This Privacy Policy explains how ImmoStory collects, uses, stores, shares, and protects personal data when you visit the website, create an account, connect property sources, generate marketing assets, purchase credits, or contact our team.
Who we are and what this policy covers
ImmoStory acts as the controller for account, website, support, and billing data processed to provide the platform. Depending on how you use the service, we may also act as a processor on your behalf when handling listing materials, contact information, and publication assets that you instruct us to transform or generate.
This policy covers website visitors, trial users, paid customers, agency collaborators, and support contacts. It also covers data received from third-party listing pages, uploads, connected services, and operational security logs.
Categories of data we process
We may process account identifiers, names, emails, passwords or authentication metadata, team membership data, invoices, payment metadata, billing addresses, support messages, notification preferences, and feature usage records. Where you provide or connect listing data, we may process property descriptions, images, floor plans, logos, branding settings, text prompts, generated scripts, subtitles, rendered videos, export metadata, and publication-related settings.
We also process technical and security data such as IP-derived region information, browser or device characteristics, audit logs, API usage, anti-abuse signals, and troubleshooting information needed to keep the service reliable.
Purposes and lawful bases
We process personal data to provide the service you request, authenticate users, ingest and transform listing materials, render generated assets, manage subscriptions or credits, issue invoices, secure the platform, prevent abuse, analyse reliability, respond to support requests, and meet legal obligations. Our lawful bases may include contract performance, legitimate interests, consent where required, and compliance with legal obligations.
Where we rely on legitimate interests, those interests typically include fraud prevention, service stability, product quality, secure access control, support responsiveness, and internal reporting that does not override your rights and freedoms.
Sharing, subprocessors, and international transfers
We may share data with hosting providers, payment processors, email providers, analytics or monitoring vendors, AI/media processing suppliers, storage providers, support tooling, and other subprocessors reasonably required to operate the service. We do not sell personal data. Data is shared only on a need-to-know basis and subject to contractual, technical, and organisational safeguards.
Where data is transferred outside your country or the EEA/UK, we use appropriate transfer mechanisms where required, such as contractual safeguards or equivalent protections offered by the provider or destination.
Retention and deletion
We retain account, billing, and transactional records for as long as necessary to provide the service, maintain business records, resolve disputes, enforce agreements, and comply with tax, accounting, or legal obligations. Listing inputs, generated scripts, renders, and related assets may be retained for active service delivery, customer access, restoration, and abuse investigation, unless deletion is requested and technically or legally restricted.
Backups, logs, and cached copies may persist for a limited period before automatic deletion in the normal course of operations.
Your rights and choices
Depending on your location, you may have rights to access, rectify, delete, restrict, object to, or port certain personal data. You may also withdraw consent where processing is based on consent. Some data must still be retained where required for active service delivery, fraud prevention, accounting, or legal compliance.
You can manage many settings from your account, and you may contact us to exercise privacy rights or ask questions about the processing of your data.
Security and updates
We use organisational and technical measures designed to protect personal data, including access controls, auditability, environment separation, credential handling, and operational security monitoring. No internet service can be guaranteed 100 percent secure, so you should also protect your credentials and connected integrations.
We may update this Privacy Policy when the service, legal requirements, processors, or risk profile changes. The latest published version applies from its publication date.
Contact
Privacy questions, requests, or complaints can be sent to [email protected].