Privacy Policy

Last updated: July 1, 2026

Introduction

ActuallyCare Inc. ("ActuallyCare," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our customer relationship management platform and related services (collectively, the "Services").

Please read this Privacy Policy carefully. By using our Services, you agree to the collection and use of information in accordance with this policy.

Notice at Collection (California) — the short version:

  • We collect account, client, usage, and device information — plus financial and SMS information only if you opt in — as detailed below.
  • We use it to provide, secure, and improve the Services. We do not sell or share your personal information, and we do not use it for cross-context behavioral advertising.
  • Our public website uses no advertising, analytics, or session-replay trackers — only strictly necessary and security cookies.
  • We keep information only as long as needed for those purposes or to meet legal obligations.
  • Exercise your privacy rights any time at [email protected].

Information We Collect

Information You Provide

  • Account Information: When you create an account, we collect your name, email address, phone number, brokerage affiliation, and license information.
  • Client Data: Information you enter about your real estate clients, including contact details, property preferences, transaction history, and communication records.
  • Payment Information: Billing details and payment method information processed securely through our payment provider, Stripe.
  • Communications: Messages you send through our platform, support requests, and feedback.

Information Collected Automatically

  • Usage Data: Information about how you use our Services, including features accessed, time spent, and actions taken.
  • Device Information: Browser type, operating system, device identifiers, and IP address.
  • Cookies: We use cookies and similar technologies to maintain sessions and improve your experience. See “Cookies & Tracking Technologies” below for the full, specific list.

Cookies & Tracking Technologies

We take a deliberately minimal approach to online tracking. We use only the cookies and similar technologies needed to operate our site and keep it secure, and we describe every category we use below.

Categories we use

  • Strictly necessary cookies: First-party cookies that keep you signed in, maintain your session, remember your preferences, and secure form submissions. The Services cannot function without these, so they are not subject to opt-in consent.
  • Security / anti-fraud: On certain forms we use Cloudflare Turnstile, a privacy-preserving bot-detection tool, to prevent automated abuse. Turnstile does not track you across sites and does not build an advertising profile.

Technologies we do NOT use

To be explicit, our public website does not deploy any of the following:

  • Advertising or marketing pixels (for example, the Meta/Facebook Pixel, TikTok Pixel, Google Ads tags, or the LinkedIn Insight Tag)
  • Third-party analytics that profile individual visitors (for example, Google Analytics, Segment, Mixpanel, or Amplitude)
  • Session-replay or keystroke/mouse-recording tools (for example, Hotjar or FullStory)
  • Cross-context behavioral advertising, device fingerprinting, or sharing of your browsing activity with data brokers

Because we do not deploy these technologies, we do not disclose your browsing activity to advertising networks or other third parties for their own purposes.

Your consent and choices

By using our website and Services, you consent to our use of strictly necessary and security cookies as described above. You can block or delete cookies through your browser settings, though doing so may prevent you from signing in or using secured features. We honor Global Privacy Control (GPC) browser signals; because we do not sell or share personal information, no additional action is required to opt out of such activity.

Consent to Communications & Site Interaction

When you communicate with us or interact with our website, you are communicating with ActuallyCare. You consent to ActuallyCare — and to the service providers that operate our infrastructure on our behalf and at our direction (such as our hosting, security, and messaging vendors), acting solely as our agents and not as independent recipients of your data — collecting, recording, and processing those communications and interactions to operate, secure, support, and improve the Services. These providers are contractually limited to using the information only to provide services to us and may not use it for their own purposes. This consent applies to any applicable federal or state laws governing the interception or recording of electronic communications, including the California Invasion of Privacy Act (CIPA).

How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our Services
  • Process transactions and send related information
  • Send you technical notices, updates, and support messages
  • Respond to your comments, questions, and customer service requests
  • Power AI features including our AI agents and MCP integration
  • Analyze usage patterns to improve user experience
  • Detect, prevent, and address technical issues or fraud
  • Comply with legal obligations

AI and Data Processing

ActuallyCare uses artificial intelligence, including Claude AI by Anthropic, to provide features such as automated client insights, communication suggestions, and workflow automation. When you use AI-powered features:

  • Your data may be processed by our AI systems to generate personalized recommendations
  • We do not use your client data to train AI models
  • AI-generated content is clearly labeled where applicable
  • You maintain full control over AI feature settings

Financial Account Information (via Plaid)

ActuallyCare offers an optional financial management feature that allows you to link your personal and business bank, credit card, and investment accounts to track business expenses, categorize spending, and reconcile commission income. To power this feature, we use Plaid Inc. ("Plaid") as our third-party financial data provider.

What We Collect Through Plaid

If you choose to link a financial account, Plaid collects your financial institution login credentials directly (we never see or store them) and then provides ActuallyCare with the following data:

  • Account Information: Account names, types (checking, savings, credit card, investment), masked account numbers, and current balances.
  • Transaction Data: Up to 24 months of transaction history, including amounts, merchant names, dates, and category information.
  • Enriched Data: Merchant and category enrichment to power automatic expense categorization.
  • Recurring Transactions: Summary of recurring subscriptions, bill payments, and account deposits.

