Privacy Policy

Last updated: April 4, 2026

1. Data Controller

Oramiq is the data controller for personal data processed through this platform. For questions about how your data is handled, contact us at [email protected].

2. Personal Data We Collect

We collect the following personal data:

  • Account information: name, email address, phone number
  • Property data: property details, purchase prices, payment schedules, and related financial information you provide
  • Documents: files you upload for analysis (contracts, receipts, invoices)
  • Communications: messages sent through the platform (WhatsApp, email)
  • Usage data: pages visited, features used, interactions with the platform
  • Technical data: IP address, browser type, device information (collected via analytics)

3. Legal Basis for Processing

We process your personal data under the following legal bases as defined by the GDPR:

  • Contract performance: processing necessary to provide the portfolio management service you signed up for
  • Consent: analytics tracking and marketing communications (you may withdraw consent at any time)
  • Legitimate interest: improving our service, preventing fraud, and ensuring platform security
  • Legal obligation: retaining certain data as required by applicable laws

4. How We Use Your Data

  • Providing portfolio tracking and property appreciation analysis
  • Running financial scenarios and generating reports
  • Sending notifications about your portfolio (via WhatsApp or email)
  • Analyzing uploaded documents for relevant property information
  • Improving the platform through analytics (with your consent)
  • Communicating with you about your account or the service

5. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the service. After account deletion, we retain certain data for up to 12 months for legal compliance, dispute resolution, and fraud prevention. Analytics data is aggregated and anonymized after 26 months. You may request earlier deletion by contacting us.

6. Third-Party Services

We share data with the following third-party service providers:

  • Cloud database provider: encrypted cloud database hosting (data storage)
  • AI service provider: AI-powered document analysis and chat features
  • Messaging provider: messaging for OTP verification and notifications
  • Analytics provider: website usage analytics (with your consent)

These providers process data on our behalf and are bound by data processing agreements. We do not sell your personal data to any third party.

7. International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA), including to cloud service providers in the United States. Where such transfers occur, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission.

8. Your Rights Under GDPR

As a data subject, you have the following rights:

  • Right of access: request a copy of the personal data we hold about you
  • Right to rectification: request correction of inaccurate or incomplete data
  • Right to erasure: request deletion of your personal data ("right to be forgotten")
  • Right to data portability: receive your data in a structured, machine-readable format
  • Right to object: object to processing based on legitimate interest
  • Right to restrict processing: request limitation of how your data is processed
  • Right to withdraw consent: withdraw previously given consent at any time

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days as required by the GDPR.

9. Cookies

We use essential cookies for authentication and session management. We also use Google Analytics cookies for website usage analysis, which are only set after you provide consent via our cookie banner. You can manage your cookie preferences at any time through your browser settings. For more details, see our cookie consent banner on first visit.

10. Right to Lodge a Complaint

If you believe your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority. For Cyprus, the relevant authority is the Commissioner for Personal Data Protection (Office of the Commissioner for Personal Data Protection, Nicosia, Cyprus).

11. Changes to This Policy

We may update this privacy policy to reflect changes in our practices or legal requirements. We will notify registered users of material changes via the contact information associated with their account. The "Last updated" date at the top of this page indicates when the policy was last revised.

Contact

For any privacy-related questions or to exercise your data protection rights, contact us at [email protected].

Terms of ServiceAbout