Huettl

Privacy Policy

Effective Date: 2026-04-05 Last Updated: 2026-04-16

1. Introduction

This Privacy Policy explains how Andrew Huettl ("Huettl," "we," "us," or "our") collects, uses, stores, shares, and protects information when you use our web application, website at huettl.ai, and related services (the "Service").

By using the Service, you agree to the practices described in this Policy.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Name, email address, password (hashed), profile photo, role, and workspace details
  • Billing Information: Payment method details (processed by Stripe; we do not store full card numbers), billing address, and tax information
  • User Content: Leads, contacts, listings, transactions, tasks, notes, messages, media, voice profiles, and any other content you create or upload
  • MLS and listing content: MLS listing content, photos, descriptions, and links that you paste, upload, or link to the Service are stored in your workspace and processed to generate marketing content, CMAs, and other outputs you request

2.2 Information from Third-Party Integrations

When you connect Gmail, Google Calendar, or other integrations, we access data through those services' APIs, including:

  • Gmail: Email metadata (subject, sender, recipients, dates) and message contents you authorize us to access; ability to create email drafts and send emails on your behalf. Email sends are initiated by your explicit request to the AI assistant (for example, "send a reply to this lead" or "send this batch to my list"); the assistant is instructed to confirm intent before sending but acts as your agent under your direction. When you direct the assistant to read a specific email or a thread, the contents of the messages it reads, and any drafts it creates on your behalf, are stored in your workspace so you can review, edit, and send them. We do not maintain a permanent mirror of your full Gmail inbox — only the messages and drafts tied to conversations you use inside the Service.
  • Google Calendar: Calendar events, attendees, times, and locations. We do not maintain a permanent copy of your calendar; calendar reads are performed live per request. Short summary references to upcoming events may be stored in your daily briefing records so we can display the briefing again without re-querying Google.
  • Other integrations: Data relevant to the features you enable

The specific Google API scopes we request are:

  • gmail.readonly — Read your email messages and metadata
  • gmail.compose — Create email drafts and send emails on your behalf
  • calendar.events — View, create, edit, and delete events on your calendars

You can revoke these permissions at any time through your Google Account settings.

2.3 Automatically Collected Information

  • Usage Data: Pages visited, features used, clicks, session duration, and similar analytics
  • Device Data: IP address, browser type, device type, operating system, and referring URLs
  • Cookies: Session cookies and similar technologies for authentication and basic analytics

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Service
  • Process subscriptions, payments, and billing
  • Authenticate users and secure accounts
  • Generate AI drafts of emails, marketing, and content on your behalf
  • Sync with Gmail and Google Calendar to deliver features you enable
  • Run automated background processes on your data (for example, daily briefings that summarize upcoming tasks and events, and follow-up checks that identify leads who haven't been contacted recently). These processes may read metadata from your connected Gmail inbox (such as sender addresses from the last seven days) to support follow-up detection. Voice profile learning occurs only when you explicitly trigger a scan of your Sent folder
  • Send transactional emails (including Stripe-issued payment receipts; additional account notices and security alerts are delivered when those features are enabled)
  • Respond to support requests
  • Detect and prevent fraud, abuse, and security incidents
  • Improve the Service (aggregate, anonymized analytics only)
  • Comply with legal obligations

4. Google API Services User Data Policy — Limited Use Disclosure

Huettl's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically, data obtained through Google APIs (including Gmail and Google Calendar):

  • Is used only to provide or improve user-facing features that are prominent in the Service
  • Is not transferred to third parties except as necessary to provide or improve user-facing features, comply with applicable law, or as part of a merger, acquisition, or sale of assets with user consent
  • Is not used for serving advertisements
  • Is not used to train generalized AI or machine learning models
  • When you use AI-assisted features involving your Gmail or Calendar data (such as asking the AI assistant to draft a reply to an email), the relevant email content or calendar details are sent to our AI service providers (Anthropic, OpenAI) solely to fulfill your specific request. This data is transmitted via stateless API calls and is not stored or retained by the AI providers for model training or any purpose other than generating the immediate response
  • Is not read by any human, except (a) with your explicit affirmative consent, (b) for security purposes such as investigating abuse, (c) to comply with applicable law, or (d) for internal operations where the data has been aggregated and anonymized

5. How We Share Information

Service provider list last updated: 2026-04-16. We update this list when we materially change our service providers.

