Privacy Policy

We collect personal data in three ways. Information you give us directly — your full name, phone number, email address, country of residence, and Mr./Ms./Mrs./Dr. title when you create an account or submit a property request. When you use our calculators (BuyAbility, ROI, Mortgage), we receive the financial figures you enter (income, down payment, target budget, employment status). When you message our AI assistant or contact us, we receive the content of your messages. Information collected automatically — your IP address, approximate geolocation derived from IP, browser type and version, operating system, device type, language preference, page interactions, and timestamps. On the iOS and Android apps, when you grant push notification permission we also receive an opaque OneSignal subscription identifier (an internal alias issued by OneSignal that we use to address pushes to your device — VILA never sees the raw Apple APNs or Google FCM device tokens). This is collected through standard server logs and the cookies and storage described in section 8. Information from third parties — when you sign in with Google we receive your name, email, and profile picture from Google. Property data shown in the Service (listings, prices, layouts, developer details) is sourced from Behomes, our real-estate data provider.

We use your information for the following purposes: • Authenticate your account and maintain your session. • Respond to property inquiries and connect you with our advisors. • Personalize your experience (saved properties, comparisons, search filters, language). • Generate calculator results, AI-assistant responses, and project recommendations. • Send transactional messages (sign-in OTPs, request confirmations). • Send marketing communications about new launches, market updates, and VILA events — only with your consent and only via the channel you opted into. • Improve the Service: analyze aggregate usage, fix bugs, prevent abuse, and prioritize new features. • Comply with applicable law, RERA reporting, anti-money-laundering requirements, and lawful requests from regulators.

We process personal data under the following legal bases recognized by the UAE Personal Data Protection Law (Federal Decree-Law No. 45 of 2021) and, where applicable, the EU General Data Protection Regulation (GDPR): • Consent — for marketing communications and any optional cookies we add in the future. • Performance of a contract — to provide the Service you signed up for. • Legitimate interest — to secure the platform, prevent fraud, improve features, and contact you about a request you submitted. • Compliance with a legal obligation — to satisfy RERA, AML, tax, or court-ordered requirements. You can withdraw consent at any time via the in-app settings or by contacting info@vila.ae.

We do not sell your personal data. We share data only with the following categories of recipients, and only to the extent necessary. Service providers acting on our instructions: • Twilio (USA) — phone OTP delivery for sign-in and verification. • Google (USA) — sign-in and identity verification when you choose Google login. • Microsoft Graph (USA / EU) — email delivery for transactional messages. • OpenAI (USA) — powers the AI assistant's natural-language responses. • DeepL (Germany) — machine translation of property descriptions and user-facing content. • Behomes (UAE) — property catalog data and developer information. • Amazon Web Services (USA) — application hosting and database storage. • PostHog (EU — Frankfurt) — product analytics, session-level event aggregation, anonymous usage statistics. We send pseudonymized events keyed by your VILA account id; PostHog cannot reverse-link these to your name or contact details. • OneSignal (USA) — push notification delivery to the iOS and Android apps. We send only your VILA account id (as the OneSignal external_id alias), the opaque OneSignal subscription identifier issued for your device, and the notification content. OneSignal manages the underlying APNs and FCM device tokens on its own infrastructure; VILA never receives or stores the raw platform tokens. OneSignal cannot reverse-link our pushes to your name or contact details. • Telegram (UAE / international) — internal lead notifications to the VILA sales team. Property partners — when you submit a specific property request, we share your contact details and stated requirements with the relevant developer or partner so they can follow up. We do not share your full account history or your calculator inputs. Legal and regulatory disclosure — we disclose information when required by UAE law, court order, RERA inquiry, or to protect VILA's legal rights, the safety of users, or the integrity of the platform. Business transfers — if VILA is involved in a merger, acquisition, or asset sale, your personal data may be transferred as part of that transaction. We will notify you before your data becomes subject to a different privacy policy.

