Privacy Policy

1. Introduction

Aetheria Solutions, operating as Otomkt ("we", "us", or "our"), is committed to protecting personal data. This Privacy Policy explains how we collect, use, store, and protect information when you use the Otomkt platform and services (the "Service"), including its AI-powered lead qualification feature.

This policy covers two categories of individuals whose data we process:

• Users / Agents — Licensed real estate agents who create an account on the Platform.
• Prospects — Third-party individuals (e.g. property buyers or tenants) who interact with our AI assistant (Julia) via WhatsApp in response to an Agent's advertisement.

By using the Service, you consent to the collection and use of information as described in this policy.

2. Information We Collect

Account Information (Agents)

When you create an account, we collect:

• Email address (via email registration or Google sign-in)
• Display name and advertiser name
• CEA registration number and agency name (for identity verification)
• Phone number (if you choose to link your WhatsApp number)

Property and Campaign Data (Agents)

When you use the Service, we process:

• Property listing URLs you submit for extraction
• Extracted property data (addresses, prices, descriptions, images)
• AI-generated ad copy and image creatives
• Meta Ads campaign parameters, budgets, and performance identifiers
• Payment records and campaign service fee transactions

Payments and card data (Agents)

When you pay for the Service, payments are processed by Airwallex, our payment service provider. We do not store full card numbers, CVV, or card authentication data on our servers. Airwallex processes card, digital wallet (for example Apple Pay or Google Pay), and PayNow details in accordance with its own privacy policy and security standards. We may receive and retain: transaction identifiers, amount, currency, payment status, timestamps, billing name and email (for receipts), and related metadata needed for accounting, support, and fraud prevention.

Prospect Data (collected via Lead Qualification)

When a Prospect interacts with Julia in response to an Agent's campaign, we collect and store:

• WhatsApp phone number
• Name (if provided during the conversation)
• Enquiry details — property of interest, budget range, intended purchase or rental timeline, and other qualifying information shared voluntarily
• Full conversation transcript between the Prospect and Julia
• Qualification status assigned by the AI (e.g. qualified, unqualified, pending)

Prospect data is collected on behalf of and made available to the Agent who ran the campaign. The Agent is the data controller for Prospect data; we act as a data intermediary processing this data on the Agent's instruction.

Usage Data (Agents)

We automatically collect:

• API call logs (endpoints accessed, timestamps)
• Feature usage patterns
• Error logs for troubleshooting

3. How We Use Your Information

We use Agent information to:

• Provide the Service — Account management, property extraction, ad generation, campaign management, and lead qualification.
• Route qualified leads — Forward Prospect details and conversation summaries to the relevant Agent via WhatsApp notification and the Lead CRM.
• Communicate with you — WhatsApp notifications of qualified leads, service updates, and support responses.
• Process payments — Record and verify campaign fee transactions.
• Improve the Service — Analyze usage patterns to enhance features and fix issues.
• Ensure security — Detect and prevent unauthorized access or abuse.

We use Prospect data solely to:

• Conduct the lead qualification conversation on the Agent's behalf.
• Store conversation records in the Agent's Lead CRM for transparency and follow-up purposes.
• Route qualified Prospect details to the Agent.

We do not sell, share, or use Prospect data for any purpose beyond facilitating the Agent's lead qualification workflow. We do not use Prospect data for our own marketing.

4. Third-Party Services

We share data with the following third-party services as necessary to operate the Platform:

