Privacy Policy

Instora ("we", "us", or "our") operates instora.io and provides AI-powered real estate marketing tools. This Privacy Policy explains what information we collect, how we use it, and the choices you have over your data.

By using Instora you agree to the collection and use of information as described here. If you do not agree, please do not use the service.

• To provide, operate, and improve the Instora service
• To generate AI-powered marketing content using the listing details you provide
• To process payments and manage your subscription via Stripe
• To send transactional emails — kit ready notifications, team invitations, and billing alerts — based on your notification preferences
• To enforce our Terms of Service and prevent abuse
• To respond to support requests and communicate with you about your account

We do not sell your personal information to third parties. We do not use your listing content or property data to train AI models.

We share information only with the third-party services required to operate Instora:

• Supabase — database and file storage, hosted on AWS infrastructure in the United States
• Stripe — payment processing. Stripe's privacy policy is available at stripe.com/privacy
• Anthropic — AI content generation. Listing details you enter are sent to Anthropic's API to produce marketing copy. Anthropic's privacy policy is available at anthropic.com/privacy
• Vercel — application hosting and deployment
• Your SMTP provider — for sending transactional emails

We may disclose information if required by law, legal process, or to protect the rights and safety of Instora, our users, or others.

When you generate a marketing kit, Instora creates a publicly accessible landing page at a URL in the format instora.io/listing/your-address. This page displays the property details you entered — address, price, bedrooms, bathrooms, photos, and key highlights — and is accessible to anyone with the link, without requiring a login.

If you do not want a listing to be publicly accessible, do not generate a kit for it, or contact us to have the page removed.

• Account data — retained for as long as your account is active. Deleted within 30 days of account closure on request.
• Listings and generated kits — retained until you delete them from your dashboard or close your account.
• Photos — retained in storage until you delete the listing or close your account.
• Billing records — retained for seven years as required for financial compliance.

Depending on your location you may have rights including:

• Access — request a copy of the personal data we hold about you
• Correction — request correction of inaccurate data
• Deletion — request deletion of your account and associated data
• Portability — request your data in a machine-readable format
• Objection — object to certain types of processing

To exercise any of these rights, email us at privacy@instora.io. We will respond within 30 days.

We implement industry-standard security measures including encrypted data transmission (HTTPS), encrypted data storage, row-level security on our database, and access controls that limit data access to authenticated users. No method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

Instora is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, contact us and we will delete it.

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice in the app. Your continued use of Instora after changes take effect constitutes acceptance of the updated policy.

Questions about this Privacy Policy or your data? Email us at privacy@instora.io.