How We Use Plaid Data

  • Display your account balances and transactions in your personal financial dashboard
  • Automatically categorize business expenses (e.g., MLS dues, marketing, mileage, E&O insurance, CE credits)
  • Reconcile business spending against commission income tracked in your CRM
  • Generate spending insights, cash flow trends, and a financial health score
  • Support savings and spending goal tracking
  • Enable CSV export for your accountant at tax time

How We Protect Plaid Data

  • User-scoped access only: Your financial data is visible only to you. Your brokerage, team lead, and teammates cannot access your balances or transactions.
  • Encryption at rest: Plaid access tokens are encrypted with AES-256-GCM. All financial data is stored in encrypted databases.
  • Encryption in transit: All communications with Plaid and between ActuallyCare systems use TLS 1.2 or higher.
  • No logging of sensitive values: Account numbers, balances, and transaction amounts are never written to application logs.
  • AI sanitization: Financial data is sanitized at the data layer before any AI processing. It is never sent to third-party AI models or used to train any model.
  • No sale or sharing: Plaid-sourced financial data is never sold, licensed, or shared with any third party beyond the features described above.

Your Control Over Plaid Data

  • Consent: You must explicitly choose to link each financial account. No account is linked without your action.
  • Disconnect at any time: You can disconnect any linked account from the Financials page, which immediately revokes our access to your financial institution through Plaid and marks the associated Plaid access token as deleted in our systems. Remaining records are purged on our regular data retention cycle.
  • Deletion: When you delete your ActuallyCare account, we remove or anonymize your associated financial data in accordance with our retention policy.

Plaid's Own Privacy Practices

Plaid's handling of your credentials and financial data is governed by Plaid's own privacy policy, which is presented to you inside the Plaid Link interface before you connect an account. You can review it here: Plaid End User Privacy Policy.

SMS / Text Message Communications

When you opt in to receive SMS messages from ActuallyCare — whether by checking the consent box during account registration, enabling SMS notifications in your account settings, or texting CARE to (661) 990-9903 — we collect your mobile phone number and a record of your consent (timestamp, opt-in source, and IP address where applicable).

We do not share or sell mobile opt-in data, phone numbers, or SMS consent records with third parties or affiliates for marketing or promotional purposes. No mobile information will be shared with third parties or affiliates for marketing or promotional purposes; text messaging originator opt-in data and consent will not be shared with any third parties. This restriction applies regardless of any other data sharing described elsewhere in this policy. Your phone number is shared only with our SMS delivery sub-processor (Twilio) for the sole purpose of delivering messages you have consented to receive.

Message frequency varies based on your activity. Standard message and data rates may apply. You can opt out at any time by replying STOP, or get help by replying HELP. For questions about our SMS practices, contact [email protected]. Full SMS terms and consent details are available at https://www.actuallycare.com/sms-consent.

Information Sharing

We may share your information in the following circumstances:

  • Service Providers: With third-party vendors who assist in providing our Services (hosting, analytics, payment processing via Stripe, financial data aggregation via Plaid, SMS delivery via Twilio, AI processing via Anthropic)
  • CareNetwork Vendors: If you choose to connect with vendors in our CareNetwork, relevant contact information may be shared with your consent
  • Legal Requirements: When required by law, court order, or governmental authority
  • Business Transfers: In connection with a merger, acquisition, or sale of assets
  • With Your Consent: When you explicitly authorize us to share information

We do not sell or share your personal information, and we do not use it for cross-context behavioral advertising.

Data Security

We implement industry-standard security measures to protect your information, including:

  • Encryption of data in transit (TLS/SSL) and at rest
  • Regular security assessments and penetration testing
  • Access controls and authentication requirements
  • Secure cloud infrastructure with SOC 2 compliance

Data Retention

We retain your information for as long as your account is active or as needed to provide you Services. You may request deletion of your data at any time. We will retain and use your information as necessary to comply with legal obligations, resolve disputes, and enforce our agreements.

Your Rights and Choices

You have the right to:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request correction of inaccurate or incomplete information
  • Deletion: Request deletion of your personal information
  • Portability: Request your data in a portable format
  • Opt-out: Unsubscribe from marketing communications
  • Restrict Processing: Request limitation of how we use your data

To exercise these rights, contact us at [email protected].

California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, the “CCPA”):

  • Right to know what personal information we collect, use, and disclose
  • Right to delete personal information we have collected
  • Right to correct inaccurate personal information
  • Right to opt out of the sale or sharing of personal information (we do not sell or share your personal information)
  • Right to limit the use and disclosure of sensitive personal information (we do not use sensitive personal information for purposes that require an opt-out)
  • Right to non-discrimination for exercising your privacy rights

Your Privacy Choices. Because we do not sell or share personal information, do not use it for cross-context behavioral advertising, and do not use sensitive personal information for purposes that trigger a right to limit, there is no “Do Not Sell or Share My Personal Information” action you need to take. You can still exercise any of the rights above — including access, correction, and deletion — by emailing [email protected]. We will not discriminate against you for doing so, and we honor Global Privacy Control (GPC) signals sent by your browser. You may use an authorized agent to submit a request on your behalf, subject to our verification of your identity and the agent's authority.

Children's Privacy

Our Services are designed for licensed real estate professionals and are not directed to individuals under 18 as a matter of our business policy. As required under the Children's Online Privacy Protection Act (COPPA), we do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected information from a child under 13, please contact us at [email protected] and we will promptly delete it.

International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place to protect your information in compliance with applicable laws.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. Material changes will be communicated via email or prominent notice in our Services.

Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us:

Get Started