Privacy Policy
This Privacy Policy explains how REI Transfer, LLC ("REI Transfer," "we," "us," or "our") collects, uses, shares, and protects information when you visit rei-transfer-v2.vercel.app (the "Site") or use our services (the "Services"). By using the Site or Services, you agree to the practices described below. If you do not agree, please do not use the Site.
This policy is written to satisfy the disclosure requirements of the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act and California Privacy Rights Act (CCPA/CPRA), and applicable U.S. state privacy laws. It is not a substitute for legal advice in your jurisdiction.
1. Information We Collect
1.1 Information You Provide Directly
When you submit our application form, contact us, or otherwise interact with the Services, we collect:
- Identification data: name, email address, phone number, company name.
- Business data: primary market, monthly marketing spend, deals closed per month, current acquisition channels, your stated acquisition bottleneck, and any other information you provide in form fields or messages to us.
- Correspondence: the content of any email, SMS, or chat message you send us.
1.2 Information Collected Automatically
When you visit the Site, we automatically collect the following, including before any explicit consent for analytics:
- IP address: Your public IP address is collected via a request to api.ipify.org and stored in a first-party cookie (
reit_ip) for up to 90 days. Your IP address is also collected server-side by our hosting provider and by any analytics or advertising partner you consent to. - Visitor identifier: A pseudonymous unique identifier (
reit_vid) is generated and stored in a first-party cookie for up to 365 days, allowing us to recognize returning visitors across sessions. - Session identifier: A per-tab session ID (
reit_sid) is generated and stored in sessionStorage. - First-touch timestamp: The date and time of your first visit to the Site (
reit_first_touch) is stored in a first-party cookie for up to 365 days. - Advertising click identifiers (Click IDs): If you arrive at the Site by clicking an advertisement, we capture and store identifiers passed in the URL, including but not limited to:
gclid(Google),fbclid(Meta/Facebook),msclkid(Microsoft),ttclid(TikTok),li_fat_id(LinkedIn),gbraid,wbraid,epik(Pinterest),twclid(X/Twitter), andrdt_cid(Reddit). These are stored in first-party cookies for up to 90 days. - Campaign attribution data: We capture and store UTM parameters from the URL:
utm_source,utm_medium,utm_campaign,utm_term,utm_content,utm_id. These are stored in first-party cookies for up to 90 days. - Landing page and referrer: The first URL you landed on at the Site and the referring URL (if any) are stored in sessionStorage for the duration of your session.
- Device and browser data: User agent string, viewport size, screen resolution, language, and time zone.
- Behavioral data (with consent): Pages viewed, time on page, scroll depth, video watch duration and milestones, button clicks, and form interactions. This is collected via third-party analytics tools (Meta Pixel, Google Analytics 4, Google Tag Manager) only after you provide consent through our cookie banner.
1.3 Information from Third Parties
We may receive information about you from third parties, including:
- Advertising platforms: Meta, Google, and others may share campaign performance and conversion data with us.
- Referral partners: If another business or individual refers you to us, they may share your name and contact information.
- Service providers: Our CRM, email service provider, calendar booking tool, and similar vendors may relay information you provide to them about us.
2. How We Use the Information
We process the information described above for the following purposes:
- Service delivery: To respond to your application, evaluate fit, schedule strategy calls, and provide our marketing services if you become a client.
- Attribution and analytics: To understand how visitors arrive at the Site, what content engages them, and which marketing channels drive applications.
- Advertising and retargeting: To deliver relevant advertisements to you on Meta, Google, and other platforms, and to measure the performance of those advertisements (subject to your consent where required).
- Conversions API and pixel training: To send conversion events (such as form submissions and qualified leads) server-side to Meta and Google so their advertising algorithms can optimize toward outcomes that matter to our business.
- Fraud prevention and security: To detect, prevent, and respond to abuse, fraud, or unauthorized access.
- Legal compliance: To comply with applicable law, respond to legal process, and enforce our terms.
- Business operations: Internal record-keeping, billing, and improving the Site and Services.
3. Legal Bases for Processing (GDPR)
If you are located in the European Economic Area, the United Kingdom, or Switzerland, we rely on the following lawful bases:
- Consent (Art. 6(1)(a) GDPR): For analytics cookies, advertising cookies, and any non-essential tracking. You can withdraw consent at any time using the cookie controls on the Site.
- Performance of a contract (Art. 6(1)(b)): To respond to your application and deliver Services you request.
- Legitimate interests (Art. 6(1)(f)): For fraud prevention, network and information security, direct marketing to existing business contacts, and improving our Site. We balance these interests against your fundamental rights.
- Legal obligation (Art. 6(1)(c)): To meet our regulatory and tax obligations.
4. Cookies and Similar Technologies
We and our partners use cookies and similar technologies to operate the Site and deliver our Services. A detailed inventory of every cookie we set, its purpose, and its retention period is available on our Cookie Policy page. By using the Site, you acknowledge our use of strictly necessary cookies. Analytics and advertising cookies (including Meta Pixel and Google Analytics 4) are loaded only after you grant consent via the cookie banner.
