Privacy Policy

1. Who we are (data controller)

Empiro acts as the data controller for personal data processed about account holders and website visitors. Our operator and contact details are set out in the “Operator details” box at the bottom of this page. For any privacy question you can reach us at contact@empiro.io.

2. The data we collect

Data you provide

• Account & profile data — name, email, phone, agency, professional details (e.g. AMI/licence number), photo and the privacy settings you choose.
• Listings & search requests — property information, prices, locations and descriptions you publish, including off-market details.
• Contacts you upload — names, emails and phone numbers of clients or prospects you add to your CRM and contact groups (see section 8).
• Messages — the content of conversations you exchange with other users through the Service.
• Support & contact-form data — the information you send us when you contact us.

Data collected automatically

• Usage data — pages viewed, listings opened, approximate device/browser information and log data.
• Cookies & similar technologies — see our Cookie Policy.

Payment data

Subscription payments are processed by our payment provider, Stripe. We do not collect or store your full card number. Stripe processes your payment details as an independent controller under its own privacy policy; we receive only limited billing metadata (e.g. plan, status, last four digits).

3. How and why we use your data (purposes & legal bases)

• To provide the Service (create your account, host listings, enable messaging) — performance of a contract (Art. 6(1)(b) GDPR).
• To process subscriptions and payments via Stripe — performance of a contract and legal obligation (tax/accounting).
• To secure, maintain and improve the Service, prevent fraud and abuse — legitimate interests (Art. 6(1)(f)).
• To watermark images you upload or import — we apply a Empiro watermark, which may embed your anonymous user code, to photographs and images so that off-market material can be protected and the source of a leaked or redistributed image can be traced — legitimate interests (Art. 6(1)(f)) in protecting users and the integrity of the Service.
• To communicate with you about your account, security and service updates — contract / legitimate interests.
• For optional analytics and marketing, where used — consent (Art. 6(1)(a)), which you may withdraw at any time.
• To comply with legal obligations and to establish, exercise or defend legal claims — legal obligation / legitimate interests.

4. Who we share data with

We do not sell your personal data. We share it only with service providers (processors) who help us run the Service, under contracts that require appropriate safeguards:

• Hosting & database — our cloud and database providers (e.g. Supabase, our hosting platform).
• Payments — Stripe, for subscription billing and refunds.
• Media & delivery — our content-delivery and image provider (e.g. Cloudflare).
• Email — our transactional email provider, to deliver messages such as contact-form submissions and notifications.
• Error monitoring — our diagnostics provider (e.g. Sentry), to detect and fix problems.
• Other users — information you choose to publish or share (listings, requests, messages) is visible to the recipients you select, subject to your privacy settings.

We may also disclose data where required by law or to protect our rights, users or the public.

5. International transfers

Where personal data is transferred outside the European Economic Area, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses or an adequacy decision. You can contact us for more information about the safeguards in place.

6. How long we keep data

We retain personal data for as long as your account is active and as needed to provide the Service, then for the period required to comply with legal, tax and accounting obligations or to resolve disputes. When data is no longer needed, we delete or anonymise it. You may request deletion of your account at any time (see section 7).

7. Your rights under the GDPR

Subject to the conditions in the law, you have the right to:

• access the personal data we hold about you;
• have inaccurate data corrected (rectification);
• have your data erased (“right to be forgotten”);
• restrict or object to certain processing;
• receive your data in a portable, machine-readable format;
• withdraw consent at any time, without affecting prior processing; and
• lodge a complaint with your local data-protection supervisory authority.

To exercise any of these rights, email contact@empiro.io. We will respond within the timeframes required by law.

8. Contacts you upload (your responsibilities)

When you add contacts, build contact groups or share property information with third parties, you act as an independent controller of that personal data and we act as your processor for it. You are responsible for having a lawful basis to upload and use those contacts, for providing any required notices to them, and for honouring their rights. You must not upload personal data you are not entitled to process. The content you offer, request or exchange through the Service (such as listings, properties, prices and requests) originates from you and other users; Empiro hosts it but is not responsible for it, as set out in our Terms of Service.

9. Security

We use technical and organisational measures appropriate to the risk, including encryption in transit, access controls and the privacy settings built into the Service. No method of transmission or storage is completely secure, but we work to protect your data and to notify you and the authorities of any breach where the law requires.

10. Children

The Service is intended for real-estate professionals and is not directed at children under 16. We do not knowingly collect their data.

11. Changes to this policy

We may update this Privacy Policy from time to time. We will revise the “Last updated” date above and, for material changes, take additional steps to inform you. Continued use of the Service after an update constitutes acceptance of the revised policy.

12. Contact

Questions about this policy or your data? Email contact@empiro.io or use our contact form.