Privacy Policy

Innventix LTD (company registration number HE 467989), incorporated in the Republic of Cyprus, owns and operates the Estactics platform ("we", "us", "our"). We are committed to protecting the privacy and personal data of everyone who uses our platform and visits our website at estactics.com.

This Privacy Policy explains what personal data we collect, why we collect it, how we use and protect it, and what rights you have in relation to it. It applies to all users of the Estactics platform and website, including visitors, registered free-plan users, and paying subscribers.

By using the Estactics platform or website, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with any part of this policy, please discontinue use of our services.

This Privacy Policy should be read alongside our Terms of Use, available at estactics.com/en/terms-of-use.

1

Who We Are and How to Contact Us

For any questions, concerns, or requests relating to your personal data, please contact us at legal@estactics.com. We aim to respond to all privacy-related enquiries within 30 days.

  • Data Controller: Innventix LTD
  • Registration Number: HE 467989
  • Jurisdiction: Republic of Cyprus
  • Contact Email: legal@estactics.com
  • Website: estactics.com
2

What Personal Data We Collect

We collect the following categories of personal data depending on how you interact with our platform:

2.1

Account and Identity Data

  • Full name
  • Email address
  • Phone number
  • Company or agency name and related business details
  • Job title or role within your organisation
2.2

Platform Usage Data

  • Property and listing data entered into the platform by you or your team
  • Lead, contact, and opportunity records you create and manage within the platform
  • Files, documents, and images uploaded to your account
  • Activity logs, feature usage patterns, and in-platform interactions
2.3

Technical and Device Data

  • IP address
  • Browser type and version
  • Operating system
  • Device identifiers
  • Pages visited and time spent on our website and platform
  • Referring URLs
2.4

Billing and Payment Data

When you subscribe to a paid plan, payment processing is handled securely by Stripe, our third-party payment processor. Innventix LTD does not store your full payment card details. We retain only limited billing information such as your subscription plan, billing history, and the last four digits of your payment card as provided by Stripe. Stripe's handling of your payment data is governed by Stripe's own privacy policy, available at stripe.com/privacy.

2.5

Communications Data

  • Emails or messages you send to our support or legal team
  • Feedback, survey responses, or support tickets submitted through the platform
3

How We Collect Personal Data

We collect personal data through the following means:

  • Directly from you when you register for an account, complete your profile, or use platform features
  • Automatically through your use of our website and platform via cookies and similar tracking technologies (see Section 9)
  • From Stripe when you initiate or manage a paid subscription
  • From third-party integrations where you choose to connect external services to your account (where applicable)
4

How We Use Your Personal Data

We process your personal data for the following purposes and on the following legal bases:

4.1

Providing and Managing the Platform

Purpose: To create and manage your account, deliver platform features, process your subscription, and provide customer support.

Legal Basis: Performance of a contract (Article 6(1)(b) GDPR).

4.2

Billing and Payments

Purpose: To process subscription payments, manage billing cycles, and handle payment-related communications.

Legal Basis: Performance of a contract (Article 6(1)(b) GDPR).

4.3

Platform Improvement and Analytics

Purpose: To understand how users interact with the platform, identify areas for improvement, fix bugs, and develop new features. Where third-party analytics tools are used, they are subject to appropriate data processing agreements.

Legal Basis: Legitimate interests (Article 6(1)(f) GDPR) - improving the quality and performance of our services.

4.4

Marketing Communications

Purpose: To send you product updates, newsletters, feature announcements, and promotional communications. You can opt out of marketing emails at any time by clicking the unsubscribe link in any such email or by contacting us at legal@estactics.com.

Legal Basis: Consent (Article 6(1)(a) GDPR) or legitimate interests, depending on the context and applicable law.

4.5

Legal and Compliance Obligations

Purpose: To comply with applicable laws, respond to lawful requests from public authorities, and enforce our Terms of Use.

Legal Basis: Legal obligation (Article 6(1)(c) GDPR) or legitimate interests (Article 6(1)(f) GDPR).

4.6

Security and Fraud Prevention

Purpose: To detect, investigate, and prevent unauthorised access, fraudulent activity, and other misuse of the platform.

Legal Basis: Legitimate interests (Article 6(1)(f) GDPR).

