Refera
Refera · Legal

Privacy Policy

What we collect, what we do with it, who can see it, and what you can ask us to change or delete. We don't sell personal information.

Effective June 29, 202612 sectionsTerms of service →
Plain-English promise

Refera is built for professional referral workflows. We collect the information needed to run accounts, listings, applications, private conversations, connection records, reviews, billing, moderation, and safety checks. Because referrals can involve clients, licenses, brokerages, and compensation, avoid entering sensitive client details until your brokerage approvals are in place to share them.

01Scope

This Privacy Policy applies to Refera websites, web applications, APIs, marketplace features, referral workspaces, billing pages, donation links, admin tools, support flows, and related services that link to this policy.

Third-party websites, payment pages, email providers, hosting providers, and services linked from Refera have their own privacy policies. Their practices are not controlled by this policy.

02Information We Collect

Account and profile information

  • email address, password hash, display name, user ID, account role, and account status;
  • brokerage, markets, and license state.

Marketplace and workspace information

  • listings, referral type, title, description, market, property type, referral percentage, price band, and timestamps;
  • applications, application notes, proposed referral percentage, and selection status;
  • workspace (deal room) messages, connection outcomes, and deal status;
  • reviews, ratings, review text, reviewer/reviewee IDs, reveal status, and reputation summaries;
  • reports, report reasons, details, target user IDs, workspace IDs, evidence URLs when provided, and moderation outcomes.

Safety, compliance, and admin records

  • report records, moderation signals, license ban records, and admin review notes;
  • license-ban hashes by state, ban reasons, and admin user IDs;
  • billing records, including subscription status, plan, and Stripe customer/subscription IDs when billing is enabled, plus manual account grants.

Device, log, and technical information

  • IP address, browser and device information, request URLs, timestamps, errors, diagnostics, and security logs;
  • push notification tokens and the associated device identifier, when you enable notifications in the mobile app, used solely to deliver Refera notifications to your device;
  • cookies or local storage needed for authentication, session continuity, security, and user preferences;
  • email delivery logs when operational emails are sent through a provider.

03How We Use Information

Refera uses information to:

  • create and secure accounts;
  • display listings, accept applications, select applicants, and operate referral workspaces;
  • track donations, subscriptions, and billing status;
  • send operational emails, notifications, and service messages;
  • display reputation signals and double-blind review results;
  • investigate reports, prevent fraud, moderate conduct, and enforce the Terms of Service;
  • debug, maintain, secure, measure, and improve the service;
  • comply with law, legal process, tax, accounting, security, and regulatory obligations.

04How Information Is Shared

We share information only as needed to operate the service, protect users, or comply with law.

  • Public visitors: active listings may show deal type, title, market, price band, referral percentage, owner market tags, and reputation summary without revealing owner contact information.
  • Listing owners: owners can see applicants, application notes, proposed terms, applicant market tags, license state, and reputation summary.
  • Deal room members: the two matched agents can see each other's contact and profile, the full message history, how the connection ended, and reviews once both have submitted (double-blind).
  • Admins and operators: authorized admins may access account, profile, listing, application, workspace, billing, report, and moderation information.
  • Service providers: we may share data with hosting, database, email, payment, analytics, security, logging, and support providers that help run the service.
  • Payment providers: if billing, donations, or hosted checkout links are enabled, payment providers process payment details under their own terms and policies. Refera should not store full card numbers.
  • Legal and safety: we may disclose information to comply with law, respond to legal process, protect rights and safety, investigate fraud or abuse, enforce terms, or cooperate with regulators or law enforcement.
  • Business transfers: information may be transferred in connection with a merger, acquisition, financing, reorganization, sale of assets, or similar transaction.

We do not sell personal information. We do not currently share personal information for cross-context behavioral advertising.

05Cookies, Local Storage, and Tracking

Refera uses browser storage for authentication and basic app functionality. Refera also runs its own first-party, self-hosted analytics to understand how the site is used and to improve it: a first-party visitor cookie plus records of page views and a few key actions such as starting or completing sign-up. Refera does not use third-party behavioral advertising cookies, does not sell this data, and does not store your raw IP address (an approximate country is derived at our network edge). If third-party analytics or advertising tools are added later, this policy should be updated before those tools are enabled.

