// Trust & Security Report

    Rechat, Inc. logo

    Rechat, Inc.

    Rechat is an all-in-one AI-powered real estate operating system for brokers and brokerages, comprising four connected modules: Studio (marketing/websites/social/ads), People (CRM/contacts/lead routing), Deals (transaction/listing management), and Lucy (an AI assistant integrated across contacts, listings, deals, and marketing).

    Certifications held

    0

    Maturity

    Startup

    Trains on your data

    Unknown

    Trust center

    No

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    > Show 9 unconfirmed / not-held certifications
    SOC 2 (Type 1/2)
    NOT CONFIRMED

    No public evidence. The Enterprise page states only: 'Rechat undergoes annual third party audits to ensure data integrity, compliance, and total peace of mind' with no report type, auditor, or scope named, and no SOC 2 badge or report link anywhere on the site.

    source: rechat.ai
    ISO 27001
    NOT CONFIRMED

    No public evidence of ISO 27001 certification on rechat.ai or rechat.com; not mentioned on Enterprise, Brokerage, Terms, or Privacy Policy pages.

    source: rechat.ai
    GDPR
    NOT CONFIRMED

    Privacy Policy discusses cross-border data transfer ('Your PII may be transferred to, and maintained on, computers located outside of your state, province, country') but does not name GDPR, a legal basis for EU transfers, or an EU representative. No explicit GDPR compliance claim found.

    source: rechat.ai
    HIPAA
    NOT CONFIRMED

    No public evidence. Rechat is a real estate CRM/marketing platform, not a healthcare product, and HIPAA is not referenced anywhere on the site.

    source: rechat.ai
    PCI DSS
    NOT CONFIRMED

    No public evidence of PCI DSS certification; no first-party payment card handling described on the site (billing/payments are not detailed).

    source: rechat.ai
    ISO 27017 / 27018 / 27701
    NOT CONFIRMED

    No public evidence found on any Rechat-owned page.

    source: rechat.ai
    ISO/IEC 42001 (AI management)
    NOT CONFIRMED

    No public evidence found. Rechat markets an AI assistant ('Lucy') but has no published AI governance certification.

    source: rechat.ai
    CSA STAR / CSA STAR AI
    NOT CONFIRMED

    No public evidence found on any Rechat-owned page or the CSA STAR registry search performed via web search.

    source: rechat.ai
    FedRAMP
    NOT CONFIRMED

    No public evidence; not applicable, Rechat is a commercial real estate SaaS product with no federal government listing found.

    source: rechat.ai

    // Privacy & AI training

    Trains on customer data

    Not stated

    Data processing agreement

    Not offered

    Data region

    United States (Rechat is Dallas, TX headquartered); Privacy Policy states PII 'may be transferred to, and maintained on, computers located outside of your state, province, country' for processing, without naming specific data-center regions.

    Rechat's Privacy Policy and Terms do not contain any explicit language about whether customer/agent data (contacts, listings, deal records) is used to train Rechat's own models or the 'Lucy' AI assistant, and there is no opt-out toggle described publicly. Lucy is described in press coverage and Rechat's help center as being 'fully integrated with the agent's contacts, listing data, marketing and deals,' which means it processes customer data operationally, but no source addresses model-training use. Marked null pending a direct vendor confirmation; AIFOXX should flag this as unconfirmed rather than assume either way.

    // Security controls

    Encryption in transit

    Privacy Policy states sensitive form data is encrypted via SSL/TLS ('we encrypt this data using SSL or other technologies'); no encryption-at-rest specifics published.

    rechat.ai

    Single Sign-On (SSO)

    Enterprise page advertises SSO support: 'Authenticate users securely and efficiently with Single Sign On support across your organization.' Deals module also references e-signature 'Single sign on and integration.'

    rechat.ai

    Third-party audits

    Vendor claims (unverified, no report or auditor named): 'Rechat undergoes annual third party audits to ensure data integrity, compliance, and total peace of mind.'

    rechat.ai

    Uptime / reliability

    Vendor claims 99.999% historical uptime for the Rechat service, with a linked system-status page referenced but not independently verified here.

    rechat.ai

    Third-party API data restrictions (Google)

    Privacy Policy states Rechat complies with Google API Services 'Limited Use' requirements: data is limited to user-facing features, prohibited from ad/retargeting use, and human access to raw data is restricted.

    rechat.ai

    // Products & data scope

    Rechat StudioReal estate marketing suite (websites, email, social, print, ads)

    data: Listing content, agent branding assets, contact lists for e-blasts/campaigns

    Same platform-wide privacy/security posture as the rest of Rechat; no module-specific certification found.

    Rechat PeopleReal estate CRM

    data: Contacts, leads, tasks, calendar, lead-routing data

    Core PII-holding module; subject to the general Privacy Policy, no dedicated CRM-specific compliance page found.

    Rechat DealsTransaction / listing management

    data: MLS listing data, deal/contract records, checklists, e-signature integration

    Handles regulated real estate transaction data (MLS feeds); no evidence of MLS-specific compliance certification beyond general SSO/e-sign integration claims.

    Lucy (AI assistant)Embedded AI agent

    data: Reads across contacts, listings, deals, and marketing content to answer queries, draft communications, and generate marketing assets

    No published AI-specific governance page, model-training disclosure, or opt-out mechanism found; flagged as an open question for enterprise buyers.

    // What to watch

    • Possible marketing over-claim: Enterprise page says Rechat 'undergoes annual third party audits to ensure data integrity, compliance, and total peace of mind' but names no specific certification (no SOC 2, ISO 27001, or auditor), no report is downloadable, and there is no trust center. This reads as a vague compliance claim not backed by a verifiable credential; AIFOXX should not translate this into a SOC 2 or ISO badge.
    • No stated position on whether the 'Lucy' AI assistant or other Rechat AI features train on customer/agent data, and no opt-out is described publicly.
    • No Data Processing Agreement (DPA) or GDPR-specific commitments found, which is a gap for any EU-based brokerage customers even though Rechat's primary market is US real estate.

    // At a glance

    Pricing model

    Not publicly disclosed on rechat.ai (custom demo-gated pricing); third-party listings (Capterra) reference tiered/per-seat SaaS pricing but no vendor-verified figures found.

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Rechat, Inc.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-07-08. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    rechat.ai

    > Browse all vendor trust reports