Who we are
The Showing ("we," "our," or "us") is a video-generation service for real estate professionals, operated by The Showing, Inc., based in Pleasanton, California. This Privacy Policy describes how we collect, use, share, and protect information when you use theshowing.ai and the related applications and services (the "Service").
Information we collect
Account information. When you create an account we collect your name, email address, and authentication identifiers from our identity provider (Clerk). If you subscribe to a paid plan we also receive billing-related identifiers from Stripe (we do not store full payment card details — Stripe handles those directly).
Listing content you upload.Real estate listing photos, addresses, MLS numbers, property descriptions, and any related text or media you provide for video generation. These are stored in our object storage (Cloudflare R2) and database (Supabase) under your organization's account.
Brand information. Logos, headshots, brokerage details, contact information, and other branding assets you add to your Brand Studio.
Generated videos and metadata. The video files we render for you, along with the template, model, photo sequence, and timestamps used to produce them.
Usage and device information. Standard request data (IP address, user agent, pages visited, feature interactions) and product analytics events. Errors are captured to help us debug.
How we use your information
- To render your videos — uploading the photos you select to AI-generation providers, running them through our composition pipeline, and storing the final video against your account.
- To operate the Service: authentication, organization billing, account recovery.
- To send you transactional notifications (e.g. "your video is ready", generation failures, billing receipts).
- To improve the product — diagnose bugs, understand which templates and features are used, and inform our roadmap. Aggregated and anonymized except where individual support requests require otherwise.
- To comply with legal obligations and enforce our Terms of Service.
We do not sell your personal information, and we do not use the content of your listing photos or generated videos to train our own AI models.
AI processing and content disclosure
The Showing uses third-party generative AI services to produce video output from your listing photos. This section is intended to satisfy the disclosure requirements of the California AI Transparency Act and the EU AI Act, among other emerging regimes.
What we send to AI providers. When you click Generate, we send the listing photos you select (or a subset, depending on the template) to our model providers. The current providers are:
- fal.ai (Veo, Kling) — for video generation. Photos are uploaded as signed-URL inputs; output video URLs are returned to us.
- Google AI (Gemini) — for optional photo room-type tagging. A small thumbnail of the uploaded photo is sent for classification.
What the providers do with the data.We process under each provider's commercial API terms. To our knowledge, neither fal.ai nor Google's AI APIs train their public models on customer API content under the standard commercial tier. We do not pass through your personal contact information to these providers — only the photos and the prompt strings necessary to render the requested template.
Your generated videos contain AI-generated content. The video output combines AI-generated motion or full AI-rendered clips with your real listing photography. We retain provenance metadata on every render (the model used, the generation timestamp, the source photos and template). Where required by law, we will surface a visible AI disclosure on the rendered output and in the metadata returned to your account.
Accuracy. AI-generated visuals may not exactly represent the property. You are responsible for ensuring marketing materials you publish meet your local MLS, association, and state real estate regulations regarding photo and video accuracy.
Service providers and subprocessors
We use the following service providers to operate the Service. Each receives only the data needed for its function and is bound by contractual confidentiality and security obligations.
- Clerk — authentication, sign-in/sign-up, session management.
- Supabase — primary application database (PostgreSQL).
- Cloudflare R2 — object storage for uploaded photos and rendered video output.
- Stripe — billing, subscription management, invoicing. Stripe stores payment card details directly; we never see them.
- fal.ai — AI video generation.
- Google AI (Gemini) — optional photo room-type classification.
- AWS Lambda + S3 (us-west-2) — Remotion video rendering for Photo Motion templates.
- Inngest — background job queue for the rendering pipeline.
- Vercel — application hosting and CDN.
- Resend — transactional email delivery.
- PostHog — product analytics. We do not enable session recording.
- Sentry — error tracking. May incidentally include URLs and stack traces.
- Upstash — rate-limit counters.
We will update this list as our infrastructure evolves. Material changes that expand the set of recipients of personal data will be communicated via email and/or a banner in the application before they take effect.
Data retention
We retain account data, listings, photos, and generated videos for as long as your organization's account is active. If you delete a listing, photo, or video the underlying object is soft-deleted in our database immediately and removed from object storage on a best-effort schedule (typically within 30 days). If you delete your account (see Your rights), we delete all associated personal data within 30 days, except where retention is required by law (e.g. tax records).
Aggregated, anonymized usage data may be retained indefinitely for product analytics.
How we protect your information
We use industry-standard practices to protect your information: TLS in transit, encrypted storage at rest with our cloud providers, role-based access controls within our application, signed URLs for object storage, audit logging of administrative actions, and security headers including HSTS and Content Security Policy on every response.
No method of transmission or storage is 100% secure. We'll notify you promptly of any breach affecting your personal data, in accordance with applicable law.
Your rights
Depending on where you live, you may have the following rights regarding your personal information:
- Access — request a copy of the personal data we hold about you.
- Correction — ask us to correct inaccurate or incomplete information.
- Deletion — ask us to delete your account and associated personal data (subject to legal retention exceptions).
- Portability — request a structured, machine-readable export of your data.
- Objection — object to processing for direct marketing or other legitimate-interest purposes.
- Withdrawal of consent — withdraw any consent you previously gave us.
To exercise these rights, email hello@theshowing.ai from the address on your account, or use the account-management page once it's available. We respond within 30 days. California residents (CCPA/CPRA), EU/UK residents (GDPR/UK GDPR), and Canadian residents (PIPEDA) may have additional or different rights under their respective regimes; we honor those.
Children
The Service is not directed to children under 16, and we do not knowingly collect personal information from them. If you believe a child has provided us personal information, please contact us so we can remove it.
Changes to this policy
We may update this policy from time to time. Material changes will be communicated by email and/or a banner in the application before they take effect, with at least 30 days notice for changes that expand the categories of data we collect or share.
Contact
Questions about this policy or your data? Email hello@theshowing.ai.