Privacy Policy

Last updated May 15, 2026/Effective immediately upon posting

SUMMARY OF WHAT THIS POLICY COVERS

This Privacy Policy explains what information we collect, how we use it, who we share it with, and the choices and rights you have. The Site is operated solely for Maricopa, Arizona, real estate services. We do not sell your personal information. We honor opt-out signals such as Global Privacy Control (GPC).

Jump to the section that applies to your state or region in the table of contents below.

Table of contents

1. Who We Are; Scope of This Policy
2. Notice at Collection
3. Categories of Personal Information We Collect
4. How We Collect Personal Information
5. How We Use Personal Information
6. Sensitive Personal Information
7. Hardship and Financial Information (Short Sale Specific)
8. Biometric, Genetic, and Health Information
9. Children's and Minor's Privacy
10. Sale, Sharing, and Targeted Advertising
11. Who We Share Personal Information With
12. Cookies, Pixels, and Tracking Technology
13. Global Privacy Control and Universal Opt-Out
14. AVM, Home Value Tools, and IDX Data
15. Lead Consent Verification and Lead Source Tracking
16. Call Recording and Voice Data
17. Artificial Intelligence and Automated Processing
18. Data Retention
19. Data Security and FTC Safeguards
20. Data Breach Notification
21. Cross-Border Data Transfers
22. Your Privacy Rights: California (CCPA/CPRA)
23. Your Privacy Rights: Other US State Residents
24. Your Privacy Rights: EU, UK, and Switzerland (GDPR)
25. Your Privacy Rights: Canada (PIPEDA)
26. How to Exercise Your Rights
27. Verifiable Consumer Request Process
28. Authorized Agents
29. Right to Appeal
30. Non-Discrimination
31. Do Not Track Signals
32. Financial Privacy and GLBA
33. Data Broker Registration
34. Changes to This Policy
35. Contact for Privacy Questions

1. Who We Are; Scope of This Policy

This Privacy Policy describes how The James Sanson Team at Real Broker, LLC ("we," "us," "our," or the "Operator"), operator of MaricopaShortSales.com (the "Site"), collects, uses, shares, retains, and protects personal information about you. It also describes your privacy rights and how to exercise them.

Identifying information:

1. Operator: The James Sanson Team, James Sanson, REALTOR
2. Employing broker: Real Broker, LLC
3. State of licensure: Arizona
4. Regulator: Arizona Department of Real Estate (ADRE), azre.gov
5. Privacy contact: sales@maricopahomesforsale.com
6. Phone: 520-838-8037

This Policy applies to information collected through the Site, contact forms, phone, text, and email communications with our team, and any third-party platforms we use to communicate with you. It does not apply to third-party websites linked from the Site (those have their own privacy policies) or to information you provide to other real estate professionals, lenders, title companies, or other parties.

This Policy is incorporated into our Terms of Use by reference. Using the Site means you agree to both.

2. Notice at Collection

Consistent with the California Consumer Privacy Act ("CCPA") and similar state laws, this Section 2 is the notice we provide at or before the point of collection of personal information through the Site. It summarizes what we collect and why, with full detail in the sections that follow.

1. What we collect: Identifiers (name, phone, email), commercial information (real estate interest), internet activity (page views, IP address), geolocation (general, IP-based), inferences drawn from the foregoing, and (if you choose to share it in a message) financial situation information.
2. Why we collect it: To respond to your inquiry, provide real estate brokerage services, maintain transactional and business records, comply with legal obligations, and improve the Site.
3. How long we keep it: See Section 18.
4. Whether we sell or share it: We do not sell personal information. We do not share for targeted advertising. See Section 10.
5. Your rights: See Sections 22 through 30.

3. Categories of Personal Information We Collect

We collect the following categories of personal information, organized using the CCPA category framework so it maps cleanly to your rights under state privacy laws:

3.1 Identifiers

Name, telephone number, email address, mailing or property address (if provided), IP address, online identifiers, and device identifiers.

3.2 Customer records (Cal. Civ. Code § 1798.80(e))

Information you provide in contact forms or communications that may include name, contact information, and details about your real estate situation.

3.3 Commercial information

Information about your real estate interests, intended transactions, properties you have inquired about, services you have considered, and our communications about all of the above.

3.4 Internet or network activity

Pages of the Site you visit, time spent on pages, links you click, the page that referred you to the Site, search terms you used to find the Site (where available), browser type, operating system, device type, and similar technical information.

3.5 Geolocation

Non-precise geolocation derived from IP address (typically city or region level). We do not collect precise geolocation (GPS-level data) through the Site unless you explicitly provide it (for example, by sharing the address of a specific property).

