PRIVACY POLICY
Last Updated: February 24, 2026
1. INTRODUCTION
Propwise REI LLC ("us", "our", "we", "Company") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our websites (soberhomesuccess.com and related domains owned or controlled by Company), use our services, or access any materials we provide.
DATA CONTROLLER
Propwise REI LLC is the data controller for your personal information as our client, including your contact information, payment records, account details, and service agreements.
For data processed within systems we build and manage for you (such as referral inquiries, pre-screening responses, and contact information collected through your subaccount), you are the data controller and we act as the data processor on your behalf. See Section 2.7 for detailed information about data controller and processor roles.
CONTACT INFORMATION
Propwise REI LLC
Mailing Address: 15191 Montanus Dr, Ste 132, Culpeper, VA 22701
Email: [email protected]
Phone: (804) 781-4769
Website: soberhomesuccess.com
SCOPE AND APPLICABILITY
This Privacy Policy applies to:
- Visitors to our websites (soberhomesuccess.com and related domains owned or controlled by Company)
- Members of our community platforms
- Clients who have engaged our services
- Prospective clients and general inquiries
FOR CLIENTS USING OUR IMPLEMENTATION AND MANAGEMENT SERVICES:
If you have engaged us to build or manage systems on your behalf, your use of those systems and the data processed through them is additionally governed by:
- Your Service Agreement with us
- HighLevel's Terms of Service and Privacy Policy
- Any other applicable agreements between us
In the event of a conflict between this Privacy Policy and your Service Agreement, the terms of the Service Agreement will control with respect to data processed through your systems.
Please read this Privacy Policy carefully. By using our services, you agree to the collection, use, and disclosure of your information as described in this Privacy Policy. If you do not agree with our policies and practices, do not use our services.
2. INFORMATION WE COLLECT
2.1 PERSONAL INFORMATION YOU PROVIDE
We collect personal information that you voluntarily provide to us when you:
- Create an account
- Purchase our products or services
- Sign up for our email list or free content
- Contact us for support
- Participate in our community or forums
- Fill out forms on our website
TYPES OF PERSONAL INFORMATION:
- Identity Information: First name, last name
- Contact Information: Email address, mailing address, phone number
- Account Information: Username, password, account preferences
- Payment Information: Processed by third-party payment processors (we do not store credit card numbers)
- Communication Information: Information you provide in messages to us or in community posts
- Professional Information: Information about your sober living operation (if applicable)
2.2 INFORMATION COLLECTED AUTOMATICALLY
When you visit our website or use our services, we automatically collect certain information about your device and usage:
TECHNICAL INFORMATION:
- IP address
- Browser type and version
- Operating system
- Device identifiers
- Referring/exit pages
- Date and time stamps
- Clickstream data
USAGE INFORMATION:
- Pages visited
- Time spent on pages
- Links clicked
- Search queries
- Features used
LOCATION INFORMATION:
- General geographic location based on IP address (city, state, country)
2.3 INFORMATION FROM THIRD PARTIES
We may receive information about you from:
- Payment Processors: Transaction information from Stripe, PayPal, and other payment processors
- Service Providers: Information from HighLevel and other platforms we use to deliver our services
- Affiliates: Information from users who refer you to us
- Social Media: If you connect your social media accounts or interact with us on social media
2.4 COOKIES AND TRACKING TECHNOLOGIES
We use cookies, web beacons, pixels, and similar tracking technologies to collect information about your browsing activities. See Section 6 for detailed information about our use of cookies.
2.5 VOICE AND AI CONVERSATION DATA
When you interact with any AI-powered features, voice agents, chatbots, or automated communication tools provided through our services or integrated platforms (such as HighLevel AI features), we may collect and process:
- Voice recordings and audio data from AI voice agent interactions (processed through and retained by third-party platforms; see Section 10)
- Transcripts of voice and text-based AI conversations
- Contextual information provided during AI interactions
- Metadata associated with AI interactions (timestamps, session duration, feature used)
This data is used to provide the requested services, improve AI system performance, conduct quality assurance, and enhance your user experience.
RETENTION TIMELINES:
Voice recordings, transcripts, and other data generated through AI interactions are retained by the third-party platforms through which those interactions occur (such as HighLevel AI features) for as long as those platforms determine necessary for their own operational, legal, or compliance purposes. Company does not set or control these retention timelines. Where Company has direct control over AI interaction data, Company will retain it only as long as necessary to fulfill the purposes for which it was collected and will honor deletion requests as described in Section 12.
NOTE: You may request deletion of voice recordings or AI conversation transcripts at any time by contacting [email protected]. Such a request may limit your ability to use certain AI-powered features, and Company cannot guarantee deletion of data retained by third-party platforms on their own systems.
2.6 COMMUNITY AND FORUM CONTENT
Our services include community platforms (including our Skool community) where you may post content, ask questions, or engage with other members. Any information you post in these public or semi-public areas may be visible to other community members. Please do not share sensitive personal information, health data, or information about specific residents or clients in community forums.
By providing your email address when requesting to join or enrolling in a Company-operated community platform, you consent to receive email communications from Company as described in Section 17. Community platforms such as Skool independently collect and process data subject to their own privacy policies, which we do not control. We are not responsible for any data collected, stored, or processed by Skool or other third-party community platforms in connection with your membership.
2.7 DATA PROCESSED IN CLIENT SUBACCOUNTS
UNDERSTANDING OUR ROLE:
When you engage our implementation services, we build and manage referral relationship infrastructure, pre-screening systems, and communication tools within a dedicated subaccount in our HighLevel infrastructure.
