Sarah avatar Meet Sarah, your real estate EA.

Privacy Policy

Last updated: April 13, 2026

Introduction

Sarah is an AI-powered executive assistant for real estate professionals, operated by Thomas Heimann ("we," "us," or "our"). This Privacy Policy explains what information we collect, how we use it, and your rights regarding your data.

By using Sarah — whether through WhatsApp, the web portal at portal.meetsarah.io, or any related service — you agree to the practices described in this policy.

If you have questions, contact us at: privacy@meetsarah.io

1. Information We Collect

Information you provide directly

When you create an account with Sarah, we collect:

  • Your name and email address (provided via WhatsApp during onboarding)
  • Your phone number
  • Your professional information: brokerage, market area, and role
  • Your Google or Microsoft account credentials (via OAuth — we receive an access token and refresh token, not your password)

Information from connected services

If you connect your email and calendar, Sarah can access:

  • Email messages (read, draft, and send on your behalf with your approval)
  • Calendar events (view and create with your approval)
  • Contacts (read-only, to support follow-up assistance)

We access only what is necessary to provide the assistant services you request. We do not store your emails or calendar events in our systems — Sarah reads them in real time to respond to your requests.

Information collected automatically

We collect basic operational logs to keep the service running, including message timestamps, error logs, and system health data. We do not collect analytics, tracking pixels, or behavioral advertising data.

2. How We Use Your Information

We use your information solely to provide and improve the Sarah assistant service:

  • To create and manage your account
  • To route WhatsApp messages to your dedicated assistant instance
  • To access your email and calendar on your behalf when you request it
  • To learn your patterns, preferences, and workflow over time (stored in your isolated assistant profile)
  • To send you a confirmation email during onboarding (via Resend)
  • To create a contact record in our CRM (HighLevel) for beta program management

We do not sell your data. We do not use your data for advertising. We do not share your data with third parties except as described in Section 4.

3. Data Isolation

Each Sarah user has a completely isolated assistant instance. Your memory, conversation history, learned preferences, OAuth credentials, and connected account data are stored in a private profile that is never shared with or accessible by other users.

Sarah is explicitly designed so that one user's data cannot appear in another user's session. This isolation is a core architectural guarantee, not just a policy.

4. Information We Share

We share limited information with the following service providers, only as necessary to operate the service:

ServicePurposeData Shared
TwilioWhatsApp message deliveryPhone number, message content
ResendConfirmation emailsName, email address
HighLevelBeta program CRMName, email, phone, brokerage, market area, role
GoogleOAuth authenticationAccess token, refresh token (stored in your isolated profile)
MicrosoftOAuth authenticationAccess token, refresh token (stored in your isolated profile)
VercelPortal hostingSession data, form submissions

We do not sell, rent, or broker your personal information to any third party for any purpose.

5. Data Retention

We retain your account data for as long as your account is active. If you request account deletion, we will:

  • Delete your assistant profile and all associated memory, conversations, and learned patterns
  • Delete your OAuth tokens from our systems
  • Remove your record from our operational database

Some data may be retained in backup systems for up to 30 days following deletion.

To request deletion, contact: privacy@meetsarah.io

6. Security

We take reasonable technical measures to protect your data:

  • OAuth tokens are stored in isolated, per-user profile directories on a private server
  • All communication between service components uses encrypted channels (HTTPS, HMAC-signed webhooks)
  • Our private GitHub repository does not contain secrets or credentials
  • Access to the production system is limited to Thomas Heimann

No system is perfectly secure. If you believe your account has been compromised, contact us immediately at privacy@meetsarah.io.

7. Your Rights

You have the right to:

  • Access the personal information we hold about you
  • Correct inaccurate information
  • Delete your account and associated data
  • Revoke OAuth access to your Google or Microsoft account at any time through your Google or Microsoft account settings — this will disconnect Sarah from your email and calendar
  • Opt out of any future marketing communications (we do not currently send marketing emails)

To exercise these rights, contact: privacy@meetsarah.io

8. Children's Privacy

Sarah is designed for professional use by licensed real estate agents and brokers. We do not knowingly collect information from anyone under the age of 18. If you believe a minor has provided us with personal information, contact us and we will delete it promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify active users via WhatsApp or email before the changes take effect. The "Last updated" date at the top of this page reflects the most recent revision.

10. Contact

Meet Sarah LLC

30 N. Gould ST, Ste R

Sheridan, WY 82801

Email: contact@meetsarah.io

WhatsApp: +1 (941) 239-4709