Privacy Policy

1. Introduction

Otomkt ("we", "us", or "our") is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and protect information when you use the Otomkt platform and services (the "Service").

By using the Service, you consent to the collection and use of information as described in this policy.

2. Information We Collect

Account Information

When you create an account, we collect:

• Email address (via email registration or Google sign-in)
• Display name
• Phone number (if you choose to link your WhatsApp number)

Property Data

When you use the Service, we process:

• Property listing URLs you submit for extraction
• Extracted property data (addresses, prices, descriptions, images)
• AI-generated ad copy and image creatives

Usage Data

We automatically collect:

• API call logs (endpoints accessed, timestamps)
• Feature usage patterns
• Error logs for troubleshooting

WhatsApp Messages

If you use our WhatsApp integration, we store message content exchanged between you and our automated assistant for the purpose of providing the Service.

3. How We Use Your Information

We use your information to:

• Provide the Service — Account management, property extraction, ad generation, and campaign management.
• Communicate with you — WhatsApp notifications, service updates, and support responses.
• Improve the Service — Analyze usage patterns to enhance features and fix issues.
• Ensure security — Detect and prevent unauthorized access or abuse.

We do not sell your personal data to third parties.

4. Third-Party Services

We share data with the following third-party services as necessary to operate the Platform:

• Google Firebase — Authentication and identity management. Firebase receives your email and authentication tokens. Subject to Firebase Terms of Service.
• Meta (Facebook/Instagram) — Ad campaign creation and delivery. Campaign data, ad creatives, and targeting parameters are shared with Meta when you launch campaigns. Subject to Meta Privacy Policy.
• WhatsApp Business API — Message delivery. Phone numbers and message content are processed by WhatsApp/Meta.
• AI Providers (OpenAI, OpenRouter) — Content generation. Property data and prompts are sent to AI providers for processing. We do not send your personal account information to AI providers.
• Cloudflare — CDN, DNS, and security services. Web traffic passes through Cloudflare's network.

5. Data Storage and Security

Your data is stored on servers located in Germany (Hetzner Cloud). We implement appropriate technical and organizational measures to protect your data, including:

• Encrypted connections (HTTPS/TLS) for all data in transit.
• Authentication tokens for API access.
• Role-based access controls within the Platform.
• Regular security updates and monitoring.

While we take reasonable precautions, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security of your data.

6. Data Retention

• Account data — Retained while your account is active and for a reasonable period after deletion for legal compliance.
• Property and ad data — Retained indefinitely as part of the project database to allow you to access historical campaigns and creatives.
• Usage logs — Retained for up to 12 months for troubleshooting and analytics.
• WhatsApp messages — Retained for the duration of your account.

You may request deletion of your data at any time by contacting us.

7. Your Rights

You have the right to:

• Access — Request a copy of the personal data we hold about you.
• Correction — Request that we correct inaccurate or incomplete data.
• Deletion — Request that we delete your personal data, subject to legal retention requirements.
• Portability — Request your data in a structured, machine-readable format.
• Withdraw consent — Withdraw your consent to data processing at any time by closing your account.

To exercise any of these rights, please contact us at [email protected].

8. Cookies

The Otomkt platform uses minimal cookies strictly necessary for functionality:

• Authentication cookies — To maintain your login session.
• Firebase session tokens — Managed by Firebase Authentication for secure sign-in.

We do not use advertising cookies, tracking cookies, or third-party analytics cookies.

9. Singapore PDPA Compliance

We comply with the Singapore Personal Data Protection Act 2012 (PDPA). In accordance with the PDPA:

• We collect personal data only for purposes that a reasonable person would consider appropriate in the circumstances.
• We notify you of the purposes for which we collect your data.
• We obtain your consent before collecting, using, or disclosing your personal data.
• We make reasonable efforts to ensure that personal data collected is accurate and complete.
• We protect personal data in our possession with reasonable security arrangements.

10. Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that a child has provided us with personal information, we will take steps to delete such information.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of material changes by posting the updated policy on this page with a revised "Last updated" date. Your continued use of the Service after changes are posted constitutes acceptance of the updated policy.

12. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:

[email protected]