NT Broker AI

Privacy Policy

Last updated: April 27, 2026

Who we are

NT Broker AI is operated by Bernotas Company Limited MB, a limited liability company registered in Lithuania, EU.

  • Contact: arturas@bernotascompanylimited.lt
  • Service domain: synodos.lt

This privacy policy describes how we collect, use, and protect your personal data when you use NT Broker AI ("the Service").

What data we collect

When you use the Service, we collect:

  • Account information: your name, email address, password (hashed), role (broker, admin), and account creation date.
  • Email integration data: if you connect your Gmail account, we receive an OAuth access token and refresh token to read incoming emails and send replies on your behalf. We store these tokens encrypted at rest.
  • Calendar integration data: if you connect your Google Calendar, we receive an OAuth token to read availability and create events on your behalf.
  • Conversation data: records of email exchanges processed by the Service, including prospect contact information, message contents, and AI-generated drafts/responses.
  • Listing data: real estate listings you upload, including descriptions, photos, prices, and metadata.
  • Usage data: logs of actions taken in the Service, including timestamps and IP addresses for security purposes.

Why we collect it

  • To provide the AI assistant service: classify prospect emails, generate response drafts, and send replies on your behalf.
  • To match prospects with relevant listings.
  • To schedule property tours via your calendar.
  • To secure your account and prevent abuse.

Where data is stored

All data is stored on servers located in the European Union (Hostinger VPS infrastructure, Lithuania). We use industry-standard encryption for data in transit (TLS) and at rest (AES-256 for sensitive credentials).

Who we share data with

We share data only with the following service providers (data processors), and only as necessary to operate the Service:

  • OpenAI (USA): for AI processing of email content and response generation. OpenAI is contractually bound not to use submitted content to train their models.
  • Google (USA / EU): for Gmail and Calendar integration via OAuth. Google's terms apply to data accessed through their APIs.
  • Hostinger (EU): for hosting infrastructure.
  • Sentry (EU region): for error monitoring (does not include email content).

We do not sell your personal data to third parties.

Your rights under GDPR

As an EU data subject, you have the right to:

  • Access: request a copy of all personal data we hold about you.
  • Rectification: correct inaccurate personal data.
  • Erasure: request deletion of your account and all associated data.
  • Portability: receive your data in a machine-readable format.
  • Object: object to specific processing of your data.
  • Restriction: request that we limit how we process your data.
  • Withdraw consent: disconnect Google integrations at any time via your account settings.

To exercise these rights, contact: arturas@bernotascompanylimited.lt. We will respond within 30 days.

You also have the right to lodge a complaint with the Lithuanian State Data Protection Inspectorate (Valstybinė duomenų apsaugos inspekcija) if you believe we have violated your rights.

Data retention

  • Account data: retained while your account is active, deleted within 30 days of account closure.
  • Email and conversation data: retained while your account is active for the purpose of providing service continuity.
  • OAuth tokens: deleted immediately upon disconnection or account closure.
  • Logs: retained for up to 90 days for security purposes, then deleted.

Changes to this policy

We may update this policy from time to time. The "last updated" date at the top reflects the most recent change. Material changes will be communicated via email to active users.

Contact

For questions about this privacy policy or our data practices, contact:

arturas@bernotascompanylimited.lt