Let"s Talk Strategy
Let"s Talk Strategy

Privacy Policy

True Estate Marketing helps real estate agents, brokers, and businesses boost visibility, generate qualified leads, and close more deals. From SEO and websites to social media, email, and CRM tools, we deliver results-driven marketing that grows your real estate success.

True Estate Marketing Privacy Policy: A Comprehensive Guide to Digital Marketing Data Protection

1. Introduction and Scope of the Policy

This document, the True Estate Marketing Privacy Policy, is designed to articulate our unwavering commitment to the protection of personal information. It serves as a comprehensive and transparent guide for clients, partners, and website visitors, detailing how their data is collected, used, and secured. The creation of this policy is not merely a legal obligation but a strategic decision to build and maintain trust with our users, positioning data privacy as a core principle and a strategic asset of our business.

At True Estate Marketing, we act as both a data controller and a data processor. As a data controller, we determine the purposes and means of processing personal data. As a data processor, we process data on behalf of our clients to provide our digital marketing services. This policy is intended to comply with a range of global data protection laws, including but not limited to the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and the California Privacy Rights Act (CPRA). By providing clear information in plain language, we strive to ensure a fair and transparent approach to data processing, which is a foundational requirement of these regulations.

The scope of this policy is comprehensive, encompassing all personal information we collect and process. This includes data gathered through our primary digital touchpoints, such as our official website, mobile applications, social media channels, and all online and offline activities related to the services we provide. These services include SEO & Digital Marketing, Social Media Marketing, Website Design & Development, CRM & Business Automation, Real Estate Referral Network, and Content & Graphics Creation. This detailed document covers every facet of our digital marketing data protection practices.

To enhance clarity and accessibility, we have defined key terms that are central to this policy. Personal Information, also referred to as “personal data,” means any information that can be used to identify an individual, either directly or indirectly. Processing refers to any operation performed on personal data, such as collection, storage, use, or deletion. The Data Controller is the entity that determines the purposes for which and the means by which personal data is processed, which in this case is True Estate Marketing. A Data Subject is the identified or identifiable natural person to whom the personal data relates. These definitions are provided to ensure that all users, regardless of their legal or technical background, can understand their rights and our responsibilities.

2. Information Collected

This section provides a meticulous inventory of the categories of personal information we collect, the specific types of data within those categories, and the sources from which this information is obtained. This level of detail is necessary to fulfill the requirements of consumer privacy laws, such as the CCPA’s “Right to Know” which mandates a business to disclose the categories of personal information it has collected in the past 12 months.

Categories of Personal Information

The personal information we collect varies depending on the nature of our interaction with you. These categories include:

  • Identifiable Information: This includes data you provide directly to us when you contact us, register for our services, or fill out a form on our website. This information may include your full name, email address, phone number, mailing address, professional title, and company name. This data is essential for client communication, account management, and service delivery.
  • Service Data & Customer Records: This refers to information provided by our clients to enable us to deliver our core services. Given our focus on the real estate sector, this category is particularly robust and sensitive. It may include detailed property information, transaction histories, financial details related to a transaction, and legal documents pertinent to a real estate deal. This data is critical for executing effective marketing campaigns for our real estate clients.
  • CRM & Business Automation Data: Our CRM (Customer Relationship Management) system is a central repository for all client interactions. The data stored here includes communication logs, transcripts of phone calls or chats, email correspondence history, and sales data. This information allows us to manage, evaluate, and maintain a seamless relationship with our clients and prospects.
  • Real Estate Referral Network Data: As part of our service, we may facilitate a referral to a professional within our network. The data collected for this purpose includes the client’s name, contact information, and specific property interests. This data is managed with the utmost care and is only shared with the client’s explicit consent, as mandated by the ethical and legal disclosure requirements surrounding referral fees.

Technical, Usage, and Behavioral Data

Beyond the information you provide, we also automatically collect data to analyze our website’s performance and the effectiveness of our marketing strategies. This data is typically non-personally identifiable but can be linked to other data points to provide insights into user behavior.

