Privacy Policy

Piega (“we”, “us”, “our”) operates the Piega property intelligence service, including the website at piega.co and the Piega browser extension (“Extension”). We are the data controller for personal data processed in connection with the Service.

If you have any questions or concerns about how we handle your personal data, please contact us at hello@piega.co.

This Privacy Policy describes how we collect, use, store, share, and protect information in connection with your use of the Service. It applies to all users of the Site and Extension, including those who have registered an Account and those who use the Service without registration.

This policy does not apply to third-party websites or services that may be linked to or integrated with the Service. Those services are governed by their own privacy policies.

3.1 Account information. If you choose to create an Account, we collect the email address and authentication credentials you provide through our sign-in provider. We do not collect your name, postal address, phone number, or other identifying information unless you voluntarily provide it to us.

3.2 Device and browser identifier. When you install and use the Extension, a randomly generated unique identifier is created and stored in your browser’s local storage. This identifier is used solely to associate your Extension instance with your Balance and Reports. It does not identify you personally and cannot be used to track you across other websites or services.

3.3 Property listing data. When you initiate a Report through the Extension, certain publicly available information associated with the relevant property listing is transmitted to our servers. This information consists of publicly listed data such as the property address, asking price, property type, number of bedrooms and bathrooms, written description as published by the listing agent, the URLs of listing photographs and floorplans, and any coordinates published as part of the listing. This is data about the property, not about you. We do not receive any personally identifiable information about the listing agent, vendor, or other parties to the transaction.

3.4 Payment information. All payments are processed by Stripe, Inc. When you make a payment, you provide your payment card details directly to Stripe. We do not see, receive, or store your card number, expiry date, CVV, or billing address. We receive only a transaction reference, confirmation of successful payment, and the amount paid.

3.5 Communications. If you contact us by email, we will receive and store the contents of your message and any personal information you include in it, for the purpose of responding to your enquiry.

3.6 Technical and usage data. Our hosting and infrastructure providers may automatically log certain technical data, such as your IP address, browser type, operating system, and the pages you access on the Site. This data is used for security, infrastructure management, and diagnostic purposes. We do not use it for advertising or behavioural profiling.

We want to be specific about the personal data we do not collect:

• We do not collect your name, surname, or any government-issued identifier.
• We do not collect your postal address or physical location.
• We do not collect your phone number.
• We do not record, monitor, or transmit your browsing activity on websites other than piega.co. The Extension does not report which pages you visit.
• We do not set advertising cookies or use cross-site tracking technologies.
• We do not collect demographic information.
• We do not collect health, financial, or other special category data.
• We do not knowingly collect data about children under the age of 18.

Where the UK General Data Protection Regulation (“UK GDPR”) applies, we process personal data on the following legal bases:

• Performance of a contract — processing your account information and device identifier is necessary to provide the Service, maintain your Balance, and deliver Reports you have requested.
• Legitimate interests — processing technical and usage data is necessary for our legitimate interests in maintaining the security, stability, and performance of the Service, and in detecting and preventing fraudulent or abusive use.
• Compliance with a legal obligation — we may be required to retain certain records (such as payment transaction records) to comply with applicable law, including tax and financial regulations.
• Consent — where we have sought and obtained your consent for a specific processing activity, such as sending you service-related email communications, we will process data on that basis. You may withdraw consent at any time.

We use the information we collect for the following purposes:

• to provide, operate, and maintain the Service;
• to create and manage your Account and Balance;
• to generate Reports in response to your requests;
• to process payments and maintain transaction records;
• to respond to your enquiries and provide customer support;
• to detect, investigate, and prevent fraudulent, abusive, or unauthorised use of the Service;
• to ensure the security and integrity of our systems and infrastructure;
• to comply with legal obligations;
• to send you service-related notifications (for example, when a Report is ready), where you have provided your email address for this purpose.

We do not use your information for advertising, behavioural profiling, or marketing to third parties. We do not sell your personal data.

Reports are generated through automated computational processes applied to Listing Data. This processing does not produce legal or similarly significant effects on you, and does not constitute automated decision-making of the kind regulated under Article 22 of the UK GDPR.

The outputs of automated processing are analytical reports intended to support your own personal research and decision-making. No decision affecting your legal rights or obligations is made solely on the basis of automated processing by the Service.

We do not sell, rent, or trade your personal data. We share information only in the following circumstances:

8.1 Service providers (data processors). We engage certain third-party service providers to operate the Service on our behalf. These providers act as data processors under our instruction and are contractually obligated to handle data only as directed, to maintain appropriate security measures, and not to use data for their own purposes. Our current processors include providers of cloud infrastructure, database hosting, payment processing, and computational services used to generate Report content. A list of our current sub-processors is available on request.

