Privacy policy

Dwellaa is operated by Kevin Edwards, entrepreneur individuel (auto-entrepreneur, statut commerçant), registered in France since 15 July 2022 under SIREN 878 821 529. For the purposes of the GDPR, Kevin Edwards is the data controller for personal data collected through dwellaa.com. Full operator details are listed in our terms of use.

Account data. When you create an account we collect your name, email address, and (optionally) a phone number, avatar, and saved preferences. Agencies additionally provide company details, addresses, and contact information.

Activity data. When you save a property or a search we store the criteria against your account. When you contact us or an agency through the site, we keep a copy of the message and any reply for our internal records.

Technical data. Server logs record IP address, browser user-agent, and request URLs for security and operational purposes. Logs are retained for thirty days. We do not use third-party advertising trackers.

To operate the service (authentication, saving favourites and searches, transactional emails), to improve the product (aggregated diagnostics from server logs and error reporting), and to respond to enquiries. We do not sell your data, and we do not share your account information with listing agencies unless you explicitly contact them through a property page.

We rely on three bases under Article 6 GDPR: performance of a contract (operating your account), legitimate interests (security, fraud prevention, error monitoring), and consent (non-essential cookies via the cookie banner, optional marketing emails). You can withdraw consent at any time — for cookie consent, clear the choice from your browser’s site data and the banner will reappear. For email preferences, contact us.

We rely on the following service providers to operate Dwellaa. Each is contractually bound by data protection terms equivalent to or stronger than the GDPR:

• Vercel — web hosting and serverless function execution. Functions deployed to EU regions where supported.
• Neon — managed PostgreSQL database. Frankfurt region (eu-central-1).
• Cloudinary — image storage and delivery for property photos. Global CDN.
• Upstash — Redis for rate limiting on auth endpoints. Frankfurt region.
• Sentry — error monitoring. EU region (Germany).
• Email service provider — SMTP delivery of transactional emails (welcome, approval, password reset, contact form).
• Google — only if you choose to sign in with Google. Standard OAuth2 scopes (email + profile).

Where any sub-processor operates outside the EEA, transfers are covered by Standard Contractual Clauses adopted by the European Commission.

Account data is kept while your account is active and for twelve months after deletion, after which it is anonymised. Contact enquiries and inquiry messages are kept for three years to evidence the transaction. Server logs are kept for thirty days. Error reports in Sentry are retained for up to ninety days.

Under the GDPR you can request access, correction, deletion, portability, or restriction of your personal data, and object to processing based on legitimate interests. Buyer accounts can also be self-deleted from the account settings page. For all other requests, write to contact@dwellaa.com and we will respond within thirty days. You may also complain to the CNIL, the French data protection authority (https://www.cnil.fr).

Questions about this policy or to exercise your rights: contact@dwellaa.com.