3.6 Audio, video, electronic information

If you call us, the call may be recorded with your consent as described in Section 16. If you communicate by text or email, those communications are retained.

3.7 Professional or employment information

If you choose to share information about your employment in the context of a hardship discussion, that information becomes part of our records. We do not affirmatively request employment information through the Site.

3.8 Inferences

Inferences we may draw from any of the above to characterize your real estate interests, preferences, or needs.

3.9 Sensitive personal information

See Section 6 for details on the categories of sensitive personal information that may apply.

3.10 What we do NOT collect

We do not knowingly collect biometric information, genetic information, precise geolocation through the Site, government-issued identifier numbers (we do not collect Social Security numbers, driver's license numbers, passport numbers, or similar identifiers through the Site), payment card numbers, or full financial account numbers through the Site.

4. How We Collect Personal Information

We collect personal information in three primary ways:

Information you provide directly. When you submit a contact form, call, text, or email us, or communicate with us through any other channel. This includes name, phone number, email, and any information you choose to share in a message.

Information collected automatically. When you visit the Site, our systems and our analytics providers may automatically collect: IP address, browser type, operating system, device type, the pages you visit, the time and date of your visit, the page that referred you, the search engine and search terms (where available), and other technical information transmitted by your browser.

Information from third parties. If you arrived at the Site through a third-party referral, advertising platform, social media platform, or search engine, that third party may share certain limited information with us (such as the search terms used or the campaign attribution). We do not currently purchase, license, or otherwise obtain personal information about you from third-party data brokers or lead aggregator services. If our practice changes, we will update this Policy.

5. How We Use Personal Information

We use personal information for the following purposes:

1. To respond to your inquiry. When you submit a contact form or otherwise contact us, we use your information to respond, schedule conversations, send follow-up information, and otherwise communicate about your inquiry.
2. To provide real estate brokerage services. If you engage us as your real estate broker, we use your information to provide listing, marketing, negotiation, transaction coordination, and closing support consistent with Arizona real estate law and the NAR Code of Ethics.
3. To maintain transaction and business records. Arizona Administrative Code R4-28-802 requires brokers to retain transaction records for five years. We retain personal information consistent with this and other applicable record retention requirements.
4. To comply with legal obligations. Including ADRE rules, Arizona real estate law, federal real estate laws (RESPA, MARS Rule), tax law (1099 reporting, where applicable), and consumer protection law.
5. For our internal business operations. Including site improvement, content development, customer relationship management, training, and quality assurance.
6. To prevent fraud and protect security. Including detecting and preventing fraudulent activity, identifying unauthorized access attempts, and protecting the security of our systems and your data.
7. To enforce these Terms and our other agreements. Including investigating and addressing violations.
8. For marketing communications, with your consent. Including informational updates about real estate topics and our services, where you have provided email or SMS consent.

We do not use personal information for purposes materially different from the purposes disclosed in this Policy without first updating this Policy and, where required, obtaining your consent.

6. Sensitive Personal Information

"Sensitive personal information" is a defined category under the California Privacy Rights Act (CPRA) and several other state privacy laws. It includes information such as Social Security numbers, driver's license numbers, financial account login credentials, precise geolocation, racial or ethnic origin, religious beliefs, mail content, genetic data, biometric data, health data, and sexual orientation.

We do not affirmatively collect sensitive personal information through the Site. Specifically, we do not request through any Site form: Social Security numbers, driver's license numbers, financial account numbers, log-in credentials, precise geolocation, racial or ethnic origin, religious beliefs, genetic information, biometric information, health information beyond a general hardship narrative, or sexual orientation.

You may incidentally share sensitive information. If, in the message field of a contact form or in a conversation, you choose to share information that falls within a sensitive personal information category (for example, mentioning a medical hardship or family situation that reveals protected information), we treat that information with extra care. We do not use it for any purpose other than responding to your inquiry and maintaining our records.

Your rights regarding sensitive information. Under the CPRA and similar laws, California and certain other state residents have the right to limit the use and disclosure of sensitive personal information. To exercise this right, contact us using the methods in Section 26.

7. Hardship and Financial Information (Short Sale Specific)

Because the Site serves consumers facing financial hardship (short sales, pre-foreclosure, underwater mortgages), this section specifically addresses our handling of hardship-related information.

When you communicate with us about a short sale or pre-foreclosure situation, you may share information that is unusually sensitive: details about your income, expenses, debts, medical events, divorce, job loss, military relocation, or other hardship circumstances. We commit to the following with respect to this information:

1. Limited internal access. Hardship and financial information is accessible only to members of our team who need access to provide services or maintain records.
2. No sharing with non-essential parties. We do not share hardship information with marketers, advertisers, or third parties who do not have a direct role in providing real estate brokerage services to you.
3. Lender disclosure only with consent. We do not share hardship information with your mortgage lender or any third party without your prior consent. If you engage us for a short sale, we will use the information you provide in the lender submission package, with your knowledge and authorization.
4. HUD counselor referral neutrality. If we suggest that you contact a HUD-approved housing counselor as an alternative to or supplement for our services, we do not share your information with the counselor. You contact the counselor directly.
5. Secure transmission. Where practical, we use encrypted channels to transmit hardship documentation.
6. Retention consistent with ADRE rules. Hardship documentation is retained in accordance with A.A.C. R4-28-802 (typically for 5 years) or longer if required for legal compliance.

8. Biometric, Genetic, and Health Information

We do not collect, process, store, sell, or use:

1. Biometric identifiers as defined under the Illinois Biometric Information Privacy Act (BIPA), the Texas Capture or Use of Biometric Identifier Act (CUBI), the Washington biometric privacy law, or any other state biometric law. We do not use facial recognition, fingerprint scanning, voiceprints, retinal scans, or similar biometric processing for visitors to the Site.
2. Genetic information as defined under any state genetic privacy law.
3. Consumer health data as defined under the Washington My Health My Data Act, the Nevada SB 370 consumer health data law, or any other state consumer health data law.

If you choose to share information about a medical hardship in a hardship narrative or conversation, that information is handled under Section 7 (Hardship and Financial Information), not as health data subject to specific health privacy laws. We do not request medical records or need diagnostic details to assist with a short sale.

9. Children's and Minor's Privacy

The Site is not directed to children under 13, and we do not knowingly collect personal information from children under 13 in violation of the federal Children's Online Privacy Protection Act (COPPA), 15 U.S.C. § 6501 et seq.

Several states impose additional protections for minors aged 13 to 18, including California's Age-Appropriate Design Code, the Connecticut Data Privacy Act amendments effective July 1, 2026, and the Maryland Online Data Privacy Act. We do not target the Site to minors and do not knowingly collect personal information from minors for targeted advertising or profiling that produces legal or similarly significant effects.

If you believe a child or minor has provided personal information to us, contact sales@maricopahomesforsale.com, and we will promptly delete the information.

Real estate transactions sometimes involve minor heirs, trust beneficiaries, or clients' family members. In those cases, information about minors is handled in connection with the underlying real estate transaction and is governed by applicable real estate, trust, and probate law, not by the Site-facing rules above.

10. Sale, Sharing, and Targeted Advertising

This section addresses the categories defined under the CCPA/CPRA, the Virginia Consumer Data Protection Act, the Colorado Privacy Act, and similar state laws.

We do not "sell" personal information as defined under the CCPA, CPRA, or any other state privacy law. We do not exchange your personal information for monetary or other valuable consideration.

We do not "share" personal information for cross-context behavioral advertising as defined under the CPRA, and we do not engage in "targeted advertising" as defined under the VCDPA, CPA, CTDPA, and similar state laws. We do not allow third parties to track you across other websites for advertising purposes using information collected from the Site.

We do not profile in a manner that produces legal or similarly significant effects, as that term is defined under the CPA, CTDPA, and similar state laws. Our limited automated processing is described in Section 17.

If our practices change such that any of the above representations no longer accurately describe our practices, we will update this Policy with at least thirty (30) days' advance notice posted on the Site and provide opt-out mechanisms required by applicable law.

11. Who We Share Personal Information With

We share personal information only as described in this section.

11.1 Service providers and processors

We share personal information with service providers ("processors" under some state laws) that help us operate the Site, communicate with you, and provide our services. These include:

1. Hostinger (web hosting): hosts the Site and processes all Site traffic. Hostinger Privacy Policy.
2. SendGrid (a Twilio company) (transactional email delivery): receives contact form submissions for email delivery to our team. Twilio Privacy Policy.
3. FreedomVoice (telephone service): receives inbound calls to 520-838-8037 and routes them to our team.
4. Customer relationship management (CRM) tools: store and organize contact records. The specific CRM may change. Currently, contact records are managed through industry-standard real estate CRM tools.
5. Analytics tools (if used): may collect aggregated and anonymized usage data. We do not currently use Google Analytics or similar advertising-focused analytics tools that aggregate cross-site behavior.
6. Communication platforms: SMS messaging platforms compliant with A2P 10DLC registration; voice and video conferencing tools used for client meetings.

