Legal

Privacy Policy

Last Updated: June 4, 2026  ·  Version 1.0

1. Who We Are

Aurelian Atelier ("we," "us," or "our") is a sole proprietor operation providing client communication infrastructure services for real estate agents. We are based in the United States and primarily serve clients in the US, Canada, United Kingdom, Australia, and New Zealand.

This Privacy Policy explains how we collect, use, store, and protect personal data — both yours as a client, and the data of your contacts that you entrust to us to operate your communication systems.

For any privacy-related questions, contact us at: [email protected]

2. Data We Collect About You (Client Data)

When you interact with Aurelian Atelier — through our website, our scheduling system, or directly — we collect the following:

Contact and Booking Data

  • Name and contact details provided when booking a strategy call or submitting an enquiry
  • Any information you voluntarily provide during a strategy call or intake process
  • Your business name, market area, and role (real estate agent, broker, etc.)

Onboarding and Service Data

  • Business identity information provided to represent you (name, branding, market details)
  • Communication preferences and voice guidelines
  • Platform credentials or access you grant us to operate on your behalf
  • Any additional information you provide to help us build and manage your system

Payment Data

  • Payment is processed by our payment processor. We do not store your payment card details.
  • We retain records of transaction amounts and dates for accounting purposes.

Website Data

  • Standard server logs (IP address, browser type, pages visited) if analytics tools are active
  • Any cookies set by third-party tools embedded on the site

3. Data We Hold on Your Behalf (Third-Party Contact Data)

As part of delivering your service, you provide us with your client contact list — names, email addresses, and any additional details needed to personalise communications.

This is the most sensitive category of data we handle. These are real people who did not directly consent to share their information with us. We treat this data with the highest level of care and apply the strictest controls to it.

How We Use Your Contact List

  • Solely to send communications on your behalf, as instructed by you
  • Never for our own marketing, analysis, or any purpose outside your service
  • Never shared with, accessible by, or used to benefit any other client
  • Never cross-referenced across client accounts under any circumstances

Your Responsibility Regarding This Data

By providing a contact list to us, you confirm that:

  • You obtained this data lawfully in the course of your business
  • Your contacts have not opted out of commercial communications
  • You have the right to engage a third party to communicate on your behalf
  • You accept responsibility for compliance with electronic communication laws in your jurisdiction

4. How We Use Your Data

We use the data you provide solely to:

  • Deliver and manage the communication systems you have engaged us to build
  • Communicate with you about your service, account, and system performance
  • Process payments and maintain accounting records
  • Comply with applicable legal obligations

We do not sell, rent, trade, or share your data with any third party for marketing purposes.

5. Data Retention

Client data is retained for the duration of your active engagement. Upon cancellation or termination of service:

  • All account data — contact lists, branding assets, business information, and communication content — is retained for up to 60 days from the last active service date
  • After 60 days, all data is permanently and irrecoverably deleted
  • Early deletion can be requested at any time — we will process it within 14 days
  • On written request, we will provide a full export of your data before deletion

6. Third-Party Platforms

To deliver our services, we work with a small number of third-party platforms. Each platform receives only the minimum data necessary to perform its function:

Platform TypePurposeData Shared
Email communication platformSending and managing client communication sequences on your behalfYour contact list, sending email address, and communication content
Payment processorProcessing your subscription paymentsName, email, and payment details
Scheduling platformStrategy call booking and appointment managementName, email, and booking details

We do not publicly disclose the specific platforms we use to operate our infrastructure, as these are operational details of our managed service. On written request, active clients may ask which platforms hold their data — we will confirm this within 14 days.

We do not share data with any other parties unless required to do so by law.

7. Your Rights

Regardless of your location, we honour the following rights for all clients and contacts:

Right to Access

You may request a full list of all data we hold on you and your account. We will provide this within 14 days of a written request to [email protected].

Right to Correction

If any data we hold about you is inaccurate, notify us and we will correct it promptly.

Right to Deletion

You may request deletion of your data at any time. We will action this within 14 days. Note that deletion of active client data will require service termination.

Right to Data Portability

On request, we will provide your contact list and any associated data in a portable format before deletion.

Right to Withdraw Consent

You may withdraw consent to data processing at any time by cancelling your service and requesting deletion.

For clients in the UK and EU: You have additional rights under GDPR, including the right to lodge a complaint with your local data protection authority. We process your data on the legal basis of contractual necessity (to deliver the service you engaged us for) and legitimate interest (to maintain records necessary for our business operations).

8. Client Communications and Compliance

All client-facing communications deployed through our systems on your behalf are structured to comply with applicable electronic communication regulations, including:

  • Clear identification of the sending agent (you) in all communications
  • A functional opt-out mechanism included in every client-facing communication
  • Prompt processing of opt-out requests — honoured within 10 business days
  • No deceptive subject lines, sender names, or misleading content

For clients serving contacts in Canada, CASL compliance requirements apply. For UK and EU contacts, GDPR and PECR rules govern electronic communications. You are responsible for ensuring your contact list meets the consent standards required in your recipients' jurisdictions.

9. Data Security

We take reasonable technical and organisational measures to protect the data we hold, including:

  • Strict account isolation — each client's data held in an independent section with no cross-account access
  • Access to client data limited to authorised personnel only
  • Platform credentials handled securely and never stored in plain text
  • Reliance on established, security-audited third-party infrastructure providers

No data transmission over the internet is 100% secure. While we take all reasonable precautions, we cannot guarantee absolute security.

10. Cookies

Our website may use cookies set by third-party tools such as our scheduling and booking platform or analytics tools. These cookies may collect standard browsing data such as pages visited, time on site, and referring source.

We do not use cookies to track you across other websites or for advertising purposes. If you have concerns about cookies, you may disable them in your browser settings. This may affect the functionality of some features on the site.

11. Children's Privacy

Our services are intended for business professionals and are not directed at individuals under the age of 18. We do not knowingly collect data from minors. If you believe a minor has provided data to us, contact us immediately and we will delete it.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated to active clients via email at least 14 days before they take effect. The current version is always available at aurelianatelier.com/privacy.

13. Contact and Complaints

For any privacy-related questions, data requests, or complaints:

Aurelian Atelier
[email protected]

We aim to respond to all privacy enquiries within 5 business days.

If you are located in the UK or EU and are unsatisfied with our response, you have the right to escalate your complaint to your local data protection authority (ICO in the UK, or your national DPA in the EU).