Privacy Policy

Last updated: February 2026

1. Data Controller

PropScout AI is the data controller for personal data collected through this platform. We are based in the Netherlands and process your data in accordance with the General Data Protection Regulation (GDPR) and the Dutch implementation (UAVG).

Contact: privacy@propscout.ai

2. Data We Collect

Account information

  • Email address (required for account creation and notifications)
  • Full name (optional, used to personalise the interface)
  • Password (stored as a bcrypt hash — we never store plain-text passwords)
  • Subscription tier and billing history (managed via Stripe)

Property preferences

  • Saved properties and watchlists
  • Investment criteria settings (yield thresholds, location filters, budget range)
  • Analysis history (URLs you have submitted for analysis)

Usage data

  • Pages visited and features used within the platform
  • IP address and approximate location (country/city level)
  • Browser type and device information
  • Log data for security and debugging purposes

3. Legal Basis for Processing

We process your personal data on the following legal bases:

  • Contract performance (Art. 6(1)(b) GDPR): Account information and subscription data are required to provide the service you signed up for.
  • Legitimate interests (Art. 6(1)(f) GDPR): Usage analytics and security logging to maintain platform quality and prevent fraud.
  • Consent (Art. 6(1)(a) GDPR): Marketing emails and non-essential cookies, where you have explicitly opted in.
  • Legal obligation (Art. 6(1)(c) GDPR): Retention of financial records for tax compliance (Dutch law requires 7-year retention).

4. How We Use Your Data

  • Providing and personalising your dashboard experience
  • Sending property alerts that match your investment criteria
  • Processing subscription payments via Stripe
  • Sending transactional emails (account confirmation, password reset, receipts)
  • Improving the analysis algorithms and platform features
  • Detecting and preventing fraud or misuse
  • Complying with legal obligations

5. Third-Party Services

We share data with the following sub-processors. Each is subject to a Data Processing Agreement:

Supabase (database and authentication)

Your account data, saved properties, and preferences are stored in Supabase (AWS eu-west-1, Ireland). Supabase is GDPR-compliant. Privacy policy

Stripe (payment processing)

Payment card details are never stored by PropScout AI. All payment processing is handled by Stripe, which is PCI-DSS Level 1 certified. Stripe may store billing address and transaction history. Privacy policy

OpenAI (AI analysis)

Property listing text may be sent to OpenAI’s API to generate analysis summaries. We do not send personal account information to OpenAI. OpenAI processes data in the US under Standard Contractual Clauses. Privacy policy

Resend (transactional email)

Your email address is shared with Resend to deliver account and alert emails. Resend is GDPR-compliant and processes data in the EU. Privacy policy

6. Data Retention

  • Account data: Retained for the duration of your account. Deleted within 30 days of account closure, except where legal retention requirements apply.
  • Financial records: Retained for 7 years as required by Dutch tax law.
  • Usage logs: Retained for 90 days for security purposes, then deleted.
  • Saved properties and analysis history: Deleted immediately upon account closure unless you request an export first.

7. Your Rights Under GDPR

As a data subject, you have the following rights. To exercise any of them, contact us at privacy@propscout.ai. We will respond within 30 days.

  • Right of access (Art. 15): Request a copy of all personal data we hold about you.
  • Right to rectification (Art. 16): Correct inaccurate or incomplete data. You can update most data directly in account settings.
  • Right to erasure (Art. 17): Request deletion of your personal data (“right to be forgotten”), subject to legal retention obligations.
  • Right to data portability (Art. 20): Receive your data in a machine-readable format (JSON/CSV export available from account settings).
  • Right to restriction of processing (Art. 18): Request that we limit how we process your data in certain circumstances.
  • Right to object (Art. 21): Object to processing based on legitimate interests, including profiling.
  • Right to withdraw consent: Where processing is based on consent, you may withdraw at any time (e.g., unsubscribing from marketing emails).

If you believe your rights have been violated, you have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens): autoriteitpersoonsgegevens.nl

9. Data Security

We implement appropriate technical and organisational measures to protect your data, including TLS encryption in transit, encrypted storage, access controls, and regular security reviews. However, no system is completely secure and we cannot guarantee absolute security.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or via an in-app notice at least 14 days before the changes take effect. Your continued use of the service after the effective date constitutes acceptance.

11. Contact

For privacy-related enquiries: privacy@propscout.ai

Postal address: PropScout AI, Netherlands