Immoset
Privacy Policy

Your privacy is important to us. Here's how we protect and use your data.

1. Data Protection at a Glance

General Information

The following information provides an easy-to-navigate overview of what happens with your personal data when you visit our website. The term "personal data" comprises all data that can be used to personally identify you.

2. Data Recording on our Website

Who is responsible for data recording?

The data on this website is processed by the operator, whose contact information is available under the "Imprint" section.

How do we record your data?

Your data is collected when you share it with us, for example via a contact form. Other data is recorded automatically by our IT systems when you visit the website.

3. General Information and Mandatory Information

Data Protection

We take the protection of your personal data very seriously. We treat your personal data as confidential and in accordance with statutory data protection regulations and this privacy policy.

Responsible Party

Samuel Dittmann
Tälestraße 32
72160 Horb am Neckar
Germany
contact@immoset.app

4. Data Processing and Third-Party Services

Data Hosting and Processing

All personal data is processed and stored within the European Union (EU) in compliance with GDPR regulations. We use the following third-party services that are GDPR-compliant and process data within the EU:

Supabase (Database and Authentication)

We use Supabase for user authentication, database storage, and backend services. Supabase is GDPR-compliant and processes all data within the EU:

  • Data processed: User account information, property data, contact information, authentication tokens
  • Purpose: User authentication, data storage, application functionality
  • Legal basis: Contract performance (Art. 6(1)(b) GDPR)
  • Data location: EU (Frankfurt, Germany)
  • Retention: Until account deletion or as required by law

PostHog (Analytics)

We use PostHog for website analytics and user behavior analysis. PostHog is GDPR-compliant and processes data within the EU:

  • Data processed: Website usage data, user interactions, device information, IP addresses (anonymized)
  • Purpose: Website analytics, user experience improvement, service optimization
  • Legal basis: Legitimate interest (Art. 6(1)(f) GDPR) with user consent for non-essential analytics
  • Data location: EU (Frankfurt, Germany)
  • Retention: 12 months maximum, with automatic deletion

Vercel (Hosting and CDN)

We use Vercel for website hosting, content delivery, and performance optimization. Vercel is GDPR-compliant and processes data within the EU:

  • Data processed: Website access logs, performance metrics, IP addresses (anonymized), CDN usage data
  • Purpose: Website hosting, content delivery, performance optimization, security monitoring
  • Legal basis: Legitimate interest (Art. 6(1)(f) GDPR) for website operation and security
  • Data location: EU (Frankfurt, Germany)
  • Retention: 30 days maximum for access logs, performance data retained for service optimization

Resend (Email Services)

We use Resend for transactional emails, notifications, and communication. Resend is GDPR-compliant and processes data within the EU:

  • Data processed: Email addresses, email content, delivery status, bounce/complaint data
  • Purpose: Transactional emails, user notifications, password resets, account communications
  • Legal basis: Contract performance (Art. 6(1)(b) GDPR) for essential communications
  • Data location: EU (Frankfurt, Germany)
  • Retention: Until account deletion or as required for service operation

Cookies and Local Storage

Our website uses cookies and local storage for essential functionality and user preferences:

  • Necessary cookies: Authentication, security, basic functionality
  • Analytics cookies: Website usage analysis (with consent)
  • Functional cookies: User preferences and settings
  • Marketing cookies: Advertising and marketing (with consent)

Server Logs:

The provider of this website automatically collects and stores information in server log files, which your browser transmits to us. This includes:

  • Type and version of browser used
  • Operating system used
  • Referrer URL
  • Hostname of the accessing computer
  • Time of the server request
  • IP address (anonymized after 7 days)

5. Data Categories and Purposes

Personal Data We Collect

  • Account Information: Account Information: Name, email address, password (encrypted)
  • Property Data: Property Data:
  • Contact Information: Contact Information: Names, email addresses, phone numbers of contacts
  • Usage Data: Usage Data:
  • Technical Data: Technical Data:

Purposes of Data Processing

  • Service Provision: Service Provision:
  • User Authentication: User Authentication: Secure login and account management
  • Data Management: Data Management: Storing and organizing your property and contact information
  • Communication: Communication:
  • Analytics: Analytics:
  • Legal Compliance: Legal Compliance:

6. Data Security and Protection

Security Measures

We implement comprehensive security measures to protect your personal data:

  • Encryption: All data is encrypted in transit and at rest using industry-standard encryption
  • Access Controls: Strict access controls and authentication mechanisms
  • Regular Audits: Regular security audits and vulnerability assessments
  • Data Minimization: We only collect and process data that is necessary for our services
  • EU Data Residency: All data is processed and stored within the European Union

7. Your Rights Under GDPR

Your Data Protection Rights

Under the General Data Protection Regulation (GDPR), you have the following rights regarding your personal data:

Right of Access (Art. 15 GDPR)

You have the right to obtain confirmation as to whether or not personal data concerning you is being processed, and, where that is the case, access to the personal data and information about the processing.

Right to Rectification (Art. 16 GDPR)

You have the right to obtain the rectification of inaccurate personal data and to have incomplete personal data completed.

Right to Erasure (Art. 17 GDPR)

You have the right to obtain the erasure of personal data concerning you without undue delay if:

  • The personal data is no longer necessary for the purposes for which it was collected
  • You withdraw consent and there is no other legal ground for processing
  • The personal data has been unlawfully processed
  • The personal data has to be erased for compliance with a legal obligation

Right to Restriction of Processing (Art. 18 GDPR)

You have the right to obtain restriction of processing where the accuracy of the personal data is contested, the processing is unlawful, or the data is no longer needed.

Right to Data Portability (Art. 20 GDPR)

You have the right to receive the personal data concerning you in a structured, commonly used, and machine-readable format and to transmit that data to another controller.

Right to Object (Art. 21 GDPR)

You have the right to object to the processing of your personal data for direct marketing purposes or for processing based on legitimate interests.

Right to Withdraw Consent

Where processing is based on consent, you have the right to withdraw your consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

Right to Lodge a Complaint (Art. 77 GDPR)

You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement.

How to Exercise Your Rights

To exercise any of these rights, please contact us at:

  • Email: contact@immoset.app
  • Address: Samuel Dittmann, Tälestraße 32, 72160 Horb am Neckar, Germany

We will respond to your request within one month of receipt. In some cases, we may need to verify your identity before processing your request.

8. Data Retention and Deletion

Retention Periods

  • Account Data: Account Data: Retained until account deletion or 3 years of inactivity
  • Property Data: Property Data:
  • Analytics Data: Analytics Data: Maximum 12 months, with automatic deletion
  • Server Logs: Server Logs: IP addresses anonymized after 7 days, logs deleted after 30 days
  • Marketing Data: Marketing Data: Until consent is withdrawn or 2 years of inactivity

Account Deletion

You can delete your account at any time through your account settings. Upon account deletion:

  • All personal data will be permanently deleted within 30 days
  • Anonymized analytics data may be retained for statistical purposes
  • Some data may be retained longer if required by law

9. International Data Transfers

EU Data Residency

We are committed to keeping your data within the European Union. All our third-party service providers (Supabase, PostHog) process data exclusively within the EU and are GDPR-compliant.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any material changes by:

  • Posting the updated Privacy Policy on our website
  • Sending you an email notification (if you have provided an email address)
  • Displaying a notice on our website

The "Last updated" date at the bottom of this policy indicates when it was last revised.

© 2025 Immoset. Last updated: January 2025