8.2 Legal requirements. We may disclose information where required to do so by law, regulation, or legal process, including in response to a court order, subpoena, or lawful request from a public authority.

8.3 Protection of rights. We may disclose information where we reasonably believe it is necessary to prevent or detect crime, to protect the rights, property, or safety of us, our users, or others, or to enforce our Terms of Use.

8.4 Business transfers. In the event that we are acquired by, merge with, or transfer all or part of our business to another entity, user information may be transferred as part of that transaction, subject to appropriate confidentiality obligations.

To provide the Service, we may transfer personal data to countries outside the United Kingdom. Where such transfers occur, we ensure that appropriate safeguards are in place in accordance with the UK GDPR, such as the use of standard contractual clauses approved by the Information Commissioner’s Office (“ICO”), adequacy decisions, or other recognised transfer mechanisms.

Our primary service providers are based in the United States. We have assessed that appropriate safeguards are in place for transfers to these providers. If you would like more information about the safeguards applicable to a specific transfer, please contact us at hello@piega.co.

The Site uses strictly necessary cookies to maintain your session and authentication state. These cookies are essential to the functioning of the Site and cannot be disabled without breaking core functionality.

We do not use advertising cookies, tracking pixels, or third-party analytics cookies. We do not use cookies to build profiles of your interests or to serve targeted advertising.

You may configure your browser to refuse or delete cookies. Note that disabling session cookies may prevent you from accessing authenticated areas of the Site.

We retain different categories of data for different periods:

• Account information — retained for as long as your Account is active, plus a reasonable period thereafter to comply with legal obligations and to allow you to request reactivation.
• Reports and associated Listing Data — retained indefinitely so that you can access your historical Reports. You may request deletion at any time.
• Payment records — retained for a minimum of six years in accordance with UK tax and financial record-keeping obligations.
• Server access logs — retained for a limited period (typically 30–90 days) for security monitoring purposes.
• Support communications — retained for as long as necessary to resolve your enquiry and for a reasonable period thereafter.

When data is no longer required for the purpose for which it was collected, and no legal obligation requires its retention, we will delete or anonymise it.

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, disclosure, alteration, and destruction. These measures include encrypted data transmission (TLS), access controls, and regular security reviews.

No method of transmission over the internet or electronic storage is completely secure. While we take reasonable precautions, we cannot guarantee absolute security. In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the ICO as required by applicable law.

Subject to applicable exceptions, you have the following rights in relation to personal data we hold about you:

• Right of access — you may request a copy of the personal data we hold about you.
• Right to rectification — you may request correction of inaccurate or incomplete personal data.
• Right to erasure — you may request deletion of your personal data where we no longer have a legitimate purpose to retain it.
• Right to restriction — you may request that we restrict processing of your personal data in certain circumstances.
• Right to data portability — where processing is based on consent or contract and carried out by automated means, you may request that we provide your data in a structured, commonly used, machine-readable format.
• Right to object — you may object to processing based on legitimate interests, including processing for direct marketing purposes.
• Rights related to automated decision-making — you have the right not to be subject to a decision based solely on automated processing that produces legal or similarly significant effects on you.
• Right to withdraw consent — where processing is based on consent, you may withdraw that consent at any time without affecting the lawfulness of processing prior to withdrawal.

To exercise any of these rights, please contact us at hello@piega.co. We will respond to verified requests within one month. We may need to verify your identity before processing a request. Some rights are subject to exceptions and may not apply in all circumstances; where we cannot fulfil a request, we will explain why.

The Service is not directed at children under the age of 18. We do not knowingly collect personal data from children. If you believe that we have inadvertently collected information from a child under 18, please contact us at hello@piega.co and we will take steps to delete it promptly.

The Service may contain links to third-party websites. We are not responsible for the privacy practices of those websites. We encourage you to review the privacy policies of any third-party sites you visit.

Where we make use of third-party services to operate the Service, those providers may process certain data as described in section 8.1. Their respective privacy policies are available on their websites.

We may update this Privacy Policy from time to time to reflect changes in our practices, in the Service, or in applicable law. The “last updated” date at the top of this page indicates when the policy was most recently revised. We will notify you of material changes by posting a notice on the Site or, where we hold your email address, by sending you a notification. Continued use of the Service after a revision constitutes your acceptance of the updated policy.

If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office (“ICO”), the UK supervisory authority for data protection matters. The ICO can be contacted at ico.org.uk or by telephone on 0303 123 1113. We would, however, appreciate the opportunity to address your concerns before you approach the ICO, so please contact us first at hello@piega.co.

For any questions, requests, or concerns about this Privacy Policy or our data practices, please contact us at hello@piega.co.

See also our Terms of Use.