FOR DATA IN YOUR SUBACCOUNT:
- YOU are the data controller for all data stored in your subaccount, including referral partner information, pre-screening responses, contact information, voice recordings, and any other data collected through the systems we build for you
- WE are the data processor, acting on your behalf to build, configure, and optimize these systems
- HIGHLEVEL is the sub-processor, providing the underlying platform infrastructure
FOR DATA ABOUT YOU (OUR CLIENT):
- WE are the data controller for information about your business relationship with us, including your contact information, payment records, service agreements, and support communications
2.8 SENSITIVE AND HEALTH-RELATED DATA — SPECIAL NOTICE FOR SOBER LIVING OPERATORS
HIPAA AND SOBER LIVING HOMES:
Company is not a HIPAA-covered entity or Business Associate for most of our clients, as most housing-only sober living operators that provide housing and peer support without clinical treatment, counseling, or insurance billing are not HIPAA-covered entities under the Health Insurance Portability and Accountability Act.
If you are a HIPAA-covered entity and engage our services, you are responsible for your own HIPAA compliance, including obtaining appropriate Business Associate Agreements from all software providers you use. We are not responsible for HIPAA compliance in systems you control as data controller. If HIPAA applies to your operation, please inform us so we can provide appropriate guidance and adjust our systems accordingly.
DATA STORED IN YOUR SUBACCOUNT:
You are the data controller for all information stored in your HighLevel subaccount. We are the data processor, acting on your behalf to build and manage systems. You are solely responsible for determining what information to collect and store, ensuring compliance with applicable privacy laws, obtaining appropriate consents from individuals whose data you collect, and using HIPAA-compliant tools if HIPAA applies to your operation.
STATE PRIVACY LAWS:
Even if HIPAA does not apply to your operation, state privacy laws (including California CCPA, Virginia VCDPA, Colorado CPA, and others) protect sensitive personal information, including health data. We implement appropriate technical and administrative safeguards for all data processed through systems we build.
SENSITIVE PERSONAL DATA GENERAL POLICY:
We request that you do not submit sensitive personal data to us outside of your dedicated subaccount, including social security numbers, genetic data, biometric data, or information related to ethnic origin, religious beliefs, or criminal history, except as strictly necessary for service delivery. If you send us this information, you are consenting to our use, storage, and processing of this information in accordance with this Privacy Policy.
3. LEGAL BASIS FOR PROCESSING (GDPR)
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal information based on the following legal grounds:
- CONSENT: When you have given clear consent for us to process your personal information for a specific purpose (e.g., marketing communications)
- CONTRACT: When processing is necessary to perform a contract with you (e.g., providing our services, processing payments)
- LEGITIMATE INTERESTS: When we have a legitimate business interest (e.g., improving our services, fraud prevention, network security) and your rights do not override these interests
- LEGAL OBLIGATION: When we must process your information to comply with legal obligations (e.g., tax requirements, legal requests)
You have the right to withdraw consent at any time where we rely on consent as the legal basis for processing.
4. HOW WE USE YOUR INFORMATION
We use your personal information for the following purposes:
4.1 SERVICE DELIVERY
- Create and manage your account
- Process transactions and send transaction confirmations
- Provide client support
- Deliver products and services you purchase
- Send important notices about your account, purchases, or changes to our terms
4.2 COMMUNICATION
- Send marketing and promotional communications (with your consent)
- Send newsletters and updates about our products and services
- Respond to your inquiries and requests
- Send administrative information
You can opt-out of marketing communications at any time by clicking the "unsubscribe" link in our emails or contacting us. You cannot opt-out of transactional or administrative communications that are necessary for service delivery.
4.3 SERVICE IMPROVEMENT
- Analyze usage patterns and trends
- Conduct research and analytics
- Improve our services, content, and user experience
- Develop new products and features
- Test new features and functionality
4.4 SECURITY AND FRAUD PREVENTION
- Protect against fraud, unauthorized access, and security threats
- Verify identity and authenticate users
- Monitor and analyze security incidents
- Enforce our terms and conditions
4.5 LEGAL COMPLIANCE
- Comply with legal obligations
- Respond to legal requests and prevent harm
- Enforce our rights and protect our property
4.6 MARKETING AND ADVERTISING
- Personalize content and advertisements
- Measure advertising effectiveness
- Create custom audiences for targeted advertising
- Track affiliate activity and pay commissions
5. THIRD-PARTY SERVICE PROVIDERS
We share your information with third-party service providers who perform services on our behalf. We require our service providers to use your information only as necessary to provide services to us and to implement appropriate protections for your information. Where required by applicable law, we execute Data Processing Agreements with relevant providers.
SERVICE PROVIDER CHANGES: The service providers listed below represent platforms and services we currently use. We reserve the right to change, add, or remove service providers at any time at our sole discretion. When we make significant changes to service providers that handle your personal information, we will update this Privacy Policy.
5.1 HIGHLEVEL (PLATFORM TOOL FOR SERVICE DELIVERY)
We use HighLevel as a platform tool to deliver our implementation and management services to you. HighLevel provides the technical infrastructure through which we build referral relationship systems, pre-screening workflows, communications infrastructure, and marketing automation.
DATA CONTROLLER AND PROCESSOR ROLES:
You are the data controller for all information stored in your HighLevel subaccount. We are the data processor, acting on your behalf to build and manage systems. HighLevel acts as a sub-processor, providing the underlying platform infrastructure.
HIGHLEVEL'S POLICIES:
Your use of systems built on HighLevel is subject to HighLevel's terms and policies:
- HighLevel Terms of Service: https://www.gohighlevel.com/terms-of-service
- HighLevel Privacy Policy: https://www.gohighlevel.com/privacy-policy
- HighLevel Acceptable Use Policy: https://www.gohighlevel.com/acceptable-use-policy
HIGHLEVEL AND HIPAA:
HighLevel offers a paid HIPAA compliance package that includes a Business Associate Agreement (BAA) for customers who require HIPAA compliance. This package requires an active, paid subscription — if payment lapses or the package is canceled, HighLevel's BAA is automatically terminated without notice and HighLevel is no longer your Business Associate under HIPAA. Upon such termination, you are solely responsible for ensuring the compliant handling of any Protected Health Information within the platform.
