Privacy Policy

Anvira ("we", "us") provides software-as-a-service for real-estate brokerages. This Privacy Policy describes how we handle personal data when:

• brokerages use the Anvira admin interface (you = data controller); and
• end-buyers interact with brokers via the WhatsApp / email pipelines Anvira powers (you = data subject of the brokerage's processing; Anvira = processor).

For brokerage Customers (administrators):

• account email, name, login timestamps;
• brokerage name, RERA/REGA/FAL license numbers, business timezone;
• WhatsApp number(s) and Evolution instance metadata.

For end-buyers (the brokerage's customers):

• WhatsApp phone number, optional display name;
• conversation transcripts (text + voice-note transcriptions);
• qualification fields the buyer volunteers: budget range, property type, preferred locations, citizenship, mortgage status;
• for high-value transactions only: KYC documents uploaded by the buyer (passport, Emirates ID, bank statements, source-of-funds);
• consent state and audit log of consent events.

For brokerage administrators: to provide the service, authenticate, bill, and support.

For end-buyers: to enable the brokerage to respond to the buyer's inquiry on the buyer's explicit consent. Each scope of use (handle the current inquiry, similar-property updates, off-plan milestone updates, booking reminders) requires its own affirmative grant captured in the consent audit log.

Anvira sends WhatsApp messages to end-buyers only in the following situations, and each is independently consent-gated:

• Replies to buyer-initiated inquiries — when the buyer messages the brokerage, the system replies. Authorized by the baseline inquiry-handling consent.
• Replies to buyer questions about properties they engage with — follow-up answers within an active conversation. Authorized by the baseline inquiry-handling consent.
• Similar-property updates — references to alternative listings matching the buyer's captured preferences, embedded inside a reply to one of their inbound messages. Requires affirmative grant of the similar_properties scope.
• Off-plan milestone updates — references to construction progress for projects the buyer engages with, embedded inside a reply to one of their inbound messages. Requires affirmative grant of the milestone_updates scope.
• Reminders for appointments or viewings the buyer has booked — typically 24 hours before and 1 hour before the booked time. Implicit consent is created by the act of booking itself; the buyer may revoke at any time by sending STOP, which mutes future reminders without cancelling the booking. Requires the booking_reminders scope to remain true.

Anvira does not send: cold outreach, marketing broadcasts, re-engagement campaigns targeted at dormant contacts, or any message to a buyer who has not first initiated contact with the brokerage. Other than the consent-gated booking reminders described above, the system has no scheduler for outbound messaging, and there is no operator path to manually trigger cold outreach, marketing broadcasts or re-engagement campaigns.

We use the following sub-processors. Adding or removing any requires updating this list and notifying Customers at least 30 days in advance:

• Supabase (Singapore Pte Ltd) — database, authentication, storage. Default region: Frankfurt (eu-central-1). Customers on enterprise plans may elect a UAE region.
• Cloudflare (Cloudflare Inc.) — DNS, edge caching, inbound email routing for the WhatsApp lead pipeline.
• Resend (Resend Inc.) — transactional email delivery (handoff alerts to brokers, system notifications).
• Google Generative AI (Google LLC) — LLM inference for conversational responses and voice-note transcription. Data is transmitted per Google's API terms.
• Railway (Railway Corp.) — backend application hosting and Evolution WhatsApp transport.
• Vercel (Vercel Inc.) — admin dashboard hosting.
• OpenSanctions (OpenSanctions UG) — sanctions / PEP screening when the compliance module is enabled.

Buyers whose data is processed by a brokerage using Anvira have the following rights under UAE / KSA PDPL:

• Right to information about what data is held and for what purpose;
• Right of access to a copy of the data;
• Right to rectification of inaccurate data;
• Right to erasure — buyers may send "delete my data" / "احذف بياناتي" / "supprimer mes données" on WhatsApp to trigger a deletion request, actioned within 30 days. We delete or irreversibly anonymise the buyer's conversation history, contact details and qualification data. Where the brokerage is legally required to retain certain records — in particular AML/CFT identity and source-of-funds (KYC) records, which UAE PDPL Art. 8 / KSA PDPL Art. 10 require to be kept for the statutory retention period (typically 5 years) — those specific records are retained and locked from further processing rather than deleted, then erased once the legal retention obligation lapses;
• Right to withdraw consent — buyers may send "STOP" / "إيقاف" at any time;
• Right to object to specific processing scopes (e.g. similar-property updates while continuing inquiry handling).

Requests should be routed through the brokerage (as the data controller). Where Anvira is the controller (administrator accounts), send requests to privacy@anviraplus.it.com.

For brokerage administrators: retained for the life of the account plus 12 months after termination.

For end-buyer data: retained for the period needed to handle the inquiry plus the brokerage's regulatory retention obligations (typically 5 years for KYC records under UAE AML/CFT law). Nightly archive snapshots are pruned after 30 days.

Data is encrypted in transit (TLS 1.2+) and at rest (Supabase managed AES-256). Access is role-scoped via PostgreSQL Row-Level Security so each brokerage's data is isolated from every other brokerage's data. Administrative actions are logged in an immutable audit trail.

Personal data may be transferred to and processed in Germany (Supabase Frankfurt), the United States (Vercel, Google, Resend, Cloudflare), and other jurisdictions where our sub-processors operate. Where such a transfer is to a jurisdiction without a recognised adequacy decision, we rely on an appropriate safeguard permitted by the applicable PDPL — such as standard contractual clauses where issued by the competent authority, the sub-processor's own contractual data-protection commitments, or, where required, your explicit consent.

Material changes are communicated to brokerage administrators at least 30 days before they take effect. The current version of this policy is always available at /legal/privacy.

Privacy questions: privacy@anviraplus.it.com

Data Protection Officer (if applicable): dpo@anviraplus.it.com