Privacy Policy

John Schuch, doing business as Listing AutomatEr ("John Schuch," "we," "our," or "us"), provides a desktop application and browser companion that help real estate agents post listings to online marketplaces. This Privacy Policy explains what information we collect, how we use it, and the choices you have regarding your data.

By using Listing AutomatEr, you agree to the practices described in this policy. If you do not agree, please discontinue use of our products.

1. Information We Collect

Account Information

When you create an account, we collect your name and email address. This information is required to provide you with access to the service and manage your subscription.

Listing Data

You may import listing data into the application via CSV files. This data includes property details such as addresses, prices, square footage, descriptions, and associated photos. We store this data to enable listing posting and campaign management.

Platform Session Data

To facilitate posting on supported third-party marketplace platforms ("Third-Party Platforms"), our Chrome extension temporarily accesses your authenticated platform session data. This data is used in real time to perform posting and sync operations and is not stored permanently. Listing AutomatEr is an independent tool and is not affiliated with, endorsed by, or sponsored by any Third-Party Platform.

Usage Analytics

We collect usage events (such as page views, feature usage counts, and posting activity) to understand how the product is used and to improve the experience. Analytics are handled by PostHog, which may set a first-party cookie and a local-storage identifier in your browser on our website. We do not track your browsing activity outside of the Listing AutomatEr application or website. PostHog is configured to respect Do-Not-Track browser settings, to mask form inputs on sensitive pages (checkout, thank-you, approval), and to use identified profiles only for authenticated users.

Payment Information

Subscription payments are processed entirely by Stripe. We never receive, store, or have access to your full credit card number. Stripe provides us with limited information such as the last four digits of your card and billing status to manage your subscription.

Operational Extension Telemetry (v1.1+)

To keep the Chrome extension working as third-party platforms rotate their internal API identifiers, starting with extension version 1.1 we collect limited operational telemetry from the extension. All telemetry is sent over HTTPS and authenticated with your own Listing AutomatEr account token. Specifically, we collect:

• Operational failure reports — when an extension operation fails, we log the operation type (e.g. "sync listings," "delete"), an error message (truncated to 500 characters), the Meta public GraphQL document identifier that was in use, attempt number, and a timestamp.
• Auto-discovered GraphQL routing metadata — while you browse Meta’s own marketplace pages, the extension passively observes publicly-visible GraphQL identifiers appearing in Meta’s own network traffic (document ID, friendly operation name such as MarketplaceYouSellingRoute, and the endpoint URL path, truncated to 300 characters) and reports them to our backend approximately once per minute.

What is NOT collected by this telemetry: listing content, buyer messages, photos, Facebook account identifiers (user ID, session cookies, fb_dtsg, c_user, jazoest, or any other Meta session token), contact names, phone numbers, email addresses, or any personally identifiable information about you or anyone you communicate with. Only Meta’s own publicly-visible GraphQL routing metadata and our own operational error strings are transmitted.

2. How We Use Your Information

We use the information we collect for the following purposes:

• Providing, operating, and maintaining the Listing AutomatEr desktop app and Chrome extension
• Authenticating your account and managing your subscription
• Storing and organizing your imported listing data
• Generating AI-powered marketing copy for your listings
• Automating the posting process on supported Third-Party Platforms
• Processing payments through Stripe
• Analyzing usage patterns to improve the product
• Communicating with you about your account, updates, or support requests

3. Data Storage & Security

User Accounts & Application Data

Your account information, subscription details, listing data, campaigns, and usage events are stored in a secure cloud database with encryption at rest and in transit.

Photo Storage

Listing photos that you import are stored on secure cloud storage. These photos are used during the posting process to upload images to marketplace listings.

Security Measures

We implement industry-standard security practices including encrypted data transmission (TLS/HTTPS), server-side authentication and rate limiting, and secure token validation. While no system is completely secure, we take reasonable measures to protect your information from unauthorized access, alteration, or destruction.

4. Third-Party Services

We rely on the following third-party services to operate Listing AutomatEr:

• Stripe — Payment processing and subscription management (receives name, email, billing details)
• PostHog — Product and marketing analytics (receives anonymized usage events and, for authenticated users, account email)
• Managed cloud database provider — Account data, subscriptions, and listing metadata. The specific provider is available on request.
• Vercel — Website hosting and edge function infrastructure for listingautomater.com
• Cloudflare R2 — Object storage for desktop application downloads and update artifacts
• Meta Platforms, Inc. (Facebook / Facebook Marketplace) — When you use the Service to post a listing, your browser interacts with Meta’s platforms under your own authenticated session. Meta may collect and process data in accordance with its own privacy policy. Listing AutomatEr is not affiliated with, endorsed by, or sponsored by Meta Platforms, Inc.

