Privacy Policy

Last updated: 23 May 2026. This policy explains what data Realesta8 collects when you and your brokerage use the platform, why we collect it, who we share it with, where it is stored, and the rights you have over it.

Who we are

Realesta8 is a customer relationship management platform built for Dubai real-estate brokerages. The platform is operated from Dubai, United Arab Emirates. References in this policy to "we", "us" or "the platform" mean Realesta8.

What we collect

We collect data from three sources: data you give us when you sign up and use the platform, data your brokerage adds while using the platform, and a small amount of technical data captured automatically when you visit our sites or use the product.

  • Account data: your name, email address, phone number, job title, and the brokerage you belong to. You provide this when you sign up or are invited.
  • Business data: the records your brokerage maintains inside the platform. Contacts, leads, properties, listings, deals, leases, cheques, tasks, message templates, notes, attachments, and similar working data.
  • Payment data: billing email, billing address, plan and seat count, invoice history. Card details are handled by Stripe; we do not store full card numbers on our systems.
  • Communications data: when your brokerage connects its own WhatsApp, SMS, or email sender to the platform under our bring-your-own-credentials model, the conversation content that flows through those integrations is stored against the relevant record so it can be searched and audited.
  • Technical data: IP address, browser and device characteristics, request logs, and timing data. Captured to keep the service running, debug incidents and protect against abuse.

How we use it

  • To provide the platform: render your screens, store your records, route messages, generate documents.
  • To run your subscription: identify your plan, bill seats, send receipts.
  • To support you: answer questions, investigate incidents, deliver service announcements.
  • To keep the platform safe: detect abuse, enforce rate limits, comply with legal obligations.
  • To improve the product: aggregate, de-identified usage analytics. We do not sell personal data and we do not run advertising on the platform.

Who we share it with

We use a small set of trusted sub-processors to deliver the service. They process data on our instructions, under written contracts, and only for the purposes set out below.

  • Vercel: application hosting and edge delivery.
  • Neon: managed Postgres for application data.
  • Stripe: subscription billing and payment processing.
  • Resend: outbound platform email (sign-in codes, system notifications).

When your brokerage configures its own integrations (WhatsApp Cloud API via Meta, SMS via Twilio, bulk email via Resend, e-signature via DocuSeal or DocuSign, mapping via Google Maps, listing distribution to Bayut, Property Finder and Dubizzle), those providers process the data your brokerage sends through them under your brokerage's own contracts with them. We do not add our own contractual layer on top of those third-party services beyond what is necessary to connect them to the platform.

We will disclose data to a regulator, court or law-enforcement body only where we are legally required to do so, and only the minimum necessary to comply.

Where it is stored

Application data is currently stored on Neon Postgres in regions outside the United Arab Emirates. We have a roadmap item to migrate primary storage to the AWS me-central-1 (Dubai) region; when that completes this section will be updated and existing data will be moved with notice. Backups are encrypted at rest. Connections between our application and the database are encrypted in transit (TLS).

How long we keep it

Business data is retained while your subscription is active and for a reasonable period afterwards so you can re-activate or export. On a confirmed account deletion request we remove live data within 30 days; backup copies cycle out within 90 days. Billing and tax records are retained for the period required by applicable accounting and tax law.

Your rights

You can request access to your personal data, ask us to correct or delete it, ask us to restrict how we process it, or ask us to provide it in a portable form. We honour these rights regardless of which jurisdiction you contact us from, and we apply the equivalent standards expected under the UAE Personal Data Protection Law and the EU General Data Protection Regulation. To exercise a right, email privacy@realesta8.app from the email address on your account.

Cookies and tracking

We set the minimum cookies needed to keep you signed in and to remember basic preferences (theme, density). We do not run third-party advertising or cross-site tracking. The marketing site uses no analytics tags that identify individual visitors.

Security

Access to production data is restricted to a small number of engineers with audited credentials. Data is encrypted in transit and at rest. The application enforces row-level security so each brokerage can only read and write its own records. Authentication uses one-time codes rather than long-lived passwords, with brute-force throttling and IP anomaly checks. We publish a security contact and accept responsible-disclosure reports at security@realesta8.app and at /.well-known/security.txt.

Children

Realesta8 is a business product and is not directed at children. We do not knowingly collect data from anyone under the age of 18.

Changes to this policy

We update this policy when our practices change or when a regulator publishes new guidance. The "Last updated" date at the top of the page is authoritative. Material changes are announced inside the product before they take effect.

Contact

Privacy questions: privacy@realesta8.app. General contact: hello@realesta8.app. Postal address: Dubai, United Arab Emirates. See also our contact page and terms of service.