Our application infrastructure is hosted on Amazon Web Services in the us-west-2 region (Oregon, USA). Some of our processors are based outside the UAE (USA, Germany). When personal data is transferred outside the UAE, we rely on the safeguards permitted by UAE PDPL Article 22, including adequacy decisions, contractual protections, and the processor's own privacy commitments. Where GDPR applies (EU users), transfers rely on Standard Contractual Clauses or equivalent mechanisms.

We retain personal data only as long as necessary for the purposes described above: • Account and authentication data — retained for the lifetime of your account, plus 90 days after deletion to handle reversal of accidental deletions and complete pending operations. • Property requests and inquiry leads — retained for 5 years to support follow-up, regulatory compliance, and historical reporting to RERA. • Calculator inputs (BuyAbility, ROI, Mortgage) — retained for 12 months tied to your account, then anonymized. • AI assistant conversation history — retained for 90 days. • Server logs — retained for 30 days. • OneSignal subscription identifiers — retained until you delete your account or revoke push permission in your device's system settings. • Marketing consent records — retained until you withdraw consent, plus 3 years to evidence prior consent if challenged. After retention, data is irreversibly deleted or anonymized.

Under UAE PDPL and, where applicable, GDPR, you have the right to: • Access — request a copy of the personal data we hold about you. • Correct — ask us to fix data that is inaccurate or out of date. • Delete — ask us to delete your account and associated personal data (account deletion is also available directly in the app under Account > Delete Account). • Restrict — ask us to pause processing while a dispute is resolved. • Port — receive your data in a structured, machine-readable format. • Withdraw consent — for marketing communications or any processing based on consent. • Object — to processing based on our legitimate interest, including for direct marketing. To exercise any of these rights, email info@vila.ae or write to the address in section 13. We respond within 30 days. You may also lodge a complaint with the UAE Data Office or, if you are an EU resident, with the supervisory authority in your country.

We use the following client-side storage: • Authentication cookies (set by NextAuth) — required to keep you signed in; these cannot be disabled without losing access to your account. • localStorage — stores your saved properties, comparison list, language preference, and onboarding progress. • sessionStorage — stores temporary UI state during a single browsing session. We use PostHog (EU region) for privacy-focused product analytics. PostHog sets a `__posthog` cookie and writes to `localStorage` to maintain a stable distinct identifier across visits. The data captured is limited to interactions inside the Service (page navigations, feature use); we do not use any third-party advertising trackers or cross-site tracking pixels. On the iOS and Android apps, the OneSignal SDK stores a local subscription state (whether you opted into push notifications and the OneSignal subscription identifier for your device) so the app can deliver notifications you previously consented to. The underlying APNs and FCM device tokens are held by OneSignal, not by VILA. You can revoke push permission at any time from your device's system settings — VILA cannot bypass that revocation.

Several features use automated logic to generate suggestions: • Match Quiz — ranks properties based on your stated preferences using a deterministic scoring algorithm. • AI Assistant — generates conversational responses using OpenAI's gpt-4o-mini model. • BuyAbility, ROI, and Mortgage Calculators — compute estimates from formulas you can review. None of these features make legally significant decisions about you (we do not use them for credit decisions, hiring, or eligibility assessments). The outputs are informational only. You always have the option to speak with a human VILA advisor.

We protect personal data with appropriate technical and organizational measures, including HTTPS encryption in transit, encrypted database storage, role-based access controls, audit logging, two-factor authentication for staff, and regular security reviews. No system is perfectly secure. If we become aware of a personal data breach affecting your information, we will notify you and the UAE Data Office within 72 hours of becoming aware, in accordance with UAE PDPL Article 9.

The Service is intended for adults aged 18 and over. We do not knowingly collect personal data from children under 18. If we learn that we have collected such data, we will delete it. If you believe a minor has provided us personal data, please contact info@vila.ae.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or applicable law. The "Last updated" date at the top of this page indicates when the policy was most recently revised. For material changes we will post a notice in the app and, where practical, send an email to registered users at least 30 days before the change takes effect.

Aram Vila Properties L.L.C Business Bay, Dubai, United Arab Emirates Email: info@vila.ae Phone / WhatsApp: +971 50 570 6356