5

How We Share Your Personal Data

We do not sell your personal data. We may share your data with the following categories of recipients only where necessary and in accordance with this policy:

  • Service Providers: Third-party vendors who assist us in operating the platform, such as cloud hosting providers, payment processors (Stripe), email delivery services, and analytics tools. These providers act as data processors and are bound by appropriate data processing agreements.
  • Legal Authorities: Where required by law, court order, or regulatory authority, we may disclose personal data to competent authorities. We will notify you in advance of any such disclosure to the extent permitted by law.
  • Business Transfers: In the event of a merger, acquisition, or sale of all or part of our business assets, your personal data may be transferred to the acquiring entity, subject to the same privacy protections described in this policy.
  • With Your Consent: For any other purpose not described above, we will seek your explicit consent before sharing your data.
6

Data Storage and Security

All personal data processed through the Estactics platform is stored on servers located within the European Union. We implement appropriate technical and organisational security measures to protect your personal data against unauthorised access, accidental loss, alteration, or disclosure. These measures include encryption in transit and at rest, access controls, and regular security reviews.

While we take data security seriously and work to maintain robust protections, no method of transmission over the internet or electronic storage is completely secure. In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will notify you and the relevant supervisory authority in accordance with our obligations under applicable law.

7

Data Retention

We retain your personal data for as long as your account is active or as needed to provide our services to you. When your account is deleted or terminated, we will delete or anonymise your personal data within 30 days, unless we are required to retain it for longer to comply with a legal obligation, resolve a dispute, or enforce our agreements.

Certain categories of data, such as billing records and transaction logs, may be retained for longer periods where required by tax, accounting, or other applicable legal obligations.

8

Your Rights Under GDPR

As a data subject under the General Data Protection Regulation (GDPR), you have the following rights with respect to your personal data:

  • Right of Access: You may request a copy of the personal data we hold about you.
  • Right to Rectification: You may request that we correct any inaccurate or incomplete personal data.
  • Right to Erasure: You may request the deletion of your personal data where there is no compelling reason for us to continue processing it. You can also delete your account directly from within the platform at any time.
  • Right to Restriction of Processing: You may request that we limit our processing of your personal data in certain circumstances.
  • Right to Data Portability: You may request a copy of your personal data in a structured, commonly used, and machine-readable format.
  • Right to Object: You may object to our processing of your personal data where we rely on legitimate interests as our legal basis, including for direct marketing purposes.
  • Right to Withdraw Consent: Where we process your data based on your consent, you may withdraw that consent at any time without affecting the lawfulness of prior processing.
  • Right to Lodge a Complaint: You have the right to lodge a complaint with the Office of the Commissioner for Personal Data Protection in Cyprus (www.dataprotection.gov.cy) or with the supervisory authority in your country of residence.

To exercise any of these rights, please contact us at legal@estactics.com. We will respond to your request within 30 days. In some cases, we may need to verify your identity before processing your request.

9

Cookies and Tracking Technologies

9.1

What Are Cookies

Cookies are small text files placed on your device when you visit a website or use a web application. They help us provide a better experience by remembering your preferences, keeping you logged in, and understanding how our platform is used.

9.2

Types of Cookies We Use

  • Essential Cookies: These are necessary for the platform to function correctly, including session management and authentication. These cannot be disabled without affecting core functionality.
  • Preference Cookies: These remember your settings and preferences to personalise your experience, such as language or display settings.
  • Analytics Cookies: We may use analytics tools to collect aggregated, anonymised data about how users interact with our website and platform. This helps us identify usage trends and improve our services. Where third-party analytics providers are used, data is processed under appropriate data processing agreements.
9.3

Managing Cookies

You can control and manage cookies through your browser settings. Most browsers allow you to refuse new cookies, disable existing ones, or be notified when a new cookie is placed. Please note that disabling essential cookies may affect the functionality of the platform. For more information on managing cookies, refer to your browser's help documentation.

10

Marketing Communications

With your consent or where otherwise permitted by applicable law, we may send you emails about new features, product updates, tips, and promotional offers related to the Estactics platform.

You can opt out of receiving marketing emails at any time by clicking the "unsubscribe" link included in every marketing email, or by contacting us at legal@estactics.com. Please note that even after opting out of marketing communications, we may still send you transactional or service-related emails necessary for the operation of your account (such as payment receipts, security alerts, or important policy updates).

