Privacy · Data handling
Last updated: July 2026
your data, safe.
Vilartech is committed to protecting your privacy. This policy explains what information we collect, how we use and safeguard it, and how we handle data from connected services such as Google, Meta (Facebook & Instagram), and WhatsApp — across our website, our real estate CRM platform, and our mobile applications.
Who we are and our role
Vilartech ("Vilartech", "we", "us") builds and operates software for real estate businesses, including our real estate CRM platform, our marketing websites, and our mobile applications such as V Estate and V Connect (together, the "Services").
For the contacts, leads, and conversations that our business customers manage inside the CRM, those customers are the data controller and Vilartech acts as a data processor on their behalf, handling that data only to provide the Services. For our own website visitors and account holders, Vilartech is the data controller.
Information we collect
- Account and contact details you provide: name, email, phone number, company name, and login credentials.
- Customer and lead data our clients enter or import: names, phone numbers, email addresses, property preferences, notes, and the communication history of their own customers.
- Communications exchanged through connected channels (WhatsApp, Messenger, Instagram, email, and in-app chat), including message content, attachments, and — where enabled — voice recordings and transcripts.
- Calendar and scheduling data: appointments, callbacks, and events you create or connect, including Google Calendar events (see § 04).
- Technical data collected automatically: IP address, device and browser type, operating system, and usage data gathered via cookies and similar technologies.
- Billing data processed by our payment providers (we do not store full card numbers).
How we use your information
We use information to provide, operate, secure, and improve the Services; to authenticate accounts; to enable messaging, scheduling, and CRM features; to power optional AI assistance (see § 07); to process payments and manage subscriptions; to provide support and send service communications; and to comply with our legal obligations.
Where the law requires a legal basis, we rely on your consent, the performance of a contract, our legitimate interests in operating and improving the Services, and compliance with legal obligations. We do not sell your personal data.
Google user data (Limited Use)
When you choose to connect your Google account, we request access to your Google Calendar to create, view, and manage calendar events on your behalf — for example, to schedule property viewings, callbacks, and reminders and keep them in sync with your CRM. We may also access basic Google profile information (your name and email) to identify your account.
Vilartech's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
- We only use Google user data to provide and improve the features you explicitly request.
- We do not use Google user data for serving advertisements.
- We do not sell Google user data, and we do not transfer it to others except to provide the Services, comply with the law, or as part of a merger or acquisition with equivalent protections.
- We do not use Google user data to develop, improve, or train generalized or non-personalized AI or machine-learning models.
- We never transmit Google user data to third-party AI providers (including OpenAI and DeepSeek) for any purpose — neither to generate results (inference) nor to train models. Our AI features operate only on data you provide directly through the CRM, and this separation is enforced in our system architecture, not merely by policy.
- We do not allow humans to read your Google Calendar data unless you give explicit consent to view specific data, it is necessary for security or to comply with applicable law, or the data has been aggregated and anonymized.
You can revoke our access at any time by disconnecting the integration inside the Services or through your Google Account security settings at myaccount.google.com/permissions.
Meta: Facebook, Messenger & Instagram
If you connect a Facebook Page or an Instagram professional account, we access and process, on your behalf, the data needed to run your unified inbox and automations — including page and account identifiers, conversations, messages, comments, and the profile information (such as name and profile picture) that Meta shares for the people who contact you. We use this only to deliver the messaging, routing, and automated-reply features you enable.
Our use of information received from Meta platforms complies with the Meta Platform Terms and Developer Policies. You can disconnect an account at any time within the Services and request deletion of the associated data (see § 12).
WhatsApp Business messaging
Where you use WhatsApp through the WhatsApp Business Platform (Cloud API) operated by Meta, we send and receive messages between your business and your customers on your behalf. This includes phone numbers, message content, media, and delivery status, which we use to power your inbox, notifications, message templates, and — where enabled — AI-assisted replies.
Our handling of WhatsApp data complies with the WhatsApp Business Terms and Meta's messaging policies, including the customer-service messaging window. Meta also processes this data as the platform operator under its own terms.
Artificial intelligence features
Some features use third-party AI providers (such as OpenAI and DeepSeek) to draft replies, summarize conversations, transcribe voice notes, describe images, and qualify leads. When you use these features, the relevant content is sent to the provider to generate a result and is handled under their terms and our agreements with them. These AI features operate only on data you provide directly through the CRM — such as your own messages, contacts, and listings. Google user data — including any Google Calendar data obtained through Google APIs — is processed solely by Vilartech's own systems and Google's APIs. It is never transmitted to OpenAI, DeepSeek, or any other third-party AI provider for any purpose, including inference or model training. As stated in § 04, this isolation is enforced in our architecture.
How we share information
We do not sell personal data. We share information only in these cases:
- With service providers and sub-processors who help us run the Services — including cloud hosting and infrastructure, Cloudflare (content delivery and security), payment processors, AI providers (OpenAI, DeepSeek), and the platform operators named above (Google, Meta) — under contracts that require them to protect the data.
- With authorities or others when required by law, to enforce our terms, or to protect rights, safety, and security.
- With a successor entity in connection with a merger, acquisition, or asset sale, subject to this policy.
International data transfers
We are based in Egypt and may process and store information in Egypt and in other countries where we or our sub-processors operate. When personal data is transferred across borders, we take steps to ensure it remains protected in line with this policy and applicable law.
Data retention
We keep personal data only as long as necessary for the purposes described here, to provide the Services to our business customers, or as required by law. When data is no longer needed we securely delete or anonymize it. Business customers control the retention of the customer and lead data they manage, and we delete or return it on their instruction or on account closure.
Security
We apply appropriate technical and organizational measures — including SSL/TLS encryption in transit, access controls, network isolation over private VPNs, and regular review — to protect data from unauthorized access, loss, or alteration. No method of transmission or storage is completely secure, but we work continuously to safeguard your information.
Your rights and choices
Depending on your location, you may have the right to access, correct, delete, export, or restrict the processing of your personal data, and to object or withdraw consent. To exercise these rights — or to request deletion of your account and associated data, including data connected from Google, Meta, or WhatsApp — email [email protected]. If we process data on behalf of a business customer, we will refer your request to that customer as the controller. You can also disconnect any third-party integration directly in the Services.
Children's privacy
The Services are intended for business use and are not directed to children. We do not knowingly collect personal data from anyone under 18. If you believe a child has provided us with data, contact us and we will delete it.
Cookies and tracking
We use cookies and similar technologies to keep you signed in, remember your preferences, secure the Services, and understand usage. You can control cookies through your browser settings; disabling some may affect functionality.
Changes to this policy
We may update this policy from time to time. Material changes will be announced via the website or email, and we will update the date shown above. Continued use of the Services after the changes take effect constitutes acceptance.
Contact us
If you have any questions about this policy or your data, please contact us:
- Email: [email protected]
- Phone: +20 111 129 6413
- Address: Cairo, Egypt