Legal

Privacy Policy

Effective Date: April 15, 2026 Last Updated: June 2026 Version: 3.0

1. Introduction

Total Agent LLC ("Company," "we," "us," or "our") operates an AI-powered real estate operating platform ("Platform") accessible at app.bytotalagent.com and bytotalagent.com. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you use the Platform and all related services — including all current modules and any features added in the future.

By accessing or using the Platform, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not access or use the Platform.

This policy applies to subscribing real estate agents and brokerages, their clients and contacts whose data is processed through the Platform, and visitors to our marketing website at bytotalagent.com.

2. Information We Collect

2.1 Information Provided by Agents and Subscribers

When you create an account or subscribe, we collect:

2.2 Information Collected About Contacts and Leads

Agents using the Platform may input or import information about their clients, leads, and professional contacts, including:

Contacts of subscribing agents are not Platform users and do not have accounts. Agents are independently responsible for their lawful collection and use of contact data.

2.3 Information Collected Automatically

2.4 Information Collected Through Communications

2.5 Information Collected Through Document Services

2.6 Information Collected Through Social Media and Content Integrations

2.7 Information Collected on Our Marketing Website

When you visit bytotalagent.com or submit our waitlist form, we collect:

2.8 Information Collected Through Future Features

As the Platform grows to include a mobile application, additional integrations, brokerage-level features, MLS data connections, and other capabilities, we may collect additional categories of information necessary to provide those features. Material expansions in data collection will be disclosed through updates to this Privacy Policy.

3. Artificial Intelligence and Automated Processing

Total Agent uses artificial intelligence across all Platform modules. AI-generated outputs may contain errors. Users should independently verify all AI-generated information before relying on it for business decisions.

3.1 How AGENTA Uses Your Data

Our AI engine, AGENTA, uses large language models and your per-agent AGENTA Brain profile to power features across all modules. Current and planned AI-powered capabilities that process your data include:

3.2 AI Data Processing and Third-Party Providers

Data processed by AI systems may be transmitted to third-party AI service providers via API. We select providers that do not use API-submitted data to train their general models and that maintain enterprise-grade data security. We may use multiple AI models simultaneously (for example, in document analysis) and reserve the right to change AI providers without notice, provided replacement providers meet equivalent data protection standards.

3.3 No Use of Customer Data for AI Training

Total Agent does NOT use customer data to train, fine-tune, or improve its own AI models or any third-party AI models. Your data — including AGENTA Brain profiles, communications, documents, contact information, and all other data processed through the Platform — is used solely to provide and deliver the Platform services you have subscribed to. We do not aggregate customer data for machine learning training purposes.

3.4 Automated Decision-Making

The Platform uses automated processing to assist with certain decisions, including:

These automated processes are designed to assist and augment agent decision-making, not replace it. No fully automated decisions with legal or similarly significant effects are made without human review. You may request human review of any automated decision, obtain an explanation of the logic involved, or opt out of automated lead scoring and prioritization by contacting us at hello@bytotalagent.com. Opting out of automated features may limit certain Platform functionality.

3.5 AI Limitations

AI outputs may be inaccurate, incomplete, or contextually inappropriate. AI-generated content and recommendations do not constitute professional legal, financial, or real estate advice. Users are solely responsible for reviewing all AI-generated outputs before use.

4. How We Use Your Information

We use information we collect to:

5. SMS and Telephone Communications

5.1 SMS Messaging

The Platform sends SMS text messages on behalf of subscribing real estate agents. By receiving SMS messages from a Total Agent subscriber, you acknowledge:

Mobile opt-in data and consent will not be sold, rented, or shared with third parties for marketing or promotional purposes.

5.2 Phone Calls and Call Recording

Inbound and outbound calls through the Platform's Calls module are handled via dedicated business phone numbers. These calls may be recorded for quality assurance, training, and record-keeping.

5.3 Email Communications

The Platform integrates with agents' Gmail and Outlook accounts via OAuth. We do not store email account passwords. Emails sent through the Platform originate from the agent's actual email address. With agent authorization, AGENTA may also monitor the agent's inbox to detect real estate events and trigger automated actions.

5.4 Google API Services User Data Policy

Total Agent's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements:

6. Data Sharing and Disclosure

We do not sell your personal information. We do not share mobile opt-in data or SMS consent with third parties for marketing or promotional purposes. We may share information in the following circumstances:

7. Data Security

We implement industry-standard security measures including:

No method of internet transmission or electronic storage is 100% secure. We maintain security incident response procedures as described in Section 7.1 below.

7.1 Data Breach Notification

In the event of a security breach involving your personal information, we will:

For subscribing agents who act as data controllers, we will notify you of any breach affecting data you have entrusted to the Platform within 72 hours of our becoming aware of the breach, enabling you to fulfill your own notification obligations to your clients and contacts.

8. Data Retention

Data Type Retention Period
Account and profile data Duration of subscription + 90 days post-termination
AGENTA Brain / Voice DNA profile Duration of subscription + 90 days post-termination
SMS communication logs Up to 24 months from date of communication
Email correspondence logs Up to 24 months from date of communication
Call recordings Up to 12 months unless longer retention required by law or requested by agent
AI-generated content Duration of subscription
Transaction documents Duration of subscription + 90 days post-termination
E-signature audit trails 7 years from date of signature execution, in compliance with ESIGN Act and UETA requirements
Billing records As required by applicable tax and financial regulations
Usage and log data Up to 12 months
Meta Pixel / analytics data Governed by Meta's and Plausible's respective retention policies; our server-side logs retained up to 12 months

Upon account termination, you may request deletion of your data by contacting us at hello@bytotalagent.com. We will process deletion requests within 30 days, except where retention is required by law (for example, e-signature audit trails must be retained for the full 7-year period regardless of account status).

9. Agent Obligations Regarding Contact Data

Subscribing agents act as independent data controllers for personal data they input about their clients, leads, and contacts. By inputting contact data, you represent and warrant that:

The Company processes contact data on behalf of subscribing agents solely for the purpose of providing Platform services. Each subscribing agent is responsible for their own compliance with applicable privacy laws in connection with their use of the Platform.

10. Privacy Notice for Contacts and Leads (Non-Users)

If you are a client, lead, or contact of a real estate agent who uses the Total Agent Platform, this section describes your rights and how your data is handled, even though you do not have a Platform account.

10.1 What Data Is Collected About You

Your agent may input or import the following information about you into the Platform:

10.2 How Your Data Is Used

Your data is used by the Platform solely to help your agent provide real estate services to you, including: scheduling and coordinating property showings, sending communications on behalf of your agent, processing showing feedback, managing transaction timelines, and generating AI-assisted communications and recommendations for your agent's review.

10.3 Your Rights as a Contact

Regardless of whether you are a Platform user, you have the right to:

To exercise these rights, you may contact your agent directly or contact us at hello@bytotalagent.com. We will coordinate with the subscribing agent as needed to fulfill your request. We will respond to verified requests within 30 days.

11. California Privacy Rights — CCPA/CPRA Notice at Collection

This section serves as Total Agent's "Notice at Collection" under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA).

11.1 Categories of Personal Information Collected and Purposes

Category of PI Examples Purpose of Collection
Identifiers Name, email, phone, IP address, account ID Provide Platform services, account management, communications
Commercial Information Subscription records, transaction history, billing data Payment processing, service delivery, financial reporting
Internet / Electronic Activity Browsing history, search history, interaction with Platform Analytics, Platform improvement, advertising measurement
Professional / Employment Info Real estate license, brokerage, MLS credentials Account verification, Platform customization
Geolocation Data Approximate location from IP address Analytics, security, content localization
Audio / Visual Information Call recordings, headshot photos, brand assets Call features, agent branding, AI transcription
Inferences Lead scores, engagement predictions, content preferences AI-powered features, lead prioritization, personalization
Sensitive PI (see Section 11.4) Account credentials, financial data, precise geolocation Authentication, payment processing, service delivery

11.2 Your CCPA/CPRA Rights

If you are a California resident, you have the following rights:

To submit a California privacy request, contact us at hello@bytotalagent.com with the subject line "California Privacy Request." We will verify your identity and respond within 45 days. You may also designate an authorized agent to make a request on your behalf.

11.3 Sharing for Advertising Purposes

We "share" (as defined under CCPA) the following categories of personal information with Meta Platforms, Inc. for cross-context behavioral advertising through the Meta Pixel: identifiers (IP address, browser/device data) and internet/electronic activity (page views, lead form submissions). We do not sell personal information for monetary consideration. We do not have actual knowledge that we sell or share personal information of consumers under 16 years of age.

11.4 Sensitive Personal Information (SPI)

Under the CPRA, certain categories of personal information are classified as "sensitive personal information." The Platform may collect the following categories of SPI:

We use sensitive personal information only as necessary to provide the Platform services you have requested and for security purposes. You have the right to limit our use of sensitive personal information to these purposes. To exercise this right, contact us at hello@bytotalagent.com with the subject line "Limit Use of Sensitive PI."

12. State-Specific Privacy Considerations

12.1 Florida

Total Agent operates primarily in Florida. Florida requires all-party consent for call recording (Section 934.03, Florida Statutes). Our Platform provides automated recording disclosures to comply with this requirement. Florida Statutes Section 501.171 requires notification of data breaches involving personal information within 30 days; our breach notification procedures (Section 7.1) are designed to meet this requirement.