  • Website Analytics Data: We use analytics tools to gather information about your visit to our website. This includes your Internet Protocol (IP) address, browser type, operating system, the pages you visited, the time spent on those pages, and the websites that referred you to our site. This information helps us understand user demographics, interests, and traffic sources.
  • SEO & Digital Marketing Data: To optimize campaigns for our clients and our own online visibility, we collect and analyze specific data points. This includes organic traffic metrics, organic impressions, keyword rankings, backlink profiles, and technical SEO data such as site speed and mobile-friendliness. Conversion data, which shows how effectively a website converts visitors into leads or customers, is also a critical part of our analysis.
  • Social Media Marketing Data: We gather data from social media platforms to evaluate the reach and effectiveness of our social media campaigns. This may include audience demographics, engagement metrics such as likes, shares, and comments, as well as impressions on social media posts.
  • Cookies and Tracking Data: We utilize various tracking technologies to collect data. This includes cookies, web beacons, and pixels (e.g., Meta Pixel) that track user behavior for purposes such as analytics, personalization, and targeted advertising (retargeting). The specific details of how we use these technologies are provided in a dedicated section of this policy.

Sources of Data Collection

As part of our commitment to transparency, we disclose the sources from which personal information is collected. We primarily collect information from the following sources :

  • Directly from the User: This is the most common source, where you provide information to us through forms, contracts, or direct communication.
  • Publicly Available Sources: We may collect professional or corporate information from public sources such as property records or business websites.
  • Automated Technologies and Cookies: Data is collected automatically through our website, mobile applications, and other digital platforms via cookies and similar tracking technologies.
  • Third-Party Business Partners: We may receive personal information from third parties, such as our business partners, advertising networks, or data providers, to facilitate our services and improve our marketing efforts.

3. How the Information Is Used

This section outlines the specific purposes for which we process personal information. For each purpose, we provide a “lawful basis” as required by GDPR, ensuring that our data handling is legally permissible and transparent. Our lawful bases for processing personal data include contractual necessity, legitimate interest, consent, and legal obligation.

  • To Provide and Manage Our Services: The primary and most fundamental use of personal information is to deliver the services you have engaged us for. This includes managing complex SEO campaigns, designing and developing websites, running targeted social media ads, and implementing CRM and business automation systems. The lawful basis for this processing is Contractual Necessity, as the data is essential for us to perform our contractual obligations to our clients.
  • For Communication and Client Support: We use your information to communicate with you about your account, respond to your inquiries, provide customer support, and send service-related announcements. This communication is vital for maintaining a strong client relationship. The lawful basis for this processing is either Contractual Necessity (when it relates to an ongoing service) or our Legitimate Interest in providing effective and timely support to our clients.
  • For Marketing and Advertising: We use personal information to send you marketing communications, such as newsletters, special offers, and promotional emails about our services. For new prospects and users, the lawful basis for sending such communications is your Explicit Consent, which we obtain through a clear opt-in process. For our existing clients, we may rely on our Legitimate Interest to send direct marketing communications about services that are similar to those you have already received, while always providing a clear and easy way to opt out.
  • For Service Improvement and Personalization: We analyze data to continuously improve our services, understand our clients’ and users’ needs, and personalize their experience. For example, analyzing website traffic patterns helps us refine our website design, and understanding audience demographics helps us create more effective ad creative. The lawful basis for this processing is our Legitimate Interest in running and improving our business operations to deliver a better service.
  • For Security and Fraud Prevention: We use personal information to protect our systems and our clients’ data from unauthorized access, fraud, or other security incidents. This includes monitoring our CRM systems for suspicious activity and enforcing strong authentication protocols. The lawful basis for this is our Legitimate Interest in securing our business, coupled with our Legal Obligation to comply with data protection regulations that require us to implement appropriate security measures.
  • For Legal Compliance: We may process and disclose personal information when required to do so by law. This includes responding to subpoenas, court orders, or other legal processes, as well as protecting our legal rights in a lawsuit or legal claim. The lawful basis for this processing is a Legal Obligation.

The choice between “consent” and “legitimate interest” is a critical one in digital marketing. While legitimate interest can be a flexible basis, our policy is to prioritize explicit consent wherever possible, particularly for new user engagement. This is because a strong, transparent, and consent-first approach builds greater user trust and significantly reduces the risk of legal challenges or regulatory fines. By being clear about the purpose of data collection and obtaining a user’s affirmative, unambiguous agreement, we are building a more robust and ethically sound foundation for our marketing practices.

