Privacy Policy

1. Introduction

PropertyOS ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform, including our website, API services, and related products (collectively, the "Services").

We comply with the General Data Protection Regulation (GDPR) and other applicable data protection laws in the European Union. By using our Services, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Information You Provide

We collect information that you provide directly to us:

• Account Information: Name, email address, company name, and authentication credentials when you create an account
• Payment Information: Billing address and payment details (processed securely through third-party payment processors)
• Communications: Content of messages when you contact us for support or inquiries
• API Usage Data: API requests, parameters, and responses when you use our Services

2.2 Information Collected Automatically

When you access our Services, we automatically collect:

• Usage Information: Pages visited, features used, time spent, click patterns
• Device Information: IP address, browser type, operating system, device identifiers
• Log Data: Server logs, error reports, performance metrics
• Cookies: Session cookies, authentication tokens, preference settings

2.3 Information from Third Parties

We may receive information from:

• Authentication Providers: Clerk (authentication service) for identity verification
• Analytics Services: Usage analytics and performance monitoring tools
• Payment Processors: Transaction confirmations and payment status

3. How We Use Your Information

We use the information we collect for the following purposes:

• Provide Services: Operate, maintain, and improve our platform and API
• Account Management: Create and manage your account, authenticate users
• Billing & Payments: Process transactions, send invoices, manage subscriptions
• Communications: Send service updates, technical notices, security alerts
• Support: Respond to inquiries, troubleshoot issues, provide assistance
• Analytics: Understand usage patterns, monitor performance, improve features
• Security: Detect fraud, prevent abuse, protect against security threats
• Legal Compliance: Comply with applicable laws, regulations, and legal processes

4. Legal Basis for Processing (GDPR)

Under GDPR, we process your personal data based on the following legal grounds:

• Contractual Necessity: Processing necessary to perform our contract with you (providing Services)
• Legitimate Interests: Processing necessary for our legitimate business interests (analytics, security, improvements)
• Consent: Processing based on your explicit consent (marketing communications, optional features)
• Legal Obligations: Processing required to comply with legal requirements

5. Data Sharing and Disclosure

We do not sell your personal information. We may share your data with:

5.1 Service Providers

• Clerk: Authentication and user management
• Microsoft Azure: Cloud infrastructure and hosting
• Vercel: Website hosting and deployment
• Payment Processors: Billing and payment processing

5.2 Legal Requirements

We may disclose information if required by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of PropertyOS, our users, or others.

5.3 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.

6. Data Storage and Security

We implement industry-standard security measures to protect your information:

• Encryption: Data encrypted in transit (TLS/SSL) and at rest (AES-256)
• Access Controls: Role-based access, multi-factor authentication
• Infrastructure: Data hosted in secure EU data centers (Azure Sweden Central)
• Monitoring: Continuous security monitoring and incident response
• Regular Audits: Security assessments and vulnerability scanning

However, no method of transmission over the Internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

7. Data Retention

We retain your personal information only as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required by law. Specifically:

• Active Accounts: Data retained while your account is active
• Closed Accounts: Data deleted within 90 days of account closure
• API Logs: Request logs retained for 12 months for security and debugging
• Billing Records: Financial records retained for 7 years (tax compliance)

8. Your Rights (GDPR)

Under GDPR, you have the following rights regarding your personal data:

• Right to Access: Request a copy of the personal data we hold about you
• Right to Rectification: Request correction of inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data ("right to be forgotten")
• Right to Restriction: Request limitation of processing in certain circumstances
• Right to Data Portability: Request transfer of your data to another service
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent for consent-based processing
• Right to Lodge a Complaint: File a complaint with your local data protection authority

To exercise these rights, please contact us at privacy@propertyos.eu. We will respond within 30 days.

9. Cookies and Tracking

We use cookies and similar tracking technologies to:

• Maintain your session and authentication state
• Remember your preferences and settings
• Analyze usage patterns and improve our Services
• Provide security and prevent fraud

You can control cookies through your browser settings. Note that disabling cookies may affect the functionality of our Services.

10. International Data Transfers

Your data is primarily stored in the European Union (Azure Sweden Central region). If we transfer data outside the EU, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission.

11. Children's Privacy

Our Services are not intended for individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child without parental consent, we will take steps to delete that information.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. Your continued use of our Services after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us: