Open house sign in data privacy is the kind of question nobody prepares for until a visitor pauses at the door and asks it out loud: "Who sees this?" It is a fair question, and most agents can't answer it with precision. Not because they're hiding anything, but because the answer depends on how the sign-in gets captured. A paper sheet, a free app, a generic form builder, and an on-device app each send visitor data down a different path, and some of those paths run longer than most agents realize.
What follows is a sourced walkthrough of where open house visitor data actually flows in each capture method, drawn from the vendors' own public documentation. No insinuation, no scare tactics. Every business model described here is legal, disclosed, and in at least one case genuinely popular with agents. The goal is modest: you, and the visitor standing in front of you, should know where the data goes. At the end you'll find a five-question due-diligence checklist you can run against any sign-in vendor. To keep ourselves honest, we run OpenHouse through the same five questions, including the parts where the honest answer is a limitation.
The paper sheet: every visitor is the audience
Start with the method that feels safest because it has no servers at all: the clipboard on the entry table. The data privacy problem with a paper sign-in sheet has nothing to do with a corporation. The problem is the room.
Every visitor who signs in after the first one can read every previous entry. By 2 PM on a busy Sunday, the eighth visitor is looking at seven names, seven phone numbers, and seven email addresses while deciding how honest to be about their own. Some write illegibly on purpose. Others put down a fake number or skip the line entirely. The sheet is also a physical object in a public room. Other agents photograph competitor sheets more often than anyone admits, and sheets get left on the counter at pack-up, ride around in a car for a week, or land in a recycling bin fully legible.
No company monetizes a paper sheet. Even so, its open house sign in data privacy is the weakest of any method in this article: every subsequent stranger gets full disclosure, with no access control and no record of who looked. If you're weighing the clipboard against an app for other reasons too, paper sheets have this problem too, alongside the legibility and follow-up issues covered in that guide.
Free apps funded by lender co-marketing
The most popular digital sign-in apps cost nothing, and the reason deserves a plain statement: many are funded by lender co-marketing. A mortgage lender pays to be paired with an agent's listings. In exchange, the lender gets visibility into, or direct contact with, interested buyers.
Curb Hero is the clearest example, partly because it leads the category (free, with a 4.9-star App Store rating, and genuinely well liked by agents) and partly because it documents the model openly. According to Curb Hero's own help center, a default lender may be assigned to your listings, and lead information is shared with that lender when a visitor opts into mortgage-related questions during sign-in. That is the documented design. The visitor has to opt into the mortgage questions before their info is shared, and agents can pair with a lender of their choice.
Fairness to Curb Hero matters here, because the point of this article is accuracy, not insinuation. This is a disclosed, opt-in arrangement, not a data breach. Plenty of agents actively want the lender pairing. A co-marketing lender offsets costs and can help a buyer who needs financing. If that describes your business, the model works as designed and the free price is real.
The data privacy question for agents is narrower: do you and your visitors know this is the deal? The trade is your visitors' sign-in data flowing to a third party whose business is mortgage origination. When a visitor at your table asks who sees this, the accurate answer with a lender-paired free app is: you, the app company, and, if they opt into the mortgage questions, an assigned lender. Some agents are comfortable saying that out loud. Others discover they aren't the first time they try.
Generic form tools: your data in a cloud account
The third pattern is the do-it-yourself stack: a Google Form, Typeform, Jotform, or something similar, opened on a tablet at the door. No lender and no real-estate-specific vendor, but a different set of open house data privacy questions.
With a generic form tool, your visitor data sits in a general-purpose cloud account, governed by that platform's terms and by your own account hygiene. The practical risks are mundane rather than sinister. The account is often a personal Gmail rather than a business login. Responses pile up in a spreadsheet shared more widely than anyone remembers. Nobody revokes access when an assistant or co-listing agent moves on. And the visitor sees no real-estate-specific disclosure at all, so they consent to nothing in particular. The data also lives wherever the platform's servers live, indefinitely, until someone remembers to delete it.
None of this rises to scandal. It is diffuse custody: visitor data spread across accounts and spreadsheets with no one clearly responsible for it. For an agent fielding the "who sees this?" question, the honest answer becomes "me, plus whoever has access to my form account," which is vaguer than it should be.
On-device apps: the short data path
The fourth pattern keeps sign-in data on the hardware that captured it. An offline-first, on-device app writes visitor records to a local database on the iPad or iPhone, and the data leaves only when the agent deliberately exports it to a CSV, a contact card, or a CRM. No vendor server holds a copy, which means no vendor server exists to monetize, subpoena, breach, or shut down. It is the shortest data path of the four, and the simplest open house sign in data privacy story to tell a visitor at the door.
OpenHouse uses this model, and we will put it under the same scrutiny as everyone else below rather than simply asserting it is better. The on-device model has real limitations too, and a fair comparison should name them.
Who can see your open house visitor data, method by method
| Capture method | Who can see the data | Where it's stored | Survives vendor shutdown? |
|---|---|---|---|
| Paper sign-in sheet | Every subsequent visitor; anyone who photographs or finds the sheet | A physical page, uncontrolled | Yes (no vendor), but easily lost |
| Free app with lender co-marketing | Agent; app vendor; assigned lender when visitor opts into mortgage questions (per Curb Hero's documented model) | Vendor's cloud servers | Only via vendor's export/wind-down process |
| Generic form tool | Agent; anyone with access to the form account or shared sheet; platform per its terms | Form platform's cloud | Only if exported before account/platform issues |
| On-device app (e.g., OpenHouse) | Agent; anyone the agent exports to | Local database on the agent's device | Yes, the data is already on your device |
The 5-question vendor due-diligence checklist
You can run this checklist against any sign-in vendor, free or paid, app or form, in about fifteen minutes with their public docs.