4. Cookies, Tracking Technologies, and Third-Party Tools

This section provides a detailed and legally compliant explanation of how we use cookies, web beacons, and other tracking technologies. We believe that transparency is key to establishing a trustworthy relationship with our users, and this section is designed to provide comprehensive information about our digital tracking practices.

How We Use Cookies and Other Technologies

Our website and services use “cookies” and similar tracking technologies, such as web beacons and pixels, for a variety of purposes. A cookie is a small text file that is placed on your device by a web server. These technologies help us understand how users interact with our website and allow us to deliver a more personalized experience. We classify our cookies into the following categories:

  • Strictly Necessary Cookies: These cookies are essential for our website to function and cannot be switched off in our systems. They are typically set in response to actions you take, such as setting your privacy preferences or filling out forms.
  • Functional Cookies: These allow us to remember your preferences and choices (e.g., language or region) to provide a more convenient experience.
  • Analytics and Performance Cookies: These help us measure the performance of our website and services by collecting information about traffic sources, page visits, and user interactions. This data allows us to optimize our website to improve performance and user experience.
  • Advertising and Targeting Cookies: These are used to build a profile of your interests and show you relevant advertisements on our website and other sites. They also help us measure the effectiveness of our advertising campaigns.

Consent and Control

We are committed to obtaining and managing your consent in a manner that is “freely given, specific, informed, and unambiguous,” as required by GDPR. We use an opt-in model for all non-essential cookies. When you first visit our website, you will be presented with a cookie banner that provides clear and equally accessible options to either “Accept All” or “Reject All” non-essential cookies. You are also given the option to customize your preferences, allowing for granular control over which categories of cookies you allow. We do not use pre-ticked boxes or infer consent from your browsing behavior, and you can withdraw your consent at any time, with the process being as easy as giving it in the first place.

Third-Party Analytics and Advertising Tools

We use several third-party tools to help us analyze and improve our services. We explicitly disclose the use of these tools to ensure full transparency and compliance.

  • Google Analytics: We use Google Analytics to gain insights into website traffic, user behavior, and to measure the effectiveness of our marketing strategies. In compliance with Google’s terms of service, we inform you that we may use Google Analytics Advertising Features, such as Remarketing, which uses cookies to advertise our company or website across other websites you visit after you have visited ours. We provide information on how you can opt out of these features, including by using Google’s opt-out browser add-on.
  • Meta Pixel: We have integrated the Meta Pixel into our website. This tool is used to track conversions from our social media campaigns, optimize ads, build targeted audiences for future advertising, and retarget website visitors. It is important to note that the Meta Pixel is only activated on our website after you have provided explicit, opt-in consent for the use of advertising cookies. If you refuse consent, no data will be shared with Meta Platforms Ireland Ltd. The data collected is subject to the terms of our relationship with Meta, but your consent is the legal basis for the processing. You retain the right to withdraw your consent at any time, which will immediately deactivate the Meta Pixel.

The use of third-party tools like Google Analytics and Meta Pixel fundamentally creates a data sharing relationship with these major technology companies. The legal requirements of GDPR and CCPA necessitate that we not only inform you of their use but also provide you with clear, granular control over whether this data sharing occurs. This shift from a simple notification to an interactive consent process is a crucial element of modern digital marketing data protection.

5. Data Sharing and Disclosure

At True Estate Marketing, we are committed to being transparent about our data sharing practices. This section explains the circumstances under which we may disclose your personal information and with whom. We want to be clear that we do not sell, rent, or trade your personal information to outside parties for their independent marketing purposes unless we have your explicit, separate consent to do so.

