← Back

Privacy Policy

Last updated: 16 May 2026 (version 2.0)

1. Who we are

The data controller for personal data we hold about you, the registered account holder, is AGUA EXCLUSIVE, S.L. (NIF B21931795), Avenida Bartolomé Vicente Ramón, 1, 1º, 1ª, 07800 Eivissa, Illes Balears, Spain (also referred to as “Farmhouse”, “we”, “us”). We operate the Farmhouse Sales platform at sales.farmhouse.app (the “Service”). For data you upload about other people or entities inside your workspace (other owners, agents, buyers, your service partners, their staff), you are the controller and we act as your processor under our Data Processing Agreement. For privacy questions, write to privacy@farmhouse.app; for formal data-protection enquiries you can also reach us at dpo@farmhouse.app.

Farmhouse Sales is a software platform that connects property owners, buyers, sales agencies and service partners. We are not a real-estate agent, broker, valuator, lawyer, notary, translator, financial advisor or mortgage broker, and nothing on the Service constitutes professional advice. Every sale, pitch, valuation, offer, contract and payment is between the relevant users; we facilitate the workflow but are not a party to any of them.

2. Information we handle

We follow data minimisation: only the information needed to operate the Service is handled. We do not sell, enrich, or build advertising profiles. The categories are:

  • Your profile — basics you provide on sign-up (name, email, phone, role, language), an encrypted password set after admin approval, and optional secondary phone.
  • Service usage — standard technical signals (IP, device, session, pages visited, login times) used to keep your account secure and the platform working.
  • Your listing & sale content — villa details, photos, floorplans, energy certificates, valuations, deeds, IBI receipts and other dossier documents you upload, plus your asking price, motivation notes, exclusivity preferences and any free-text notes.
  • Pitches, offers and representation — pitches submitted by verified agencies, buyer offers routed through the chosen agency, signed representation contracts, and the audit trail showing who saw what when.
  • Buyer search profiles and saved matches — criteria you save (regions, budget, must-haves), the AI-explained matches surfaced to you, and your interactions with them.
  • AI-tool inputs and outputs — text, photos and documents you feed to optional AI features (Concierge Chat, property intake, photo triage, marketing kit, AI Studio renders, valuation range, pitch score, pitch generator, offer evaluator, document parser, document verifier, match explainer), and the outputs returned to you. See §10.
  • Service-partner interactions — quote requests you send to partners, scope text, partner replies, your reviews, and any documents you choose to share.
  • Verification documents — for sales agencies and service partners only: real-estate licence, insurance, track-record references, IBAN certificate, VAT certificate and the verification notes we add (whether human or AI-assisted).
  • Billing information — required only on paid plans (billing address, VAT number, last four digits of card). Full card data is handled by our PCI-DSS payment provider, not by us.
  • Support correspondence — anything you send us when contacting support, kept only as long as needed to resolve the matter.

3. How we use this information

We use it to provide and improve the Service for you (matching buyers with relevant listings, running readiness checklists, routing sealed agency pitches, processing AI-tool jobs, sending transactional emails, generating reports for your dashboard), to keep the Service safe from fraud and abuse, and to meet our legal obligations. We do not build advertising profiles or sell your data. Optional uses (e.g. marketing emails) require your separate, withdrawable consent.

The legal bases are Articles 6(1)(b), 6(1)(f), 6(1)(c) and 6(1)(a) of the GDPR. You may object to processing carried out under our legitimate interests on grounds relating to your particular situation (see §9).

4. Data you upload about other people

When you upload personal data of buyers, owners, agents, employees, service-partner staff or other third parties (for example a buyer-lead row in your mini-CRM, proof-of-funds documents from a buyer, a buyer’s identity card, a counterparty’s email in a representation contract), you are the controller of that data and we act as your processor. You are solely responsible for having a lawful basis to upload it, for informing the data subjects as required by law, and for honouring any rights they assert. We will not respond to such requests on your behalf except to route them to you.

5. Audience-specific notes

Owners & sellers — your address and exterior identifying photos can be anonymised on the public marketplace via the “Anonymise” toggle on each listing. Verified agencies can still see full details to pitch. Listing fields you mark as “internal notes” are not shown to agencies.

Buyers — offers route through the listing’s representing agency. The agency receives your name, contact details, offer amount, funding source, and any conditions you submit. We do not share your search criteria or saved villas with sellers without an offer. Match notifications you receive are based only on your saved search profile and the listing’s public fields.

