Privacy Policy

p2d, a product of Sum28 · California, USA · Effective: July 3, 2026

This policy explains what p2d (“we”, operated by Sum28) collects when you use the service to turn listing photos and your notes into marketing copy, how we use it, and your choices.

What we collect

What we deliberately do NOT keep

This minimizes the data we hold about you and the listings you work on.

How we use your information

Push notifications are optional: iOS asks for your permission first, we use them only for service updates about your account and generations (never marketing), and you can turn them off at any time in iOS Settings. Push tokens are deleted when you delete your account.

Cookies

We use exactly two cookies, both essential: a signed session cookie that keeps you logged in, and a signed device cookie (kept about one year) that helps us rate-limit the free preview and prevent abuse. We use no analytics cookies, no advertising cookies, and no third-party trackers, and we do not respond to cross-site tracking because we do none.

Service providers (sub-processors)

To operate, we share data with vetted providers strictly to deliver the service:

Retention

We keep your generated listings and account data until you delete them or your account, and feedback (including any voice memos) until you delete your account or ask us to remove it. Photos and pasted source text are discarded after processing, as described above. When you delete your account we erase your listings, stored feedback and voice memos, push tokens, and extraction records, and cancel any active subscription (completed manually if a payment-processor error prevents it). Copies of feedback previously delivered to our support inbox are retained as ordinary business correspondence. One exception: our anti-abuse records — salted one-way hashes of IP and device identifiers that contain no readable personal information — are retained in de-identified form so free-preview limits cannot be reset by deleting and recreating an account. Payment records are retained by Stripe and by us as required by law.

Your rights

You can delete your account and its data at any time in the iOS app (Account → Delete account). This erases your listings and history, feedback (including voice memos), push tokens, and extraction records, and cancels any active subscription. For access, correction, or a portable export of your data — or deletion if you cannot use the app — email us at info@sum28.com and we will fulfill your request.

We honor the substance of California’s CCPA/CPRA rights for all users as a matter of policy, wherever you live: the right to know what we collect, to delete it, to correct it, and not to be discriminated against for exercising these rights. We do not sell your personal information and do not share it for cross-context behavioral advertising, so there is nothing to opt out of. Wherever you are located, we honor equivalent access, correction, deletion, and portability rights on request.

Security

We protect your data with encryption in transit and access controls; passwords are stored only as salted PBKDF2 hashes, and our databases are encrypted at rest. Our servers and databases are hosted in the United States (AWS, US-West). Card data is handled by Stripe under PCI-DSS. No system is perfectly secure, but we work to safeguard your information.

Children

p2d is a professional tool for real-estate agents and is not directed at anyone under 18.

Changes

We may update this policy; we’ll post the new effective date and, for material changes, notify you.