Privacy Policy

Terraa ("we", "us", or "our") is operated by Ambia Global Technologies Ltd, a company registered in the Dubai International Financial Centre (DIFC), Dubai, United Arab Emirates. This Privacy Policy describes how we collect, use, protect, and share your personal information when you use the Terraa platform, including our website, tenant portal, landlord portal, and related services (collectively, the "Service").

1. Information We Collect

We collect the following categories of personal information:

Information You Provide

• Account Information: Name, email address, phone number, WhatsApp number, and password when you create an account.
• Identity Documents: Emirates ID, passport details, visa information, and related expiry dates as required for lease registration and compliance.
• Financial Information: Bank account details (IBAN), payment records, cheque information, and transaction history.
• Property Information: Building details, unit specifications, lease terms, and maintenance records.
• Communications: Messages, maintenance requests, and correspondence sent through the platform.

Information Collected Automatically

• Usage Data: Pages visited, features used, timestamps, and interaction patterns.
• Device Information: Browser type, operating system, IP address, and device identifiers.
• Location Data: General geographic location derived from IP address.

2. Use of Information

We use your personal information for the following purposes:

• Service Delivery: To provide property management services, process lease agreements, manage payments, and handle maintenance requests.
• Communication: To send payment reminders, lease notifications, maintenance updates, and other service-related messages via your preferred channel (email, SMS, or WhatsApp).
• Compliance: To meet UAE regulatory requirements including Ejari registration, VAT filing with the Federal Tax Authority, and identity verification.
• AI-Powered Features: To provide automated insights, lease renewal recommendations, market analysis, and predictive intelligence through our AI agents.
• Platform Improvement: To analyse usage patterns and improve the Service, develop new features, and enhance user experience.
• Market Intelligence: To generate anonymised, aggregated market benchmarks and analytics. Individual data is never shared or identifiable in market reports.

3. Data Protection

We implement robust security measures to protect your personal information:

• Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256 server-side encryption for stored documents).
• Access Controls: Role-based access ensures tenants, landlords, and administrators can only view data relevant to their role. Data never crosses client boundaries.
• Data Residency: We select data hosting regions that comply with applicable data residency requirements, including those of the UAE and the DIFC Data Protection Law (DIFC Law No. 5 of 2020).
• Secure Document Access: Document access uses time-limited, pre-signed URLs. Files are never publicly accessible.
• Regular Audits: We conduct periodic security reviews and vulnerability assessments.

4. Cookies and Tracking

We use the following types of cookies:

• Essential Cookies: Required for authentication, session management, and platform security. These cannot be disabled.
• Functional Cookies: Remember your preferences such as language, notification settings, and display options.
• Analytics Cookies: Help us understand how the Service is used so we can improve it. You can opt out of analytics cookies in your account settings.

We do not use advertising cookies or sell data to third-party advertisers.

5. Third-Party Services

We share personal information with the following categories of service providers, solely for the purpose of delivering the Service:

• Database and Financial Software: Supabase for secure structured data storage and Zoho Books for financial record management and VAT compliance.
• Cloud Infrastructure: Amazon Web Services (AWS) and Supabase for secure data storage. Vercel for application deployment and hosting.
• Communications: SendGrid for email delivery, Twilio for SMS and WhatsApp messaging.
• AI Processing: Anthropic for AI-powered analysis and recommendations. Data shared with AI models is not used to train models.
• Payment Processing: Stripe for online payment processing (where applicable).

All third-party service providers are contractually obligated to protect your data and use it only for the specified purposes.

6. Data Retention

We retain your personal information as follows:

• Active Accounts: Data is retained for the duration of your active tenancy or client relationship, plus any legal retention period.
• Financial Records: Retained for a minimum of 5 years after the end of the relevant financial year, as required by UAE Commercial Transactions Law and VAT regulations.
• Lease Documents: Retained for 5 years after lease termination.
• Temporary Files: Upload staging files are automatically deleted after 24 hours. Generated exports are deleted after 48 hours.
• Account Deletion: Upon account deletion request, personal data is removed within 30 days, except where retention is required by law.

7. Your Rights

Under the UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (PDPL) and the DIFC Data Protection Law (DIFC Law No. 5 of 2020), you have the following rights:

• Access: Request a copy of the personal information we hold about you.
• Correction: Request correction of inaccurate or incomplete data.
• Deletion: Request deletion of your personal information, subject to legal retention requirements.
• Portability: Request your data in a structured, machine-readable format.
• Objection: Object to processing of your data for specific purposes, including marketing.
• Restriction: Request that we limit how we use your data in certain circumstances.

To exercise any of these rights, contact our Data Protection Officer at privacy@terraa.io.

8. International Data Transfers

Where your personal data is transferred outside the DIFC or the UAE, we ensure appropriate safeguards are in place, including standard contractual clauses and adequacy assessments, in compliance with the DIFC Data Protection Law and the UAE PDPL.

9. Children's Privacy

The Service is not directed at individuals under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us at privacy@terraa.io and we will delete it promptly.

10. Contact Information

If you have any questions about this Privacy Policy or our data practices, please contact us:

• Email: privacy@terraa.io
• Address: Ambia Global Technologies Ltd, DIFC, Dubai, United Arab Emirates
• Data Protection Officer: dpo@terraa.io

We may update this Privacy Policy from time to time. Material changes will be communicated via the platform and email. Continued use of the Service after changes constitutes acceptance of the updated policy.