Privacy Policy

Last updated: May 12, 2026

This policy describes what personal data Housia (hereinafter, "Housia", "we", or "the platform") collects, the purposes for which we process it, and what rights you have over your information. Housia is a software-as-a-service (SaaS) product for real estate agencies to manage their portfolio, clients, leads, and listings on portals and social media.

We process personal data in compliance with Law 25,326 on the Protection of Personal Data of the Argentine Republic and its implementing regulations, and we apply the principles of the European Union's General Data Protection Regulation (GDPR) where applicable.

Contents

Data controller
What data we collect
How we use the data
Legal basis for processing
Providers and third parties
Retention periods
Your rights
International transfers
Security
Minors
Changes to this policy
Contact

1. Data controller

The data controller for personal data is Housia, located in the Argentine Republic, with the contact email address privacy@housia.ar. For any questions related to this policy or to exercise your rights, write to us at that address.

2. What data we collect

2.1. Platform user data (brokers, administrators, and agency staff)

Account data: full name, email address, phone number, and password stored as a hash (we do not store passwords in plain text).
Agency data: business name, slug, logo, and contact address.
Technical data: IP address, session identifier, browser, operating system, and date of last login.

2.2. Contact data entered by users (clients and leads)

Housia users enter or receive third-party data (prospective buyers, tenants, owners), including name, email address, phone number, and business notes. That data is entered, controlled, and managed by the agency that enters it; Housia acts as a data processor on behalf of that agency. The agency is responsible for having obtained consent or another legitimate basis for processing that data.

2.3. Data from connected social media accounts and portals

When an agency connects a portal or social media account (Zillow, Realtor.com, Facebook, Instagram, TikTok, X/Twitter, YouTube, etc.), Housia receives and stores, as applicable:

OAuth access tokens and, when the platform provides them, refresh tokens.
The account's public identifier (page ID, channel ID, user ID, etc.) and its name or handle.
Granted permissions and the token's expiration date.

We do not access, read, or store passwords for connected social media accounts. The actions we perform (publishing, reading messages, etc.) are carried out solely with the OAuth permissions granted by the user and within the scope allowed by the originating platform.

2.4. Listing and activity data

Properties entered (description, location, photos, price).
Listings published on social media and portals (external URL, date, status).
Messages exchanged with leads within the CRM.
Activity log (an audit of who did what within the platform).

2.5. Cookies and similar technologies

We use our own session cookie (connect.sid) to keep you logged in, flagged as httpOnly, sameSite=lax, and secure over HTTPS. In addition, we integrate:

Google Analytics 4 with IP anonymization (anonymize_ip) to understand aggregate usage of the platform.
Google reCAPTCHA v3 on the registration form to prevent abuse. reCAPTCHA may collect device information in accordance with Google's privacy policy.

3. How we use the data

Operate the platform and provide the service you contracted: authentication, persistence of your portfolio, and transactional communications (password recovery, account notifications).
Connect external accounts at the user's request, keep tokens valid, and perform the actions the user requests (publish a property, read messages, etc.).
Provide support and respond to inquiries.
Produce aggregate, anonymous metrics to improve the platform.
Comply with legal obligations and respond to requests from competent authorities.
Prevent fraud and abuse and protect the integrity of the platform.

We do not sell personal data to third parties. We do not use your CRM data to train general-purpose artificial intelligence models.

4. Legal basis for processing

We process personal data on the following bases:

Consent: given when creating an account or connecting an external integration (Article 5 of Law 25,326).
Performance of a contract: provision of the service you contracted.
Legitimate interest: fraud prevention, security, and service improvement, to the extent that it does not affect your rights.
Legal compliance: when required by a law or authority.

5. Providers and third parties

To provide the service, we share strictly necessary data with the following providers, all of which are subject to confidentiality and security obligations:

Cloud hosting and infrastructure (the server where the platform and database run).
Mailgun (sending transactional emails).
Google LLC: Google Analytics, Google reCAPTCHA, Google Sign-In, YouTube Data API.
Meta Platforms: when you connect Facebook or Instagram.
TikTok Pte. Ltd.: when you connect TikTok.
X Corp.: when you connect X (Twitter).
MercadoLibre S.R.L.: when you connect MercadoLibre Inmuebles.
OpenAI, L.L.C.: when you use the optional AI features to generate property descriptions.

Each of these providers processes data in accordance with its own policies. We recommend that you review them.

6. Retention periods

Account and portfolio data: for as long as you have an active account, and for up to 5 years after closure, unless a legal obligation requires us to keep it for a longer period.
OAuth tokens: until you disconnect the integration, they expire naturally, or you request their deletion.
Activity log: up to 24 months from the event.
Technical server logs: up to 90 days.
Billing data: for the period required by applicable tax regulations.

7. Your rights

Under Law 25,326, you have the following rights over your personal data:

Access: request a copy of the personal data we hold about you.
Rectification: correct inaccurate or outdated data.
Erasure: request that we delete your data when it is no longer necessary or when you withdraw your consent, subject to legal retention obligations.
Objection: object to certain types of processing.
Portability: receive your data in a structured, commonly readable format.

You can exercise these rights by writing to privacy@housia.ar or by using the data deletion form. We will respond within 10 calendar days. You may also file complaints with the Agency for Access to Public Information, the supervisory authority in Argentina.

8. International transfers

Some providers (Google, Meta, OpenAI, etc.) are located outside Argentina, primarily in the United States. These transfers are made under the mechanisms provided for by Law 25,326 and, where applicable, in accordance with standard contractual clauses adopted by those providers.

9. Security

We apply reasonable technical and organizational measures to protect your data: HTTPS encryption for all traffic, password hashing with bcrypt, session-based access control, logical segregation by real estate agency (multi-tenancy), regular backups, and activity logs for auditing. No system is perfectly secure: in the event of a security breach affecting personal data, we will notify users and the relevant authority as required by applicable law.

10. Minors

Housia is a professional B2B tool and is not directed at anyone under 18 years of age. We do not knowingly collect data from minors. If we become aware that a minor has entered data into the platform, we will delete it.

11. Changes to this policy

We may update this policy to reflect legal, technical, or service changes. When we make material changes, we will notify you by email or through a prominent notice within the platform. The "Last updated" date at the top of the document indicates when the most recent version was published.

12. Contact

For any questions about this policy or your personal data, write to us at:

Email: privacy@housia.ar
Website: https://housia.us