All service providers are contractually required, where applicable law mandates, to use your information only to provide services to us, not for their own marketing or other purposes. Where state privacy laws require data processing agreements (DPAs), we maintain DPAs with service providers that handle the personal information of residents of those states.

11.2 Real estate transaction parties

If you engage us for a real estate transaction, we share information necessary to complete the transaction with: the other party to the transaction (buyer, seller, or their broker), title and escrow companies, lenders (with your authorization), the MLS, attorneys (with your authorization), home inspectors, appraisers, and other transaction service providers. This sharing is necessary to provide the brokerage services you engaged us for.

11.3 Brokerage and regulatory compliance

We share information with Real Broker, LLC (our employing broker) and with the Arizona Department of Real Estate, the National Association of REALTORS, the Arizona Association of REALTORS, and similar regulators, as required by law, by brokerage policy, or in connection with audits, complaints, or investigations.

11.4 Legal compliance and protection

We share information when required by subpoena, court order, or other legal process; to comply with applicable law or regulation; to enforce our Terms; to investigate, prevent, or address suspected fraud, security issues, or illegal activity; and to protect our rights, property, or safety, or that of our clients or others.

11.5 Business transitions

If we are involved in a merger, acquisition, sale of assets, financing, or bankruptcy, personal information may be transferred as part of that transaction. We will provide notice and choices where required by applicable law.

11.6 With your consent

We share information with other parties where you provide consent. For example, if you ask us to refer you to a specific lender, contractor, or other professional, we share contact information necessary to make the referral.

12. Cookies, Pixels, and Tracking Technology

The Site uses cookies and similar tracking technologies. Several state privacy laws now treat cookies, pixels, device identifiers, and similar identifiers as personal information.

Strictly necessary cookies. Cookies are needed for basic Site functionality (such as session management on the admin portion of the Site). These cannot be disabled.

Performance and analytics cookies. Cookies that help us understand how the Site is used in aggregate. We use minimal analytics. We do not use Google Analytics 4 or other ad-targeting analytics tools that share data with advertising networks.

Advertising and targeting cookies. We do not use advertising or cross-site targeting cookies. We do not use the Meta Pixel, the TikTok Pixel, the LinkedIn Insight Tag, the X (Twitter) Pixel, or similar cross-context advertising tracking pixels.

Session replay and heat-mapping. We do not currently use session replay tools (such as FullStory or Hotjar) that record visitor sessions, mouse movements, and keystrokes. Session replay tools have been the subject of significant litigation under state wiretap laws, and we have chosen not to implement them.

Controlling cookies. Most browsers allow you to view, manage, delete, and block cookies. Disabling cookies may affect some Site features. For information about managing cookies in your browser, see the browser's help documentation.

Do Not Track. See Section 31.

Global Privacy Control (GPC). See Section 13.

13. Global Privacy Control and Universal Opt-Out

Several state privacy laws require businesses to honor opt-out preference signals transmitted by your browser, including the Global Privacy Control (GPC) signal. States with mandatory recognition of these signals include California, Colorado, Connecticut, Delaware, New Jersey, Oregon, Texas, Montana, and others as their laws come into effect.

Our practice. We honor GPC signals from all visitors, regardless of state of residence. When you visit the Site with GPC enabled, we treat it as a request to opt out of any "sale" or "sharing" of your personal information for cross-context behavioral advertising. Since we do not engage in either practice (see Section 10), the GPC signal does not change the substance of how we handle your data, but we record receipt of the signal.

To enable GPC, you can install a browser extension or use a browser that supports GPC natively (such as Brave, DuckDuckGo, or Firefox with the right setting). More information is available at globalprivacycontrol.org.

14. AVM, Home Value Tools, and IDX Data

An Automated Valuation Model (AVM) is a tool that estimates a home's value using public records, comparable sales, and other data. The Site does not currently include AVM or home value estimation tools. If we add such tools in the future:

1. AVM estimates will be disclosed as estimates only, not as formal valuations or appraisals.
2. Any personal information you submit to obtain an AVM estimate will be handled in accordance with this Policy.
3. Use of an AVM tool will not be a substitute for an Arizona-licensed appraisal or a written Broker Price Opinion.

The Site does not currently display Internet Data Exchange (IDX) feeds of MLS listings. If IDX is added in the future, it will be subject to the relevant MLS's IDX rules, the NAR Clear Cooperation Policy, and applicable state real estate law. IDX data is the property of the MLS and participating brokerages and is provided for consumer use, not for commercial republication.