Categories of Third-Party Disclosures

We share your information only with trusted third parties who assist us in operating our business and delivering our services, or when required by law. These categories of recipients include:

  • Service Providers: We engage trusted third-party service providers (also known as data processors) to perform functions on our behalf. These include our CRM & business automation providers, who securely store and manage client data ; website hosting and development partners who maintain our online platforms; cloud storage providers who handle data backup and storage; and email marketing services that manage our client communications. These third parties are contractually obligated to maintain the confidentiality and security of the data and are prohibited from using it for any purpose other than providing the services we have engaged them for.
  • Business Partners & The Real Estate Referral Network: Our Real Estate Referral Network is a core service that facilitates connections between clients and other professionals. When you engage with this service, we may share your name, contact information, and property interests with a qualified real estate agent or brokerage to facilitate a referral. This is a critical point of our privacy policy. We want to distinguish our service from non-transparent “pocket listings” or private networks that can limit market access and potentially contribute to discriminatory practices. Our referral network operates on a foundation of explicit consent and full transparency, ensuring that you are fully aware of what information is shared and why, and that you have given your consent for that specific purpose.
  • Legal Authorities and Law Enforcement: We may be required to disclose your personal information in response to a valid legal request from law enforcement, governmental authorities, or as part of a legal process, such as a subpoena or court order. We may also disclose information to protect our rights, property, or safety, or that of our users or the public.

A crucial point for our business and for compliance with California law is the distinction between “sharing” and “selling” personal information. Under the CCPA, “sharing” is defined specifically as the disclosure of personal information for “cross-context behavioral advertising”. Our use of the Meta Pixel, for instance, for the purpose of retargeting, is considered a form of “sharing” under this definition. This is legally distinct from the disclosure of data to service providers who process data on our behalf. We explicitly address this distinction and provide a clear mechanism for you to opt out of such sharing, which is detailed in the User Rights section of this policy.

6. Data Protection and Security Measures

The protection of personal data is a top priority at True Estate Marketing. We understand that our business handles a wide range of sensitive information, from client contact details to confidential property and financial data stored in our CRM systems. For this reason, we have implemented a comprehensive, multi-layered security framework that combines robust technical safeguards with stringent organizational controls to protect data from a variety of threats, both external and internal.

Technical Safeguards

Our technical measures are designed to protect personal data throughout its lifecycle, from collection to deletion. These measures include:

  • Encryption: We use advanced encryption protocols, such as Secure Socket Layer (SSL) and Transport Layer Security (TLS), to secure data during transmission over the internet. This prevents unauthorized parties from intercepting or altering information. Furthermore, we ensure that data is encrypted “at rest” when it is stored within our databases and cloud storage systems, providing continuous protection even if an attacker gains access to our storage infrastructure.
  • Access Controls: We implement strict, role-based access controls to limit access to personal data to only those employees who have a legitimate business need to view it. Administrators can assign specific permissions based on a user’s role and responsibilities, ensuring that unauthorized individuals cannot view or alter sensitive information.
  • Authentication: To prevent unauthorized access to our systems, we enforce strong password policies that require complex, regularly changed passwords. We also utilize multi-factor authentication (MFA), which requires users to provide a second form of verification to log in, significantly reducing the risk of a data breach due to weak or stolen credentials.
  • Network Security: Our IT infrastructure is protected by firewalls, intrusion detection systems, and regularly updated antivirus software to block unauthorized access attempts and malicious attacks.

Organizational Measures

We recognize that a significant percentage of data breaches involve a human element. Therefore, our security framework extends beyond technology to include organizational measures designed to mitigate human-related risks.

  • Employee Training: We conduct regular, mandatory cybersecurity training for our employees to educate them on data privacy principles, common threats like phishing scams and malware, proper password hygiene, and secure data handling practices. This ongoing education is crucial to maintaining a vigilant security posture.
  • Regular Audits: We perform frequent security audits and vulnerability assessments to evaluate the effectiveness of our technical and organizational measures. These audits help us proactively identify and address potential security risks, ensuring that our security practices are continuously up to date.
  • Data Minimization: In accordance with the principles of data protection, we only collect and process the minimum amount of personal information necessary to achieve the specified purpose. By limiting the data we collect, we reduce our exposure to a potential data breach and adhere to legal requirements.
  • Breach Response: We have a structured protocol in place to respond to any potential security breaches. This plan outlines the steps we will take to mitigate damage, secure our systems, and notify affected individuals in a timely manner, in compliance with applicable laws.

Our approach to digital marketing data protection is holistic and proactive. By combining state-of-the-art technical measures with a culture of security and accountability among our staff, we aim to provide a safe and secure environment for all data under our control.

