top of page

Privacy Policy – Nora

Last Updated: 11/19/2025

ARTICLE I. INTRODUCTION

1.0. Purpose and Scope

Nora is a voice- and text-based digital assistant designed for licensed real estate professionals and authorized staff of participating organizations in the United States. Nora connects to tools selected by the user—including, without limitation, email and calendar services, MLS platforms, CRM systems, lockbox providers, transaction management platforms, and other third-party applications—to assist with communication, scheduling, research, workflow automation, and task execution. Nora’s functionality may involve automated processing and machine-generated content, and may act on your behalf within the services you authorize.

1.1. Eligibility and Access

​Nora is offered only to users located in the United States and is not intended for individuals under 18. Nora accesses and interacts with connected services solely when you or your organization grant permission or configure those services.

1.2. Agreement

This Privacy Policy explains how Lundy Inc. (“Lundy,” “we,” “us,” or “our”) collects, uses, stores, and shares information when you use Nora. It applies both when we act as a service provider to organizations that deploy Nora for their users and when we act as a business for users who access Nora directly. By using Nora, you consent to the practices described in this Privacy Policy across all platforms and interfaces where Nora is available.

ARTICLE II. INFORMATION WE COLLECT

 

​We may collect the following categories of information to operate, provide, and improve Nora. These categories apply across all platforms, interfaces, integrations, and connected services authorized by you or your organization.

2.1. Information You Provide Directly

  • Name, email address, phone number

  • Professional and organizational affiliations

  • Identity verification information

  • Preferences and configuration settings

  • Content you submit to Nora through voice or text

2.2. Information From Connected Services

When you or your organization connect third-party services to Nora, we may access information permitted through their APIs and your authorization, including:

  • Email and calendar data

    • Email metadata and content, attachments

    • Scheduling details and calendar events

  • CRM data

    • Leads, contacts, communication history

    • Preferences, tasks, notes, campaign activity

    • Behavioral history and contextual information

  • MLS and real estate data

    • Listing data, showing instructions, agent rosters

    • Secure fields, analytics, and other MLS-provided data

  • Transaction and document data

    • Transaction records and documents

    • File metadata and compliance materials

  • Lockbox and access systems

    • Information from lockbox and property-access platforms

  • Activity logs from connected services

    • Data available through authorized APIs that enables Nora to perform tasks

 

Nora may also process information about individuals contained within connected services (e.g., clients, leads, contacts) when necessary to fulfill your requests.

2.3. Information We Generate or Derive

  • Summaries of interactions

  • Memory items and context objects

  • Inferred preferences and behavioral patterns

  • Contact context and relationship mappings

  • Task history and usage patterns

  • System annotations and operational metadata

2.4. Information Collected Automatically

  • Device type, operating system, app version

  • IP address and coarse location

  • Event logs, error logs, performance data

  • Session activity, interaction metrics, clickstream data

  • Telemetry for analytics, debugging, and quality assurance

2.5. Billing and Transaction Information

  • Retainer balance information

  • Transaction metadata

  • Payment confirmations

    • (Payment processors store card numbers and other financial account data.)

2.6. Information Provided by Organizations

 

If your access is provisioned or managed by an MLS, brokerage, or other organization, we may receive:

  • Account setup information

  • Permissions and access configuration

  • Organizational identifiers

  • Integration settings necessary to enable the service

2.7. Other Information

 

We may collect other information you choose to provide or that is reasonably necessary for Nora to perform tasks, maintain context, and operate the service.

 

2.8. Exclusions and Updates

 

Personal information does not include de-identified or aggregated information that cannot reasonably be linked to an individual. We may update or expand the categories of information we collect as Nora evolves.

 

ARTICLE III. HOW WE USE INFORMATION

 

We use information for purposes reasonably necessary and proportionate to providing, operating, and improving Nora. These purposes include:

 

3.1. Providing and Personalizing the Service

  • Operating the Nora assistant experience

  • Personalizing responses and functionality

  • Maintaining memory, summaries, and historical context

3.2. Performing Tasks and Workflows

  • Executing instructions, workflows, automations, and communications

  • Coordinating data across connected third-party services

  • Taking actions on your behalf within authorized systems

3.3. Service Operation, Research, and Development

  • Internal research, testing, troubleshooting, and development

  • Improving performance, accuracy, reliability, and responsiveness

  • Supporting new features, capabilities, and integrations

3.4. Analytics, Quality Assurance, and Security

  • Monitoring usage patterns and optimizing performance

  • Debugging, diagnostics, and quality assurance

  • Detecting, preventing, and addressing security incidents and misuse

3.5. Model Improvement (Using De-Identified Data)

  • Using de-identified or aggregated information to train, enhance, and improve algorithms, models, and features.