15. Lead Consent Verification and Lead Source Tracking

Some real estate lead-generation services use consent verification platforms (such as TrustedForm, Jornaya, or ActiveProspect) to create independent records of consumer consent when a contact form is submitted. These platforms typically capture session metadata that may include IP address, timestamp, form contents at the moment of submission, and a video-like replay of the consent collection.

Current practice. We do not currently use third-party lead consent verification platforms on the Site. Consent records are maintained in our own systems.

Future use. If we add a consent verification platform in the future:

1. The platform will be disclosed in an update to this Policy.
2. The platform will be selected based on its compliance with state privacy laws.
3. The platform's data retention will be governed by a data processing agreement with us.
4. Your rights to access, correct, and delete information will extend to information held by the consent verification platform.

If we buy or accept leads from third-party lead sources in the future, the originating consent must include sufficient information to meet TCPA standards. We will maintain records of the source of each lead.

16. Call Recording and Voice Data

Arizona is a one-party consent state for the recording of telephone conversations (A.R.S. § 13-3005). Many other states require all-party consent. Our call recording practices are described in Section 17 of our Terms of Use.

Voice data privacy. If a call between you and us is recorded:

1. The recording is treated as personal information subject to this Policy.
2. The recording is used only for the purposes described in Section 5 (responding to inquiries, transaction documentation, training, quality assurance, dispute resolution).
3. Access to recordings is limited to authorized team members.
4. Recordings are retained consistent with Section 18 below.
5. You may request a copy of a recording of a call to which you were a party, subject to redaction of third-party information.

Voicemails left for our team are retained as part of our records and treated under the same standards.

We do not use voice biometric identification or voice-print analysis. We do not use voice data to train AI models. We do not share voice recordings with third parties except as described in Section 11.

17. Artificial Intelligence and Automated Processing

We use limited artificial intelligence ("AI") and machine learning tools in our business operations. See Section 18 of our Terms of Use for the full description.

What this means for your personal information:

1. No final automated decisions. Consistent with the California Privacy Protection Agency's ADMT regulations effective January 1, 2026, the Colorado AI Act, the EU AI Act, and similar laws, we do not use AI to make final decisions on matters that significantly affect you.
2. Right to know about automated processing. You may request information about whether automated processing has been used in connection with your inquiry. Contact sales@maricopahomesforsale.com.
3. Right to human review. If you believe an automated tool has produced an incorrect result, you may request human review.
4. No training on your data. We do not use personal information you submit to train AI models, including general-purpose large language models. The AI tools we use are configured to operate on data ephemerally, without contributing your data to model training, provided the AI provider supports this configuration.
5. AI provider data handling. When we use AI tools, the AI provider may receive the data we send to them for processing. We use only AI providers with data processing agreements that limit the use of input data to providing the service to us.

18. Data Retention

We retain personal information for different periods depending on the type of information and the legal or business reason for retaining it.

1. Contact form submissions and inquiry communications: retained for at least five years to maintain a record of communications consistent with Arizona Administrative Code R4-28-802, and potentially longer for ongoing client relationships or to defend against potential claims.
2. Transaction records (where you become a client): retained for the period required by A.A.C. R4-28-802 (typically five years from the closing or transaction termination date) and any longer period required by our brokerage, tax law, or our insurance carrier.
3. Email and SMS marketing consent records: retained for at least four years after the most recent communication or opt-out, consistent with the TCPA statute of limitations and best practices.
4. Call recordings (if made): typically retained for the transaction-record period if related to a transaction, or 12 to 24 months for non-transaction calls, consistent with our records schedule.
5. Analytics data: aggregated data retained per the retention policies of the analytics tool used.
6. Cookies: retained per the cookie's specified lifetime, which varies. Session cookies expire when you close your browser; persistent cookies have specified expiration dates.

You may request deletion of your personal information at any time consistent with your state's privacy law and the carve-outs described in Section 22 (California) and Section 23 (other states). Some data must be retained even after a deletion request to comply with legal obligations, including ADRE record retention rules and tax law.

19. Data Security and FTC Safeguards

We take reasonable technical, administrative, and physical safeguards to protect personal information from unauthorized access, alteration, disclosure, or destruction. Our security measures include:

1. HTTPS/TLS encryption of Site traffic;
2. Password-protected administrative access with strong password requirements;
3. Limited internal access to personal information on a need-to-know basis;
4. Use of reputable service providers with their own security practices (Hostinger, SendGrid/Twilio, etc.);
5. Periodic review of security practices;
6. Secure deletion of personal information when no longer needed and not subject to retention requirements.

