Four things we'll never do.
Every CRM in real estate is built on top of decisions that aren't always made in your interest. Here's where Stadora draws the line — these aren't features we'll add later, they're things that won't happen as long as the company exists.
- Sell your contacts, deals, or any data tied to your book.
- Hand your client list to a lead-generation partner.
- Use your voice notes or notes to train AI models.
- Show another Stadora agent your pipeline.
- Keep your data after you ask us to delete it.
- Treat your data as yours, not ours.
- Make it exportable, in full, from settings.
- Honor a delete request immediately.
- Tell you within 72 hours if something goes wrong.
- Use plain English when we explain any of it.
The rest of this page is each of those promises in detail.
Only you. Not even other agents.
When you sign in to Stadora, you get your own private account. Your contacts, deals, properties, notes, voice memos, and calendar — none of it is visible to anyone else on Stadora. That includes other agents at your brokerage, agents in your market, and our own team unless you specifically ask us to look at something.
What this means in practice:
- An agent who joins Stadora next week can't search for your contacts.
- If two agents at the same brokerage both use Stadora, their books stay separate by default.
- Our internal team doesn't browse user data. We log in to your account only with your written permission — usually to help debug something you've asked us about.
When the Team tier launches (planned post-launch), shared pipelines will be opt-in per agent — never automatic, never the default.
Your notes don't become someone else's AI training data.
Stadora uses AI to transcribe voice notes, draft tasks, generate marketing copy, and read your morning briefing. All of those features require sending some of your text and audio to AI providers to process. Here's how that works honestly:
- We never use your data to train models. Not our own, not anyone else's. Voice notes you record stay on your account; transcripts aren't used to improve future transcription.
- Our AI providers don't train on it either. Stadora's contracts with the AI services we use prohibit training on the inputs you send. This is a contractual commitment, not just a setting.
- Sent only to process, then discarded. When you tap "transcribe voice note," the audio is sent, transcribed, and the AI provider drops the input. The transcript comes back to your account; nothing else stays.
Recorded by you, private to you.
Voice capture is the feature agents are most cautious about, fairly. The recording from your car after a showing might include a client's name, financial situation, or something they asked you not to write down. Here's the full handling:
- Recordings are scoped to your account only. No other Stadora user — agent or admin — can listen to them.
- Stored in your private space. Audio files live in a private cloud bucket attached to your account, separate from every other user's audio.
- Encrypted at rest. The audio is encrypted on disk. If a hard drive somehow walked out of a data center, the files on it would be unreadable.
- Transcription is one-way. The audio is sent for transcription, the text comes back, and the AI provider doesn't keep the input.
- Deleting a note deletes the audio. When you delete a voice note in the app, the original audio file is removed from storage within 24 hours.
In some states and countries, recording a conversation requires the consent of both parties. Stadora's voice capture is built for you to record your own notes after the fact — not to record live calls or in-person meetings without telling the people in them. We default to that interpretation; it's on you to follow the law where you work.
Sign in with Apple, Google, or email — your call.
Stadora supports three sign-in methods. We don't store passwords for the first two, and the third is hashed.
- Sign in with Apple — Apple holds your password. Stadora gets a verified identity token, nothing more.
- Sign in with Google — Google holds your password. We get the same kind of verified token.
- Email + password — your password is hashed before it touches our database. Even our own engineers can't read it.
Two-factor authentication is on our short-term roadmap. If your account security matters more than getting started today, sign in with Apple or Google — both of those already enforce strong second factors at the platform level.
In a cloud, but a careful one.
Stadora runs on managed cloud infrastructure — the same kind of infrastructure most modern apps you trust are built on. Practically:
- Encrypted in transit. Every request between your phone and our servers is encrypted (HTTPS). No one can eavesdrop on a Stadora session over a public Wi-Fi.
- Encrypted at rest. The database, the file storage, and the backups are all encrypted on disk.
- Hosted in the US by default. If you're an EU agent and need EU-resident hosting for compliance, email us — we can arrange it case-by-case before the dedicated region launches.
- Backed up daily. If something catastrophic happens to a server, your data is restorable from a backup taken in the last 24 hours.
Take it with you, anytime.
Your contacts and properties are exportable as CSV from Settings → Privacy → Export Data. There's no waiting period, no email-us-to-request, no quota. Tap the button, get a file, open it in Excel or import it into whatever's next.
Voice notes, marketing assets, and PDFs can be re-downloaded from the listings they're attached to. We're working on a full-account export that bundles everything into one ZIP — until that ships, the CSV export covers the data that matters most for moving between tools.
Two taps. No forms, no email, no friction.
Settings → Account → Delete Account. A confirmation dialog asks if you're sure. Tap yes.
- Soft-deleted immediately. Your account is taken offline the moment you confirm. No one can sign back in, and your data isn't accessible to anyone.
- Hard-deleted after 30 days. The grace period exists so that if you change your mind in the first month, we can restore it. After 30 days the data is permanently destroyed.
- Want it gone immediately? Email security@stadora.ai with "delete now" — we'll destroy it within 72 hours instead of waiting the 30 days.
Honest disclosure, fast.
No software is unbreakable. If Stadora is ever breached, here's our commitment:
- You hear about it within 72 hours. Even if we don't yet know the full scope — what we know, we tell you, immediately, by email.
- We tell you what was exposed. No vague "some user data may have been accessed." We name the data, the affected accounts, and the time window.
- We tell you what to do. If you need to rotate a password or notify a client, we'll say so directly.
- We tell you what we changed. After the dust settles, we publish a postmortem with what happened and what's different now.
Found a hole? Tell us first.
If you're a researcher, an engineer at a brokerage, or just someone who poked at Stadora and found something concerning, we want to hear from you before it ends up on a forum.
- Email security@stadora.ai with what you found and how to reproduce it. PGP key on request.
- We respond within two business days. Acknowledged, triaged, and we'll tell you what we're doing.
- We don't pursue good-faith researchers. If you find something and report it responsibly, you're a friend, not a defendant.
- Public credit on request. We'll add you to the security acknowledgements list when the issue is fixed.