Privacy Policy

Last updated: March 9, 2026

1. Who We Are

EstateEngine ("we", "our", "us") provides an AI-powered sales agent for Dubai real estate brokers, operating across Instagram and WhatsApp Business channels. This Privacy Policy explains how we collect, use, store, and protect information when you use our platform at getestateengine.com.

For privacy inquiries, contact us at: sam@getestateengine.com

2. Information We Collect

a) Account Information

When you register, we collect your email address, name (optional), and password (hashed — never stored in plaintext). If you sign in with Google, we receive your name, email, and profile picture from Google OAuth.

b) Instagram Business Account Data

When you connect your Instagram Business account via Meta OAuth, we receive and store:

  • Instagram user ID and username
  • Long-lived access token (encrypted with AES-256-GCM)

We use this data solely to enable AI-powered responses to comments and DMs on your behalf. Access tokens are encrypted at rest and never shared with third parties except to make authorized calls to the Meta Graph API on your behalf.

b2) WhatsApp Business Account Data

When you connect your WhatsApp Business account, we receive and store:

  • WhatsApp Business phone number ID and display phone number
  • WhatsApp Business Account (WABA) ID
  • Access token (encrypted with AES-256-GCM)

We use this data solely to enable AI-powered responses to inbound WhatsApp messages on your behalf. Tokens are encrypted at rest and only used for Meta WhatsApp Business API calls.

c) Lead and Conversation Data

When your AI agent interacts with Instagram or WhatsApp users, we store:

  • Instagram username or WhatsApp phone number of the lead
  • Full conversation history between the AI agent and the lead
  • AI-computed lead score, temperature (hot/warm/cold), and qualification data
  • Lead-provided information (budget, timeline, preferences) extracted from conversations
  • Contact channel source (Instagram DM, reel comment, WhatsApp message)

d) Property Listings

We store property listings you add to the platform, including name, location, price, photos, and specifications. This data is used by the AI agent to answer property enquiries.

e) Usage and Billing Data

We track your subscription status, tier (trial/pro/agency), conversation usage count, and billing period dates. Payment processing is handled by Stripe — we do not store full credit card details.

f) Technical Data

Standard server logs including IP address, browser type, and pages visited. We use this for security monitoring and debugging only.

3. How We Use Your Information

  • To operate the AI agent and respond to Instagram and WhatsApp enquiries on your behalf
  • To score and qualify leads using AI analysis
  • To send you in-app broker alerts when hot or warm leads are detected
  • To enforce trial limits and subscription entitlements
  • To display analytics on your dashboard (lead counts, conversation volumes)
  • To provide customer support
  • To improve our AI models (conversation data is not used for model training without explicit consent)

4. Third-Party Services

We share data with the following third parties only as necessary to deliver the service:

OpenAI (GPT-4o mini)

Conversation messages are sent to OpenAI's API to generate AI responses and extract lead qualification data. OpenAI processes this data per their Privacy Policy. We have API-level data processing agreements with OpenAI.

Supabase

Our database and authentication provider. Data is stored on Supabase-hosted PostgreSQL with row-level security enforced. See Supabase Privacy Policy.

Meta (Instagram & WhatsApp)

We use Meta's Graph API to authenticate your Instagram Business account, read/reply to comments and DMs, and to send and receive WhatsApp Business messages on your behalf. WhatsApp message data is processed via Meta's Cloud API hosted on Meta's servers. Our use is governed by Meta's Privacy Policy.

Stripe

Payment processing for Pro and Agency subscriptions. Stripe handles all card data. See Stripe Privacy Policy.

Vercel

Application hosting and edge delivery. See Vercel Privacy Policy.

We do not sell your personal data to any third party.

5. Data Retention

We retain your data for the duration of your active subscription plus 30 days after account deletion. Lead conversation data is retained for 12 months from the date of the conversation, after which it is automatically purged unless you request earlier deletion.

Instagram and WhatsApp access tokens are revoked and deleted when you disconnect the respective account or delete your EstateEngine account.

6. Your Rights

You have the right to:

  • Access — request a copy of all personal data we hold about you
  • Correction — correct inaccurate personal data
  • Deletion — request deletion of your account and all associated data
  • Portability — receive your data in a machine-readable format
  • Restriction — restrict processing of your data in certain circumstances
  • Objection — object to processing based on legitimate interests

To exercise these rights, email sam@getestateengine.com. We will respond within 30 days. For data deletion instructions, see our Data Deletion page.

7. Security

We use industry-standard security measures including AES-256-GCM encryption for sensitive tokens, HTTPS for all data in transit, row-level security in the database, and hashed passwords. No method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

Reporting security vulnerabilities: If you discover a security vulnerability in EstateEngine, please report it responsibly by emailing security@getestateengine.com. We will acknowledge your report within 48 hours and work to resolve verified issues promptly.

8. Children's Privacy

EstateEngine is intended for business users only. We do not knowingly collect personal information from individuals under 18 years of age.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or via an in-app notice. Continued use of EstateEngine after changes take effect constitutes acceptance of the updated policy.

10. Contact

For privacy questions, data requests, or concerns:

EstateEngine

Dubai, United Arab Emirates

Email: sam@getestateengine.com