Privacy Policy

Last Updated: April 9, 2026

This Privacy Policy explains how Audubonic, Inc. ("we," "our," "us") collects, uses, shares, and protects information when you use Milo, our AI platform for commercial real estate professionals.

1. Information We Collect

Account Information

  • Name, email address, and authentication credentials
  • Account is provisioned through organizational invitation or direct setup by Audubonic
  • If you sign in with Google, we access your basic profile information (name, email, profile picture) and OAuth tokens solely for authentication

Organization Information

  • Organization name and membership details
  • Your role within your organization (administrator or member)

Uploaded Documents

  • Financial documents (T-12 operating statements, rent rolls, offering memoranda)
  • Legal documents (purchase and sale agreements, leases, environmental reports)
  • Any other files you upload to the platform for analysis

Usage Data

  • Features used, queries submitted, documents analyzed
  • Performance logs, error reports, and session data
  • Device and browser information

Connector Data

  • If you connect Google Drive or Microsoft OneDrive/SharePoint, we access file metadata and content for files you explicitly choose to import into Milo
  • If you use the Milo Gmail add-on, we access the current email's sender, subject, and body content solely to provide email classification and Deal Room routing features

2. How We Use Your Information

We use your information to:

  • Provide AI-powered document analysis, extraction, and underwriting
  • Authenticate your identity and manage account access
  • Operate organization workspaces and team collaboration features
  • Process and respond to your queries about uploaded documents
  • Generate financial analysis, reports, and deliverables
  • Improve platform performance, reliability, and accuracy
  • Send account-related communications (security alerts, service updates)
  • Track usage for internal analytics and platform planning

We do not use your information for advertising purposes. We do not sell your data.

3. How We Process Your Documents — Third-Party AI Services

To provide AI-powered analysis, your uploaded documents and queries are processed by third-party AI service providers. This is a core part of how Milo works. Here is exactly what data is shared with each provider and why:

AI Language Models (Anthropic — Claude API)

  • What is sent: Document text content (in chunks), extracted financial data, user queries, deal context (property name, address, financial figures), conversation history for follow-up questions
  • Why: Document analysis, financial extraction, question answering, report generation, email classification
  • Data retention: Anthropic's API does not use customer data for model training. Data is processed transiently and not retained beyond the API request.
  • DPA: We maintain a Data Processing Agreement with Anthropic.

Document Embeddings & Search (Cohere)

  • What is sent: Document text content (in chunks) for embedding generation, user queries and document chunks for relevance scoring
  • Why: Powers intelligent document search and retrieval — enables Milo to find the most relevant sections of your documents when answering questions
  • Data retention: Processed transiently for embedding generation and search scoring.
  • DPA: We maintain a Data Processing Agreement with Cohere.

Web Search (Tavily)

  • What is sent: Search queries based on your questions — these may include market names, property types, or geographic references derived from your queries
  • Why: Provides current market data, comparable transactions, and external context to supplement document analysis
  • Data retention: Queries are processed transiently.

Document Parsing (Self-Hosted)

  • What is sent: Full document files (PDF, Excel) for text extraction and table detection
  • Why: Converts uploaded documents into structured text for analysis
  • Processing: This service runs on our own infrastructure — document files do not leave our controlled environment for parsing.

What We Do NOT Send to Third Parties

  • We do not send your login credentials or passwords
  • We do not send your payment information
  • We do not share your data with advertising networks
  • Third-party AI providers do not use your data to train their models

4. Google Services

Google Sign-In

When you sign in with Google, we access your name, email, and profile picture solely for authentication. We do not access your Gmail inbox, calendar, or contacts through the sign-in flow.

Google Drive Integration

If you connect Google Drive through Milo's Connectors, we access file and folder metadata to let you browse your Drive from within Milo. We only download and process files that you explicitly select to import into a Deal Room. We do not scan or index your entire Drive.

