Privacy Policy
1. Who we are
Realprice is a property pricing analysis tool for buyers of residential real estate in Dubai, United Arab Emirates. The service is operated by EdenVentures Information Technology - FZCO (trading as Realprice), a company established in Dubai Integrated Economic Zones Authority (IFZA), Dubai Silicon Oasis, Dubai, United Arab Emirates under trade license number 88828, with its registered office at Unit 88828-001, IFZA Business Park (Building A1), Dubai Digital Park, Dubai Silicon Oasis, Dubai, United Arab Emirates.
In this Policy, "we", "us" and "Realprice" refer to that entity. "You" refers to any visitor or registered user of the website.
This Policy explains what personal data we process when you use Realprice, why we process it, and the rights you have over your data. It is written to comply with the UAE Personal Data Protection Law (Federal Decree-Law No. 45 of 2021, the “PDPL”). Where users located in the European Economic Area or the United Kingdom interact with the service, we voluntarily honour equivalent rights under the EU General Data Protection Regulation (GDPR) and the UK GDPR, even though Realprice does not actively target those markets.
2. Data we collect
Account data
- Email address. used as your login identifier and for transactional emails.
- A salted password hash (we never see or store your plaintext password. Supabase Auth handles this).
- Session tokens. short lived signed tokens kept in secure cookies that scripts on the page cannot read, so you stay logged in.
Service usage data
- Listing URLs you submit for analysis (Property Finder, Bayut, Dubizzle).
- The analysis reports we generate from those URLs, including the verdict, comparable transactions used, and any data quality warnings.
- Items you add to your watchlist, together with optional notes you write about them.
- Your credit balance and a per transaction ledger (purchases, debits, refunds).
Payment data
- We never receive or store your full payment card details. Payments are processed by Stripe, which returns a customer reference and an event ID. we link those to your account.
- The last 4 digits and card brand may be shown back to you in your account view; that information also comes from Stripe at display time and is not stored by us.
Technical data
- Your IP address. kept transiently in server logs for rate limiting, abuse prevention, and security forensics.
- Your browser’s user agent string and the page path you requested. same purpose.
- A signed session cookie set by the framework. This cookie is essential to the operation of the site (it carries your login state); it does not track you across other websites.
Data we deliberately do not collect
- We do not ask for your real name, phone number, postal address, identity documents, or any financial information beyond what Stripe needs to process a payment.
- We do not run third party advertising trackers or cross site retargeting pixels. There is no Google Analytics, Facebook Pixel, or similar.
Product analytics & session recording
To understand which parts of Realprice are useful (or confusing) and to catch UX bugs before customers report them, we use Microsoft Clarity. Clarity records anonymised user-interaction data:
- Mouse movement, clicks, scroll depth, and form field activity (the values you type into fields are masked by default. Clarity sees that you typed in the email field, not what the email was).
- Browser, device, viewport size, referrer, page path.
- IP address (used by Clarity for approximate location only; not stored after geo-resolution).
Clarity is operated by Microsoft Corporation (United States). Their privacy notice and Standard Contractual Clauses cover the international transfer. See Microsoft’s privacy statement for details. We use Clarity strictly for product improvement; data is not shared with advertisers and we do not export individual sessions outside Clarity.
If you would prefer not to be recorded, Clarity respects browser-level Do-Not-Track signals and you can also opt out via your browser’s tracking protection. Disabling JavaScript also prevents the script from loading.
Public deals feed
Listings that buyers check through Realprice may appear in an anonymised form on our public deals page. We only show the area and the verdict for a listing, never any detail that identifies which buyer analysed it. The analysis is derived from official Dubai Land Department transaction data, not from your account, and we do not publish your identity, your watchlist, or your history.
3. Why we collect it (legal bases)
Under PDPL Article 4 and (where applicable) GDPR Article 6, we process your data on the following bases:
- Performance of a contract. We need your email, account, and usage data to provide the service you signed up for: running analyses, charging credits, sending password resets, displaying your history.
- Legitimate interests. Transient logging of IP and user agent for rate limiting and security. The fraud prevention benefit to us, and the integrity benefit to all users, outweighs the minimal privacy intrusion.
- Consent. Subscription to the optional Realprice Pro weekly watchlist summary email is opt in. You can withdraw consent at any time by cancelling the subscription or by clicking the unsubscribe link in any email.
- Legal obligation. Records related to financial transactions are retained for the period required by UAE tax and accounting law.
4. How long we keep your data
- Account data. for as long as your account exists. When you delete your account (by emailing privacy@realprice.ae), we erase your profile, watchlist items, notes, and history within 30 days, except as required to comply with tax/accounting law.
