Privacy Policy

Last updated: March 2026

Your client data is yours. We don't sell it, share it, or mine it. Here's exactly how we handle your information.

Information We Collect

We collect what you give us when you create an account: your name, email address, and password. Passwords are never stored in plain text — all credentials are hashed using industry-standard algorithms before they touch our database.

We collect usage data — pages visited, features used, actions taken — to understand how Ostira is being used and where we can improve. This data is aggregated and anonymized before we look at it.

Your contacts, deals, notes, and conversations belong to you. We store them to run the service. We don't read them, sell them, or use them for anything else — period. We access your data only when you explicitly ask for support.

How We Use Your Information

We use your information to provide and operate the Ostira platform, authenticate you, process your account, and deliver the features you have signed up for.

We use aggregated, anonymized usage data to improve the product, prioritize features, and fix issues. This data cannot be used to identify individual users.

We send transactional emails — such as email verification, password resets, and billing receipts — using your email address. We do not send marketing emails without your explicit opt-in.

Data Storage and Security

Your data is encrypted at rest and in transit using industry-standard TLS and AES-256 encryption. We host on reputable, SOC 2-certified cloud infrastructure providers in the United States.

We do not sell, rent, or share your personal data or your clients' data with third parties for marketing or advertising purposes.

Your Rights

You have the right to access, correct, and delete your personal data at any time. You can update most information directly in your account settings. To request a full data export or account deletion, contact us at privacy@ostira.com.

Upon account deletion, your personal data will be removed from our active systems within 30 days. Anonymized, aggregated data may be retained for product analytics.

Third-Party Services

Ostira uses a limited number of trusted third-party services to operate:

Payment processing is handled by Stripe. We do not store credit card numbers — Stripe processes and vaults all payment data.

Email delivery is handled by Resend. Transactional emails sent from Ostira pass through Resend's infrastructure.

AI providers are used to power lead response and content generation features. Before anything reaches an AI provider, we strip personally identifiable information — names, phone numbers, emails, addresses. What the AI sees is context, not contact records. We contractually prohibit AI providers from using your data for model training.

SMS messaging is handled by Twilio. When you opt in to receive text messages — or when your agent sends messages on your behalf — those messages pass through Twilio's infrastructure. We send your contact's phone number and message content to Twilio for delivery. Nothing else.

SMS Communications

Agents using Ostira can send SMS messages to their leads and contacts — including property updates, appointment reminders, follow-ups, and automated drip campaign messages. Agents are responsible for obtaining consent from their contacts before sending messages. Message frequency varies. Standard message and data rates may apply.

Contacts can opt out at any time by replying STOP to any message. Reply HELP for assistance. After opting out, no further SMS messages will be sent unless the contact re-subscribes. All outbound messages are checked against Fair Housing compliance rules before delivery. Contacts flagged as do-not-contact are blocked from receiving messages. For SMS-related questions, contact us at privacy@ostira.com.

Analytics data is collected in aggregated, anonymized form only. No individual-level data is shared with analytics providers.

Cookies

One cookie. That's it. A secure, HttpOnly session cookie to keep you logged in. No ad trackers, no pixels, no third-party analytics cookies.

Changes to This Policy

We may update this Privacy Policy from time to time. For material changes — those that affect how we collect or use your data — we will notify you by email at least 30 days before the change takes effect. Continued use of Ostira after the effective date constitutes your acceptance of the updated policy.

Contact Us

For privacy-related questions, data requests, or concerns, contact us at privacy@ostira.com or visit our contact page.