- Who monetizes my visitors? If the product is free, find the revenue. Lender co-marketing, advertising, and data partnerships are all legitimate answers, but they should be findable answers, written in the vendor's own help docs or privacy policy, not a mystery.
- Where is the sign-in data stored? On the vendor's servers, a third-party cloud, or the device? Storage location determines who can access the data, which laws apply, and what happens during an outage at a listing with no signal.
- Can I export everything? All fields, all visitors, all listings, not a summary. If export is partial, gated, or "contact support," the vendor is treating your data as a retention hook rather than your property.
- What happens if the vendor dies? Acquisitions and shutdowns are normal in this category. Is there a documented wind-down or export commitment, or would you be refreshing a dead login page?
- What does the visitor see disclosed? Stand on the visitor's side of the iPad. Is there any indication of who receives their info? Could you read the sign-in screen aloud to a skeptical visitor without wincing?
Script for the door, if a visitor asks: "Good question. Your info goes [where], it's seen by [who], and I use it to [follow up / send the seller a report]. Nothing else."
Running OpenHouse through the same five questions
A checklist you won't apply to your own product is marketing, not due diligence. So here are the same five questions, answered for OpenHouse, honest limits included.
- Who monetizes your visitors? Nobody. OpenHouse is a paid app ($9.99/month or $79.99/year, with a one-month free trial). Agents are the customer, so visitor data is not the revenue. There are no lender pairings, no ads, and no data resale. The trade-off is equally plain: it isn't free, and Curb Hero is.
- Where is the data stored? In a local database on your iPhone or iPad. OpenHouse makes zero network calls; our answer: keep data on the device, so no OpenHouse server holds a copy of your leads. Honest limit: you hold the only copy. If you lose the device without a device backup, we cannot recover your leads for you, because we never had them.
- Can you export everything? Yes. CSV, PDF, Contacts, vCard, and CRM handoff, with every field included. Export still works in read-only mode if your subscription lapses; your data never becomes hostage to a payment.
- What happens if the vendor dies? Your data is already on your device, in exportable formats. If Amenti Labs disappeared tomorrow, the installed app and your local database wouldn't. That is a structural answer, not a promise that depends on a wind-down team doing the right thing.
- What does the visitor see disclosed? A single-screen sign-in with no third-party branding and no hidden questionnaire, plus our own privacy policy, held to the same standard we apply to everyone else in this article, stating plainly that visitor data stays on the agent's device unless the agent exports it. Honest limit: disclosure of the agent's own follow-up practices is still on the agent. No app can promise what you will do with a phone number.
Spacio: the vendor-death case study
If question four feels theoretical, it isn't. Spacio was a venture-backed, brokerage-grade open house sign-in platform, acquired by HomeSpotter and then folded into Lone Wolf, and for years it was a default recommendation for teams. Its App Store listing was removed on January 12, 2026.
Agents whose sign-in data lived in Spacio's cloud experienced exactly the dependency the checklist describes: their visitor records existed at the pleasure of a wind-down process they didn't control. Those who had exported regularly were fine. Those who treated the vendor's servers as their permanent system of record had to hope the export window stayed open long enough.
Spacio was not a bad product. It was a capable platform with a real team behind it. The lesson is structural: every cloud-hosted sign-in vendor carries this failure mode, and the only mitigations are regular exports or an architecture where the data never leaves your hands in the first place.
The honest summary
There is no villain in open house sign in data privacy. Paper sheets leak sideways to other visitors. Lender-funded free apps share data exactly the way their documentation says they do, with opt-in consent, to people in the mortgage business. Form tools scatter visitor data across cloud accounts nobody audits. On-device apps keep the data path short and make you the custodian of your own backups.
Every model is a trade. The only wrong move is not knowing which trade you've made. So run the five questions on whatever sits on your entry table this Sunday, ours included. If the answers you want are "nobody monetizes my visitors" and "the data never leaves my device," that is the trade OpenHouse was built around, and you can try it free for a month.
Frequently asked questions
Who can see a paper open house sign-in sheet?
Every visitor who signs in after the first one can read every previous entry — names, phone numbers, and emails. The sheet is also frequently photographed by other agents or accidentally left behind at the listing.
Do free open house apps share visitor data with lenders?
Some do, by design. Curb Hero, for example, documents in its help center that a default lender may be assigned to your listings and that lead info is shared with that lender when a visitor opts into mortgage-related questions. It is an opt-in, disclosed model — but you should read any free vendor's docs before assuming your data stays with you.
What should I ask a sign-in app vendor before using it?
Five questions cover most of the risk: who monetizes my visitors, where is the data stored, can I export everything, what happens if the vendor shuts down, and what does the visitor actually see disclosed at sign-in.
What happens to my open house data if the app shuts down?
If the data lives on the vendor's servers, you have whatever export window the vendor gives you. Spacio's removal from the App Store in January 2026 is the cautionary example — agents who hadn't exported were dependent on the vendor's wind-down process.
Does OpenHouse ever see my visitor data?
No. OpenHouse makes zero network calls; visitor records are stored only on your iPhone or iPad and leave the device only when you export them. The honest trade-off is that you are responsible for your own device backups.