Legal · Realprice

Privacy Policy

Last updated: 2026-05-17

On this page

Who we are
Data we collect
Why we collect it
How long we keep it
Sub-processors
International transfers
Your rights
Cookies
Marketing emails
Security & breaches
Changes to this policy
Contact

1. Who we are

Realprice is a property-pricing analysis tool for buyers of residential real estate in Dubai, United Arab Emirates. The service is operated by [TO BE FILLED IN ONCE UAE TRADE LICENSE IS ISSUED] (trading as Realprice), a company established in [TO BE FILLED IN ONCE UAE TRADE LICENSE IS ISSUED] under trade license number [TO BE FILLED IN ONCE UAE TRADE LICENSE IS ISSUED], with its registered office at [TO BE FILLED IN ONCE UAE TRADE LICENSE IS ISSUED].

In this Policy, "we", "us" and "Realprice" refer to that entity. "You" refers to any visitor or registered user of the website.

This Policy explains what personal data we process when you use Realprice, why we process it, and the rights you have over your data. It is written to comply with the UAE Personal Data Protection Law (Federal Decree-Law No. 45 of 2021, the “PDPL”). Where users located in the European Economic Area or the United Kingdom interact with the service, we voluntarily honour equivalent rights under the EU General Data Protection Regulation (GDPR) and the UK GDPR, even though Realprice does not actively target those markets.

2. Data we collect

Account data

Email address — used as your login identifier and for transactional emails.
A salted password hash (we never see or store your plaintext password — Supabase Auth handles this).
Session tokens — short-lived signed tokens stored in HttpOnly cookies so you stay logged in.

Service usage data

Listing URLs you submit for analysis (Property Finder, Bayut, Dubizzle).
The analysis reports we generate from those URLs, including the verdict, comparable transactions used, and any data-quality warnings.
Items you add to your watchlist, together with optional notes you write about them.
Your credit balance and a per-transaction ledger (purchases, debits, refunds).

Payment data

We never receive or store your full payment card details. Payments are processed by Stripe, which returns a customer reference and an event ID — we link those to your account.
The last 4 digits and card brand may be shown back to you in your account view; that information also comes from Stripe at display time and is not stored by us.

Technical data

Your IP address — kept transiently in server logs for rate-limiting, abuse prevention, and security forensics.
Your browser’s User-Agent string and the page path you requested — same purpose.
A signed session cookie set by the framework. This cookie is essential to the operation of the site (it carries your login state); it does not track you across other websites.

Data we deliberately do not collect

We do not ask for your real name, phone number, postal address, identity documents, or any financial information beyond what Stripe needs to process a payment.
We do not run third-party advertising trackers or cross-site analytics on the site. There is no Google Analytics, Facebook Pixel, or similar.

3. Why we collect it (legal bases)

Under PDPL Article 4 and (where applicable) GDPR Article 6, we process your data on the following bases:

Performance of a contract. We need your email, account, and usage data to provide the service you signed up for: running analyses, charging credits, sending password resets, displaying your history.
Legitimate interests. Transient logging of IP and User-Agent for rate-limiting and security. The fraud-prevention benefit to us, and the integrity benefit to all users, outweighs the minimal privacy intrusion.
Consent. Subscription to the optional Weekly Watchlist Digest email is opt-in. You can withdraw consent at any time by cancelling the subscription or by clicking the unsubscribe link in any digest email.
Legal obligation. Records related to financial transactions are retained for the period required by UAE tax and accounting law.

4. How long we keep your data

Account data — for as long as your account exists. When you delete your account (by emailing privacy@realprice.ae), we erase your profile, watchlist items, notes, and history within 30 days, except as required to comply with tax/accounting law.
Analysis reports and usage data — kept for as long as the account exists, then erased together with the account.
Financial transaction records — retained for the statutory period under UAE tax and accounting law (currently five years from the transaction date) regardless of account status.
Server logs — rotated and erased within 30 days of creation.
Marketing-email consent records — retained until consent is withdrawn, then erased within 30 days.

5. Sub-processors

We use the following sub-processors to deliver the service. Each is bound by a data processing agreement and is required to implement appropriate technical and organisational safeguards.

Supabase, Inc.

United States (AWS) / European Union (AWS regions) · Privacy policy

Authentication (email + password) and primary database storage. Stores account profiles, credit ledger, analysis history, and watchlist items.

