Privacy Policy

Massachusetts & Connecticut — includes SMS program disclosures

1. Introduction

Blue Real Estate LLC (“Company,” “we,” “our,” or “us”) respects and protects the privacy of our clients, including buyers, sellers, landlords, and tenants. This Privacy Policy complies with applicable privacy and consumer protection laws in the Commonwealth of Massachusetts and the State of Connecticut.

2. Information We Collect

A. Personal Information

  • Full name, phone number, email address
  • Mailing address and property addresses
  • Government-issued identification (when required for compliance)

B. Financial Information

  • Mortgage pre-approval and lender documentation
  • Banking or payment details (only when necessary)
  • Credit-related information via licensed third-party lenders

C. Transaction & Property Data

  • Listing details, ownership records, lease terms
  • Purchase and sale agreements

D. Communication Records

  • Emails, SMS, call logs, and CRM notes
  • Recorded calls (only where legally permitted and disclosed)

3. Legal Basis for Use (CT & MA Compliance)

We collect and use your data only when legally permitted, including:

  • To perform contractual obligations (real estate services)
  • To comply with legal and regulatory requirements
  • For legitimate business interests (marketing, service improvement)
  • With your consent (where required)

4. How We Use Your Information

  • Facilitate real estate transactions
  • Communicate regarding listings, offers, and services
  • Coordinate with licensed third parties (attorneys, lenders, inspectors)
  • Market properties (MLS, online platforms, advertising)
  • Maintain compliance with state real estate laws

5. Massachusetts Data Security Compliance

In accordance with 201 CMR 17.00 (Massachusetts Data Security Law), we:

  • Maintain a Written Information Security Program (WISP)
  • Encrypt personal information transmitted over public networks
  • Restrict access to sensitive data on a need-to-know basis
  • Regularly monitor systems for unauthorized access
  • Require secure authentication protocols (passwords, access controls)
  • Train employees and Virtual Assistants on data security practices

6. Connecticut Data Privacy Compliance

In accordance with the Connecticut Data Privacy Act (CTDPA), Connecticut residents have the right to:

  • Access personal data we hold about them
  • Correct inaccuracies
  • Request deletion of personal data
  • Opt out of targeted advertising or data processing

Requests may be submitted to: cam@blue-re.com.

We will respond within the legally required timeframe (typically 45 days).

7. Data Sharing & Disclosure

We do not sell personal information.

We may share data strictly as needed with:

  • Licensed real estate professionals
  • Attorneys and title companies
  • Mortgage lenders and financial institutions
  • Inspectors, appraisers, contractors
  • Property management services

All third parties are expected to maintain appropriate data protection standards.

8. Data Security Measures

Technical Safeguards

  • Encrypted systems and secure cloud-based CRM
  • Firewall and antivirus protections

Administrative Safeguards

  • Confidentiality agreements for staff and contractors
  • Limited access protocols

Physical Safeguards

  • Secure document storage
  • Controlled office access

9. Data Breach Notification (MA & CT)

In the event of a data breach involving personal information:

  • We will notify affected individuals promptly
  • We will comply with:
    • M.G.L. c. 93H (Massachusetts Data Breach Law)
    • Connecticut General Statutes §36a-701b

Notifications will include required disclosures and steps for protection.

10. Data Retention

We retain data only as long as necessary for:

  • Transaction completion
  • Legal compliance (including MA & CT recordkeeping requirements)
  • Dispute resolution

11. Cookies & Digital Tracking

Our website may use cookies for:

  • Website performance
  • User experience improvements
  • Analytics and marketing

Users may disable cookies via browser settings.

12. Your Rights

Depending on your state of residence, you may:

  • Request access, correction, or deletion
  • Opt out of marketing communications
  • Limit use of certain personal data

Contact Blue Real Estate LLC: cam@blue-re.com or 617-991-0737.

13. SMS Messaging Program (Terms & Privacy for Text Messages)

Blue Real Estate LLC respects your privacy. By opting into our SMS messaging service, you agree to the following terms regarding how we handle your data for that program:

  • Data collection: We collect your name, email address, and mobile phone number when you sign up for SMS updates. We may also collect mailing or property address when you provide it in connection with real estate services. Information may be collected through our website contact form, email correspondence, rental agreements, third-party reservation or listing systems, or when you text a keyword to our messaging number.
  • Data usage: We use this information solely to communicate via SMS about informational and transactional topics related to your relationship with us, including appointment reminders and showing alerts; transaction, lease, and application status updates; service notifications and follow-up confirmations; and occasional promotional messages about our real estate services.
  • Data security: We protect your data with secure storage measures and access controls designed to help prevent unauthorized access.
  • Data retention: We retain your SMS subscription information while you remain subscribed. You may request deletion of your information at any time by contacting us using the methods below.
  • Message and data rates may apply. Your mobile carrier may charge fees for sending or receiving text messages, especially if you do not have an unlimited texting or data plan.
  • Message frequency: Messages are recurring, and message frequency varies based on your activity, requests, and relationship with us.
  • Help and opt-out contact: Contact Blue Real Estate LLC at 617-991-0737 or cam@blue-re.com for help or to stop receiving messages.
  • Opt-out: You can opt out of the SMS list at any time by texting STOP or CANCEL, by emailing cam@blue-re.com, or by calling 617-991-0737. After you unsubscribe, you may receive a final SMS confirming that you have unsubscribed; we will remove your number from our SMS list within 24 hours of processing your request.
  • HELP: You can send HELP for additional assistance; we will respond with information that includes our phone number, email address, and website (https://blue-re.com/).
  • Non-sharing: We do not share your data with third parties for their own marketing purposes. Blue Real Estate LLC will not sell, rent, or share collected mobile numbers for marketing. All sharing described elsewhere in this Privacy Policy excludes SMS opt-in and consent records; opt-in information is not shared with anyone for any purpose except as needed to transmit messages through our SMS service provider.

