Draft for attorney review. This text is not final or binding until approved by counsel and published by The Selling Table.

The Selling Table — Privacy Policy (DRAFT)

**Version:** 2026-06-29

**Status:** DRAFT — for attorney review. Pre-filled from client proposed positions.

---

1. Who We Are

The Selling Table ("**we**," "**platform**") operates a B2B SaaS platform for real estate document workflows.

2. Scope

This policy describes how we handle information when **brokerages, title companies, and similar organizations** ("**Tenants**") sign up and use the platform. End-customers (buyers, sellers) interact through Tenant-branded wizard links; the **Tenant is typically the controller** for that transaction data.

3. Information We Collect

Tenant account data

Company name, admin name, email, billing identifiers (via Stripe), team profiles, office structure, license numbers if provided.

Transaction data (processed on Tenant's behalf)

Party names, addresses, emails, phones, property and financial details, document metadata, audit logs, signature records, IP addresses for e-sign.

Technical data

Logs, session tokens, IP address, user agent, security and error diagnostics.

We do not use consumer transaction data for cross-tenant advertising profiles.

4. How We Use Information

  • Provide, secure, and support the service
  • Billing and account administration
  • Compliance, fraud prevention, and audit trails
  • De-identified product analytics (if any) — not sold to third parties

5. Subprocessors

We use the following subprocessors to operate the service:

| Subprocessor | Purpose |

|--------------|---------|

| **Stripe** | Subscription billing and payment metadata |

| **Supabase** | Managed PostgreSQL database hosting |

| **Vercel** | Application hosting and serverless runtime |

| **Resend** | Transactional email (may include PDF attachments) |

We will provide at least **thirty (30) days' notice** before adding a subprocessor that processes Tenant customer personal data. Tenant may object on reasonable data-protection grounds; if unresolved, Tenant may terminate without penalty within thirty (30) days of notice.

6. Retention

  • **Active subscription:** data retained for service delivery.
  • **Cancelled organization:** self-service export window of **ninety (90) days** after cancellation; thereafter tenant customer PII and transaction data (including signed agreement records and related audit logs) are deleted or anonymized, except where law requires longer retention or a separate written agreement provides otherwise.
  • **Backups:** rolling provider backups per Supabase defaults (approximately thirty (30) days).

7. Security

  • Encryption in transit (TLS)
  • Data stored in Supabase PostgreSQL with provider-managed encryption at rest
  • Application-layer tenant isolation (every query scoped by organization)
  • Optional PostgreSQL row-level security when enabled for the deployment

We do **not** claim SOC 2, HIPAA, or PCI compliance unless separately documented in writing.

8. Your Rights

**Tenant contacts:** Tenants may access, correct, or delete account data via the admin console or by contacting support.

**End-customers:** The platform does not directly field consumer privacy requests. Tenants are responsible for honoring applicable rights for consumer data they control. We assist Tenants as processor within technical capability.

9. International Transfers

Primary processing occurs in the **United States**. Where subprocessors process data outside the U.S., we rely on vendor contractual protections (including standard contractual clauses where offered).

10. Contact

privacy@thesellingtable.com

Privacy Policy · Version 2026-06-29

Back to signup · Pricing