026 | Initial privacy policy publication |
| 2.0 | May 2026 | Expanded AI processing disclosures, added AGENTA Brain and Voice DNA sections, added call recording and document services sections, expanded third-party services table |
| 3.0 | June 2026 | Added full Cookie and Tracking Technologies section with Meta Pixel (ID 1482325517022904) and Plausible Analytics disclosures; added Data Breach Notification section (Florida 501.171 compliance); added GDPR section with lawful basis, rights, DPO contact, and Standard Contractual Clauses; added explicit statement that customer data is not used for AI training; added CCPA Notice at Collection with categories of PI, right to opt-out of sharing, and sensitive PI disclosures; added Meta Pixel to third-party services table; added Data Processing Agreement framework; added Sensitive Personal Information categorization under CPRA; added privacy notice for contacts/leads (non-users); added automated decision-making disclosure with opt-out; added Meta Pixel as tracking technology; specified e-signature audit trail retention at 7 years; added data localization disclosures; added document version change log |