RealPilotRealPilot

Privacy Policy

Effective: 13 May 2026

ℹ️ This page is currently under legal review. Content will be finalised shortly.

1. Controller

RealPilot SL
Barri Can Mandilego, 1
07150 Andratx, Illes Balears, España
E-Mail: hello@realpilot.io
Authorised representative: Florian Voigt (Managing Director)

Data Protection Officer: not mandatory under Art. 37 GDPR — RealPilot has fewer than 250 employees and no core activity involving systematic monitoring. Privacy enquiries are therefore handled directly at privacy@realpilot.io (management).

2. General principles of data processing

RealPilot is a SaaS platform for real-estate broker cooperation. We process personal data exclusively to deliver the service, fulfil legal obligations or safeguard legitimate interests — never for our own marketing purposes outside the platform.

Legal bases (Art. 6 GDPR): • (a) Consent — cookie banner, newsletter, optional AI workflows • (b) Contract — account registration, platform use, billing • (c) Legal obligation — tax/commercial law, retention • (f) Legitimate interest — IT security, abuse prevention, anonymised product statistics, dual-representation protection for broker clients (core feature)

3. What data we process

3.1 Broker data (our contractual partners)

On registration and use we store: • First and last name, business email, phone (optional) • Company name, address, logo / profile photo (optional) • Language, time zone, UI preferences • Login timestamps, IP address on login (technically necessary) • Role (owner / member / admin), status (active / disabled) • Content of in-app chat with broker colleagues (cooperation threads) Retention: For the duration of the active contract + 6 years after termination for tax and commercial-law retention obligations. Login logs rotated after 90 days.

3.2 Data of broker's clients ("end customers")

Brokers enter search and sale profiles of their own clients into RealPilot. We store: • Display name (internal, assigned by the broker — e.g. "Family M.") • Optionally: first/last name, email, phone (privately readable only by the entering broker — never by other brokers) • Search criteria: region, budget, room count, wishes • Notes by the broker about the client Dual-representation protection ("Client protection"): Email, phone and name are additionally stored as a cryptographic hash (SHA-256 with server salt). This allows the system to warn another broker when the same end customer is also in their database — without the plaintext contact data ever being shared. For end-customer data the controller is primarily the entering broker. RealPilot SL acts as processor under Art. 28 GDPR. The corresponding DPA is part of the contract and available at /legal/avv. Retention: As long as the broker keeps the customer; on deletion request, immediately. Hash traces in audit logs of completed cooperations are anonymised after 12 months.

3.3 Property data

Property listings incl. address, price, description, images. Entered by the broker or synced via CRM (onOffice, Propstack). Partly visible to other brokers in the Community Hub; address and identity are hidden until Client protection is confirmed.

3.4 Cooperation data

When two brokers cooperate via RealPilot we store: • Involved broker IDs • Status history (request → confirmation → acceptance/rejection) • Client protection decisions (verified/rejected) with timestamp • Chat history between the brokers • Linked property + client (referenced internally) This data serves as audit trail for the respective commission cases and is retained for at least 10 years (commercial-law evidence requirement for commission claims, GTC).

3.5 Payment data

Once billing is activated: handled via Stripe Payments Europe Ltd. (1 Grand Canal Street Lower, Dublin, Ireland). RealPilot itself stores no credit-card data — only a Stripe customer token + the invoice master data (company, VAT ID, billing address).

3.6 When visiting the website

• IP address (truncated logging by Cloudflare) • User-Agent • Referrer (which page sent you to us) • Requested URL, timestamp Reach tracking is currently disabled. If we introduce it, we will ask for your consent via the cookie banner first.

4. Processors / Sub-processors

We use specialised providers. The current full list with location, purpose and third-country status is maintained transparently at realpilot.io/legal/sub-prozessoren. We have a DPA pursuant to Art. 28 GDPR with each. Changes are announced 30 days in advance.

USA third-country transfer: For US-based providers we rely on two pillars — the EU Standard Contractual Clauses (Decision 2021/914) and providers' self-certification under the EU-US Data Privacy Framework (adequacy decision of 10 July 2023). Database content is physically stored in Frankfurt (eu-central-1).

5. Cookies and tracking

On first visit we ask for your consent via a banner. You can choose between three categories: • Necessary (always on): session cookie, CSRF token, cookie consent itself • Analytics (optional): currently not in use; reserved for future reach analytics (e.g. Cloudflare Web Analytics or Google Analytics) — renewed prompt on activation • Marketing (optional): currently not in use; reserved for future re-targeting pixels with a renewed prompt You can change your choice anytime via the "Cookie settings" link in the footer. We version the consent policy — on substantial changes you'll be asked again.

6. Your rights

Under GDPR you are entitled at any time to: • Art. 15 — Access: What data do we have about you? → Self-service under Settings → "Export data" (JSON download in seconds) OR in writing to privacy@realpilot.io (response within 30 days). • Art. 16 — Rectification: Have inaccurate data corrected. • Art. 17 — Erasure ("right to be forgotten"): Self-service under Settings → "Delete account". Hard delete of all your data + cascading delete of properties, clients, cooperations. Tax-law retention obligations override this — affected records are technically locked instead of deleted for the remaining duration. • Art. 18 — Restriction of processing. • Art. 20 — Data portability: Export in structured, machine-readable JSON format. • Art. 21 — Objection to processing based on legitimate interest. • Withdrawal of consent (e.g. cookie consent) at any time without justification — effective for the future.

7. Right to lodge a complaint

You may lodge a complaint with the supervisory authority responsible for us: Agencia Española de Protección de Datos (AEPD) C/ Jorge Juan, 6 · 28001 Madrid · Spain www.aepd.es You may also approach the data-protection authority of your habitual residence or workplace.

8. Data security (TOMs — excerpt)

• TLS 1.2+ on all connections, HSTS active • Database access secured via Row Level Security (RLS); each broker sees only their own + shared data • Passwords stored exclusively as bcrypt hashes (Supabase Auth) • Sensitive data (client hashes) with server-side salt • Daily encrypted backups (7-day retention) • Audit log for all cooperation and Client protection actions (immutable, append-only) • Staff access to production only via 2FA + audit • External penetration test planned for Q3/2026 Full TOM documentation is available on request.

9. Changes to this policy

We reserve the right to amend this policy when the legal situation, our processing practices or sub-processors change. We notify all active contractual partners of substantial changes by email with 30 days' notice. On substantial changes we ask you to re-confirm at your next login. The current version is always available here — see date above.