Privacy Policy

[LEGAL ENTITY NAME], a company registered in [JURISDICTION] under company number [REGISTRATION NUMBER], with its registered office at [REGISTERED ADDRESS], is the data controller for personal data processed through the Platform ("Vista", "we", "us", "our").

You can contact us about privacy matters at privacy@vista.app.

[IF YOU HAVE ONE: Our Data Protection Officer can be reached at dpo@vista.app.]

We collect the following categories of personal data:

Information you give us directly

• Account information: name, email address, password (hashed), phone number, country of residence, preferred language and currency.
• Listing information (for Listing Parties): business name, contact details, property details, photos, documents, and verification materials.
• Communications: messages you send through the Platform, support requests, and feedback.
• Payment and billing information (where applicable): processed by our payment providers; we do not store full card details.

Information collected automatically

• Device and technical data: IP address, browser type, operating system, device identifiers, language settings.
• Usage data: pages viewed, listings searched and saved, filters applied, time spent, referral source.
• Location data: approximate location derived from IP address. We do not collect precise GPS location unless you grant explicit permission.
• Cookies and similar technologies: see our Cookie Policy for details.

Information from third parties

• Verification and identity providers, where we run anti-fraud or KYC checks.
• Listing Parties and partners who submit information about properties.
• Public sources, such as land registries or business registers, where used for verification.

We do not knowingly collect special-category data (such as health, religion, or political views) and ask that you do not submit it.

Where we rely on legitimate interest, we have balanced our interest against your rights and concluded the processing does not override them. You can object at any time — see Section 8.

We use cookies and similar technologies. Please see our Cookie Policy for full details and to manage your preferences.

We share personal data only as needed and only with:

• Service providers that help us run the Platform — including hosting (e.g. Supabase, AWS, or similar), email delivery, analytics, customer support, and payment processing. These providers act as data processors under our instructions.
• Other Users, where you choose to share data — for example, when you contact a Listing Party, your name and message are visible to them.
• Verification and anti-fraud partners, where we conduct identity or document checks.
• Translation and currency services, which process Listing content and price data.
• Professional advisors — lawyers, auditors, accountants — bound by confidentiality.
• Authorities and law enforcement, where required by law, court order, or to protect rights and safety.
• Successors, in the event of a merger, acquisition, or sale of assets, with appropriate safeguards.

We do not sell your personal data.

Vista operates across multiple countries, and some of our service providers are located outside the European Economic Area, including in the United States and Israel. Where we transfer personal data outside the EEA, we rely on lawful transfer mechanisms — typically the European Commission's Standard Contractual Clauses, an adequacy decision, or another approved safeguard. You can request a copy of the safeguards in place by contacting privacy@vista.app.

We keep personal data only as long as necessary for the purposes described in this Policy, or as required by law. In general:

• Account data: for as long as your account is active, plus up to 24 months after closure.
• Listing data: for as long as the Listing is active, plus up to 24 months after removal, for audit and dispute purposes.
• Transaction and tax records: for the period required by applicable tax and accounting law (typically 7–10 years).
• Verification and AML records: for the period required by applicable law (typically 5–7 years after the end of the business relationship).
• Marketing data: until you withdraw consent or object.
• Logs and technical data: typically up to 12 months.

After these periods, we delete or anonymise the data.

Subject to applicable law, you have the right to:

• Access the personal data we hold about you and receive a copy.
• Rectify inaccurate or incomplete data.
• Erase your data ("right to be forgotten"), in certain circumstances.
• Restrict processing, in certain circumstances.
• Object to processing based on legitimate interest, including profiling, and to object at any time to processing for direct marketing.
• Data portability: receive your data in a structured, machine-readable format and transmit it to another controller.
• Withdraw consent at any time, where processing is based on consent. Withdrawal does not affect processing carried out before withdrawal.
• Lodge a complaint with a supervisory authority. The lead authority for EU users is typically the one in your country of residence; a list is available at https://edpb.europa.eu/about-edpb/about-edpb/members_en.

To exercise any of these rights, email privacy@vista.app. We will respond within one month (extendable by two further months for complex requests). We may need to verify your identity before acting on a request.

We do not currently make decisions that produce legal or similarly significant effects about you based solely on automated processing. If this changes, we will update this Policy and inform you of your rights under Article 22 GDPR.

We use technical and organisational measures designed to protect personal data, including encryption in transit, access controls, and regular security reviews. No system is completely secure, and we cannot guarantee absolute security. If a personal data breach affects you and is likely to result in a high risk to your rights, we will notify you in line with applicable law.

The Platform is not intended for anyone under 18. We do not knowingly collect data from minors. If you believe a minor has provided us with personal data, please contact privacy@vista.app and we will delete it.

We may update this Privacy Policy from time to time. Material changes will be communicated by email or in-product notice. The "Last updated" date at the top reflects the latest version.

Privacy questions, requests, or complaints: privacy@vista.app

Postal address: [REGISTERED ADDRESS]