The Federal Trade Commission's Safeguards Rule (16 CFR Part 314) applies to financial institutions and has been expanded in scope. While the Safeguards Rule does not categorically apply to real estate brokerages, we have considered its principles in designing our security program for handling sensitive financial information related to short sales.

No system is perfectly secure. We cannot guarantee the absolute security of information transmitted over the internet or stored on our systems. If you become aware of any security vulnerability or unauthorized access, contact sales@maricopahomesforsale.com immediately.

20. Data Breach Notification

If we experience a data breach affecting your personal information, we will notify you in the manner and within the timeframe required by applicable state and federal law. Notification timelines vary by state and by type of information affected, ranging from "without unreasonable delay" to specific deadlines (30, 45, or 60 days from discovery, depending on the state).

Arizona's data breach notification law (A.R.S. § 18-552) requires notification of Arizona residents within 45 days after discovery of a breach affecting unencrypted personal information. We comply with Arizona's requirements and the requirements of every state that requires notification of its residents affected by a breach.

Notification will be provided by email (if we have a current email address for you), by phone (for serious breaches), and by posting on the Site, as applicable. We will also notify the appropriate state attorneys general and credit reporting agencies if required by law.

Notifications will describe the nature of the breach, the categories of information affected, the steps we are taking to address the breach, the steps you can take to protect yourself, and the contact information for questions.

21. Cross-Border Data Transfers

We are based in the United States and primarily process personal information there. If you access the Site from outside the United States, your information will be transferred to and processed in the United States, which may have data protection laws that differ from the laws of your country.

For EU, UK, and Swiss residents: By using the Site or contacting us, you understand that your personal information will be transferred to the United States. To the extent required, we rely on the EU-US Data Privacy Framework, the UK Extension to the Data Privacy Framework, the Swiss-US Data Privacy Framework, or Standard Contractual Clauses approved by the European Commission as the legal mechanism for the transfer. We can provide additional information about these transfer mechanisms upon request.

Data localization where required. Some states (and other jurisdictions) have or are considering data localization requirements. We monitor these developments and will adjust our practices to comply with applicable requirements.

22. Your Privacy Rights: California (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act and California Privacy Rights Act give you the following rights:

1. Right to know. You may request that we disclose what personal information we have collected about you, the categories of sources, the business or commercial purpose, the categories of third parties with whom we share it, and the specific pieces of personal information we have collected.
2. Right to delete. You may request that we delete personal information we have collected from you, subject to certain exceptions (including the ADRE record retention requirement and legal compliance).
3. Right to correct. You may request that we correct inaccurate personal information we maintain about you.
4. Right to opt out of sale or sharing. Although we do not sell or share personal information, you have the right to direct us not to do so.
5. Right to limit use of sensitive personal information. You have the right to limit our use and disclosure of sensitive personal information to specified purposes.
6. Right to non-discrimination. We will not discriminate against you for exercising your privacy rights. See Section 30.
7. Right to data portability. You may request a copy of your personal information in a portable format.
8. Right to opt out of automated decision-making. Under the California Privacy Protection Agency's ADMT regulations, effective January 1, 2026, you have certain rights regarding significant automated decision-making. We do not engage in such decision-making (see Section 17), but the right is preserved.

To exercise these rights, see Section 26.

California "Shine the Light" law (Civ. Code § 1798.83). California residents may also request a list of third parties to whom we have disclosed certain personal information for those third parties' direct marketing purposes in the preceding calendar year. We do not currently make any such disclosures.

23. Your Privacy Rights: Other US State Residents

As of 2026, the following US states have comprehensive consumer privacy laws in effect that may give you rights similar to those described in Section 22, subject to each state's specific thresholds and exemptions:

1. California (CCPA/CPRA)
2. Virginia (Consumer Data Protection Act)
3. Colorado (Privacy Act)
4. Connecticut (Data Privacy Act)
5. Utah (Consumer Privacy Act)
6. Texas (Data Privacy and Security Act)
7. Oregon (Consumer Privacy Act)
8. Montana (Consumer Data Privacy Act)
9. Iowa (Consumer Data Protection Act)
10. Delaware (Personal Data Privacy Act)
11. New Jersey (Data Privacy Act)
12. New Hampshire (Privacy Act)
13. Tennessee (Information Protection Act)
14. Minnesota (Consumer Data Privacy Act)
15. Maryland (Online Data Privacy Act)
16. Indiana (Consumer Data Protection Act) (effective January 1, 2026)
17. Kentucky (Consumer Data Protection Act) (effective January 1, 2026)
18. Rhode Island (Data Transparency and Privacy Protection Act) (effective January 1, 2026)
19. Nebraska (Data Privacy Act)
20. Florida (Digital Bill of Rights) (narrower scope, applies to large platforms)

