Privacy Policy

This Privacy Policy explains how personal data is collected, used, stored, and shared when you use the "immoassist" mobile application and related admin web platform (together, the “Services”).

1. Who we are

The Services are provided to communities by:

immoassist GmbH
Bahnhofstraße 96
69151 Neckargemünd
Germany
Represented by the Managing Director Salahuddin Kutterer

The app and platform are developed and operated by:

Immotech Deutschland GmbH
De-Saint-Exupéry-Straße 10
60549 Frankfurt am Main
Germany

For privacy-related requests, you can contact: support@immotech-app.com

2. Controller information

For the purposes described in this Privacy Policy, immoassist GmbH and Immotech Deutschland GmbH may act as joint controllers where they jointly determine the purposes and means of processing personal data in connection with the Services.

In some cases, one of these companies may process data on behalf of the other or on behalf of a community administrator. The exact allocation may depend on the feature used and the operational relationship with the relevant community.

3. Who can use the Services

The Services are intended for adult users associated with a participating community, including residents, owners, tenants, and administrators. Accounts are created and managed in connection with a community using the Services.

4. What personal data we collect

Depending on how you use the Services, we may collect and process the following categories of personal data:

Account and profile data

• name
• email address
• phone number
• apartment or unit information
• address
• user role within the community

Community activity data

• chat messages
• voting and poll participation
• files and documents uploaded or shared
• event participation
• meeting and video call participation metadata
• notifications and preferences
• support or contact messages

AI assistant data

• prompts, questions, messages, and related inputs submitted to the AI assistant
• AI assistant responses
• contextual community-related information included in prompts or used to generate responses

Technical and usage data

• device and app information
• log data
• crash reports
• approximate usage analytics
• push notification tokens

We do not intentionally process special categories of personal data within the meaning of Article 9 GDPR.

5. How we collect data

• when an account is created for you by an administrator
• when you complete or update your profile
• when you use community features such as chat, voting, events, meetings, and file uploads
• when you interact with the AI assistant
• automatically through the operation of the app and web platform, including analytics, logs, and crash reporting

6. Purposes of processing

• to create and manage user accounts
• to provide access to communities and community-related features
• to enable communication through chat, meetings, events, and notifications
• to support community administration and operations
• to store and manage files and documents
• to enable voting and participation in community decisions
• to operate, maintain, secure, and improve the Services
• to analyze usage and app performance
• to detect, prevent, and investigate misuse, fraud, and security incidents
• to provide and improve AI-assisted community support features
• to comply with legal obligations
• to establish, exercise, or defend legal claims

7. Legal bases for processing

Where the GDPR applies, we rely on one or more of the following legal bases:

• Article 6(1)(b) GDPR: processing necessary for the performance of a contract or to take steps at the request of the user before entering into a contract
• Article 6(1)(f) GDPR: processing necessary for legitimate interests, such as operating and securing the Services, improving functionality, handling support, and administering communities
• Article 6(1)(c) GDPR: processing necessary to comply with legal obligations
• Article 6(1)(a) GDPR: consent, where consent is required under applicable law, for example for certain optional notifications or analytics/cookie practices where applicable

8. AI assistant

The Services may include an AI assistant for community-related topics. When you use this feature:

• your prompts, messages, and related inputs may be sent to OpenAI for processing
• prompts and messages may be stored within our systems
• community-related context may be used to improve the relevance of responses
• users should not submit confidential or unnecessary sensitive personal data through the AI assistant
• AI-generated responses may be inaccurate or incomplete and should be reviewed before being relied upon

9. Video calls and communications

Video call functionality is provided using Stream (getstream.io). Chat, events, meetings, and related communication features may involve the processing of user profile data, participation records, message content, and technical metadata necessary to provide those functions.

10. Analytics, crash reporting, and notifications

We use third-party service providers to help operate the Services, including:

• Firebase and Google Analytics for analytics, messaging, and notifications
• Sentry for error monitoring and crash reporting

11. Service providers and recipients

We may share personal data with service providers that help us provide the Services, including providers for:

• hosting and infrastructure
• database services
• file storage
• analytics
• error monitoring
• communications and video services
• AI processing
• customer support and administration

Based on the current setup, this may include:

• Heroku Europe
• AWS EU Central / Amazon S3
• MongoDB
• Firebase / Google Analytics
• Sentry
• Stream
• OpenAI

12. International data transfers

Your data is primarily hosted in Europe, including infrastructure in Europe and AWS EU Central. However, some third-party providers may process data outside the European Economic Area.

Where personal data is transferred outside the EEA, we seek to ensure that appropriate safeguards are in place, such as adequacy decisions, contractual protections, or other lawful transfer mechanisms where required.

13. Data retention

We retain personal data until it is deleted by an authorized administrator, or until the relevant content is deleted from the Services.

• user accounts are retained until removed by an administrator
• files, votes, chat content, and similar community content are retained until deleted by an administrator
• backups, logs, and technical records may remain for a limited period afterward where reasonably necessary for security, continuity, troubleshooting, or legal compliance

14. Security

We use reasonable technical and organizational measures intended to protect personal data against unauthorized access, loss, misuse, alteration, or disclosure. However, no method of transmission or storage is completely secure, and absolute security cannot be guaranteed.

15. Your rights

• access your personal data
• correct inaccurate or incomplete data
• request deletion of your data
• request restriction of processing
• object to certain processing
• request data portability
• withdraw consent where processing is based on consent
• lodge a complaint with a competent data protection authority

To exercise your rights, contact: support@immotech-app.com

16. Community administrators

Please note that community administrators may create accounts, manage membership, upload files, create votes, and delete content within the Services. If your account or content is managed by a community administrator, some processing may occur at their direction within the operation of the community.

17. Children

The Services are not intended for children.

18. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. The updated version will be made available through the Services or on the relevant website, and the “Last Updated” date will be revised.