If your operation is subject to HIPAA and you choose to store Protected Health Information in your HighLevel subaccount, you are responsible for:
- Subscribing to and maintaining HighLevel's paid HIPAA compliance package
- Requesting and executing HighLevel's Business Associate Agreement directly with HighLevel
- Enabling HIPAA mode on your account
- Configuring appropriate security settings
- Following HighLevel's HIPAA compliance requirements
- Ensuring continued payment of the HIPAA package to maintain BAA coverage
We recommend using HighLevel for referral relationship management and pre-screening, and using purpose-built resident management platforms for full intake and resident records. If you need HIPAA compliance for resident management, verify that your chosen platform offers HIPAA features and will execute a Business Associate Agreement with you.
5.2 PAYMENT PROCESSORS
We use third-party payment processors to process payments, including:
- Stripe
- PayPal
- Other payment service providers
PAYMENT INFORMATION:
- Payment processors collect and process your payment information directly
- We do not store your credit card numbers or full payment details
- Your payment information is subject to the payment processor's privacy policy and terms
Privacy Policies:
- Stripe Privacy Policy: https://stripe.com/privacy
- PayPal Privacy Policy: https://www.paypal.com/us/webapps/mpp/ua/privacy-full
5.3 EMAIL AND COMMUNICATION SERVICES
We use email service providers and communication platforms to send you emails, SMS messages, and other communications. These services may track email opens, clicks, and engagement. The specific providers we use may change over time; we will update this Privacy Policy to reflect material changes to providers that handle your personal information.
5.4 SMS/TEXT MESSAGING SERVICES
We use third-party SMS aggregators and messaging service providers to deliver text messages to you. These services are used solely to deliver SMS communications you have opted into receiving.
SMS DATA PROTECTION: All text messaging originator opt-in data and consent information will not be shared with any third parties, excluding the aggregators and providers necessary to deliver the SMS service. Your mobile phone number and opt-in information will not be shared with any third parties or affiliates for marketing or promotional purposes.
5.5 ANALYTICS PROVIDERS
We may use third-party analytics and tracking services to understand how our services are used and to improve user experience. These services may include:
MICROSOFT CLARITY:
We may partner with Microsoft Clarity and Microsoft Advertising to capture how you use and interact with our website through behavioral metrics, heatmaps, and session replay to improve and market our products/services. Website usage data is captured using first and third-party cookies and other tracking technologies to determine the popularity of products/services and online activity. Additionally, we use this information for site optimization, fraud/security purposes, and advertising.
For more information about how Microsoft collects and uses your data, visit the Microsoft Privacy Statement: https://privacy.microsoft.com/en-us/privacystatement
OTHER ANALYTICS SERVICES:
We may use other analytics and tracking platforms such as Google Analytics, Facebook Pixel, or similar services to collect information about website usage, user behavior, and advertising effectiveness. These services may use cookies and similar tracking technologies to collect information about your browsing activities, demographics, and interests.
- Google Analytics Privacy Policy: https://policies.google.com/privacy
5.6 ADVERTISING PARTNERS
We work with advertising platforms to deliver targeted advertisements:
- Facebook/Meta
- Google Ads
- Other advertising networks
We may share hashed email addresses or other identifiers to create custom audiences and measure advertising effectiveness.
5.7 AUTOMATION AND INTEGRATION TOOLS
We use automation tools such as Zapier and Make (formerly Integromat) and other integration platforms to connect our systems and automate workflows. These tools may process your information as part of our service delivery.
5.8 ARTIFICIAL INTELLIGENCE AND AUTOMATION TOOLS
We may use artificial intelligence (AI) and machine learning technologies to improve our services and provide you with a better experience.
HOW WE USE AI:
We may use AI-powered tools and services for purposes including, but not limited to:
- Generating or assisting with content creation (emails, templates, documentation)
- Analyzing usage patterns and improving user experience
- Automating workflows and system processes
- Providing client support responses
- Personalizing content and recommendations
- Voice agent interactions and automated communications
- Any other purpose related to improving, delivering, or supporting our services
AI SERVICE PROVIDERS:
We may use third-party AI services, including but not limited to:
- OpenAI (ChatGPT, GPT models) — Privacy Policy: https://openai.com/privacy
- Anthropic (Claude) — Privacy Policy: https://www.anthropic.com/privacy
- Other AI platforms and tools as integrated into our services
DATA PROCESSING BY AI SERVICES:
When we use AI services, certain information may be processed by these services in accordance with their privacy policies and terms of service. We do not use AI to make automated decisions that produce legal or similarly significant effects about you without human involvement.
OUR AI DATA PROTECTION COMMITMENTS:
When processing your data with AI systems, we commit to the following:
- We do not use AI to make automated decisions with significant legal or similar effects without human oversight
- We do not sell your personal information to AI companies
- We do not train third-party AI models on your personal information without your consent
- AI service providers may only process your data for the specific purposes outlined in our agreements with them
- AI service providers cannot use your data to train their AI models for purposes outside of providing services to us without your explicit consent
- Where practicable, AI-generated content delivered to you is reviewed for accuracy and appropriateness prior to delivery
- You retain ownership of any content you provide to us
- We implement technical safeguards to prevent unauthorized access to data processed by our AI systems
- We provide you with the right to opt out of AI-based processing where feasible
YOUR AI-SPECIFIC RIGHTS:
- Right to opt out of AI voice recording: You may opt out of having your voice recorded and processed by AI voice agents at any time by contacting us
- Right to access AI decisions: You may request information about any significant decisions made about you by our AI systems
- Right to human review: You may request human review of any decision made solely by automated means that produces legal or similarly significant effects
- Right to AI data deletion: You may request deletion of voice recordings, transcripts, or other data collected through your interactions with our AI systems.
Company will honor deletion requests for data it directly controls. Company cannot guarantee deletion of data retained by third-party platforms on their own systems; see Section 10 for details.