Residents of these states generally have, subject to the specific terms of their state's law and applicable exemptions:

1. The right to confirm whether we process your personal data;
2. The right to access your personal data;
3. The right to correct inaccuracies;
4. The right to delete your personal data;
5. The right to obtain a copy of your personal data in a portable format;
6. The right to opt out of the sale of your personal data;
7. The right to opt out of targeted advertising;
8. The right to opt out of certain profiling that produces legal or similarly significant effects;
9. The right to appeal a denial of any of these rights (in states that require an appeal process);
10. The right to non-discrimination for exercising your rights.

To exercise these rights, see Section 26. Note that exemptions may apply (for example, the Arizona Administrative Code real estate record retention requirement is a legitimate basis for retaining transaction records even after a deletion request).

24. Your Privacy Rights: EU, UK, and Switzerland (GDPR)

If you are located in the European Union, the United Kingdom, or Switzerland, you have the following rights under the EU General Data Protection Regulation (GDPR), the UK GDPR, and the Swiss Federal Act on Data Protection (FADP), to the extent these laws apply to our processing of your personal information:

1. Right to be informed about the collection and use of your personal information (this Policy serves that function);
2. Right of access to your personal information;
3. Right to rectification (correction) of inaccurate personal information;
4. Right to erasure ("right to be forgotten"), subject to legal exceptions;
5. Right to restrict processing of your personal information in certain circumstances;
6. Right to data portability in a structured, commonly used, machine-readable format;
7. Right to object to processing based on legitimate interests, including direct marketing;
8. Rights related to automated decision-making and profiling, including the right not to be subject to a decision based solely on automated processing that produces legal or similarly significant effects;
9. Right to withdraw consent at any time where processing is based on consent;
10. Right to lodge a complaint with a supervisory authority.

Legal basis for processing. Where GDPR applies, we process personal information on the legal bases of: (a) your consent (for marketing communications); (b) performance of a contract or pre-contract steps at your request (responding to your inquiry and providing services); (c) compliance with a legal obligation (record retention, regulatory compliance); and (d) our legitimate interests (operating our business, preventing fraud, etc.), where those interests are not overridden by your interests, rights, and freedoms.

To exercise these rights, see Section 26.

25. Your Privacy Rights: Canada (PIPEDA)

If you are a resident of Canada, the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy laws may give you rights regarding your personal information, including the right to access, correct, and withdraw consent. To exercise these rights, contact us using the methods in Section 26.

26. How to Exercise Your Rights

To exercise any privacy right described in this Policy:

1. Email: sales@maricopahomesforsale.com with the subject line "Privacy Request" and a description of your request.
2. Phone: 520-838-8037, asking for the privacy team.
3. Postal mail: Contact us by email or phone to obtain our current mailing address.

Please include in your request: your name; the contact information you previously provided to us (if any); the specific right you are exercising; and sufficient detail to allow us to understand and respond to your request.

Response timing. We will acknowledge receipt of your request within ten (10) business days and respond substantively within forty-five (45) days, with one possible extension of forty-five days where reasonably necessary. EU and UK GDPR responses are provided within thirty (30) days, with a possible one-month extension for complex requests. We will notify you if an extension is needed.

No fee. We do not charge a fee to respond to privacy rights requests, unless the request is excessive, repetitive, or unfounded, in which case we may charge a reasonable fee or refuse the request as permitted by applicable law.

27. Verifiable Consumer Request Process

Before fulfilling a request to access, delete, or correct personal information, we must verify that you are the person to whom the information relates (or an authorized agent of that person; see Section 28).

Verification methods may include:

1. Matching the contact information you provide in the request to contact information we already have for you (typically two to three matching data points);
2. Asking you to confirm specific details about prior communications with us;
3. Requesting a signed declaration under penalty of perjury for sensitive requests;
4. For high-risk requests (such as deletion of significant records), additional verification steps are proportional to the sensitivity of the information.

If we cannot verify your identity to a reasonable degree, we may decline to fulfill the request and will explain why. You may then provide additional information to support verification.

We do not use the information you provide for verification for any purpose other than to verify the request.

28. Authorized Agents

You may designate an authorized agent to make a privacy rights request on your behalf, consistent with the CCPA/CPRA, the Virginia VCDPA, and similar state laws.

