Privacy Policy

Last updated: April 15, 2026

CoStar AI Agent ("we", "our", "the Extension") is committed to protecting your privacy. This policy explains what data we collect, how we use it, and your rights. The Extension is a Chrome extension that operates as an AI research assistant for commercial real estate professionals across multiple CRE platforms.

What We Collect

We collect the minimum data necessary to provide the service:

• Email address — Used for account activation. Stored locally in your browser and, if you have a paid subscription, in our database.
• Your prompts — The natural-language queries you type into the Extension are sent to our AI processing endpoint so the agent can act on them.
• Page content from supported sites — When you run a query, the agent reads the page you are currently viewing on a supported site (see "Supported Sites" below). This includes structured listing data (addresses, square footage, rents, broker contacts) and, when relevant, screenshots of the visible viewport for visual analysis (charts, maps, floor plans). This content is sent to our AI processing endpoint in real time and is not permanently stored after the response is generated.
• Query history (local only) — A short rolling history of your past prompts is stored locally in your browser (via chrome.storage.local) so the agent can reference your previous work. This data never leaves your device.
• Subscription status — If you have a paid subscription, we store whether your subscription is active to manage access.

What We Do NOT Collect

• We do not collect or store your login credentials for any platform (CoStar, Crexi, Google, etc.)
• We do not track your browsing history or activity outside of the supported CRE sites listed below
• We do not read any tab other than the one you are actively running a query against (and tabs the agent opens itself for multi-property comparison)
• We do not sell, share, or trade your personal information with third parties
• We do not use cookies for advertising or behavioral tracking
• We do not access your saved passwords, autofill data, or browser history

Supported Sites

The Extension only activates on the following commercial real estate platforms and reference services. It does not run, read pages, or collect data on any other website.

• CoStar (costar.com, costargroup.com)
• Crexi (crexi.com)
• LoopNet (loopnet.com)
• Reonomy (reonomy.com)
• Google Maps (google.com/maps, maps.google.com) — for geographic context, Street View, and travel times
• LinkedIn (linkedin.com) — for broker and principal profile lookup
• OpenCorporates (opencorporates.com) — for entity / LLC ownership tracing
• Zillow (zillow.com) — for residential comparable lookups when relevant

How We Use Your Data

• AI processing — Your prompts and the content of the page you are viewing are sent to our backend, which forwards them to Anthropic's Claude API to generate analysis. We do not store the prompt or page content after the response is returned.
• License verification — If you have a paid subscription, your email is checked against our subscription database to confirm access.
• Google Sheets export (optional) — If you click "Send to Sheet," we use Google OAuth2 to obtain temporary access to create and edit a spreadsheet in your account. We only request the spreadsheets scope. We do not read your Drive, Gmail, contacts, calendar, or any other Google data.
• Multi-tab orchestration — When you ask the agent to compare multiple listings, it may open additional tabs on supported sites (e.g., five Crexi listings) and read each one in turn. These tabs are visible to you and you can close them at any time.
• Downloads — When you click the PDF or PPTX download button, the Extension uses Chrome's downloads API to save the file to your default download folder. No file is uploaded anywhere on your behalf.

Data Storage and Security

Account data (email, subscription status) is stored in Supabase, our database provider, with encryption at rest and in transit. All network traffic between the Extension and our backend uses HTTPS. The Extension does not store the content of pages you analyze after processing completes; only your local query history (your own prompts) is retained on your device.

Third-Party Services

We rely on the following third-party providers to deliver the Extension:

• Anthropic (Claude API) — AI model that powers all analysis. Prompts and page content are sent to Anthropic for processing under their commercial privacy policy.
• Supabase — Database and edge-function hosting for account/subscription data.
• Stripe — Payment processing for paid subscriptions. We never see or store your full credit card number.
• Google (Sheets API + OAuth) — Optional spreadsheet export, only when you explicitly use the "Send to Sheet" feature.

Your Rights

You can:

• Request a copy of the data we hold about you
• Request deletion of your account and associated data by emailing us
• Cancel your subscription at any time, which stops all data processing
• Revoke Google Sheets access at any time through your Google account permissions page
• Clear your locally-stored query history at any time by removing the Extension or clearing site data in Chrome

Chrome Extension Permissions

The Extension requests the following Chrome permissions, each justified by a specific feature:

• activeTab — To read the page you are actively viewing when you run a query.
• scripting — To inject the analysis script that extracts structured listing data from supported pages.
• storage — To save your email locally and store your local query history.
• tabs — To support multi-property comparison, where the agent opens several supported listings in parallel and aggregates results.
• downloads — To deliver the PDF and PowerPoint exports you request (tour books, BOVs, pitch decks).
• clipboardWrite — To copy AI results to your clipboard when you click the Copy button.
• identity — To authenticate with Google when you choose to export results to Google Sheets.
• Host permissions — Limited to the supported sites listed above, plus sheets.googleapis.com for the Sheets export feature.

Data Retention

Account data (email, subscription status) is retained while your account is active. If you cancel and request deletion, we will remove your data within 30 days. Page content and prompts sent for AI processing are not retained after the response is generated. Local query history lives only in your browser and is removed when you uninstall the Extension.

Changes to This Policy

We may update this privacy policy from time to time. We will notify users of significant changes via email or through the extension. Continued use of the extension after changes constitutes acceptance of the updated policy.

Contact

For privacy questions, data requests, or concerns, contact us at: andrewbframe@gmail.com