Your showings. Nobody else’s business.

We’re going to be straight with you. As a real estate agent using EZShown, we have your name, your email address, your phone number, your MLS member ID, and your brokerage. We have the listings you manage and the addresses they sit at. We have the contact info for the people you work with on a deal — sellers, co-listing agents, buyer’s agents who request showings.

Most of that information is already public — on Aspen Glenwood MLS roster pages, on signs in front yards, on business cards. We’re another steward of it, and we take that seriously. But we’re not going to pretend that what we collect is a small thing or that no system can ever leak. What we will tell you is exactly what we do, exactly how we’ve built the system to protect what you give us, and the things we promise we will never do.

From you, the agent

• Your name, email address, phone number, and brokerage
• Your MLS member ID (used for authentication and roster lookups)
• The listings you manage — address, MLS ID, list price, status
• The setup details for each listing — access type, allowed hours, notice required, lockbox/entry instructions

From sellers (added by their listing agent)

• Name and mobile phone number
• The listing(s) they’re associated with, via a private magic-link URL
• SMS replies to showing-request texts (YES, NO, STOP, START, or other text)

From buyer’s agents requesting showings

• Name, phone number, brokerage, and email
• The address and time of the showing they requested
• Any feedback they leave after a completed showing

From co-listing agents (when added by the listing agent)

• Name, phone, email, and notification preference

• We will never sell your data. Not aggregated, not anonymized, not under any framing. Period.
• We will never share your data for marketing purposes. SMS opt-in information including phone numbers is never shared with third parties for marketing, and is never used by EZShown for marketing.
• We will never use your data to train AI models. EZShown does not call any AI service in the showing-coordination flow.
• We will never collect Social Security numbers, financial account information, or wire instructions. Those fields don’t exist anywhere in our database.
• We will never see or store the content of conversations you have on your own phone. When you tap “Call” or “Text” in our app, your device opens its native dialer or messaging app. Whatever you say happens entirely on your device.
• We will never expose buyer contact information. The buyer’s identity belongs to the buyer’s agent. EZShown only sees the requesting agent, never their client.

On data security itself: we’ll do everything we reasonably can — strong database controls, encryption, careful access — but we’re not going to claim no system can ever be breached. If anything ever does affect your data, we’ll tell you promptly and in plain language, not legalese.

This is the most sensitive data EZShown holds. A lockbox code with an address can be the difference between a showing and a break-in. We treat it accordingly:

• Access details live in a separate database table from the rest of your listing — different table, different policies, different access path.
• You (the listing agent) can always read and edit your own listing’s access instructions.
• A buyer’s agent can only see the access instructions on a showing they have confirmed. Pending requests, declined requests, and cancelled requests get nothing.
• Nobody else — not other agents, not sellers, not your brokerage, not us — can read access details. The rule is enforced at the database layer (Postgres Row Level Security), not just in our application code. Even if a bug in our app tried to show the wrong thing to the wrong person, the database would refuse to return it.

Sellers do not see lockbox details on their own page either. Only the agent and confirmed-showing buyer’s agents.

Your data lives in a Postgres database with Row Level Security policies enforcing what each authenticated agent can see and modify. The rules are applied by the database itself, not just by our application code. This matters because if we ever introduce a bug in the app, the database will still refuse to return another agent’s data to you, or yours to them.

Your password isn’t actually a password — EZShown uses one-tap magic-link sign-in. Your authentication tokens are managed by Supabase Auth, stored as HTTP-only cookies on your device, and refresh automatically as long as you keep using the app from the same browser.

Encryption. All connections to EZShown use HTTPS. All data at rest is encrypted on disk by our database provider.

Logging. Our application logs do not contain seller phone numbers, SMS message bodies, agent contact info, or other personally identifiable information. When something goes wrong, our team sees masked identifiers (last 4 of phone, masked email like j***@hotmail.com, message length only) and error codes — not your data.

To sellers: SMS via Twilio from a dedicated phone number. Sellers reply YES to approve a showing, NO to decline, STOP to opt out of all messages, START to resume. Reply messages are processed and immediately discarded — we do not maintain a transcript.

To agents: push notifications through your browser/device, plus optional email. We deliberately do not send agents SMS — push notifications are functionally equivalent and cost a fraction. (Real privacy benefit too: agents’ cell phones never get added to a Twilio sender list.)

To buyer’s agents: email confirmations, decline notifications, and post-showing feedback requests via Resend.

Sellers don’t have a real account. When their listing agent sets up the listing, EZShown generates a private link with a randomly-generated token in the URL. The seller bookmarks that link and uses it to see their upcoming showings, leave time blocks, and reply to confirmation requests.

That token is the seller’s key to their page. We do not show them anyone else’s data. If a seller ever needs the token invalidated and reissued, the listing agent can do it from inside the app.

We use a small number of established providers to operate the service. Each receives only what it needs to do its specific job.

• Supabase — hosts our encrypted Postgres database and handles agent authentication.
• Twilio — delivers SMS to sellers and receives their replies. Twilio sees the phone number and message body of the messages we send sellers, and the replies sellers send back. Twilio does not see anything else from EZShown.
• Resend — delivers email to buyer’s agents and listing agents (confirmations, declines, feedback requests).
• Vercel — hosts the EZShown application.
• Aspen Glenwood MLS — receives aggregate showing volume data for billing and compliance with our service agreement. Never receives the contents of individual showings, seller phone numbers, or access instructions.

We do not share data with advertisers, data brokers, marketing partners, or any other third parties.

Sellers receive SMS messages from EZShown via Twilio because their listing agent enrolled them. Standard message and data rates may apply.

Reply STOP to any EZShown message to opt out of all future messages. Reply START to resume. Reply HELP for support information. Carriers are not liable for delayed or undelivered messages.

EZShown does not share SMS opt-in information, including phone numbers, with third parties for marketing purposes. EZShown does not use SMS opt-in information for marketing purposes.

EZShown contracts with Aspen Glenwood MLS to provide showing coordination services to MLS member agents. The MLS receives aggregate showing volume data (counts of showings, agents active, listings active) for billing reconciliation and compliance with our service agreement.

The MLS does not receive: individual showing details, seller phone numbers or names, lockbox codes or entry instructions, or the content of any messages.

You can:

• See the data we hold on you. Email the support address below and we’ll send you a copy.
• Correct anything that’s wrong. Most things are editable in your profile and listings pages directly.
• Delete your data. Sellers can opt out via SMS STOP (which deletes their phone number from our active records). Listing agents can delete individual listings from inside the app. To delete your entire EZShown account, email the support address below — we will respond within 30 days.
• Export your data. Email the support address and we’ll send you a machine-readable copy.

Showing records are retained for as long as the associated listing is active on the MLS, plus 12 months for historical reference and possible dispute resolution. Seller phone numbers and calendar blocks are deleted shortly after the listing is marked sold, withdrawn, or expired, unless retention is required by law.

When you delete a listing or close your account, the data is removed from our live database. Encrypted database backups maintained by our database provider may retain the data for up to 7 days before being permanently overwritten.

EZShown is not intended for use by individuals under 18. We do not knowingly collect information from minors.

If we change how your data is handled in any material way, we’ll notify you before the change takes effect — not after. The effective date at the top of this page will reflect the latest version.

Questions about privacy, or want to exercise any of the rights above? Reach out via the contact information in our Terms of Service, or contact the listing agent who enrolled your property.