    • (As permitted under applicable law and without using identifiable data for model training.)

3.6. Billing and Financial Operations

  • Managing retainer balances, auto-refill thresholds, and payment operations

  • Coordinating with payment processors

3.7. Communications and Administration

  • Sending service-related notifications, updates, and administrative messages

  • Communicating changes to terms, policies, or functionality

3.8. Legal, Compliance, and Enforcement

  • Complying with laws, regulations, and legal processes

  • Enforcing terms, preventing misuse, and protecting the service

ARTICLE IV. AUTOMATED PROCESSING AND AI-GENERATED CONTENT

 

Nora uses automated systems, including machine learning models and algorithmic processing, to analyze information, generate responses, summarize content, perform tasks, and operate connected workflows. These processes may involve automated decision-making based on your instructions, your interactions with Nora, and information available through connected third-party services.

 

AI-generated content may be incorrect, incomplete, or inappropriate for a particular use. You are responsible for reviewing and verifying all outputs, including drafts of communications, scheduling actions, messages, summaries, or other generated content.

 

Nora’s automated processes are designed to assist with tasks and do not replace your professional judgment or responsibilities.

 

ARTICLE V. DATA RETENTION

 

We retain information for as long as reasonably necessary to operate, maintain, and improve the service; fulfill user requests; support ongoing workflows; comply with legal obligations; protect the service; and for other purposes described in this Privacy Policy. Retention periods may vary depending on the category of information and the context in which it is used. Retention criteria may include operational needs, security requirements, and legal considerations.

 

5.1. Service Operation & Ongoing Use

 

We retain information—including summaries, memory items, derived data, and context objects—as long as your account is active or as necessary to personalize the service and support future interactions.

 

5.2. User-Affected Deletion

 

Deleting data within a connected third-party service (such as email, calendar, CRM, or MLS systems) does not necessarily impact summaries or derived information already processed by Nora.

 

5.3. Derived or Generated Data

 

Information generated by Nora may be retained independently from original source content for service operation, personalization, and improvement.

 

5.4. Legal, Security, and Compliance

 

We may retain information longer as needed to:

  • comply with legal, accounting, and regulatory obligations

  • detect, investigate, or prevent security incidents

  • protect against misuse and enforce terms

5.5. Backups and Stored Copies

 

Information stored in routine system backups may persist until overwritten in accordance with standard backup policies.

 

5.6. Organizational Accounts

 

Information associated with organizational provisioning may be retained as necessary for account management, access control, audit history, and service continuity.

 

5.7. Deletion Upon Account Closure

Upon account closure, we will revoke integration tokens and delete or anonymize information in accordance with the criteria above and applicable law. Certain information may still be retained for legal, security, or operational purposes.

ARTICLE VI. HOW INFORMATION IS SHARED

We may share information as described below and as reasonably necessary to operate, maintain, and improve Nora. We do not sell personal information.

6.1. Service Providers and Subprocessors

 

We may share information with service providers that perform:

  • hosting and cloud infrastructure

  • data storage and content processing

  • machine learning and model execution

  • analytics, diagnostics, and monitoring

  • customer support and operational services

  • payment and billing operations

These providers may access information only to perform services on our behalf and are contractually required to protect it.

 

6.2. Connected Third-Party Services

 

We may share information with third-party services you or your organization authorize, including:

  • email and calendar providers

  • MLS platforms

  • CRM systems

  • lockbox and property-access systems

  • transaction management tools

  • other integrated applications

We share only the information necessary to execute tasks or enable the integration.

 

6.3. Organizational Administrators

 

If your account is provisioned by an MLS, brokerage, or similar organization, certain information (e.g., account status, configuration, and integration settings) may be shared for deployment, access control, and service management. We do not share the content of your interactions with Nora unless required by the organization and permitted by law.

 

6.4. Analytics and Operational Insights

 

We may share de-identified or aggregated information for:

  • usage analytics

  • benchmarking

  • product development

  • performance optimization

This information does not identify individuals.

 

6.5. Legal, Safety, and Compliance

 

We may share information when necessary to:

  • comply with laws or legal processes

  • respond to lawful requests

  • detect or prevent fraud, misuse, or security incidents

  • enforce our terms or protect our rights

6.6. Business Transfers

 

We may share or transfer information in connection with:

  • mergers, acquisitions, or financing transactions

  • the sale of all or part of our business

  • corporate restructuring

Information remains protected under the version of this policy in effect at the time of transfer.

 

6.7. With Your Consent or Direction

 

We may share information when you explicitly instruct us to do so.