7. Data Retention and Deletion Policies

This section details our policy on data retention and deletion, which is based on the principle of “storage limitation” as a cornerstone of modern data privacy laws. We retain personal information only for as long as is necessary to fulfill the purposes for which it was collected, or for a longer period if required by law or a legitimate business need. This policy serves to minimize risk, reduce storage costs, and reinforce our commitment to your privacy.

Defining Retention Periods

We have established a clear and documented retention schedule for different categories of personal information. This schedule is based on a careful analysis of legal, regulatory, and business requirements.

  • Client and Service Data: Personal information related to client contracts and service delivery is retained for the duration of the business relationship. Following the termination of our services, we retain certain information, such as financial records, for a period required by law for accounting and audit purposes, which is typically a minimum of 7 years.
  • Marketing Data: Data collected for marketing purposes, such as email subscriptions, is retained until the user unsubscribes or requests deletion. We also periodically review our marketing lists and securely delete information from users who have not engaged with our communications for an extended period, as the data is no longer relevant for its original purpose.
  • Technical and Usage Data: Server logs, website analytics, and similar technical data are retained for a shorter, defined period necessary for maintaining system performance, security, and for fulfilling short-term business analysis needs.

It is important to note the nuanced relationship between different privacy laws. For instance, while GDPR mandates that data not be kept for longer than necessary , the CCPA’s “Right to Know” provides consumers with the right to request a disclosure of the personal information we have collected about them in the preceding 12 months. To comply with both of these regulations, our data retention policy ensures that we retain data for at least the 12-month lookback period required by the CCPA to fulfill consumer requests, but for no longer than is necessary to satisfy our legal obligations or legitimate business needs.

Secure Deletion and Anonymization

When data is no longer necessary for its original purpose or is past its defined retention period, we have clear protocols for its secure disposal. We take reasonable steps to securely delete or anonymize personal information to prevent unauthorized access or use. This includes the use of automated deletion tools and secure data destruction methods to ensure that all data is irretrievably purged from our systems.

8. User Rights

We are dedicated to empowering you with control over your personal information. This section provides a comprehensive guide to the rights you may have under various data protection laws, including the GDPR and the CCPA. We outline the process for exercising these rights and the timeframes within which we will respond.

Table 1: Your Privacy Rights and Request Process

Your Right Description of Right How to Exercise the Right Our Response Timeframe Relevant Laws
Right to Know / Right of Access The right to request a disclosure of the categories and/or specific pieces of personal information we have collected about you, the sources of that data, the purposes for its use, and the categories of third parties with whom it is shared. Submit a request via our designated email, toll-free number, or online web form. We will acknowledge your request within 10 business days and respond within 45 calendar days. This may be extended to 90 days for complex requests. GDPR, CCPA/CPRA
Right to Delete / Right to Erasure The right to request the deletion of your personal information, subject to certain legal exceptions. We will also instruct our service providers to delete the data. Submit a request via our designated email, toll-free number, or online web form. We will respond within 45 calendar days and inform you of any exceptions that prevent full deletion. GDPR, CCPA/CPRA
Right to Opt-Out of Sale or Sharing The right to direct a business to stop selling or sharing your personal information. “Sharing” refers to disclosure for cross-context behavioral advertising. Click on the “Do Not Sell or Share My Personal Information” link on our website or enable a Global Privacy Control (GPC). We will comply with the request as soon as feasibly possible, but no later than 15 business days. CCPA/CPRA
Right to Rectification / Right to Correct The right to have inaccurate personal information that we hold about you corrected. Submit a request via our designated email, toll-free number, or online web form. We will respond within 45 calendar days. This may be extended to 90 days. GDPR, CCPA/CPRA
Right to Data Portability The right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller. Submit a request via our designated email, toll-free number, or online web form. We will provide the data without undue delay and at the latest within one month of receiving the request. GDPR
Right to Non-Discrimination The right not to be discriminated against for exercising your CCPA rights. This is an inherent right. If you believe you have been discriminated against, please contact us. N/A CCPA/CPRA

Export to Sheets

How to Exercise Your Rights

To submit a request to exercise any of the rights listed above, you can use our designated methods, which are available in the Contact Information section of this policy. When submitting a request, you must provide sufficient information to allow us to reasonably verify that you are the person about whom we collected personal information. We may need to ask you for additional information to verify your identity. This is a critical security measure to protect your privacy and ensure that we do not disclose or delete your data to an unauthorized party. Any information provided for verification purposes will be used solely for that purpose and will be securely deleted once the request is fulfilled.

