Privacy Policy

Last updated: December 4, 2025

1. Introduction

Realthor ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our real estate CRM platform.

We comply with the General Data Protection Regulation (GDPR) and Spanish Organic Law 3/2018 on Personal Data Protection (LOPDGDD).

2. Data Controller

Controller: Realthor
Address: Feldbergstrasse 89, Basel, Switzerland
Email: privacy@realthor.app

3. Data We Collect

We collect the following categories of personal data:

3.1 Account Information

  • Name and email address
  • Phone number (optional)
  • Company name (optional)
  • Profile picture (optional)

3.2 Contact Data (Your Clients)

  • Names, emails, phone numbers
  • Addresses
  • Budget preferences
  • Notes and tags you create

3.3 Documents

  • Files you upload (contracts, IDs, etc.)
  • OCR-extracted text for search functionality
  • AI-generated metadata (categories, names detected)

3.4 Email Integration

  • Email account credentials (encrypted)
  • Email content synced from your accounts

4. Legal Basis for Processing

We process your data based on:

  • Contract performance: To provide the CRM services you subscribed to
  • Legitimate interest: To improve our services and ensure security
  • Consent: For optional features like email integration
  • Legal obligation: To comply with applicable laws

5. How We Use Your Data

  • Provide and maintain the CRM platform
  • Process payments and manage subscriptions
  • Send service-related communications
  • Provide customer support
  • Improve and personalize our services
  • Detect and prevent fraud or security issues

6. Data Sharing

We share data with:

  • Supabase: Database and authentication (PostgreSQL hosting)
  • Vercel: Application hosting
  • Stripe: Payment processing
  • OpenAI/Deepseek: AI features (document analysis)

We do not sell your personal data to third parties.

7. Data Security

We implement industry-standard security measures:

  • Encryption at rest (database) and in transit (HTTPS/TLS)
  • Row-Level Security (RLS) - users can only access their own data
  • Encrypted storage of sensitive credentials (email passwords)
  • Regular security updates and vulnerability patching

8. Your Rights (GDPR)

You have the right to:

  • Access: Request a copy of your data
  • Rectification: Correct inaccurate data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Portability: Receive your data in a portable format
  • Restriction: Limit how we process your data
  • Objection: Object to certain processing activities
  • Withdraw consent: For consent-based processing

To exercise these rights, contact us at privacy@realthor.app.

9. Data Retention

We retain your data for as long as your account is active or as needed to provide services. Upon account deletion, we will delete or anonymize your data within 30 days, unless retention is required by law.

10. International Transfers

Your data may be processed in countries outside the EEA. We ensure adequate protection through Standard Contractual Clauses (SCCs) or other approved mechanisms.

11. Cookies

We use essential cookies for authentication and session management. We do not use tracking or advertising cookies.

12. Changes to This Policy

We may update this policy periodically. We will notify you of significant changes via email or in-app notification.

13. Contact & Complaints

For privacy inquiries: privacy@realthor.app

You also have the right to lodge a complaint with the Spanish Data Protection Agency (AEPD) at www.aepd.es.