Each of these services maintains its own privacy policy and data handling practices. We encourage you to review their respective policies. A current list of all subprocessors, including the specific name of our managed cloud database provider, is available on request to john@listingautomater.com.

5. Chrome Extension Data

The Listing AutomatEr Chrome extension operates with the following data practices:

• The extension only activates on supported Third-Party Platform pages. It does not access, monitor, or collect data from any other websites.
• For all posting, sync, and delete operations, the extension communicates with the Listing AutomatEr desktop app through a local connection on your own machine. The contents of your listings and your platform session data are not routed through our servers during these operations.
• Platform session data is accessed temporarily during sync operations to retrieve your active marketplace listings. This data is used in real time and is not stored permanently on our servers.
• The extension requires an active, validated subscription to function.

Extension ↔ Backend Communication (v1.1+)

Starting with extension version 1.1, a separate, narrow channel sends operational telemetry from the extension directly to our secure backend. This channel exists so that we can keep the extension working when Meta rotates their internal GraphQL query identifiers (which they do every two to four weeks) and push a fix to all users automatically, without requiring a Chrome Web Store update for every rotation.

• Operational failure reports — when an extension operation fails, we receive the operation type (e.g. "sync listings"), the error message, the Meta public GraphQL document ID that was in use, the attempt number, and a timestamp. We use these to identify broken document IDs and publish a working replacement to all users.
• Auto-discovered GraphQL metadata — when Meta’s own marketplace pages load in your browser, the extension observes the publicly-visible GraphQL identifiers (document ID, friendly operation name, and endpoint URL path) in Meta’s own network traffic and reports these to our backend approximately once per minute. We use these to self-heal the extension without requiring Chrome Web Store updates.

What is NOT sent through this channel: listing content, buyer messages, photos, Facebook account identifiers (user ID, session cookies, fb_dtsg, c_user, jazoest, or any other Meta session token), contact information, or anything personally identifiable about you or your contacts. Only Meta’s own public GraphQL routing metadata and our own operational error strings are transmitted.

Transport & authentication: all telemetry traffic is sent over HTTPS and authenticated with your own Listing AutomatEr account token (a standard bearer JWT). No anonymous submissions are accepted.

Retention: failure reports are retained for approximately 30 days and then automatically purged. Auto-discovered GraphQL metadata is stored as a rolling upsert (the most recent observation of each identifier wins), not as a historical log.

6. AI Data Processing

On-Device AI

Listing AutomatEr includes a built-in AI engine that runs entirely on your device. When you generate marketing copy, your listing data is processed locally on your machine. No listing data is sent to any external server. All AI processing occurs on your device, and the data never leaves your machine.

7. AI Data Privacy

Listing AutomatEr's AI features are designed with your privacy in mind:

What Data Is Used

When you use the AI copy generation feature, the following listing data is processed: property descriptions, property features (bedrooms, bathrooms, square footage, lot size, etc.), property addresses, listing prices, and property type information. No personal account information (your name, email, or payment details) is used in AI processing.

On-Device Processing

AI processing occurs on your device. Your listing data stays on your machine and is not sent to third-party AI providers.

No AI Training

Your listing data is never used to train or improve AI models. Data is processed in real time solely to generate your marketing copy.

8. Data Sharing

We do not sell, rent, or trade your personal information to third parties. We share data only in the following limited circumstances:

• Service providers — With the third-party services listed in Section 4, solely to operate and deliver the product
• Legal requirements — If required by law, regulation, legal process, or enforceable government request
• Protection of rights — To protect the rights, property, or safety of John Schuch, our users, or the public
• Business transfers — In connection with a merger, acquisition, or sale of assets, in which case you would be notified of any change in data handling

9. Data Retention

We retain your data as follows:

• Account data — Kept for the duration of your active subscription. Upon cancellation, your account data is retained for up to 30 days to allow for reactivation, after which it may be deleted.
• Listing data and photos — Retained while your account is active. Deleted upon account deletion or upon request.
• Usage analytics — Retained in anonymized form for product improvement purposes.
• Platform session tokens — Used transiently during sync operations and not stored permanently.
• Extension failure telemetry (v1.1+) — Retained for approximately 30 days for debugging and automatic fix-push purposes, then purged.
• Auto-discovered GraphQL metadata (v1.1+) — Stored as a rolling upsert keyed by document identifier; the latest observation replaces earlier ones. Not retained as a historical log.

You may request deletion of your data at any time by contacting us (see Section 16).

10. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal data:

• Right to know — Request information about what personal data we collect, how it is used, and with whom it is shared
• Right to access — Request a copy of the personal data we hold about you
• Right to correction — Request correction of inaccurate or incomplete data
• Right to deletion — Request deletion of your personal data
• Right to data portability — Request an export of your data in a commonly used format
• Right to non-discrimination — We will not discriminate against you for exercising any of these rights

To exercise any of these rights, please email us at john@listingautomater.com. We will acknowledge your request within 10 business days and respond substantively within 30 days.

11. Do Not Sell My Personal Information

Under the California Consumer Privacy Act (CCPA) and similar state privacy laws, consumers have the right to opt out of the "sale" of their personal information.

We do not sell your personal information. Listing AutomatEr does not sell, rent, lease, or trade your personal data to third parties for monetary or other valuable consideration. We only share data with service providers who are necessary to operate the product (as described in Section 4), and these providers are contractually prohibited from using your data for their own purposes.

If our practices ever change, we will update this policy and provide you with a clear mechanism to opt out before any sale of personal information occurs.

To submit a privacy request or if you have questions about your rights under the CCPA, please contact us at john@listingautomater.com.

12. Cookies & Local Storage

Listing AutomatEr uses minimal cookies and local storage:

• Authentication tokens — Session tokens used to keep you logged in
• Local preferences — Application settings stored locally on your device (posting preferences, UI state)
• Chrome extension storage — Session-scoped authentication data for the extension, cleared when the browser session ends
• PostHog analytics — First-party cookie and local-storage identifier used on listingautomater.com to measure pageviews, feature usage, and marketing attribution. PostHog respects Do-Not-Track and masks form inputs on sensitive pages.
• UTM attribution — Marketing attribution parameters (utm_source, utm_medium, utm_campaign, utm_content, utm_term, gclid, fbclid) captured from the URL and stored in your browser’s sessionStorage so we can attribute a signup to the marketing channel that referred it. Cleared when you close the tab.

We do not use advertising cookies or third-party tracking cookies. The only analytics service on our website is PostHog, described above and in Section 4.

13. Children's Privacy

Listing AutomatEr is designed for real estate professionals and is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected data from a child under 13, we will take steps to delete that information promptly. If you believe a child has provided us with personal data, please contact us at john@listingautomater.com.

14. Data Breach Notification

In the event of a data breach that compromises the security, confidentiality, or integrity of your personal information, we will take the following steps:

Notification Timeframe

We will notify affected users within 72 hours of discovering a breach that involves personal data. If the full scope of the breach is not yet known at the time of notification, we will provide updates as additional information becomes available.

Notification Methods

Breach notifications will be delivered via email to the address associated with your account and through an in-app notice displayed within the Listing AutomatEr desktop application. For breaches affecting a large number of users, we may also post a notice on our website.

Information Provided

Breach notifications will include:

• A description of the nature of the breach
• The types of personal data involved
• The approximate date and time of the breach
• Steps we have taken and are taking to address the breach and mitigate its effects
• Recommendations for actions you can take to protect yourself
• Contact information for our support team if you have further questions

Regulatory Reporting

Where required by law, we will also report the breach to the relevant regulatory authorities within the legally mandated timeframe.

15. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make changes, we will update the "Effective Date" at the top of this page. For significant changes, we will notify you via email or through a notice in the application. Your continued use of Listing AutomatEr after any changes constitutes acceptance of the updated policy.

15.5 International & EU-Resident Data

Listing AutomatEr is operated from the United States and is currently offered only to real estate professionals whose primary state of practice is Arizona. We do not actively market the product to residents of the European Union, United Kingdom, or other jurisdictions with comprehensive data protection laws, and we do not knowingly collect personal data from consumers in those jurisdictions through our website.

However, our customers (real estate agents) may interact with buyers, inquiries, and contacts who reside outside the United States. If you are a data subject under the EU General Data Protection Regulation (GDPR), the UK Data Protection Act, or similar legislation and you believe a Listing AutomatEr customer holds personal data about you, you may contact us at john@listingautomater.com and we will route your request to the responsible data controller.

Where we act as a data processor on behalf of our customers, we will assist them in responding to data-subject rights requests (access, correction, deletion, portability, restriction, objection) in accordance with applicable law.

16. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

17. Trademark Notice

Facebook and Facebook Marketplace are trademarks of Meta Platforms, Inc. Listing AutomatEr is not affiliated with, endorsed by, or sponsored by Meta Platforms, Inc. All other trademarks are the property of their respective owners.