Sales agencies — we publish your verified profile (brand, regions, rating, track-record summary) to owners reviewing pitches. Internal pitch drafts and your CRM data are visible only to your team. The daily “who to call” digest is computed only from buyer-lead rows you have entered.

Service partners — we publish your verified directory entry (brand, category, description, member-discount, rating). Quote requests reveal the requesting owner’s name and listing.

6. Retention

We keep your data while your account is active. After closure we delete it within 12 months, except where law requires longer retention (tax / accounting records: 6 years; audit logs: up to 7 years; signed representation contracts: per the contract’s own term). AI-tool inputs / outputs expire from cache after 90 days; signed Storage URLs expire within 1 hour; rate-limit records after 30 days; chat threads with the Concierge after 12 months of inactivity. Back-ups roll off on a 30-day cycle.

7. Recipients & international transfers

We share personal data only with a small set of sub-processors bound by written confidentiality and data-protection obligations. We disclose the categories of recipients here, as permitted by Article 13 GDPR:

  • a cloud-database and authentication provider;
  • an application-hosting provider;
  • an object-storage provider for documents and photos;
  • a transactional-email provider;
  • one or more AI sub-processors, used only when you choose to use AI features (text generation / image generation);
  • a DNS and edge-network provider;
  • a payment-processing provider, used only on paid plans.

Data is primarily stored in the European Union. Where a sub-processor processes data outside the EEA, we rely on EU Standard Contractual Clauses or another valid GDPR Article 46 transfer mechanism with supplementary safeguards as required by Schrems II.

The full named list of sub-processors, with the country in which each operates and the role each plays, is available on request to privacy@farmhouse.app. We will notify workspace administrators by email of any material change to the list (e.g. swapping one vendor for another, or adding a new category) at least 30 days in advance, so they have an opportunity to object before the change takes effect.

We are not responsible for the independent data-handling practices of any third party with whom you choose to communicate or contract through the Service (e.g. agencies, buyers, service partners) — they are separate controllers.

8. Security & account protection

We use industry-standard technical and organisational measures consistent with Article 32 GDPR — encryption in transit and at rest, role-based access controls (RLS), audit logs, rate limits, deferred-password signup (no password hash exists for an account before admin approval), HIBP password-leak protection on password-set, and routine security reviews. Multi-factor authentication on administrative or financial-privilege accounts is mandatory.

No system is perfectly secure. To the maximum extent permitted by law, we cannot accept liability for security events caused outside our control, including (without limitation) compromised user credentials, devices or networks; content uploaded by you or any third party that itself contains malicious code or prompt-injection payloads; or attacks against our sub-processors’ infrastructure. If a personal-data breach affects your workspace, we notify you without undue delay (typically within 72 hours) so you can meet your own notification duties.

9. Your rights

Under the GDPR you have the rights to access, rectification, erasure, restriction, portability, objection, and to withdraw consent. To exercise any of them, write to dpo@farmhouse.app (or privacy@farmhouse.app). We respond within one month; this may extend by two months for complex requests. You can also lodge a complaint with the Spanish data-protection authority, AEPD. If your request concerns data uploaded to another user’s workspace, that user is the controller — we will forward your request to them but cannot decide it on their behalf.

10. AI-assisted tools

Optional features use AI sub-processors to generate or transform content from inputs you supply, including: the Concierge Chat, property intake, buyer intake, photo triage, marketing-kit generation, AI Studio renders (FLUX Kontext), valuation ranges, pitch scoring and generation, offer evaluation, document parsing, document verification, and proactive match explanations. Only the content necessary to produce the requested output is transmitted. The sub-processors are contractually prohibited from training any model on your data.

AI outputs are advisory only and may contain errors, hallucinations, mis-readings, omissions or fabrications. They do not constitute legal, financial, valuation, mortgage, tax, architectural or any other professional advice. You are solely responsible for reviewing every generated asset and field before publishing, sharing, signing, or relying on it. Confidence scores are heuristics, not guarantees. A manual path is always available alongside every AI feature; if you prefer not to use AI for any reason, do not feed your photos, documents or text into those flows.

11. Cookies & minors

We use strictly necessary cookies only — to keep you signed in and remember your locale and basic preferences. No advertising or analytics cookies are set without your prior consent. The Service is restricted to persons aged 18 or over and we do not knowingly process data of children. Please write to us if you believe otherwise and we will delete it.

12. Changes

We may update this Policy from time to time. The version number and date at the top reflect the current version. Material changes will be communicated by email or in-app notice. The policy in force at the time of any processing applies to that processing.