5.9 OTHER SERVICE PROVIDERS
- Hosting Providers: For website hosting and data storage
- Client Support Tools: For managing client inquiries
- Affiliate Tracking: For tracking referrals and paying commissions
- Email Marketing Platforms: For sending newsletters and campaigns
THIRD-PARTY PRIVACY POLICIES AND TERMS:
Each third-party service provider listed in this section operates under their own privacy policy and terms of service. Your use of our services may be subject to these third-party policies. We do not control and are not responsible for the privacy practices of third parties. We encourage you to review their policies.
By using our services, you acknowledge that your information may be processed by these third parties in accordance with their privacy policies.
6. COOKIES AND TRACKING TECHNOLOGIES
6.1 WHAT ARE COOKIES
Cookies are small text files stored on your device when you visit our website. We use cookies and similar tracking technologies (web beacons, pixels, tags) to collect information about your browsing activities.
6.2 TYPES OF COOKIES WE USE
STRICTLY NECESSARY COOKIES:
These cookies are essential for our website to function. They enable core functionality such as security, authentication, and accessibility. You cannot opt-out of these cookies.
PERFORMANCE AND ANALYTICS COOKIES:
These cookies collect information about how you use our website, such as which pages you visit and any errors you encounter. We use this information to improve our website performance.
Examples:
- Google Analytics
- Usage tracking and heatmaps
- Error reporting
FUNCTIONALITY COOKIES:
These cookies allow our website to remember your preferences and provide enhanced features.
Examples:
- Language preferences
- Login status
- Form auto-fill
ADVERTISING AND TARGETING COOKIES:
These cookies are used to deliver relevant advertisements and measure advertising effectiveness.
Examples:
- Facebook Pixel
- Google Ads
- Retargeting pixels
- Affiliate tracking
SOCIAL MEDIA COOKIES:
These cookies are set by social media platforms when you interact with social media buttons or plugins on our website.
Examples:
- Twitter/X
- YouTube
6.3 COOKIE DURATION
- SESSION COOKIES: Deleted when you close your browser
- PERSISTENT COOKIES: Remain on your device for a set period or until you delete them
6.4 MANAGING COOKIES
BROWSER SETTINGS:
You can control cookies through your browser settings. Most browsers allow you to:
- View and delete cookies
- Block cookies from specific websites
- Block all cookies
- Delete all cookies when you close your browser
Please note that disabling cookies may affect the functionality of our website and prevent you from using certain features.
COOKIE CONSENT TOOLS:
Where required by applicable law, we implement cookie consent mechanisms that allow you to accept or reject certain categories of non-essential cookies. You may withdraw cookie consent at any time through your browser settings.
OPT-OUT OF TARGETED ADVERTISING:
You can opt-out of targeted advertising through:
INDUSTRY OPT-OUT TOOLS:
- Digital Advertising Alliance: http://optout.aboutads.info
- Network Advertising Initiative: http://optout.networkadvertising.org
- European Interactive Digital Advertising Alliance (EU): http://www.youronlinechoices.eu
PLATFORM-SPECIFIC OPT-OUTS:
- Google Ads Settings: https://adssettings.google.com/
- Facebook Ad Settings: https://www.facebook.com/settings?tab=ads
MOBILE DEVICE SETTINGS:
On mobile devices, you can:
- iOS: Settings > Privacy > Tracking > Disable "Allow Apps to Request to Track"
- Android: Settings > Privacy > Ads > Opt out of Ads Personalization
6.5 DO NOT TRACK SIGNALS
Some browsers include a "Do Not Track" (DNT) feature. Our website does not currently respond to DNT signals because there is no industry standard for how to respond to such signals. If an industry standard is established, we will revisit this policy.
GLOBAL PRIVACY CONTROL:
We honor Global Privacy Control (GPC) opt-out preference signals as a valid opt-out of the sale or sharing of personal information for California residents, where technically feasible. If you use a browser or extension that transmits a GPC signal, we will treat it as an opt-out request for targeted advertising purposes.
7. HOW WE SHARE YOUR INFORMATION
We do not sell your personal information to third parties. We may share your information in the following circumstances:
7.1 SERVICE PROVIDERS
We share information with third-party service providers who perform services on our behalf (as described in Section 5).
7.2 AFFILIATES AND REFERRAL PARTNERS
If you were referred to us by an affiliate or purchased through a referral link, we may share your email address and purchase information with that affiliate for commission tracking purposes only. Affiliates are not permitted to use this information for independent marketing purposes.
If a third party (such as a treatment center, referral partner, or funding organization) sponsors or pays for your use of our services, we may share information about your account status, usage, and service delivery with that sponsoring entity as required by our agreement with them.
7.3 BUSINESS TRANSFERS
If Company is involved in a merger, acquisition, sale of assets, bankruptcy, or reorganization, your information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have regarding your information.
7.4 LEGAL REQUIREMENTS
We may disclose your information if required by law or in response to:
- Legal process (subpoena, court order, government request)
- Legal claims or disputes
- Requests from law enforcement or government authorities
- Investigations of potential violations of our terms
- Protecting the rights, property, or safety of Company, our users, or the public
7.5 WITH YOUR CONSENT
We may share your information for other purposes with your consent or at your direction.
7.6 AGGREGATED AND DE-IDENTIFIED INFORMATION
We may share aggregated or de-identified information that cannot reasonably be used to identify you. This information is not considered personal information and may be shared for analytical, research, or business purposes.
8. SUBACCOUNT ACCESS AND DATA PROCESSING
ACCESS TO YOUR SUBACCOUNT:
As your implementation and management service provider, our authorized personnel have administrative access to your HighLevel subaccount to build, configure, optimize, troubleshoot, and maintain the systems we are contracted to deliver.