Stripe, Inc.

Ireland and United States · Privacy policy

Payment processing for credit packs and weekly digest subscriptions. We never see or store your full card details — Stripe issues a customer reference that we link to your account.

Smartproxy UAB (Decodo Web Scraping API)

Lithuania, European Union · Privacy policy

Fetching the public listing page from Property Finder, Bayut or Dubizzle when you submit a URL. The fetched HTML is processed for analysis and cached server-side. We never share your personal data with this service — only the listing URL.

Resend, Inc.

United States · Privacy policy

Delivery of transactional emails (account verification, password reset) and — if subscribed — the optional weekly watchlist digest.

We update this list whenever a new sub-processor is introduced or an existing one is removed. Material changes also trigger a refresh of the “Last updated” date at the top of this Policy.

6. International data transfers

Realprice is operated from the United Arab Emirates, but several of our sub-processors operate infrastructure outside the UAE (notably in the United States and the European Union — see the previous section for the jurisdictions). By using the service you acknowledge that your data may be transferred to and processed in those jurisdictions.

We rely on the sub-processors’ own adequacy commitments (Standard Contractual Clauses, Data Privacy Framework participation, or PDPL-equivalent protections) for those transfers. If you require copies of the underlying transfer mechanisms, write to privacy@realprice.ae.

7. Your rights

Under the PDPL, and (where applicable) the GDPR / UK GDPR, you have the following rights with respect to your personal data:

Access — request a copy of the personal data we hold about you.
Rectification — ask us to correct inaccurate or incomplete data.
Erasure — ask us to delete your data, subject to statutory retention obligations on financial records.
Portability — receive your data in a structured, machine-readable format (JSON).
Restriction — ask us to limit how we process your data while a complaint is being investigated.
Objection — object to processing based on our legitimate interests.
Withdraw consent — at any time, for any processing that relies on consent (e.g. marketing emails).
Complain — lodge a complaint with the UAE Data Office (uaedataoffice.ae) or, where applicable, with your national EU/UK supervisory authority.

To exercise any of these rights, email privacy@realprice.ae. We respond within 30 days of receiving a verifiable request, as required by the PDPL.

8. Cookies and similar technologies

Realprice uses cookies sparingly and only where strictly necessary:

Session cookie (essential). Set by the application to keep you logged in across requests. HttpOnly, Secure, SameSite=Lax. Cleared when you log out.
CSRF protection (essential). A signed token used to validate form submissions.

We do not use advertising cookies, social-media cookies, cross-site tracking pixels, or third-party analytics that rely on cookies. For this reason, we do not display a cookie-consent banner — under the ePrivacy framework, essential cookies do not require consent.

9. Marketing emails

We send three categories of email:

Transactional — account verification, password resets, payment receipts. These are necessary to operate the service and are sent to every account.
Service alerts — refund confirmations, security notices. Same status as transactional.
Weekly Watchlist Digest — opt-in. Sent only to users who actively subscribe to it. Every digest contains a one-click unsubscribe link in the footer. You can also cancel the underlying subscription at any time via the Stripe customer portal.

We do not sell, rent, or share your email address with any third party for their own marketing purposes.

10. Security and data breaches

Our backend stores data in encrypted-at-rest databases. Traffic between your browser and our servers is encrypted with TLS. Passwords are stored as salted hashes by Supabase Auth.

In the unlikely event of a personal-data breach that is likely to result in a risk to your rights and freedoms, we will notify the UAE Data Office within 72 hours of becoming aware of it (as required by Article 9 of the PDPL), and we will notify affected users without undue delay. Where users are located in the EU/UK, we will follow equivalent GDPR/UK GDPR notification obligations as a matter of policy.

11. Changes to this Policy

We may update this Policy from time to time. The “Last updated” date at the top of the page reflects the most recent material change. Where a change affects how we process your existing data, we will notify you by email at least 14 days before it takes effect.

12. Contact

Data protection contact

Controller: [TO BE FILLED IN ONCE UAE TRADE LICENSE IS ISSUED]
Registered office: [TO BE FILLED IN ONCE UAE TRADE LICENSE IS ISSUED]
Trade license: [TO BE FILLED IN ONCE UAE TRADE LICENSE IS ISSUED]
Privacy enquiries: privacy@realprice.ae
General contact: hello@realprice.ae