• Google Firebase — Authentication and identity management. Firebase receives your email and authentication tokens. Subject to Firebase Terms of Service.
• Meta (Facebook/Instagram) — Ad campaign creation and delivery. Campaign data, ad creatives, and targeting parameters are shared with Meta when you launch campaigns. We also use the Meta Pixel on otomkt.com and app.otomkt.com (including subpages such as Reels and listing landings) to measure page visits and site usage. Subject to Meta Privacy Policy.
• WhatsApp Business API — Message delivery for both Agent notifications and Prospect qualification conversations. Phone numbers and message content are processed by WhatsApp/Meta.
• Twilio — SMS one-time password (OTP) delivery for Agent phone number verification during registration. Twilio receives the Agent's phone number for this purpose. Subject to Twilio Privacy Policy.
• Airwallex — Payment processing. When you pay by card or PayNow, Airwallex receives payment and billing details needed to complete the transaction. Subject to the Airwallex Privacy Policy.
• AI Providers (OpenAI, Google, OpenRouter) — Content generation and lead qualification logic. Property data, ad prompts, and Prospect conversation context are sent to AI providers for processing. We do not send your personal account information to AI providers.
• Cloudflare — CDN, DNS, and security services. Web traffic passes through Cloudflare's network.
• Hetzner Cloud — Cloud infrastructure provider hosting our servers in Germany.

5. Data Storage and Security

Your data is stored on servers located in Germany (Hetzner Cloud). We implement appropriate technical and organizational measures to protect your data, including:

• Encrypted connections (HTTPS/TLS) for all data in transit.
• Authentication tokens for API access.
• Role-based access controls within the Platform.
• Regular security updates and monitoring.

While we take reasonable precautions, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security of your data.

6. Data Retention

• Agent account data — Retained while your account is active and for a reasonable period after deletion for legal compliance.
• Property and campaign data — Retained indefinitely as part of the project database to allow you to access historical campaigns and creatives.
• Prospect conversation data (Lead CRM) — Retained for the duration of your account. You may request deletion of individual lead records at any time by contacting us.
• Usage logs — Retained for up to 12 months for troubleshooting and analytics.
• WhatsApp messages (Agent) — Retained for the duration of your account.

You may request deletion of your data at any time by contacting us. Note that deletion of an Agent account will also result in deletion of associated Prospect data in the Lead CRM.

7. Your Rights

Agents have the right to:

• Access — Request a copy of the personal data we hold about you.
• Correction — Request that we correct inaccurate or incomplete data.
• Deletion — Request that we delete your personal data, subject to legal retention requirements.
• Portability — Request your data in a structured, machine-readable format.
• Withdraw consent — Withdraw your consent to data processing at any time by closing your account.

Prospects who wish to access, correct, or request deletion of their conversation data should contact the Agent whose campaign they responded to. Agents may also contact us at [email protected] to action such requests on a Prospect's behalf.

8. Agent Responsibilities for Prospect Data

As the party that initiates lead qualification campaigns, you (the Agent) act as a data controller in relation to Prospect data collected during the qualification process. You are responsible for:

• Ensuring a lawful basis exists under the PDPA for collecting and using Prospect data (e.g. the Prospect's voluntary engagement in the qualification conversation constitutes implied consent for the purpose of the enquiry).
• Using Prospect data only for the purpose of following up on their property enquiry.
• Not sharing or selling Prospect data to third parties without the Prospect's knowledge and consent.
• Handling Prospect data in accordance with the PDPA, including honoring any deletion or correction requests made by Prospects.

9. Cookies

The Otomkt platform uses minimal cookies strictly necessary for functionality:

• Authentication cookies — To maintain your login session.
• Firebase session tokens — Managed by Firebase Authentication for secure sign-in.

We do not use advertising cookies, tracking cookies, or third-party analytics cookies.

10. Singapore PDPA Compliance

We comply with the Singapore Personal Data Protection Act 2012 (PDPA). In accordance with the PDPA:

• We collect personal data only for purposes that a reasonable person would consider appropriate in the circumstances.
• We notify you of the purposes for which we collect your data.
• We obtain your consent before collecting, using, or disclosing your personal data.
• We make reasonable efforts to ensure that personal data collected is accurate and complete.
• We protect personal data in our possession with reasonable security arrangements.
• Prospect data collected via lead qualification is processed on behalf of Agents, who are individually responsible for their own PDPA compliance obligations as data controllers.

11. Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that a child has provided us with personal information, we will take steps to delete such information.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of material changes by posting the updated policy on this page with a revised "Last updated" date. Your continued use of the Service after changes are posted constitutes acceptance of the updated policy.

13. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:

[email protected]