HOW WE USE ACCESS:
- We access your subaccount only to provide contracted services
- We do not use, disclose, or share data from your subaccount for any other purpose
- We do not contact individuals in your subaccount without authorization
- We do not use your subaccount data for our own marketing or business purposes
- Access is limited to personnel who require it to perform services
DATA RETENTION AND DELETION:
- We retain access to your subaccount only as needed for data export, migration support, or final billing
- Upon service termination, Company has no obligation to retain subaccount data and may delete or de-identify subaccount data immediately upon termination.
- Company will make reasonable efforts to allow you to export your data prior to termination where notice has been provided, but is not obligated to retain data following the termination date
- We will provide written confirmation of data deletion upon request
- We terminate all access upon service termination. If you request continued migration assistance, access will be limited solely to migration support activities and terminated immediately upon completion of migration
IMPORTANT — HIGHLEVEL AND THIRD-PARTY PLATFORM RETENTION:
When Company deletes a subaccount or terminates access, HighLevel and other third-party platforms used to deliver our services may independently retain data for their own operational, legal, or compliance purposes for a period of time following deletion. Company does not control HighLevel's or any third-party platform's data retention practices and cannot guarantee that data will be immediately or permanently deleted from those platforms upon Company's deletion of the subaccount. For information about HighLevel's data retention practices, please review HighLevel's Privacy Policy at https://www.gohighlevel.com/privacy-policy or contact HighLevel directly.
9. DATA SECURITY
We implement reasonable administrative, technical, and physical security measures to protect your personal information from unauthorized access, use, alteration, and destruction.
SECURITY MEASURES INCLUDE:
- Encryption of data in transit (SSL/TLS)
- Encryption of sensitive data at rest
- Access controls and authentication
- Periodic security assessments appropriate to the size and nature of our business
- Employee training on data protection
- Secure data centers and hosting
- For AI-processed data: where Company has direct access to or control over AI interaction data, we implement access controls limiting which personnel can access that data and conduct periodic security reviews of AI systems we operate. Voice recordings and transcripts processed through third-party platforms such as HighLevel are subject to those platforms' own security practices.
NO GUARANTEE:
However, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security of your information. You provide information at your own risk.
YOUR RESPONSIBILITY:
You are responsible for:
- Maintaining the confidentiality of your account credentials
- Notifying us immediately of any unauthorized access
- Using strong passwords
- Not sharing your account with others
10. DATA RETENTION
We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.
UNDERSTANDING OUR RETENTION CATEGORIES:
The retention periods below cover three distinct categories of data, each governed by different rules:
- COMPANY BUSINESS RECORDS (e.g., transactional data, invoices, payment records): Governed by tax law, accounting standards, and general legal obligations. These retention periods exist regardless of any service termination and are not subject to immediate deletion — federal and state law requires us to keep these records.
- CLIENT SUBACCOUNT DATA (e.g., referral contacts, pre-screening responses, data stored in your HighLevel subaccount): Company has no obligation to retain this data after service termination and may delete it immediately. See Section 8 for the full subaccount data retention and deletion policy.
- THIRD-PARTY PLATFORM DATA (e.g., AI voice recordings and transcripts processed through HighLevel or other integrated platforms): Retention is governed by the third-party platform's own policies, which Company does not control. The timelines below reflect those platform practices, not a Company retention commitment.
RETENTION PERIODS:
- Active Accounts: While your account is active and for a reasonable period thereafter
- Transactional Data: For as long as required for tax, accounting, and legal purposes (typically 7 years)
- Marketing Data: Until you opt-out or request deletion
- Legal Obligations: As required by applicable law
- Inactive Accounts: We may delete or anonymize data from accounts that have been inactive for an extended period
- Voice Recordings (AI): Retained by third-party platforms (such as HighLevel) for as long as those platforms determine necessary. Company does not set or control these timelines.
- AI Conversation Transcripts: Retained by third-party platforms for as long as those platforms determine necessary. Company does not set or control these timelines.
- Anonymized/Aggregated AI Data: May be retained indefinitely by third-party platforms for analytical purposes.
Note: The AI data retention timelines above reflect third-party platform practices, not Company retention commitments. Company does not control how long HighLevel or other integrated platforms retain voice recordings, transcripts, or related data on their own systems. Where Company controls AI interaction data directly, Company will honor deletion requests as described in Section 12. For information about HighLevel's data retention practices, please review HighLevel's Privacy Policy at https://www.gohighlevel.com/privacy-policy.
DELETION:
When we no longer need your information, we will delete it or anonymize it so it can no longer identify you. You may request deletion of your account and personal information at any time, subject to legal retention requirements. See Section 12 for information about your rights.
11. INTERNATIONAL DATA TRANSFERS
Company is based in the United States. If you are accessing our services from outside the United States, please be aware that your information will be transferred to, stored, and processed in the United States. The United States may not have the same data protection laws as your jurisdiction. By using our services, you consent to the transfer of your information to the United States.
SAFEGUARDS FOR EEA, UK, AND SWISS USERS:
For users in the European Economic Area, United Kingdom, and Switzerland, where required we implement appropriate safeguards for international data transfers, which may include:
- Standard Contractual Clauses approved by the European Commission
- Adequacy decisions
- Other legally approved transfer mechanisms as applicable
12. YOUR PRIVACY RIGHTS
Depending on your location, you may have certain rights regarding your personal information.
12.1 RIGHTS FOR ALL USERS
- ACCESS: You can request a copy of the personal information we hold about you
- CORRECTION: You can request that we correct inaccurate or incomplete information
- DELETION: You can request deletion of your personal information (subject to legal retention requirements)
- OPT-OUT OF MARKETING: You can opt-out of marketing communications at any time
12.2 CALIFORNIA PRIVACY RIGHTS (CCPA/CPRA)
If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):
RIGHT TO KNOW:
You have the right to request that we disclose:
- Categories of personal information we collected about you
- Categories of sources from which we collected personal information
- Business or commercial purpose for collecting or selling personal information
- Categories of third parties with whom we share personal information
- Specific pieces of personal information we collected about you
- Categories of personal information we disclosed for a business purpose
- Categories of personal information we sold or shared (for targeted advertising)
RIGHT TO DELETE:
You have the right to request deletion of your personal information, subject to certain exceptions (e.g., completing transactions, legal obligations, fraud prevention).