If you choose to use an authorized agent to submit a request on your behalf, we may require proof of the agent’s signed permission and may still require you to verify your identity directly with us to ensure the request is legitimate and authorized.

9. International Data Transfers

Due to the global nature of the internet and our business, it may be necessary to transfer your personal information to a country other than the one in which it was collected. This is particularly relevant for a US-based company serving clients in Europe. This section details our policy and the safeguards we have in place to ensure that your data remains protected when it crosses international borders.

Legal Basis and Safeguards

When we transfer personal data from the European Union or the United Kingdom to a country that has not been deemed to have an adequate level of data protection by the European Commission, we rely on specific legal frameworks to ensure the transfer is compliant and secure. These frameworks include:

  • Adequacy Decisions: We may transfer data to countries or territories that the European Commission has deemed to have an adequate level of data protection. This determination confirms that the country’s legal and institutional framework is comparable to the EU’s data protection standards.
  • Standard Contractual Clauses (SCCs): For transfers to countries without an adequacy decision, we rely on the updated Standard Contractual Clauses (SCCs). These are pre-approved contractual clauses adopted by the European Commission that create a contractual obligation for the recipient of the data to protect it according to GDPR standards.
  • Consent: In certain circumstances, we may also rely on your explicit consent as a legal basis for an international data transfer.

We also clarify our role as a data controller and the responsibilities of our service providers, who act as data processors. We ensure that any sub-processors involved in international transfers adhere to the same stringent data protection standards as we do, often by requiring them to enter into SCCs or other appropriate transfer mechanisms.

10. Children’s Privacy

Our services are not intended for or directed at children under the age of 16. We do not knowingly collect personal information from individuals under this age. Our business provides digital marketing services, which are professional in nature and not targeted to or designed for use by children.

If we learn that we have collected personal information from a child under the age of 16 without verifiable parental consent, we will take immediate steps to delete that information from our systems. For any personal data of a child under 13, we require the explicit consent of the parent or legal guardian in accordance with the Children’s Online Privacy Protection Act (COPPA). If a child is between the ages of 13 and 16, they may be able to provide their own consent for certain data processing activities, but we will seek verifiable parental consent where legally required.

If you are a parent or guardian and believe that your child has provided us with personal information without your consent, you can contact us to request access, review, and/or deletion of that information. We will provide a clear procedure for you to review or request the deletion of your child’s data and to refuse its further collection or use.

11. Third-Party Links and Integrations

Our website and services may contain links to third-party websites, products, and services that are not owned or controlled by True Estate Marketing. We are not responsible for the privacy practices or the content of these third-party sites. This policy applies only to the information we collect and process. We encourage you to review the privacy policies of any third-party service you interact with to understand their data collection, use, and security practices.

12. Updates and Changes to the Privacy Policy

This Privacy Policy may be updated periodically to reflect changes in our data processing practices, legal requirements, or business operations. We reserve the right to modify or replace this policy at any time. When we make a material change to this policy, we will notify you by posting the new policy on our website and updating the “Last Updated” date at the top of the document. We recommend that you review this policy regularly to stay informed about our digital marketing data protection practices.

13. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data processing practices, or if you wish to exercise any of your privacy rights, please do not hesitate to contact us. We have provided multiple channels for you to reach us:

As a data controller, we are committed to responding to your inquiries in a timely and professional manner. As required by GDPR, we have a designated representative who can address any concerns related to our data practices.

Disclaimer

This Privacy Policy is a general draft and is provided for informational purposes only. It has been developed to serve as a comprehensive template but should not be considered legal advice. The specific data collection, processing, and disclosure practices of True Estate Marketing, as well as the unique legal requirements of the jurisdictions in which it operates, may require material changes to this document. For full GDPR, CCPA, and other legal compliance, this Privacy Policy must be reviewed and approved by a qualified attorney.