1. Introduction
At PropPilot.ai (hereinafter, "we", "our" or "the Platform"), we are committed to protecting your privacy and treating your personal data transparently and securely. This Privacy Policy explains how we collect, use, share and protect your personal information when you use our conversational AI agent platform for the real estate industry.
2. Data Controller
The data controller responsible for your personal data is:
PROPILOT AI TECHNOLOGIES L.L.C
Address: Office #309-389, Westburry Tower 1, Business Bay. Dubai
Contact email: privacy@proppilot.ai
Data Protection Officer: dpo@proppilot.ai
3. Data We Collect
We collect different categories of personal data depending on your interaction with the Platform:
Account data
Full name, email address, phone number, encrypted password, language preferences.
Organization data
Company name, logo, industry sector, billing country.
Contact/lead data
Name, email, phone, real estate preferences (budget, location, property type), conversation history with the AI assistant.
Identity verification data (KYC)
Verification result (approved/rejected), session metadata (date, time, verification type). Identity documents and biometric data are processed exclusively by our provider Veriff OÜ and are never stored on our servers.
NOTE: PropPilot does not process or store biometric data. Veriff acts as an independent data controller for biometric processing and only shares the verification verdict with us.
Technical data
IP address, browser type, operating system, pages visited, date and time of access, device identifiers.
Payment data
Credit card data is processed directly by Stripe and never stored on our servers.
4. Purposes of Processing
We use your personal data for the following purposes:
- Service provision: managing your account, providing platform access, processing reservations and appointments.
- AI assistant operation: processing conversations to provide relevant responses about real estate properties.
- Identity verification: validating the identity of parties interested in real estate transactions (when applicable).
- Billing: processing payments, issuing invoices, managing subscriptions.
- Communication: sending service notifications, security updates, changes to terms.
- Service improvement: analyzing platform usage to improve functionality.
- Legal compliance: responding to authority requests, fraud prevention.
5. Legal Basis for Processing
The processing of your data is based on the following GDPR legal bases:
Performance of contract (Art. 6.1.b)
To provide you with the contracted service and manage your account.
Consent (Art. 6.1.a)
For initiating identity verification through Veriff and for marketing communications.
Legitimate interest (Art. 6.1.f)
For fraud prevention, platform security and service improvement.
Legal obligation (Art. 6.1.c)
To comply with tax, accounting and anti-money laundering obligations.
6. Who We Share Your Data With
We share your personal data with the following third parties acting as data processors:
| Provider | Purpose | Location |
|---|---|---|
| Supabase Inc. | Database hosting and infrastructure | EU (EU-West-1) |
| OpenAI, L.L.C. | AI/LLM processing for conversational assistant | United States |
| Veriff OÜ | Identity verification (KYC) | Estonia (EU) |
| Stripe Inc. | Payment processing | United States |
| Nylas Inc. | Calendar integration | United States |
All our providers are bound by data processing agreements (DPA) and provide adequate safeguards in accordance with GDPR.
7. International Transfers
Some of our service providers are located outside the European Economic Area (EEA), specifically in the United States. For these transfers, we use the Standard Contractual Clauses (SCCs) approved by the European Commission as a safeguard mechanism.
You can request a copy of these clauses by contacting privacy@proppilot.ai.
8. Retention Periods
We retain your personal data for the following periods:
- Account data: while you maintain an active account and 5 years thereafter for tax compliance.
- Conversation history: 2 years from the last interaction.
- KYC verification data: 30 days after successful verification (result only), according to legal obligations.
- Audit logs: 12 months.
- Analytics data: aggregated and anonymized, no time limit.
9. Your Rights
As a data subject, you have the following rights:
Access
Obtain confirmation of whether we process your data and access to it.
Rectification
Correct inaccurate or incomplete data.
Erasure ("right to be forgotten")
Request deletion of your data when no longer necessary.
Restriction
Request that we limit processing in certain circumstances.
Portability
Receive your data in a structured format and transfer it to another controller.
Objection
Object to processing based on legitimate interest or direct marketing.
Withdrawal of consent
Withdraw your consent at any time, without affecting the lawfulness of prior processing.
To exercise your rights, you can submit a Data Subject Request or contact privacy@proppilot.ai. We will respond within a maximum of 30 days.
You also have the right to lodge a complaint with the Spanish Data Protection Agency (www.aepd.es) or the supervisory authority in your country of residence.
10. Cookies
We use cookies and similar technologies for platform operation. For more information, please see our Cookie Policy.
11. Security
We implement technical and organizational measures to protect your data, including: encryption of data in transit (TLS 1.3), encryption of credentials at rest (AES-256-GCM), two-factor authentication (2FA), multi-tenant isolation through Row-Level Security (RLS), and immutable audit logs.
12. Changes to this Policy
We may update this Privacy Policy periodically. We will notify you of significant changes by email or through a prominent notice on the platform. The date of last update appears at the beginning of this document.
13. Contact
If you have questions about this Privacy Policy or the processing of your data, contact us:
Email: privacy@proppilot.ai
Address: Office #309-389, Westburry Tower 1, Business Bay. Dubai