14. Mobile Information & Marketing Use

Mobile information (including phone numbers and SMS-related data) will not be shared with third parties for their marketing or promotional purposes. We do not sell personal information. Sharing with service providers, transaction parties, and others is limited to what is described in Section 7 and applicable law.

15. Updates

We reserve the right to update this policy. Updates will be posted with a revised effective date.

Written Information Security Program (WISP)

Compliant with Massachusetts 201 CMR 17.00 & Connecticut Data Protection Standards

Effective date: January 1, 2026

1. Purpose

The purpose of this Written Information Security Program (“WISP”) is to establish a comprehensive framework to safeguard personal information maintained by Blue Real Estate LLC (“Company”). This program is designed to:

  • Protect the security and confidentiality of personal information
  • Prevent unauthorized access, use, or disclosure
  • Ensure compliance with Massachusetts 201 CMR 17.00 and applicable Connecticut data protection laws

2. Scope

This WISP applies to:

  • All employees, independent contractors, and Virtual Assistants
  • All systems, devices, and platforms used to access or store personal information
  • All personal information collected in the course of real estate brokerage services

3. Definition of Personal Information

“Personal Information” includes:

First and last name combined with any of the following:

  • Social Security number
  • Driver’s license or state ID number
  • Financial account or credit/debit card number
  • Any data that can reasonably identify an individual client, including contact and transaction details

4. Data Security Coordinator

Blue Real Estate LLC designates:

Name: Charles Cameron

Responsibilities:

  • Implementing and maintaining the WISP
  • Monitoring compliance
  • Conducting annual reviews
  • Responding to security incidents

5. Risk Assessment

We regularly assess internal and external risks, including:

  • Unauthorized access by employees or third parties
  • Weak password or authentication practices
  • Data exposure through CRM systems or cloud storage
  • Risks associated with Virtual Assistants and remote access

6. Access Control

A. Limiting Access

Access to personal information is:

  • Restricted to authorized personnel only
  • Based on job responsibilities (“need-to-know” basis)

B. Authentication

  • Unique user IDs and strong passwords required
  • Multi-factor authentication (MFA) implemented where possible

C. Termination Procedures

  • Immediate revocation of system access upon termination
  • Recovery of company devices and credentials

7. Employee & Contractor Policies

  • All staff and Virtual Assistants must sign confidentiality agreements
  • Training on data protection and phishing awareness is required
  • Access to sensitive data is limited and monitored

8. Technical Safeguards

A. System Security

  • Secure, password-protected CRM systems
  • Firewall and antivirus software installed and updated
  • Automatic software updates enabled

B. Encryption

  • Personal information encrypted during transmission over public networks
  • Encryption used for stored sensitive data when feasible

C. Device Security

Laptops and mobile devices must:

  • Be password protected
  • Use screen lock after inactivity
  • Have remote wipe capability where possible

9. Physical Security Measures

  • Paper files stored in locked cabinets
  • Office access restricted to authorized individuals
  • Documents properly shredded before disposal

10. Third-Party Vendor Management

We only work with vendors who:

  • Maintain appropriate data security practices
  • Provide secure systems (e.g., CRM, transaction management platforms)

Steps include:

  • Reviewing vendor security standards
  • Limiting data shared to what is necessary
  • Ensuring contracts include data protection obligations

11. Data Minimization & Retention

  • Only necessary data is collected
  • Personal information is retained only as long as required for:
    • Legal compliance
    • Transaction processing
  • Secure disposal methods used when data is no longer needed

12. Monitoring & Testing

  • Regular monitoring of systems for unauthorized access
  • Periodic review of access logs (when available)
  • Annual review of WISP effectiveness

13. Incident Response Plan

In the event of a data breach:

A. Immediate Actions

  • Secure systems and contain breach
  • Assess scope and impacted data

B. Notification Requirements

We will comply with:

  • Massachusetts General Laws Chapter 93H
  • Connecticut General Statutes §36a-701b

This includes:

  • Notifying affected residents
  • Notifying the Attorney General and relevant agencies
  • Providing required disclosures

C. Documentation

  • All incidents will be documented
  • Corrective actions implemented to prevent recurrence

14. Remote Access Policy

For Virtual Assistants and remote team members:

  • Access only through secure systems
  • Use of VPN recommended
  • No use of public/unsecured Wi-Fi without protection
  • Personal devices must meet security standards

15. Disciplinary Measures

Violations of this WISP may result in:

  • Suspension of access
  • Termination of employment or contract
  • Legal action if applicable

16. Program Review

This WISP will be reviewed:

  • At least annually
  • Upon material changes in business practices
  • After any data security incident

17. Certification

Blue Real Estate LLC affirms its commitment to maintaining a comprehensive information security program in compliance with Massachusetts and Connecticut laws.

Authorized by: Charles A. Cameron

Title: President

Date: January 1, 2026