Some browsers offer Do Not Track signals. Because there is no common technical standard for how web services must respond, Refera does not currently respond to those signals. You can use browser settings to block or delete cookies and local storage, but some features may stop working.

06Retention

We keep information for as long as reasonably needed to operate Refera, maintain referral records, resolve disputes, prevent fraud or abuse, enforce terms, support audits, comply with legal obligations, and preserve safety and moderation records.

  • Account, profile, listing, workspace, connection, and review records may be retained while an account is active and for a reasonable period afterward.
  • Reports, license-ban hashes, block events, and moderation records may be retained longer to protect the marketplace and prevent repeat abuse.
  • Backups, logs, and cached records may persist for a limited period after deletion from active systems.

07Security

We use administrative, technical, and organizational measures designed to protect information, including hashed passwords, access controls, operational logging, and limited admin access. No method of transmission or storage is perfectly secure, and Refera cannot guarantee absolute security.

Users should avoid entering unnecessary sensitive information, client identifiers, financial account details, government identifiers, or exact addresses before the right brokerage approvals are in place to share them.

08Your Privacy Choices and Account Deletion

Depending on your location, you may have rights to access, correct, delete, export, restrict, or object to certain processing of your personal information. To make a request, start at the Legal Center.

To delete your Refera account in the app: sign in, open Profile, scroll to Delete account, enter your account email, and confirm deletion. This deletes your account, profile, licenses, listings, applications, messages, workspaces, notification settings, and device tokens from active systems. If you cannot sign in, email privacy@refera.app from the address on your account and ask us to delete it.

Legal, safety, dispute, accounting, anti-fraud, and moderation records may be retained when required or reasonably necessary. Backups, logs, and cached copies may remain for a limited period before routine deletion, as described in the Retention section above.

  • You can update profile fields from the Profile page.
  • You can request correction or deletion of account information, subject to records we need to retain for legal, safety, dispute, accounting, or anti-fraud reasons.
  • You can report abusive content, suspicious conduct, privacy concerns, or mistaken moderation through the support and legal paths.
  • You can opt out of marketing emails, if any are added later. Operational messages may still be sent.

We may need to verify your identity before fulfilling a privacy request. We will not discriminate against you for exercising legally protected privacy rights.

09California Notice

This section is intended to help California residents understand the categories of personal information that Refera may collect. Refera may not meet the legal thresholds for the California Consumer Privacy Act, but the product is designed to provide reasonable access, deletion, and correction paths.

CategoryExamplesPurpose
IdentifiersEmail, user ID, display name, IP address, Stripe IDs if billing is enabledAccounts, security, billing, support, moderation
ProfessionalBrokerage, markets, license stateMarketplace trust, applicant review, safety
CommercialDonations, subscription status, workspace and deal activityBilling, access control, records, support
Network activityLogs, request metadata, device/browser information, security eventsSecurity, diagnostics, abuse prevention, operations
User contentListings, applications, messages, reports, reviews, connection recordsMarketplace operation, dispute records, moderation
InferencesReputation summaries, moderation signals, trust indicatorsSafety, marketplace quality, user decision support

Refera does not sell personal information and does not currently share personal information for cross-context behavioral advertising. Sensitive personal information, if collected, is used only for service, security, legal, and moderation purposes.

10Children

Refera is intended for adults and real estate professionals. It is not intended for children under 13, and we do not knowingly collect personal information from children under 13.

11International Users

Refera is currently operated for United States-based public beta use. If you access the service from outside the United States, your information may be processed and stored in the United States or other locations where service providers operate.

12Changes and Contact

We may update this Privacy Policy as the product, law, providers, or business model change. The effective date will be updated when changes are posted. For privacy requests, reports, or questions, start at the Legal Center or email privacy@refera.app.

Platform operator: Refera. Support: support@refera.app. Legal notices: legal@refera.app. Mailing address and entity-specific notice details are available by request at legal@refera.app while formal corporate records and public directory listings are finalized.