Joyst
Log in

Privacy Policy

Last updated: December 2025

Joyst ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our real estate platform and services (the "Services").

California Residents: This policy includes specific disclosures required by the California Consumer Privacy Act (CCPA). See Section 12 for CCPA-specific rights.

European Users: If you are located in the European Economic Area (EEA), this policy complies with the General Data Protection Regulation (GDPR). See Section 11 for GDPR-specific rights.

Table of Contents

  1. 1. Who We Are
  2. 2. Information We Collect
  3. 3. How We Use Your Information
  4. 4. Legal Basis for Processing (GDPR)
  5. 5. How We Share Your Information
  6. 6. Data Retention
  7. 7. Data Security
  8. 8. Cookies and Tracking Technologies
  9. 9. Your Privacy Rights
  10. 10. Children's Privacy
  11. 11. GDPR-Specific Rights (EU Users)
  12. 12. CCPA Rights (California Residents)
  13. 13. International Data Transfers
  14. 14. Changes to This Policy
  15. 15. Contact Us

1. Who We Are

Company Name: Joyst, Inc.

Address: 548 Market Street, Suite 52801, San Francisco, CA 94104

Email: privacy@joyst.ai

Phone: 1-888-JOYST-AI (1-888-569-7824)

Data Protection Officer: dpo@joyst.ai

2. Information We Collect

2.1 Information You Provide

  • Account Information: Name, email address, phone number, password
  • Profile Information: User type (buyer, seller, agent), preferences
  • Property Information: Address, photos, description, price, features
  • Financial Information: Payment method (processed by Stripe), earnest money details
  • Identity Verification: Government ID (for KYC compliance), proof of funds
  • Communications: Messages, chat history, support inquiries

2.2 Information Collected Automatically

  • Usage Data: Pages viewed, properties viewed, search queries, time spent
  • Device Information: IP address, browser type, device type, operating system
  • Location Data: Approximate location based on IP address
  • Cookies: See Section 8 for details

2.3 Information from Third Parties

  • Social Media: If you connect via Google/Facebook OAuth
  • Data Providers: Property data from public records, MLS feeds
  • Service Providers: Stripe (payment data), Pusher (messaging)

3. How We Use Your Information

  • Provide Services: Create accounts, list properties, submit offers, process payments
  • AI Assistance: Power our AI concierge ("Joystbot") to answer questions
  • Communication: Send transactional emails (offer updates, account notifications)
  • Improve Platform: Analyze usage patterns, fix bugs, improve features
  • Security: Detect fraud, prevent abuse, enforce Terms of Service
  • Legal Compliance: Comply with laws, respond to legal requests
  • Marketing (with consent): Send newsletters, promotional offers (you can opt out)

5. How We Share Your Information

5.1 Service Providers (Data Processors)

We share data with vendors who help us operate the platform:

  • Stripe: Payment processing (PCI-DSS compliant, DPA signed)
  • OpenAI: AI concierge features
  • Pusher: Real-time messaging
  • Supabase: Database hosting
  • Sentry: Error monitoring (anonymized data)
  • Vercel: Hosting and CDN

5.2 Other Users

When you list a property or make an offer, certain information is shared:

  • Sellers see: Buyer name, offer amount, message (not financial details)
  • Buyers see: Property details, seller contact info (if offer accepted)

5.3 Legal Requirements

We may disclose information if required by law or to:

  • Comply with subpoenas, court orders, legal processes
  • Protect rights, property, or safety of Joyst, users, or public
  • Investigate fraud or Terms of Service violations

5.4 Business Transfers

If Joyst is acquired or merges with another company, your data may be transferred (we'll notify you).