Gmail Add-On

If you install the Milo for Gmail add-on, it accesses the currently open email's sender, subject line, and body content. This data is used to:

  • Classify whether the email is deal-related
  • Suggest which Deal Room to route attachments to
  • Provide email summaries and draft responses

The add-on only accesses the email you are currently viewing — it does not scan your inbox, read other emails, or access your contacts.

We do not use Google user data for advertising purposes.

5. Microsoft Services

If you connect Microsoft 365 through Milo's Connectors, we access OneDrive and/or SharePoint file and folder metadata to let you browse and import files into Deal Rooms. We only download files you explicitly select. We do not access your Outlook inbox, Teams messages, or calendar through this connector.

6. Data Sharing

We share data only in the following circumstances:

  • Within your organization: If you are part of an organization account, other members of your organization can access shared Deal Rooms, documents, and analysis results according to their role and permissions.
  • Third-party AI service providers: As described in Section 3, to provide the core Milo service. These providers are bound by Data Processing Agreements.
  • Infrastructure providers: AWS (cloud hosting, file storage, database), Auth0 (authentication), Stripe (billing) — these providers process data as necessary to operate the platform.
  • Legal requirements: If required by law, regulation, legal process, or governmental request.
  • Business transfers: In connection with a merger, acquisition, or sale of assets, with notice to affected users.

We do not sell your personal information or document content.

7. Data Security

We implement the following security measures:

  • Encryption at rest: Documents and data stored in encrypted databases and file storage (AES-256)
  • Encryption in transit: All data transmitted over TLS/HTTPS
  • Authentication: Enterprise-grade authentication through Auth0 with support for multi-factor authentication
  • Access controls: Role-based access within organizations; data isolated between organizations
  • Infrastructure: Hosted on AWS with SOC 2 compliant infrastructure providers
  • Monitoring: Security logging, error tracking, and anomaly detection

No method of electronic storage or transmission is 100% secure. While we take reasonable measures to protect your information, we cannot guarantee absolute security.

8. Data Retention

  • Active accounts: We retain your data while your account is active and the service is in use.
  • Document content: Uploaded documents and their processed derivatives (embeddings, extracted data) are retained as long as the associated Deal Room exists.
  • Usage logs: Retained for up to 12 months for analytics and debugging purposes.
  • Account deletion: Upon account or organization deletion, we will delete your data, including uploaded documents, within 30 days. Some data may be retained in encrypted backups for up to 90 days.
  • Third-party providers: AI service providers process data transiently and do not retain your content beyond the API request lifecycle.

9. Organization Accounts

If you use Milo as part of an organization:

  • Your organization administrator controls who has access to the organization's workspace
  • Documents, deals, and analysis within the organization are visible to all organization members
  • If you are removed from an organization, you will no longer have access to the organization's data
  • The organization administrator, not individual users, controls data deletion for organization-level data
  • Individual account data (profile, personal settings) remains yours regardless of organization membership

10. Your Rights

You have the right to:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request corrections to inaccurate personal information
  • Deletion: Request deletion of your account and associated data
  • Data export: Request an export of your uploaded documents and analysis data
  • Opt out: Opt out of non-essential communications

To exercise any of these rights, contact us at privacy@audubonic.com. We will respond within 30 days.

11. Cookies & Tracking

Milo uses:

  • Essential cookies: Authentication session cookies required for the platform to function
  • Analytics: We may use analytics services to understand platform usage and improve performance

We do not use advertising cookies or tracking pixels.

12. Children's Privacy

Milo is designed for professional use and is not intended for individuals under 18 years of age. We do not knowingly collect information from minors.

13. International Data Transfers

Your data may be processed in the United States, where our infrastructure and AI service providers are located. By using Milo, you consent to the transfer of your information to the United States.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or in-app notification. The "Last Updated" date at the top reflects the most recent revision.

15. Contact Us

For privacy questions, data requests, or concerns:

Privacy: privacy@audubonic.com

Product support: support@audubonic.com

General inquiries: contact@audubonic.com