- Analysis reports and usage data. kept for as long as the account exists, then erased together with the account.
- Financial transaction records. retained for the statutory period under UAE tax and accounting law (currently five years from the transaction date) regardless of account status.
- Server logs. rotated and erased within 30 days of creation.
- Marketing email consent records. retained until consent is withdrawn, then erased within 30 days.
5. Third party processors
To deliver the service we rely on a small number of trusted third party sub processors across categories such as cloud hosting, authentication, payment processing, email delivery, and error monitoring. Each is bound by a data processing agreement and is required to implement appropriate technical and organisational safeguards.
If you would like the names of the specific providers that process your personal data, write to privacy@realprice.ae and we will share the current list.
6. International data transfers
Realprice is operated from the United Arab Emirates, but several of our sub processors operate infrastructure outside the UAE, notably in the United States and the European Union. By using the service you acknowledge that your data may be transferred to and processed in those jurisdictions.
We rely on the sub processors’ own adequacy commitments (Standard Contractual Clauses, Data Privacy Framework participation, or PDPL-equivalent protections) for those transfers. If you require copies of the underlying transfer mechanisms, write to privacy@realprice.ae.
7. Your rights
Under the PDPL, and (where applicable) the GDPR / UK GDPR, you have the following rights with respect to your personal data:
- Access. request a copy of the personal data we hold about you.
- Rectification. ask us to correct inaccurate or incomplete data.
- Erasure. ask us to delete your data, subject to statutory retention obligations on financial records.
- Portability. receive your data in a structured, machine readable format (JSON).
- Restriction. ask us to limit how we process your data while a complaint is being investigated.
- Objection. object to processing based on our legitimate interests.
- Withdraw consent. at any time, for any processing that relies on consent (e.g. marketing emails).
- Complain. lodge a complaint with the UAE Data Office (uaedataoffice.ae) or, where applicable, with your national EU/UK supervisory authority.
To exercise any of these rights, email privacy@realprice.ae. We respond within 30 days of receiving a verifiable request, as required by the PDPL.
8. Cookies and similar technologies
Realprice uses cookies sparingly and only where strictly necessary:
- Session cookie (essential). Set by the application to keep you logged in across requests. It is sent only over a secure connection, cannot be read by scripts on the page, and is cleared when you log out.
- CSRF protection (essential). A signed token used to validate form submissions.
- Microsoft Clarity (analytics, not essential). When enabled, Clarity sets first party cookies to recognise a returning visitor across pages within the same session (about a 12 month lifetime). See the section above for what is recorded and how to opt out.
We do not use advertising cookies, social media cookies, or cross site retargeting pixels. The Clarity analytics cookies are first party and used only for in app product improvement. Under the UAE PDPL we do not display a cookie consent banner for these strictly product improvement cookies; visitors from the EU/EEA should review the Clarity section above and use their browser’s tracking protection features if they wish to opt out.
9. Marketing emails
We send three categories of email:
- Transactional. account verification, password resets, payment receipts. These are necessary to operate the service and are sent to every account.
- Service alerts. refund confirmations, security notices. Same status as transactional.
- Realprice Pro weekly watchlist summary. opt in. Sent only to subscribers of Realprice Pro. Every email contains a one click unsubscribe link in the footer. You can also cancel the underlying subscription at any time via the Stripe customer portal.
We do not sell, rent, or share your email address with any third party for their own marketing purposes.
10. Security and data breaches
Our backend stores data in encrypted at rest databases. Traffic between your browser and our servers is encrypted with TLS. Passwords are stored as salted hashes by Supabase Auth.
In the unlikely event of a personal-data breach that is likely to result in a risk to your rights and freedoms, we will notify the UAE Data Office within 72 hours of becoming aware of it (as required by Article 9 of the PDPL), and we will notify affected users without undue delay. Where users are located in the EU/UK, we will follow equivalent GDPR/UK GDPR notification obligations as a matter of policy.
11. Changes to this Policy
We may update this Policy from time to time. The “Last updated” date at the top of the page reflects the most recent material change. Where a change affects how we process your existing data, we will notify you by email at least 14 days before it takes effect.
12. Contact
Data protection contact
- Controller
- EdenVentures Information Technology - FZCO
- Registered office
- Unit 88828-001, IFZA Business Park (Building A1), Dubai Digital Park, Dubai Silicon Oasis, Dubai, United Arab Emirates
- Trade license
- 88828
- Privacy enquiries
- privacy@realprice.ae
- General contact
- hello@realprice.ae