Last updated: April 2026
The data controller for your personal data is Camilia, a Software as a Service (SaaS) customer relationship management (CRM) platform for professional real estate agents.
For any enquiries related to the protection of your data, you may contact us at hola@camilia.io.
We collect and process the following categories of personal data:
We process your personal data for the following purposes and under the corresponding GDPR legal bases:
Performance of contract (Art. 6(1)(b) GDPR)
Providing the contracted CRM service: creation and management of your account, authentication, subscription management and billing.
Performance of contract (Art. 6(1)(b) GDPR)
CRM features: lead management, properties, visits, offers, sales pipeline, calendar, unified inbox and other service functions.
Performance of contract (Art. 6(1)(b) GDPR)
Service communications: sending account notifications, activity alerts, visit reminders and subscription confirmations.
Legitimate interest (Art. 6(1)(f) GDPR)
AI features: generating recommendations, matching leads with properties, assisted drafting of communications, indicative valuations and market analysis. The legitimate interest is to improve the real estate agent's efficiency.
Consent (Art. 6(1)(a) GDPR)
WhatsApp messaging: sending and receiving messages through the WhatsApp Business API or Baileys integration. Requires voluntary connection of your WhatsApp account.
Legitimate interest (Art. 6(1)(f) GDPR)
Service improvement: anonymised usage analysis, bug fixing, performance monitoring and development of new features.
Consent (Art. 6(1)(a) GDPR)
Marketing communications: emails about new features, promotions or special offers. Only if you have given your express consent. You may withdraw consent at any time.
To provide the service, we share data with the following sub-processors, all with appropriate safeguards:
| Provider | Purpose | Location |
|---|---|---|
| Stripe | Payment processing and billing | US / Ireland |
| Resend | Transactional email delivery | US |
| Twilio | WhatsApp messaging (Cloud API) | US |
| Anthropic | Artificial intelligence (Claude) | US |
| Groq | Voice transcription (Whisper) | US |
| Supabase | Database and file storage | EU (Frankfurt) |
| Vercel | Web hosting and infrastructure | US / EU |
Some of our sub-processors are located outside the European Economic Area (EEA), primarily in the United States.
For these transfers, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission and on providers' certifications under the EU-US Data Privacy Framework, ensuring an adequate level of protection in accordance with Articles 44-49 of the GDPR.
You may request a copy of the applicable safeguards by writing to hola@camilia.io.
We retain your personal data for as long as necessary to fulfil the purposes described:
Under the GDPR, you have the following rights over your personal data:
Right of access
You may request a copy of all personal data Camilia processes about you. You may also export your data from Settings → Your data.
Right to rectification
You may request the correction of inaccurate or incomplete data at any time.
Right to erasure
You may request the deletion of your personal data. This can be done directly from Settings → Your data → Delete account.
Right to restriction
You may request that we restrict the processing of your data in certain circumstances provided for in the GDPR.
Right to data portability
You may receive your data in a structured, commonly used and machine-readable format (CSV/JSON) for transfer to another service.
Right to object
You may object to the processing of your data based on legitimate interest, including AI features.
Automated decisions
Camilia does not make solely automated decisions with legal effects on you. AI recommendations are indicative and always require the intervention of the real estate agent.
To exercise any of your rights, you may contact us at:
Camilia — Privacy
hola@camilia.io
We will respond to your request within a maximum of 30 calendar days, in accordance with Article 12(3) of the GDPR. If the request is complex, this period may be extended by 60 additional days, with prior notification.
If you believe your rights have not been properly addressed, you have the right to lodge a complaint with the competent data protection authority. In Austria, the competent authority is the Datenschutzbehoerde (dsb.gv.at).
Camilia uses only strictly necessary cookies for the operation of the service. For detailed information, please refer to our Cookie Policy.
We do not use advertising cookies or cross-site tracking cookies. Google Analytics cookies are only activated with your express consent.
| Name | Type | Purpose |
|---|---|---|
| session | Essential | Keeps your session authenticated on the platform. Deleted when you log out. |
We implement appropriate technical and organisational measures to protect your personal data:
Although we implement robust security measures, no system is completely infallible. In the event of a security breach, we will notify you in accordance with Article 34 of the GDPR.
Camilia is a professional service intended exclusively for adult real estate agents. We do not knowingly collect data from persons under 16 years of age. If we detect that a minor has created an account, we will delete it immediately.
We reserve the right to update this Privacy Policy. We will notify you of any material changes by email and a notice on the platform at least 15 days in advance.
Continued use of the service after the changes take effect constitutes acceptance. If you do not agree, you may cancel your account before that date.
Camilia does not sell, rent or share your personal data with third parties for commercial or advertising purposes. We only share data with the sub-processors strictly necessary to provide the service, as described in this policy.
In addition to GDPR rights, you may have additional rights under the legislation of your country of residence:
If you reside in California, the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) grant you the following additional rights:
To exercise these rights, contact hola@camilia.io. We will respond within a maximum of 45 days.
If you reside in the United Kingdom, the UK GDPR and the Data Protection Act 2018 grant you rights equivalent to those of the European GDPR, including access, rectification, erasure, portability and objection.
If you believe your rights have not been addressed, you may lodge a complaint with the Information Commissioner's Office (ICO).
Information Commissioner's Office (ico.org.uk)If you reside in Brazil, the Lei Geral de Protecao de Dados (LGPD) grants you rights of access, rectification, anonymisation, portability and deletion of your personal data. You also have the right to withdraw consent at any time.
The competent authority is the Autoridade Nacional de Protecao de Dados (ANPD). To exercise your rights, contact hola@camilia.io.
If you reside in Canada, the Personal Information Protection and Electronic Documents Act (PIPEDA) grants you rights of access, rectification and the ability to challenge compliance in the processing of your personal data.
Electronic commercial communications comply with Canada's Anti-Spam Legislation (CASL). We only send communications with your express consent.
The competent authority is the Office of the Privacy Commissioner of Canada. To exercise your rights, contact hola@camilia.io.
If you reside in Mexico, the Ley Federal de Proteccion de Datos Personales en Posesion de los Particulares (LFPDPPP) grants you ARCO rights: Access, Rectification, Cancellation and Opposition over your personal data.
The competent authority is the Instituto Nacional de Transparencia, Acceso a la Informacion y Proteccion de Datos Personales (INAI). To exercise your rights, contact hola@camilia.io.
If you reside in Argentina, the Ley de Proteccion de Datos Personales (Law 25,326) grants you rights of access, rectification, erasure and objection over your personal data.
The competent authority is the Agencia de Acceso a la Informacion Publica (AAIP). To exercise your rights, contact hola@camilia.io.
If you reside in Australia, the Privacy Act 1988 and the Australian Privacy Principles (APP) grant you rights of access, rectification and the ability to lodge complaints about the handling of your personal information.
The competent authority is the Office of the Australian Information Commissioner (OAIC). To exercise your rights, contact hola@camilia.io.
Regardless of your location, Camilia applies European GDPR standards as the minimum baseline for all users. If your local legislation grants you additional rights, we commit to respecting them. Contact hola@camilia.io for any enquiry.
This is a summary. Consult local regulations.