Privacy Policy

Last updated: 9 May 2026 · Version 1.0

1. Who we are

PropVision is operated by Carlos Filipe (sole proprietor), based in Malta. We provide a SaaS platform for 3D real estate visualization. We are the data controller for the personal data described in this policy.

2. Data we collect

From account holders (agents, developers, homeowners)

• Email address (required for account creation + magic-link login)
• Name, agency name, phone number (optional, provided by you)
• Project content you create — listing titles, floor plan specs, descriptions, prices, locations
• Login activity (timestamp, IP address) for security audit
• Usage analytics — pages visited, features used (anonymized)

From buyers/visitors using your share pages

• Lead form submissions — name, email, phone, message (only what they enter)
• IP address + user agent (for security + spam prevention)
• View count per listing (aggregate, not personal)

Payment data

Stripe processes all payments. We never see your full card number. We store only your Stripe customer ID, subscription status, and billing email.

3. How we use your data

• To provide the service (account creation, project storage, share-link delivery)
• To send transactional emails (magic-link logins, billing receipts, lead notifications)
• To improve the product (anonymized usage analytics)
• To prevent fraud and abuse (rate limiting, security audit)
• To comply with legal obligations (tax, GDPR requests)

We do not use your data for advertising, profiling, or any purpose unrelated to running the service.

4. Sharing + third parties

We share data only with service providers strictly necessary to operate PropVision:

• Hetzner Online GmbH (Germany) — server hosting + backups
• Stripe Payments Europe (Ireland) — payment processing
• Brevo (Sendinblue) — transactional email delivery
• Let's Encrypt / ISRG — SSL/TLS certificates

Each provider operates under their own GDPR-compliant data processing agreement. We do not sell, rent, or trade your data with anyone, ever.

5. Storage + security

Data is stored on encrypted servers in Falkenstein, Germany (Hetzner). We use:

• HTTPS/TLS 1.2+ for all connections
• Encryption at rest for the database and backups
• Token-based authentication (magic-link, no passwords stored)
• Daily automated backups, retained 30 days
• Access logs and security audit trail

No system is 100% secure. If we suffer a breach affecting your data, we will notify you within 72 hours per GDPR Article 33.

6. Your rights (GDPR)

If you are an EU resident, you have the right to:

• Access — request a copy of all data we hold on you
• Rectify — correct inaccurate data
• Erase — request deletion ("right to be forgotten")
• Restrict — limit how we process your data
• Port — receive your data in machine-readable format (JSON)
• Object — to processing for legitimate-interest purposes
• Lodge a complaint — with your national supervisory authority (in Malta: IDPC)

To exercise any right, email carlos@simonmamo.com. We respond within 30 days.

7. Cookies

We use minimal cookies:

• pv_session — secure HTTP-only cookie holding your login session JWT. Required for the dashboard. Not used for tracking.

We do not use third-party analytics cookies, advertising cookies, or social-media trackers.

8. Leads collected via your share pages

When a buyer fills out the lead form on a share page you created, that data is:

• Visible to you (the agent/owner of the listing)
• Stored on our servers as part of your account
• Never shared with other PropVision users or third parties

You are the data controller for the leads you collect. You must provide your own privacy notice to your buyers if you process their data beyond what PropVision does.

9. Data retention

• Account data — kept until you delete your account
• Project content — kept until you delete it or archive your account
• Leads — kept until the parent project is deleted
• Backups — 30 days rolling
• Audit logs — 12 months
• Billing records — 7 years (legal requirement, EU tax law)

Deletion requests are honored within 30 days. Backups containing your data age out within the 30-day cycle.

10. Children's data

PropVision is not intended for users under 16. We do not knowingly collect data from children. If we learn we have, we delete it.

11. Changes to this policy

We may update this policy when laws change or when we add new features. Material changes are emailed to active account holders 30 days before taking effect. The "Last updated" date at the top reflects the current version.

12. Contact