12.2 Other States

As the Platform expands nationally, additional state-specific privacy and call recording laws apply. Agents operating outside Florida are responsible for understanding and complying with applicable laws in their jurisdiction. Call recording consent requirements vary significantly by state. The Company will update this policy as national expansion introduces additional jurisdiction-specific considerations.

13. GDPR — European Economic Area and United Kingdom

If you are located in the European Economic Area (EEA), United Kingdom (UK), or Switzerland, this section outlines how we process your personal data in compliance with the General Data Protection Regulation (GDPR) and the UK GDPR.

13.1 Data Controller

Total Agent LLC is the data controller for personal data collected directly from you (such as account registration, website visits, and waitlist submissions). For personal data entered by subscribing agents about their clients and contacts, the subscribing agent is the data controller and Total Agent LLC acts as the data processor.

13.2 Lawful Basis for Processing

We process personal data under the following lawful bases:

13.3 Your Rights Under GDPR

If you are located in the EEA or UK, you have the following rights:

To exercise any of these rights, contact us at hello@bytotalagent.com. We will respond within 30 days.

13.4 International Data Transfers

The Platform is hosted in the United States. Personal data transferred from the EEA, UK, or Switzerland to the United States is protected through the following mechanisms:

13.5 Data Protection Officer Contact

For GDPR-related inquiries, you may contact our designated data protection point of contact at hello@bytotalagent.com with the subject line "GDPR Inquiry." We will respond within 30 days.

14. Your Rights and Choices

Depending on your jurisdiction, you may have the following rights regarding your personal information:

To exercise any of these rights, contact us at hello@bytotalagent.com.

15. Third-Party Services

The Platform integrates with third-party services. We are not responsible for the privacy practices of these providers. Current integrations include:

Service Purpose Data Processing Location Privacy Policy
Stripe Payment processing United States stripe.com/privacy
Twilio SMS and voice communications United States (primary); may process in additional regions twilio.com/legal/privacy
Anthropic AI processing (AGENTA) United States anthropic.com/privacy
Vercel Application hosting United States (primary); edge network globally vercel.com/legal/privacy-policy
Supabase Database and authentication United States (AWS us-east-1 region) supabase.com/privacy
Google Gmail integration via OAuth United States; global infrastructure policies.google.com/privacy
Microsoft Outlook integration via OAuth United States; global infrastructure privacy.microsoft.com
Meta Platforms (Facebook) Advertising measurement and conversion tracking via Meta Pixel United States; global infrastructure facebook.com/privacy/policy
Plausible Analytics Privacy-focused website analytics European Union plausible.io/data-policy

As the Platform adds new integrations — including MLS data providers, additional AI model providers, additional social platforms, and others — this table will be updated accordingly.

16. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect usage data, measure advertising effectiveness, and improve the Platform and our marketing website. This section provides detailed information about the specific technologies we use.

16.1 Essential Cookies

Cookie / Technology Type Purpose Duration
Supabase auth cookies (sb-*-auth-token) First-party, strictly necessary User authentication and session management for the Platform Session / up to 1 year
Vercel deployment cookies First-party, strictly necessary Application routing and deployment management Session

16.2 Analytics Technologies

Cookie / Technology Type Purpose Duration
Plausible Analytics (script) Third-party, cookieless Privacy-focused website analytics. Plausible does not use cookies and does not collect personal data. Tracks page views, referral sources, and basic device information without identifying individual users. No cookies set

16.3 Advertising and Tracking Technologies

Cookie / Technology Type Purpose Duration
Meta Pixel (ID: 1482325517022904) Third-party tracking pixel and cookies Tracks user interactions on bytotalagent.com for advertising measurement and conversion optimization. Fires the following events:
PageView — triggered on every page load
Lead — triggered when a visitor submits the waitlist form
_fbp cookie: 90 days; _fbc cookie: 90 days (set when user clicks a Facebook ad)

The Meta Pixel transmits the following data to Meta Platforms, Inc.: your IP address, browser type and version, intelligence platform, referring URL, pages visited, actions taken (page views and lead form submissions), and a unique browser identifier. Meta may use this data for its own purposes as described in Meta's Privacy Policy. Under the CCPA, the operation of the Meta Pixel constitutes "sharing" of personal information for cross-context behavioral advertising.

16.4 How to Manage Cookies and Tracking

You can control cookies and tracking technologies through the following methods:

Plausible Analytics does not use cookies and cannot be opted out of at the individual level, as it does not track or identify individual users.

17. Data Processing Agreement Framework

This section describes the framework under which Total Agent processes data on behalf of subscribing agents and business customers.

17.1 Role of Total Agent

Under the CCPA/CPRA, Total Agent acts as a "service provider" when processing personal information on behalf of subscribing agents. Under the GDPR, Total Agent acts as a "data processor" for contact and client data entered by subscribing agents (who act as "data controllers"). Total Agent processes this data solely to provide the Platform services as instructed by the subscribing agent.