11

Third-Party Links and Services

Our platform and website may contain links to third-party websites or services. We are not responsible for the privacy practices or content of those third parties. We encourage you to review the privacy policies of any third-party services you access through our platform.

Where third-party integrations are made available within the platform, any transfer of personal data to those third parties will occur only with your knowledge and, where required, with your explicit consent.

12

International Data Transfers

Your personal data is stored and processed within the European Union. If in the future we engage service providers located outside the EU or the European Economic Area (EEA), we will ensure that appropriate safeguards are in place to protect your data, such as the use of Standard Contractual Clauses approved by the European Commission or other lawful transfer mechanisms under the GDPR.

13

Platform Eligibility

The Estactics platform is a professional business tool intended for use by real estate professionals and organisations. By creating an account, you confirm that you have the legal capacity to enter into binding agreements in your jurisdiction. The platform is not directed at or intended for use by individuals who lack such legal capacity.

If we become aware that personal data has been collected from someone who does not have the legal capacity to use our services, we will take steps to delete that data promptly.

14

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our data practices, legal requirements, or platform features. When we make material changes, we will notify you by email or through a prominent notice on our website, and we will update the effective date at the top of this policy.

We encourage you to review this policy periodically. Your continued use of the platform following the publication of any updated version constitutes your acceptance of the revised policy.

16

Google API Services (Google Calendar Integration)

Estactics offers an optional integration with Google Calendar. When you choose to connect your Google account, we access and use your Google user data solely to provide you with calendar synchronisation features within the platform.

Estactics's use of information received from Google APIs, and Estactics's transfer of information to any other app, will adhere to Google's API Services User Data Policy, including the Limited Use Requirements. For full details, see https://developers.google.com/terms/api-services-user-data-policy.

16.1

Data We Access from Google

When you connect your Google account to Estactics, we request access to the following data:

  • Your Google account email address - to identify and display your connected account within the platform
  • OAuth access tokens and refresh tokens - to authenticate API requests made on your behalf
  • No Google Calendar event data is read or imported into Estactics; data only flows from Estactics to your Google Calendar
16.2

How We Use Google Data

Google user data is used exclusively to provide the Google Calendar integration feature. Specifically, we use your tokens to:

  • Create calendar events in your Google Calendar when you schedule a viewing, meeting, or follow-up in Estactics
  • Update those calendar events when you modify them in Estactics
  • Delete those calendar events when you remove them in Estactics
  • Generate Google Meet video conference links for online meeting events
16.3

How We Store Google Data

OAuth access tokens and refresh tokens are encrypted at rest in our database and are used exclusively to communicate with Google on your behalf. Your connected Google account email address is stored to display in the platform interface.

We do not store, cache, or index any event data from your Google Calendar.

16.4

How We Share Google Data

We do not sell, rent, or share your Google user data with any third party. Google user data is never used for advertising, profiling, credit scoring, lending, sale to data brokers, or any purpose unrelated to providing the Google Calendar integration.

Google user data may be processed by our infrastructure providers (such as our cloud hosting provider) solely as necessary to operate the platform. All such providers are bound by appropriate data processing agreements and are prohibited from using your data for their own purposes.

16.5

Retention and Deletion of Google Data

When you disconnect your Google Calendar integration from the Estactics App Center, your OAuth tokens are immediately revoked with Google and permanently deleted from our systems. Your connected Google account email is also removed at that point.

If you delete your Estactics account, all Google user data is deleted within 30 days as described in Section 7.

16.6

Limited Use

Estactics's access to and use of Google user data is strictly limited to providing and improving the Google Calendar integration feature that is prominently visible in the Estactics platform interface. We do not use Google user data for any other purpose, including but not limited to: targeted advertising, sale to data brokers or information resellers, determining creditworthiness or lending eligibility, training unrelated machine learning models, or creating user databases for any purpose beyond operating the platform.

15

Contact Us

If you have any questions about this Privacy Policy, wish to exercise any of your data rights, or have a concern about how we handle your personal data, please get in touch with us:

  • Company: Innventix LTD
  • Email: legal@estactics.com
  • Website: estactics.com

Supervisory Authority

You also have the right to contact the supervisory authority in your country of residence. In Cyprus, the relevant authority is:

  • Office of the Commissioner for Personal Data Protection
  • Website: www.dataprotection.gov.cy
  • Email: commissioner@dataprotection.gov.cy