6. Data Retention

  • Active Accounts: Data retained while account is active + 30 days after deletion request
  • Deleted Accounts: Anonymized or deleted after 30 days (except as required by law)
  • Transaction Records: Kept for 7 years (tax/legal requirements)
  • Audit Logs: Retained for 7 years (security/compliance)
  • Marketing Data: Deleted immediately upon unsubscribe

7. Data Security

We implement industry-standard security measures:

  • Encryption in Transit: TLS 1.3 for all connections
  • Encryption at Rest: AES-256 for database storage
  • Password Security: Bcrypt hashing (10 rounds)
  • Access Controls: Role-based access, least privilege principle
  • Monitoring: Real-time security alerts, intrusion detection
  • Regular Audits: Quarterly security reviews, penetration testing

Data Breach Notification: If a breach occurs, we will notify affected users within 72 hours (as required by GDPR/CCPA).

8. Cookies and Tracking Technologies

We use cookies for:

  • Essential Cookies: Session management, authentication (cannot be disabled)
  • Analytics Cookies: Google Analytics (with consent) - understand site usage
  • Marketing Cookies: Facebook Pixel, Google Ads (with consent) - retargeting
  • Preference Cookies: Dark mode, language settings (with consent)

You can manage cookies via our Cookie Preferences or browser settings.

9. Your Privacy Rights

You have the right to:

  • Access: Request a copy of your data (export feature in settings)
  • Correction: Update inaccurate information (edit profile)
  • Deletion: Delete your account and data (account deletion in settings)
  • Opt-Out: Unsubscribe from marketing emails (link in every email)
  • Data Portability: Download your data in JSON format

To exercise these rights: Contact privacy@joyst.ai

10. Children's Privacy

Our Services are not intended for users under 18 years old. We do not knowingly collect data from children. If you believe we have collected data from a child, contact us immediately at privacy@joyst.ai.

11. GDPR-Specific Rights (EU Users)

If you are in the European Economic Area, you have additional rights:

  • Right to Access: Request all data we hold about you
  • Right to Rectification: Correct inaccurate data
  • Right to Erasure ("Right to be Forgotten"): Delete your data
  • Right to Restrict Processing: Limit how we use your data
  • Right to Data Portability: Receive data in machine-readable format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Revoke consent for marketing/analytics
  • Right to Lodge a Complaint: Contact your local Data Protection Authority

12. CCPA Rights (California Residents)

The California Consumer Privacy Act (CCPA) gives California residents specific rights:

12.1 Right to Know

You can request:

  • Categories of personal information collected
  • Sources of personal information
  • Business purpose for collecting data
  • Categories of third parties we share with

12.2 Right to Delete

You can request deletion of your personal information (subject to legal exceptions).

12.3 Right to Opt-Out of Sale

We do NOT sell your personal information. We do not share data for monetary consideration.

12.4 Right to Non-Discrimination

We will not discriminate against you for exercising your CCPA rights.

12.5 How to Exercise CCPA Rights

Email: privacy@joyst.ai
Phone: 1-888-JOYST-AI (1-888-569-7824)
Online: Privacy Settings

We will verify your identity before processing requests (to prevent fraud).

13. International Data Transfers

Our servers are located in the United States. If you access our Services from outside the US, your data will be transferred to the US.

EU-US Data Transfers: We use Standard Contractual Clauses (SCCs) approved by the European Commission for data transfers to the US.

14. Changes to This Policy

We may update this Privacy Policy periodically. Changes will be posted on this page with an updated "Last Updated" date.

Material Changes: If we make significant changes, we will notify you via email or prominent notice on the platform 30 days before changes take effect.

15. Contact Us

For privacy-related questions, requests, or complaints:

Email: privacy@joyst.ai

Address: 548 Market Street, Suite 52801, San Francisco, CA 94104

Phone: 1-888-JOYST-AI (1-888-569-7824)

Data Protection Officer: dpo@joyst.ai

Response Time: We will respond to your privacy request within 30 days (GDPR) or 45 days (CCPA).

This Privacy Policy is effective as of December 2025.

By using Joyst, you acknowledge that you have read and understood this Privacy Policy.