Privacy Policy

Who we are

Newmarket Edge ("we", "us", or "our") operates the Newmarket Edge agent platform at app.newmarketedge.com, our marketing site at newmarketedge.com, our consumer tools at newmarkethq.com, and the Newmarket Edge mobile apps for licensed California real estate agents and their clients. This policy explains what we collect, how we use it, and the limits we place on ourselves.

Information we collect

• Account data you give us — name, email, phone, DRE license number, brokerage details, photo, voice samples (if you enroll for meeting attribution).
• Client data you give us when working with your clients — their names, contact details, notes, journey stage, saved homes.
• Connected accounts — if you connect Gmail, Outlook, or your calendar, the OAuth access + refresh tokens (encrypted with AES-256-GCM at rest) plus the messages and events you read or send through our platform.
• Subscription + payment data — handled by Stripe; we never see your card number. We see your plan, status, and billing history.
• Usage data — pages visited, features used, timestamps, IP address, browser/device info, anonymous session IDs (one HttpOnly cookie, no third-party trackers on the marketing site).
• Lead data from consumer tools — name, email, phone, intent (buy/sell/both), price range, area, timeline. Collected when consumers use a gated calculator or sign up to be matched with an agent.

How we use information

• Run the platform — log you in, sync your data across surfaces (web + mobile), generate AI responses scoped to your account.
• Match consumer leads to verified California-licensed agents.
• Send transactional email (verification codes, password resets, briefing summaries) and product updates you've opted into.
• Improve features and fix bugs using aggregated, de-identified usage data.
• Comply with legal obligations (tax, real estate licensing, anti-fraud, court orders).

We do not sell user data. We do not share lead information with anyone beyond the verified California-licensed real estate agent the consumer is matched to or has signed up to work with.

Google user data — Limited Use disclosure

When you connect Gmail to Newmarket Edge, we request the following Google API scopes:

• gmail.readonly — to read messages in your inbox so we can surface them in your Email Intelligence triage view, classify urgency, and identify which clients need a reply.
• gmail.send — to send replies you author or approve from within Newmarket Edge, on your behalf, from your own email address.
• userinfo.email — to associate the connected account with your Newmarket Edge agent record.
• calendar — to read your events (so we don't double-book) and add showings + meetings you schedule from inside Newmarket Edge.

Newmarket Edge's use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.

Specifically:

• We use Gmail data only to provide and improve the user-facing features of the Email Intelligence module (triage, summarization, reply drafting).
• We do not transfer Gmail data to third parties except as necessary to provide the service (e.g. our LLM provider, Anthropic, to generate summaries and reply drafts on your behalf), to comply with applicable law, or as part of a merger, acquisition, or sale of assets with notice to you.
• We do not use Gmail data for advertising. We do not display ads in Newmarket Edge.
• We do not allow humans to read your Gmail data except: (a) with your explicit consent for a specific message; (b) when necessary for security purposes such as investigating abuse; (c) to comply with applicable law; or (d) where the data has been aggregated and anonymised for our internal operations.
• You can disconnect Gmail at any time in the dashboard at app.newmarketedge.com → Intelligence → Email, which revokes our access and deletes the tokens.

The same posture applies to Microsoft Outlook / Microsoft Graph data when you connect an Outlook account.

Storage, encryption, and retention

• Account + client data is stored in Supabase (Postgres) inside the US.
• OAuth tokens for Gmail / Outlook are encrypted with AES-256-GCM before being written to the database. Decryption happens only at request time on our backend.
• Email message bodies that we cache for the triage view are stored for up to 30 days then purged. Headers (sender, subject, received_at) are kept for the inbox-state timeline.
• Voice samples used for meeting attribution are kept only as long as you want them — delete in Settings → Voice.
• If you delete your account, we erase all personally identifiable information within 30 days, except as required by law (tax records, fraud investigations).

Your rights (CCPA + similar)

• Know what we collect → email privacy@newmarketedge.com for a copy of your data.
• Delete your data → use the in-app account deletion or email privacy@newmarketedge.com.
• Opt out of marketing email → click the unsubscribe link in any marketing email, or email unsubscribe@newmarketedge.com.
• Opt out of "sale" of personal data → automatic; we don't sell.
• Correct your data → fix it in the dashboard, or email us.

Cookies + tracking

We use one HttpOnly session cookie (nme_lead_session) on the marketing site to remember signed-in tool users for 30 days. The agent dashboard uses a JWT in localStorage for the session. We use our own in-house event tracking (no Google Analytics, Facebook Pixel, or third-party trackers on newmarketedge.com or newmarkethq.com).

Children

Newmarket Edge is not directed to children under 13 and we do not knowingly collect personal information from them.

Contact

• Privacy / data requests: privacy@newmarketedge.com
• Support: support@newmarketedge.com
• Legal: legal@newmarketedge.com

Changes to this policy

We'll post material changes here and update the date above. If a change affects how we handle Gmail / Outlook data, we'll notify connected agents by email at least 30 days before the change takes effect.