5. How We Share Information
We share information with the following categories of recipients:
- Service providers and processors: Hosting (Vercel), CRM, email delivery, calendar booking, payment processing, customer support, and analytics tools that process data on our behalf under contract.
- Advertising platforms: Meta Platforms, Inc. (Facebook/Instagram), Google LLC, Microsoft Corporation, TikTok, LinkedIn, X/Twitter, Reddit, and Pinterest receive event data (such as conversions) through their respective conversion APIs and pixels, subject to your consent.
- IP geolocation service: ipify.org receives a request from your browser that exposes your IP address solely for the purpose of returning it to us.
- Legal and regulatory bodies: When required by law, subpoena, court order, or to protect rights, property, or safety.
- Business transfers: If REI Transfer is acquired, merged, or sells assets, your information may be transferred as part of that transaction.
We do not sell or rent personal information for monetary consideration. To the extent that "share" or "sale" is defined under CCPA/CPRA to include behavioral advertising activity, you may opt out using the methods in Section 9.
6. Data Retention
We retain information only for as long as necessary for the purposes for which it was collected, including legal, accounting, or reporting requirements. Indicative retention windows:
| Category | Retention |
|---|---|
| Visitor ID, first-touch timestamp | 365 days from last visit |
| IP address (first-party cookie) | 90 days |
| Click IDs and UTM parameters | 90 days |
| Session ID | End of browser session |
| Form submissions and lead data | 7 years (for business records) unless deletion is requested |
| Email and CRM correspondence | 7 years |
| Server access logs | 30 days |
| Analytics and advertising data (with third parties) | Per each platform's policy, typically 13-26 months |
7. International Data Transfers
REI Transfer is based in the United States. Information we collect may be processed in the United States and other countries where our service providers operate. If you are in the EEA, UK, or Switzerland, we rely on appropriate safeguards for cross-border transfers, including the European Commission's Standard Contractual Clauses (SCCs) and applicable adequacy decisions.
8. Your Rights
Subject to applicable law, you may have the following rights:
- Access: Request a copy of the personal information we hold about you.
- Correction: Request that we correct inaccurate or incomplete information.
- Deletion: Request that we delete personal information about you, subject to legal retention requirements.
- Portability: Request a structured, machine-readable copy of information you provided to us.
- Objection and restriction: Object to certain processing or request that we restrict it.
- Withdraw consent: Where processing is based on consent, withdraw it at any time. Withdrawal does not affect lawfulness of prior processing.
- Lodge a complaint: File a complaint with a supervisory authority in your jurisdiction.
To exercise any of these rights, contact us at privacy@reitransfer.com. We will respond within the timeframes required by applicable law (typically 30-45 days). We may need to verify your identity before fulfilling a request.
9. California Privacy Rights (CCPA / CPRA)
If you are a California resident, you have the right to know what categories of personal information we collect, the sources of that information, the purposes for collecting it, and the categories of third parties with whom we share it. The disclosures in Sections 1, 2, and 5 satisfy that requirement.
You also have the right to request deletion of your personal information, the right to correct inaccurate information, the right to opt out of "sales" and "sharing" (as those terms are defined under CCPA/CPRA), and the right not to receive discriminatory treatment for exercising these rights.
To opt out of advertising-related sharing, click the cookie controls in our cookie banner or email privacy@reitransfer.com with the subject line "Do Not Sell or Share My Information."
We do not have actual knowledge that we sell or share the personal information of consumers under 16 years of age.
10. Children's Privacy
The Site and Services are intended for business audiences (real estate investors and operators) and not for individuals under the age of 18. We do not knowingly collect personal information from anyone under 18. If you believe a child has provided us with personal information, contact us immediately and we will delete it.
11. Security
We implement reasonable administrative, technical, and physical safeguards to protect personal information, including encryption in transit (HTTPS/TLS), access controls, and regular security review. No system is perfectly secure, however, and we cannot guarantee the absolute security of any information transmitted to or stored on the Site.
12. Third-Party Links
The Site may link to third-party websites (such as YouTube, Google Maps, and our social media profiles). We are not responsible for the privacy practices of those third parties. We encourage you to review their privacy policies.
13. Changes to This Policy
We may update this Privacy Policy from time to time. The "Last updated" date at the top reflects the most recent revision. Material changes will be communicated through a notice on the Site or, where required by law, by email. Continued use of the Site after changes constitutes acceptance of the revised policy.
14. Contact Us
For privacy questions, data subject requests, or to exercise any rights described above, contact:
- Email: privacy@reitransfer.com
- General contact: contact@reitransfer.com
- Mail: REI Transfer, LLC, Attn: Privacy, New York, NY (full address available on request)
This Privacy Policy is provided as a transparent disclosure of our data practices. It is informational and does not constitute legal advice. If you have legal questions about your rights under applicable privacy law, consult a qualified attorney in your jurisdiction.