Privacy Policy

Information We Collect

We collect information in different ways depending on how you interact with our site:

• Contact information when you request property information
• Basic browsing data (essential technical cookies)
• Information voluntarily provided in contact forms
• For admin panel users: authentication credentials (username and password or Google OAuth authentication)
• Google account information when using Google authentication (email, name, profile picture)
• Google Calendar access and refresh tokens when you connect your calendar for synchronization

No registration is required to browse public properties. Admin panel access is restricted to pre-registered users only.

How We Use Your Information

We use information solely to:

• Respond to property inquiries
• Improve website browsing experience
• Provide information about real estate services
• Authenticate and authorize access to the admin panel
• Synchronize calendar events when you connect Google Calendar
• Maintain security and prevent unauthorized access

We do not sell, rent, or share your personal information with third parties, except as described in the Data Sharing section above.

Authentication and Admin Panel Access

The admin panel requires authentication. We offer two login methods: (1) Traditional username and password authentication, where we securely store encrypted credentials; and (2) Google OAuth authentication, where Google manages your authentication and we receive basic account information (email, name, photo) to identify you. Only users pre-registered in our system can access the admin panel.

Google Calendar Integration

If you choose to log in with Google OAuth or manually connect your Google Calendar, we request access to your calendar to synchronize personal events. We store access and refresh tokens encrypted with symmetric encryption (Fernet) to maintain synchronization. You can disconnect your calendar at any time from the admin panel. Encrypted tokens are only used to synchronize calendar events.

Data Sharing, Transfer, and Disclosure

We may share Google user data with the following third parties and under the following circumstances:

• Google LLC: When you use Google OAuth authentication or Google Calendar integration, your access token is transmitted to Google APIs to authenticate requests on your behalf. Google processes this data according to its own Privacy Policy (https://policies.google.com/privacy).
• Third-party cloud hosting providers: Our backend and database are operated by third-party cloud infrastructure providers. These providers may process data as part of providing hosting services but do not have independent access to your personal information. Google tokens are stored encrypted at rest.
• Legal disclosure: We may disclose your information if required by law, court order, or legal process, or to protect our rights, property, or safety.

Other than as described above, we do not sell, rent, or share Google user data with any other third parties.

International Data Transfers

Our servers are located in the United States. If you access our site from outside the United States (for example, from Panama or Germany), please be aware that your information may be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your jurisdiction. By using our service, you consent to this transfer.

Data Retention

We retain different types of data for different periods:

• Google OAuth tokens: Deleted immediately when you disconnect your Google Calendar or delete your account.
• Calendar events: Retained as long as your account is active. Google-synced events retain their Google event ID for linkage.
• Account data: Retained as long as your account is active. When you delete your account, your personal data and Google tokens are permanently removed. Business records (properties, transactions) associated with your user are unlinked but preserved.

Account Deletion

You can request deletion of your account at any time from the admin panel or by contacting us directly. When your account is deleted: (1) All Google OAuth tokens are permanently removed; (2) Your user profile and personal data are deleted; (3) Calendar events created by you are deleted; (4) Business records (properties, transactions) are unlinked from your user but preserved for record integrity.

Cookies and Similar Technologies

We use essential technical cookies for website functionality and session cookies to maintain your active session in the admin panel. These cookies are necessary for basic site functionality and authentication security. We also use local storage (localStorage) to securely store authentication tokens.

Data Security

We implement appropriate security measures to protect any information you provide to us, including symmetric encryption (Fernet) for stored Google tokens and bcrypt hashing for passwords. However, no internet transmission is 100% secure.

Your Rights

You have the right to: request information about data we have about you; request its correction or deletion; disconnect your Google Calendar at any time (which removes all stored tokens); delete your account directly from the admin panel. To exercise these rights, you can use the admin panel features or contact us directly.

Contact

If you have any questions about this privacy policy, contact us at gerencia@dariacohenbr.com.