We do not sell your personal information. We share information only in the following limited circumstances:

  • Service Providers: Trusted third parties that help us operate the Service, including:
    • Stripe, Inc. — Payment processing
    • Anthropic, PBC — AI model inference for chat assistance, email drafting, content generation, and analysis. When you use AI features, relevant context is sent to the AI provider, which may include: your business profile (name, brokerage, market area), content of emails you ask the assistant to read or reply to, listing details, lead information, and calendar events. Data is sent via stateless API calls and is not retained by the provider for model training
    • OpenAI, Inc. — AI model inference for marketing content and creative writing, processed via stateless API calls under the same terms as above
    • Google LLC — Gmail and Calendar integration (per your authorization)
    • Tavily, Inc. — Web search for comparative market analysis research (property addresses and market queries are sent to retrieve public listing data)
    • Creatomate BV — Media rendering for marketing flyers and promotional videos (listing details and photos are sent for template-based rendering)
    • Jina AI GmbH — Web page content extraction when you paste URLs for the AI assistant to read
    • Vercel, Inc. — Hosting, infrastructure, and file storage (user-uploaded photos and videos are stored via Vercel Blob)
    • Neon, Inc. — Database hosting
  • Workspace Members: If you belong to a shared workspace, other members of that workspace may see content you create within it, based on their role
  • Legal Compliance: When required by law, subpoena, court order, or to protect rights, safety, or property
  • Business Transfers: In connection with a merger, acquisition, or sale of assets, subject to this Policy

All service providers are contractually required to protect your information and use it only for the purposes we authorize.

6. Data Storage and Security

  • Encryption: Data is encrypted in transit (TLS) and at rest
  • Isolation: Each workspace is logically isolated; we enforce strict access controls
  • Access: Only authorized personnel may access production systems, and only for legitimate business reasons
  • Retention: We retain your information for as long as your account is active and as needed to provide the Service. After account termination, we will delete your data upon request. Contact support@huettl.ai to request data deletion. Some data may be retained where required by law
  • Breach Notification: In the event of a data breach affecting your personal information, we will notify affected users within 72 hours of discovery where feasible, and in any event in accordance with applicable law

No system is 100% secure. While we take reasonable measures to protect your information, we cannot guarantee absolute security.

7. Your Rights and Choices

Depending on your jurisdiction, you may have the right to:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request that we correct inaccurate information
  • Deletion: Request that we delete your personal information
  • Export: Request a portable copy of Your Content
  • Opt-out: Unsubscribe from marketing communications at any time
  • Withdraw consent: Disconnect Google integrations or other consented features at any time

To exercise these rights, email support@huettl.ai. We will respond within 30 days.

California residents have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), including the right to know, delete, correct, and opt out of the sale or sharing of personal information. We do not sell your personal information.

8. Cookies

We use cookies and similar technologies for:

  • Authentication: Session cookies to keep you logged in

We use Vercel Web Analytics for aggregated, anonymous usage analytics. This service is cookieless and does not track individual users across sites.

You can disable cookies in your browser, but doing so will prevent you from staying logged in.

9. Children's Privacy

The Service is not intended for anyone under 18. We do not knowingly collect information from children under 18. (We set this age at 18 to align with the age of contractual capacity under U.S. law.) If you believe a child has provided us with information, contact support@huettl.ai and we will delete it.

10. United States Only

The Service is operated from the United States and is intended for use by residents of the United States only. We do not currently offer the Service to users in the European Union, United Kingdom, or other international markets. If you access the Service from outside the United States, you do so at your own initiative and are responsible for compliance with local laws. Your information will be transferred to, stored, and processed in the United States.

11. Fair Housing and AI-Generated Content

The Service generates drafts of marketing content, emails, CMAs, and other materials using artificial intelligence. AI output can reflect biases present in training data. You are solely responsible for reviewing any AI-generated content before publishing or sending it to ensure compliance with the Fair Housing Act, the Equal Credit Opportunity Act, your state and local fair housing laws, and your MLS's and REALTOR® association's codes of conduct. AI-generated CMAs are not appraisals, and AI-generated content is not legal, financial, or professional advice.

12. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or an in-app notice before the changes take effect. The "Last Updated" date at the top of this Policy reflects the most recent changes.

13. Contact Us

Questions, concerns, or requests regarding this Privacy Policy should be sent to:

Andrew Huettl Email: support@huettl.ai Website: https://huettl.ai