RIGHT TO CORRECT:
You have the right to request correction of inaccurate personal information.
RIGHT TO OPT-OUT:
- Right to Opt-Out of Sale: You have the right to opt-out of the "sale" of your personal information. Note: We do not sell personal information for monetary consideration.
- Right to Opt-Out of Sharing: You have the right to opt-out of "sharing" of personal information for cross-context behavioral advertising (targeted advertising).
- Right to Limit Use of Sensitive Personal Information: You have the right to limit our use of sensitive personal information to purposes necessary to provide services.
RIGHT TO NON-DISCRIMINATION:
You have the right not to receive discriminatory treatment for exercising your CCPA rights.
AUTHORIZED AGENTS:
You may designate an authorized agent to submit requests on your behalf. We may require verification of the agent's authority.
VERIFICATION:
We will verify your identity before processing requests. We may request additional information to verify your identity.
RESPONSE TIME:
We will respond to verifiable requests within 45 days. If we need more time, we will notify you and may take up to 90 days total.
DO NOT SELL OR SHARE MY PERSONAL INFORMATION:
To exercise your right to opt-out of the sharing of your personal information for targeted advertising, please contact us at [email protected] or mail us at the address in Section 1 with the subject line "Do Not Sell or Share My Personal Information." We will process your request within 15 business days.
CALIFORNIA "SHINE THE LIGHT" LAW:
California residents may request information about our disclosure of personal information to third parties for their direct marketing purposes. We do not share personal information with third parties for their own direct marketing purposes. California residents may submit Shine the Light requests to [email protected] with the subject line "Shine the Light Request."
12.3 VIRGINIA PRIVACY RIGHTS (VCDPA)
If you are a Virginia resident, you have rights under the Virginia Consumer Data Protection Act (VCDPA), including rights to access, correct, delete, and opt-out of targeted advertising and the sale of personal information.
To exercise your VCDPA rights, contact us at [email protected].
You may appeal our decision by contacting us in writing, and if you are unsatisfied with our response, you may file a complaint with the Virginia Attorney General.
12.4 COLORADO PRIVACY RIGHTS (CPA)
If you are a Colorado resident, you have rights under the Colorado Privacy Act similar to CCPA rights, including rights to access, correct, delete, and opt-out of targeted advertising and sale of personal information.
To exercise your Colorado privacy rights, contact us at [email protected]. You may appeal our decision regarding your privacy rights request by contacting us in writing at [email protected]. We will respond to appeals within 45 days.
12.5 CONNECTICUT PRIVACY RIGHTS (CTDPA)
If you are a Connecticut resident, you have rights under the Connecticut Data Privacy Act similar to CCPA rights, including rights to access, correct, delete, and opt-out of targeted advertising and sale of personal information.
To exercise your Connecticut privacy rights, contact us at [email protected]. You may appeal our decision regarding your privacy rights request by contacting us in writing at [email protected]. We will respond to appeals within 45 days.
12.6 UTAH PRIVACY RIGHTS (UCPA)
If you are a Utah resident, you have rights under the Utah Consumer Privacy Act, including rights to access, delete, and opt-out of targeted advertising and sale of personal information.
To exercise your Utah privacy rights, contact us at [email protected].
12.7 NEVADA RESIDENTS
Nevada residents have the right to opt-out of the sale of certain covered information. We do not sell covered information as defined by Nevada law. If you are a Nevada resident and have questions, please contact us at [email protected].
12.8 EUROPEAN PRIVACY RIGHTS (GDPR)
If you are located in the European Economic Area, United Kingdom, or Switzerland, you have the following rights under the General Data Protection Regulation (GDPR):
RIGHT OF ACCESS:
You have the right to obtain confirmation of whether we process your personal data and to receive a copy of your personal data.
RIGHT TO RECTIFICATION:
You have the right to have inaccurate personal data corrected and incomplete data completed.
RIGHT TO ERASURE ("RIGHT TO BE FORGOTTEN"):
You have the right to request deletion of your personal data in certain circumstances, including:
- The data is no longer necessary for the purposes for which it was collected
- You withdraw consent (where processing is based on consent)
- You object to processing and there are no overriding legitimate grounds
- The data has been unlawfully processed
- Deletion is required for compliance with legal obligations
RIGHT TO RESTRICTION OF PROCESSING:
You have the right to restrict processing of your personal data in certain circumstances, including:
- You contest the accuracy of the data
- Processing is unlawful and you request restriction instead of erasure
- We no longer need the data but you need it for legal claims
- You object to processing pending verification of legitimate grounds
RIGHT TO DATA PORTABILITY:
You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller (where technically feasible).
RIGHT TO OBJECT:
You have the right to object to:
- Processing based on legitimate interests
- Direct marketing (including profiling)
- Processing for scientific, historical research, or statistical purposes
RIGHT TO WITHDRAW CONSENT:
Where processing is based on consent, you have the right to withdraw consent at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.
RIGHT TO LODGE A COMPLAINT:
You have the right to lodge a complaint with your local supervisory authority if you believe we have violated GDPR.
AUTOMATED DECISION-MAKING:
You have the right not to be subject to decisions based solely on automated processing (including profiling) that produce legal or similarly significant effects, except where necessary for contract performance, authorized by law, or based on explicit consent.
RESPONSE TIME:
We will respond to requests within 30 days. In complex cases, we may extend this by two additional months and will notify you.
FEES:
Requests are generally free. However, we may charge a reasonable fee for excessive, repetitive, or manifestly unfounded requests.
