Privacy Policy
ListSmith is a Chrome extension that generates real estate listing descriptions from MLS listing pages. This policy explains what data the extension handles, where it is stored, and what it never does.
The short versionProperty data from listing pages is sent to our server solely to generate descriptions, then returned to you. We store a log of your generations for your history view. We never sell your data. No API key required — we handle AI calls on your behalf.
What data we collect
- Account data — your email address and encrypted password, used to authenticate your account
- Property data — address, price, beds, baths, sqft, features, and other listing details read from the page you have open, sent to our server to generate descriptions
- Voice profile — your tone preferences, brokerage name, MLS character limit, and phrases to avoid, stored to personalise your outputs
- Generation log — a record of each description generated, including address, price, style, and a preview of the MLS output, stored for your history view
- Usage count — monthly generation count used to enforce free tier limits
What we never do
- Never sell or share your data with third parties
- Never use your listing data to train AI models
- Never store the full generated description content on our servers permanently
- Never access listing pages you haven't opened or interacted with
- Never read any data from your browser beyond the active listing page when you trigger a generation
Permissions explained
- activeTab — reads the current listing page when you trigger a generation
- scripting — injects the capture interface into the active page on your request
- storage — stores your voice profile and session data locally
- sidePanel — displays the ListSmith panel alongside the listing page
- contextMenus — adds the right-click "Generate with ListSmith" option
Data retention
Your generation log is retained for 12 months and then deleted. Your account data is retained until you request deletion. You can request deletion of all your data at any time by emailing hello@heyeave.com.
Security
All data is transmitted over HTTPS. Passwords are encrypted. API calls are authenticated with short-lived tokens. We use Supabase for data storage, which is SOC 2 Type II certified.
Contact
Questions about this policy: hello@heyeave.com