To use an authorized agent:

1. You must provide signed permission for the agent to act on your behalf;
2. You must verify your identity directly with us;
3. The agent must provide evidence of authorization, such as a power of attorney or a notarized written designation.

We may deny requests from authorized agents who cannot provide sufficient evidence of authorization. We may also contact you directly to verify the agent's authority.

29. Right to Appeal

If we decline to act on your privacy rights request, you have the right to appeal that decision in states that provide an appeal process (including Virginia, Colorado, Connecticut, and others).

To appeal:

1. Submit your appeal within sixty (60) days of our initial response;
2. Email sales@maricopahomesforsale.com with the subject line "Privacy Appeal" and the original request reference;
3. We will respond to the appeal within sixty (60) days with our final decision and the reasons.

If you are not satisfied with the result of your appeal, you may contact your state attorney general or other applicable regulator. Contact information for state attorneys general is available at naag.org.

30. Non-Discrimination

We will not discriminate against you for exercising any privacy right described in this Policy. Specifically, we will not:

1. Deny you services;
2. Charge you different prices or rates for services;
3. Provide you with a different level or quality of services;
4. Suggest that you will receive a different price or a different level of service.

We may offer financial incentives or service-level differences if they are reasonably related to the value of your personal information to us, as permitted by applicable law and with proper notice. We do not currently offer any such incentives.

31. Do Not Track Signals

"Do Not Track" (DNT) is a browser setting that signals a preference not to be tracked. There is currently no industry or legal standard for how websites must respond to DNT signals. We do not respond differently to DNT signals because we do not engage in cross-context behavioral tracking regardless of the signal. We do honor the Global Privacy Control signal as described in Section 13.

32. Financial Privacy and GLBA

The federal Gramm-Leach-Bliley Act (GLBA) and its implementing regulations (Regulation P, 12 CFR Part 1016) require certain financial institutions to provide privacy notices to consumers. Real estate brokers are not generally treated as "financial institutions" under GLBA, but we handle certain financial information in connection with short sales and related services.

If we engage in any joint marketing or arrangement that would subject us to GLBA privacy notice requirements, we will provide the required privacy notice consistent with GLBA. Currently, we do not engage in any such arrangement.

33. Data Broker Registration

Several states (California, Vermont, Oregon, Texas) require data brokers to register with the state. The California Delete Act, effective August 1, 2026, expanded California's data-broker requirements and created a single deletion-request mechanism for consumers.

We are not a data broker. A data broker is defined under California law as a business that knowingly collects and sells the personal information of consumers with whom the business does not have a direct relationship. Because we collect personal information only from consumers with whom we have a direct relationship (visitors who contact us about real estate services), we do not meet the definition of a data broker.

We do not sell personal information to any third party (see Section 10). We do not register as a data broker because we do not engage in data brokering.

34. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, applicable law, or for other operational reasons. When we update this Policy, we will update the "Last updated" date at the top.

For material changes that affect the rights or choices of consumers, we will provide additional notice through the Site, by email to any address we have on file, or through other reasonable means at least thirty (30) days before the change takes effect, except where a shorter period is required by law or emergency circumstances.

Your continued use of the Site after the effective date of any change constitutes your acceptance of the updated Privacy Policy.

35. Contact for Privacy Questions

For any privacy questions, to exercise privacy rights, to report a privacy concern, or to provide feedback on this Policy:

1. Email: sales@maricopahomesforsale.com
2. Phone: 520-838-8037
3. Subject lines: Use "Privacy Request," "Privacy Appeal," or "Privacy Question" as appropriate.

The James Sanson Team at Real Broker, LLC. Licensed in Arizona. ADRE-regulated. NAR member.

For complaints unrelated to us, you may contact:

1. Your state attorney general (naag.org);
2. The Federal Trade Commission (ftc.gov);
3. The Consumer Financial Protection Bureau (consumerfinance.gov);
4. Your state privacy regulator (the California Privacy Protection Agency for California residents);
5. An EU supervisory authority for EU residents, the UK Information Commissioner's Office for UK residents, or the Federal Data Protection and Information Commissioner for Swiss residents.

Effective date May 15, 2026. James Sanson | Real Broker LLC | Licensed in Arizona | 520-838-8037. This Privacy Policy is intended to provide substantial protection consistent with current federal law, all 20 US state comprehensive privacy laws as of 2026, EU/UK GDPR, Canadian PIPEDA, and lead-generation industry best practices. It is not legal advice and has not been reviewed by an attorney engaged by you. We strongly recommend consulting an Arizona real estate attorney experienced in privacy law before relying on this Policy in any legal matter.