 

ARTICLE VII. THIRD-PARTY SERVICES

 

Nora works with third-party services selected and authorized by you or your organization.

 

7.1. User or Organizational Authorization

 

Nora interacts with third-party services only when authorized by you or your organization.

 

7.2. Third-Party Terms Apply

 

Your use of third-party services is governed by their own terms and privacy policies. Lundy is not responsible for their practices.

 

7.3. No Responsibility for Third-Party Systems

 

We are not responsible for:

  • the content, accuracy, or availability of third-party systems

  • outages, downtime, errors, or API changes

  • third-party security, privacy, or compliance practices

  • data loss or inaccuracies originating in third-party platforms

7.4. Data Shared as Necessary

 

Information may be transmitted, stored, or processed to and from third-party services as necessary to fulfill tasks you authorize.

 

7.5. Third-Party Privacy Policies

 

Third-party providers may collect and process information according to their own policies.

 

7.6. Modifying or Discontinuing Integrations

 

We may disable or modify integrations at any time for operational, legal, or security reasons.

 

7.7. Your Responsibility

 

You are responsible for actions Nora takes within third-party services based on your instructions or permissions.

ARTICLE VIII. USER RIGHTS

 

Depending on your state of residence, you may have certain rights regarding your personal information. These rights apply only as required by applicable law and are subject to verification and limitations.

 

8.1. Right to Know and Access

 

You may request that we disclose:

  • categories of personal information collected

  • sources of that information

  • purposes of use

  • categories of third parties to whom information was disclosed

You may also request access to personal information we maintain.

 

8.2. Right to Delete

 

You may request deletion of personal information we collected from you. We may retain information as permitted by law, including information necessary to:

  • operate and secure the service

  • maintain summaries, memory items, or derived data

  • comply with legal obligations

  • prevent fraud or misuse

  • maintain business records

Deletion of data in third-party services must be completed directly within those services.

 

8.3. Right to Correct

 

You may request that we correct inaccurate personal information.

 

8.4. Right to Opt Out of Certain Processing

 

You may request limits on certain forms of processing as required by law. This does not apply to:

  • processing necessary to operate the service

  • de-identified or aggregated information

  • processing for security or fraud prevention

  • memory, summaries, or derived data essential to context and personalization

8.5. Right to Appeal

 

You may appeal a denied request using the same method used to submit the request.

 

8.6. Verification Requirements

 

We may require identity verification to protect security and privacy.

 

8.7. Limitations on Rights

 

We may deny requests when necessary to:

  • protect the service’s security or integrity

  • respect another individual’s rights

  • comply with legal or contractual obligations

  • preserve data required for service operation

8.8. De-Identified and Aggregated Data

 

We may maintain and use de-identified or aggregated information and are not required to re-identify it.

 

8.9. Submitting Requests

 

Submit requests to: privacy@getlundy.io. We typically respond within 45 days as required by law.

 

ARTICLE IX. SECURITY

 

We use reasonable and appropriate administrative, technical, and physical safeguards designed to protect the information we collect. These measures help reduce the risk of loss, misuse, unauthorized access, disclosure, or alteration.

 

No method of transmission over the internet or electronic storage is completely secure, and we cannot guarantee absolute security. You are responsible for maintaining the security of your account credentials, devices, and connected third-party services.

 

Nora relies on integrations with third-party platforms such as email and calendar providers, MLS systems, CRM systems, and other connected services. We are not responsible for the security practices or incidents within those systems.

 

If your access is provisioned by an MLS, brokerage, or other organization, that organization may have its own security requirements outside our control.

 

We may notify you of a security incident involving your information when required by law.

 

ARTICLE X. CHILDREN’S PRIVACY

 

Nora is intended for users aged 18 and older. We do not knowingly collect or solicit personal information from individuals under 18. If we learn that we have collected personal information from a minor, we will delete it as required by law.

 

If you believe a minor has provided information to us, contact us using the details below.

 

ARTICLE XI. CHANGES TO THIS PRIVACY POLICY

 

We may update or modify this Privacy Policy from time to time. When changes occur, we will post the updated version and revise the “Last Updated” date. Your continued use of Nora after changes take effect constitutes acceptance.

 

We may provide additional notice of material changes when required by law, which may include posting within the service or other reasonable methods. We are not required to provide individualized notice except where required by statute.

 

ARTICLE XII. CONTACT INFORMATION

 

If you have questions regarding this Privacy Policy or wish to submit a privacy-related request, contact us at:

Lundy Inc.

3056 Mimulus Place

Escondido, CA 92029

info@getlundy.io

bottom of page