17.2 Processing Instructions

Total Agent processes personal data only in accordance with the subscribing agent's instructions as embodied in: (a) the terms of service and subscription agreement, (b) this Privacy Policy, (c) the agent's configuration of Platform features and automation rules, and (d) any written instructions provided by the agent. Total Agent will not process personal data for any purpose other than providing the Platform services.

17.3 Subprocessor Management

Total Agent engages the subprocessors listed in Section 15 (Third-Party Services) to assist in providing Platform services. We will notify subscribing agents of any material changes to our subprocessor list by updating this Privacy Policy and, for material additions, providing at least 30 days' notice via email or in-Platform notification. Subscribing agents may object to a new subprocessor by contacting us within 15 days of notification; if we cannot reasonably accommodate the objection, the agent may terminate their subscription.

17.4 Audit Rights

Subscribing agents acting as data controllers may request, no more than once per 12-month period, reasonable information about Total Agent's data processing practices and security measures to verify compliance with this Privacy Policy and applicable data protection laws. Such requests should be submitted in writing to hello@bytotalagent.com. We will respond within 30 days and may satisfy audit requests through written responses, documentation, third-party audit reports, or certifications.

17.5 Breach Notification to Controllers

In the event of a personal data breach affecting data for which a subscribing agent is the data controller, Total Agent will notify the affected agent within 72 hours of becoming aware of the breach. The notification will include the nature of the breach, the categories and approximate number of records affected, likely consequences, and measures taken or proposed to address the breach. This notification enables the subscribing agent to fulfill their own breach notification obligations to affected individuals and supervisory authorities.

17.6 Data Return and Deletion

Upon termination of a subscribing agent's account, Total Agent will, at the agent's election: (a) return all personal data to the agent in a structured, commonly used format, or (b) delete all personal data within 90 days of termination, except where retention is required by law (such as e-signature audit trails). Agents may make this election by contacting us at hello@bytotalagent.com.

18. Mobile Application

The Company intends to release a native mobile application (iOS and Android) as a future Platform feature. When available, the mobile application will collect additional data categories typical of mobile apps, including device identifiers, push notification tokens, and location data (if you grant permission). The mobile application's data practices will be governed by this Privacy Policy and any supplemental disclosures presented at the time of installation. Use of the mobile application may also be subject to the privacy policies of the applicable app marketplace.

19. Children's Privacy

The Platform is not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected information from a child under 18, we will take steps to delete such information promptly.

20. International Data Transfers

The Platform is hosted in the United States. If you access the Platform from outside the United States, your information may be transferred to, stored, and processed in the United States. By using the Platform, you consent to the transfer of your information to the United States. For individuals located in the EEA, UK, or Switzerland, please see Section 13.4 for information about the specific transfer mechanisms we use to protect your data.

21. Data Localization

The following disclosures specify where key service providers process and store data:

22. Do Not Track

Some browsers offer a "Do Not Track" (DNT) signal. We do not currently respond to DNT signals as there is no standardized industry approach to DNT compliance. However, we do honor Global Privacy Control (GPC) signals as a valid opt-out of the "sharing" of personal information under the CCPA.

23. Changes to This Privacy Policy

We may update this Privacy Policy to reflect new Platform features, regulatory changes, or operational updates. We will notify you of material changes by posting the updated policy and updating the "Last Updated" date. For material changes, we will provide notice through the Platform or via email at least 30 days before the changes take effect. Continued use of the Platform after any modification constitutes acceptance of the updated policy.

24. Contact Us

For questions about this Privacy Policy or to exercise your data rights, contact us:

For GDPR-specific inquiries, use the subject line "GDPR Inquiry." For California privacy requests, use the subject line "California Privacy Request." For requests to limit use of sensitive personal information, use the subject line "Limit Use of Sensitive PI."

25. Document Version History

Version Date Summary of Changes
1.0 April 2026 Initial privacy policy publication
2.0 May 2026 Expanded AI processing disclosures, added AGENTA Brain and Voice DNA sections, added call recording and document services sections, expanded third-party services table
3.0 June 2026 Added full Cookie and Tracking Technologies section with Meta Pixel (ID 1482325517022904) and Plausible Analytics disclosures; added Data Breach Notification section (Florida 501.171 compliance); added GDPR section with lawful basis, rights, DPO contact, and Standard Contractual Clauses; added explicit statement that customer data is not used for AI training; added CCPA Notice at Collection with categories of PI, right to opt-out of sharing, and sensitive PI disclosures; added Meta Pixel to third-party services table; added Data Processing Agreement framework; added Sensitive Personal Information categorization under CPRA; added privacy notice for contacts/leads (non-users); added automated decision-making disclosure with opt-out; added Meta Pixel as tracking technology; specified e-signature audit trail retention at 7 years; added data localization disclosures; added document version change log