12.9 OTHER STATE PRIVACY RIGHTS
Residents of states with applicable privacy laws not specifically addressed in this Section — including but not limited to Texas, Montana, Oregon, and other states that have enacted or may enact consumer privacy legislation — may have similar rights to access, correct, delete, and opt-out of certain uses of their personal information. Residents of states that provide the right to opt out of data collection through voice or facial recognition features may contact us at [email protected] to exercise that right with respect to our AI voice agent features. To inquire about your rights under applicable state law, contact us at [email protected].
13. HOW TO EXERCISE YOUR RIGHTS
To exercise any of your privacy rights, please contact us:
- Email: [email protected]
- Mail: Propwise REI LLC — 15191 Montanus Dr, Ste 132, Culpeper, VA 22701
WHAT WE NEED FROM YOU:
To process your request, we may need to verify your identity. We may request:
- Account email address
- Recent transaction information
- Government-issued ID (in some cases)
- Other information to confirm your identity
AUTHORIZED AGENTS:
If you use an authorized agent to submit a request, we may require:
- Written authorization from you
- Verification of the agent's identity and authority
- Direct confirmation from you
RESPONSE TIME:
We will acknowledge your request within 10 business days and respond substantively within:
- 45 days (with possible 45-day extension) for most requests
- 30 days for GDPR requests (with possible 60-day extension)
14. CHILDREN'S PRIVACY
Our services are not intended for children under 18 years of age. Our services are designed for business professionals operating or consulting in the recovery housing industry. This minimum age threshold of 18 is intentional and reflects the professional nature of our services, not merely a default compliance threshold.
NO COLLECTION FROM CHILDREN:
We do not knowingly collect personal information from children under 18. If you are under 18, do not:
- Visit our websites
- Use our services or access any materials we provide
- Provide any information to us
IF WE LEARN OF COLLECTION:
If we learn that we have collected personal information from a child under 18 without parental consent, we will delete that information within ten (10) business days of discovery. Our services require users to represent that they are at least 18 years of age at the time of account creation or engagement.
PARENTS' RIGHTS:
If you believe we have collected information from your child, please contact us immediately at [email protected].
15. THIRD-PARTY WEBSITES AND SERVICES
Our services may contain links to third-party websites, products, and services that are not owned or controlled by Company.
NO RESPONSIBILITY:
We are not responsible for:
- The privacy practices of third-party websites
- The content of third-party websites
- The products or services offered by third parties
THIRD-PARTY PRIVACY POLICIES:
When you click a link to a third-party website, you will be subject to that website's privacy policy. We encourage you to read the privacy policies of any third-party websites you visit.
SOCIAL MEDIA FEATURES:
Our website may include social media features (e.g., Facebook Like button, Twitter share). These features may collect your IP address, page visited, and may set a cookie. Social media features are governed by the privacy policy of the company providing them.
16. USER-GENERATED CONTENT AND PUBLIC FORUMS
Our services include community platforms where you may post content or participate in community forums that are visible to other members.
PUBLIC INFORMATION:
Any information you post in public or semi-public areas is public information that can be:
- Read, collected, and used by others
- Indexed by search engines
- Shared and distributed by others
YOUR RESPONSIBILITY:
You are responsible for:
- Any personal information you choose to share publicly
- The content you post
- Protecting your privacy in public forums
We strongly recommend you do not share sensitive personal information, health data, or information about specific residents or clients in public forums.
OUR RIGHTS:
We reserve the right to:
- Monitor public forums
- Remove content that violates our terms
- Use publicly posted content to operate, improve, and promote our services, consistent with our Terms and Conditions and applicable law
17. MARKETING COMMUNICATIONS
17.1 EMAIL MARKETING
FORM SUBMISSIONS AND INQUIRIES:
When you provide your contact information through any form on our websites — including but not limited to inquiry forms, booking forms, application forms, scheduling tools, and discovery call requests — you may receive communications from us related to your inquiry or request. These communications may include follow-up information, responses to your inquiry, and details about the services you expressed interest in. Where we intend to send marketing communications as a result of a form submission, we will provide notice at the point of collection along with an opportunity to opt out at any time. You may opt out of any communications at any time as described below.
With your consent (or where permitted by law), we may send you marketing emails about:
- New products and features
- Special offers and promotions
- Educational content and tips
- Company news and updates
CAN-SPAM COMPLIANCE:
We comply with the CAN-SPAM Act. Our marketing emails include:
- Clear identification of the sender so recipients know who the email is from
- Our physical address
- A clear way to opt-out (unsubscribe link)
- Honor of opt-out requests within 10 business days
UNSUBSCRIBE:
You can opt-out of marketing emails at any time by:
- Clicking the "unsubscribe" link in any email
- Updating your email preferences in your account settings
- Emailing us at [email protected]
TRANSACTIONAL EMAILS:
You cannot opt-out of transactional emails necessary for service delivery (e.g., purchase confirmations, account notifications).
17.2 SMS/TEXT MESSAGE MARKETING
If you opt-in to receive SMS messages from us, we will send you:
- Marketing promotions
- Updates about your account
- Service notifications
TCPA COMPLIANCE:
We comply with the Telephone Consumer Protection Act (TCPA). You must provide express written consent to receive marketing SMS messages.
SMS DATA PROTECTION:
All text messaging originator opt-in data and consent information will not be shared with any third parties, excluding the aggregators and providers necessary to deliver the SMS service. Your mobile phone number and opt-in information will not be shared with any third parties or affiliates for marketing or promotional purposes.
SMS MESSAGE DETAILS:
- Message Frequency: Message frequency varies depending on the program or event you have signed up for (e.g., daily reminders during active programs or challenges)
- Message Content: Messages will include promotional offers, program updates, service alerts, and other relevant information related to our products and services
- Data Rates: Standard text messaging rates from your carrier may apply
HOW TO OPT-OUT OF SMS:
You can stop receiving SMS messages at any time by:
- Replying "STOP" to any SMS message
- Contacting us at [email protected]
Upon opting out, you will receive a confirmation message that you have been unsubscribed.
18. AUTOMATED DECISION-MAKING AND PROFILING
We may use automated systems to analyze your information to:
- Personalize your experience
- Recommend relevant content
- Improve our services
- Detect fraud
NO SOLELY AUTOMATED DECISIONS:
We do not make decisions that produce legal or similarly significant effects based solely on automated processing without human involvement.
YOUR RIGHTS:
If you are in the EEA, UK, or Switzerland, you have the right to object to automated decision-making and to request human review of automated decisions.
19. CALIFORNIA RESIDENTS — ADDITIONAL DISCLOSURES
19.1 CATEGORIES OF PERSONAL INFORMATION
In the past 12 months, we have collected the following categories of personal information (as defined by CCPA):
- Identifiers: Name, email address, IP address, account username
- Commercial Information: Purchase history, transaction records
- Internet Activity: Browsing history, search history, interaction with our website
- Geolocation Data: General location based on IP address
- Professional Information: Information about your business
- Inferences: Preferences and characteristics derived from other information
- Audio/Electronic Data: Voice recordings from AI voice agent interactions (collected and retained by third-party platforms; see Section 10)
19.2 SOURCES OF PERSONAL INFORMATION
We collect personal information from:
- Directly from you
- Automatically through your use of our services
- From third parties (affiliates, service providers, social media)
19.3 PURPOSES FOR COLLECTION
We collect personal information for the purposes described in Section 4.
19.4 DISCLOSURE OF PERSONAL INFORMATION
We disclose personal information to the categories of third parties described in Section 7.
19.5 SALE OR SHARING OF PERSONAL INFORMATION
- Sale: We do not sell personal information for monetary consideration
- Sharing for Targeted Advertising: We may share certain identifiers with advertising partners for targeted advertising purposes. You can opt-out as described in Section 12.2
19.6 SENSITIVE PERSONAL INFORMATION
We do not collect or use sensitive personal information (as defined by CPRA) except as necessary to provide our services or as permitted by law.
19.7 RETENTION
We retain personal information as described in Section 10.
20. DATA BREACH NOTIFICATION
In the event of a data breach that compromises your personal information, we will:
NOTIFICATION TO USERS:
Notify affected users without undue delay and, where feasible, within 72 hours of becoming aware of the breach (or as required by applicable law).
NOTIFICATION METHOD:
We will notify you by:
- Email to the address associated with your account
- Notice on our website
- Other means as appropriate
INFORMATION PROVIDED:
Our notification will include:
- Nature of the breach
- Types of information affected
- Steps we are taking to address the breach
- Steps you can take to protect yourself
- Contact information for questions
NOTIFICATION TO AUTHORITIES:
We will notify relevant authorities as required by law. We comply with applicable state breach notification laws, which may require different timelines and procedures than those described above, including Virginia Code § 18.2-186.6, California Civil Code § 1798.82 (including notification to the California Attorney General for breaches affecting 500 or more California residents), Texas Business & Commerce Code § 521.053, and the breach notification requirements of other states where affected individuals reside. We will comply with the most stringent applicable requirements for each affected individual's jurisdiction.
21. CHANGES TO THIS PRIVACY POLICY
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.
NOTIFICATION OF CHANGES:
We will notify you of material changes by:
- Updating the "Last Updated" date at the top of this Privacy Policy
- Sending an email notification to the address associated with your account (for significant changes)
- Posting a prominent notice on our website
- Other means as appropriate
REVIEW OF CHANGES:
We encourage you to review this Privacy Policy periodically. The "Last Updated" date indicates when the Privacy Policy was last revised.
ACCEPTANCE OF CHANGES:
Your continued use of our services after changes are posted constitutes your acceptance of the updated Privacy Policy.
MATERIAL CHANGES:
If we make material changes that significantly affect your rights, we will provide more prominent notice and, where required by law, obtain your consent.
22. CONTACT US
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices — including requests to exercise your privacy rights — please contact us:
For all inquiries including privacy rights requests, contact us at [email protected].
Mail: Propwise REI LLC — 15191 Montanus Dr, Ste 132, Culpeper, VA 22701
RESPONSE TIME:
We will respond to your inquiry within a reasonable timeframe, typically within 30 days. For formal privacy rights requests, response times are as specified in Section 13.
EUROPEAN USERS:
If you are located in the European Economic Area, United Kingdom, or Switzerland, you may contact us at [email protected]. Company has assessed its data processing activities and determined that appointment of a Data Protection Officer is not required under applicable GDPR provisions at this time. This assessment is reviewed periodically as our processing activities evolve.
You also have the right to lodge a complaint with your local supervisory authority if you believe we have violated GDPR.
ESCALATION:
If you are unsatisfied with our response, you may escalate your concern to:
- Your local data protection authority (for EEA, UK, Swiss residents)
- The California Attorney General (for California residents)
- The Virginia Attorney General (for Virginia residents)
- Other relevant regulatory authorities in your jurisdiction
23. ADDITIONAL INFORMATION
23.1 COMMITMENT TO PRIVACY
Company is committed to:
- Transparency in our data practices
- Protecting your personal information
- Complying with applicable privacy laws
- Respecting your privacy rights
- Continuously improving our privacy practices
23.2 EMPLOYEE TRAINING AND ACCESS CONTROLS
Personnel with access to client systems receive training on privacy and data security best practices, including handling of sensitive information and compliance with applicable state privacy laws.
23.3 PRIVACY BY DESIGN
We implement privacy considerations into:
- Product development
- Service design
- Business processes
- Technology infrastructure
We collect and process only the personal information that is necessary for the purposes described in this Privacy Policy and do not retain it for longer than necessary to fulfill those purposes.
23.4 PERIODIC REVIEWS
We periodically review and update:
- Our privacy practices
- Security measures
- Service provider agreements
- Compliance with evolving privacy laws