Privacy Policy

1. Introduction

PropX ("we", "us", "our") operates the PropX real estate platform, including beta-propx.com, partner.beta-propx.com, and associated services. This Privacy Policy explains how we collect, use, disclose, and safeguard personal data relating to users of our Platform in compliance with the Personal Data Protection Law (PDPL) of the Kingdom of Saudi Arabia.

2. Data Controller

The data controller for personal data processed through the Platform is PropX. Privacy enquiries: privacy@propx.com.

3. Personal Data We Collect

Account and Identity Data: Full name, e-mail address, phone number, and national ID or Iqama number where required for property transaction verification.

Property and Transaction Data: Property listings, search history, tenancy details, and uploaded documents.

Technical Data: Browser type, device identifiers, usage analytics, and error diagnostics. See Section 7 regarding Sentry error monitoring and what is specifically excluded from collection.

PropX does not directly process payment card data. Card transactions are handled by a PCI-DSS-compliant third-party provider.

4. Legal Basis for Processing

We process your personal data on the basis of: contract performance (to deliver Platform services); legitimate interests (security monitoring, fraud prevention, platform improvement); consent (optional features such as marketing, which you may withdraw at any time); and legal obligation (compliance with applicable KSA laws).

5. How We Use Personal Data

We use your data to provide, maintain, and improve the Platform; manage accounts; facilitate property searches, listings, and tenancy management; send transactional e-mails; monitor Platform health and diagnose errors; and comply with legal obligations.

6. Sharing and Disclosure

We do not sell personal data. We share data with: sub-processors under binding data-processing agreements (see Section 7); partner agents limited to data necessary for their role; KSA regulatory and law-enforcement authorities where required by law; and successor entities in a business transfer.

7. Sub-Processors and International Transfers

Google Firebase / GCP — User authentication, database, cloud storage, and API hosting. Primary region: me-central1 (Doha, Qatar). Transfer basis: Standard Contractual Clauses and Google Data Processing Addendum.

Sentry (Error Monitoring) — PropX uses Sentry.io across all four sub-applications for error and performance monitoring.

Data location: All Sentry data is stored exclusively in Sentry's EU data centre in Germany (.de.sentry.io domain). The EU is considered an adequate jurisdiction under PDPL Article 29 on the basis of GDPR equivalence.

Data minimisation: sendDefaultPii: false is set in all PropX applications — IP addresses and user identity are NOT automatically captured or transmitted to Sentry.

Data sanitisation: A beforeSend hook on the server-side API scrubs password, token, secret, and authorization fields before any data is transmitted. Error events contain only stack traces, error messages, environment labels, and a deployment identifier.

Sentry error events are automatically purged after 90 days. A Data Processing Addendum with Sentry is in place.

SendGrid (Transactional E-mail) — Recipient e-mail address and e-mail content only. Transfer basis: Twilio Standard Contractual Clauses and DPA.

8. Data Retention

Account data: retained for the duration of your account and up to 5 years after closure. Transaction and tenancy records: retained for 10 years from completion. Sentry error events: automatically purged after 90 days. Marketing consent records: retained for 3 years.

9. Security

Security measures include: TLS 1.2+ encryption in transit; encryption at rest via Google Cloud Platform; role-based access controls; Sentry configured to exclude IP addresses and credentials (see Section 7); API keys stored in Google Secret Manager; and audit logging of production system access.

10. Your Rights Under the PDPL

You have the right to access, correct, or request erasure of your personal data; receive your data in a portable format; object to processing; and withdraw consent at any time. Contact privacy@propx.com to exercise these rights. If unsatisfied, you may lodge a complaint with the competent KSA data-protection authority.

11. Cookies

The Platform uses essential cookies for session management and authentication only. We do not use advertising or cross-site tracking cookies.

12. Changes and Contact

We may update this policy from time to time. We will notify you of material changes by posting an updated version with a revised effective date. Privacy enquiries: privacy@propx.com.

1. Introduction and Acceptance

These Terms of Service ("Terms") constitute a legally binding agreement between you ("User") and PropX governing your access to and use of the PropX real estate platform, including beta-propx.com, partner.beta-propx.com, and all related services. By using the Platform, you agree to these Terms and our Privacy Policy.

2. Platform Description

PropX is a property management and compliance platform for the KSA residential rental market. Core functions include property listing management, AI-assisted inspection recording, tenancy lifecycle management, partner portal tools, and document generation. PropX is a technology platform only — not a real-estate agent, legal advisor, or property valuation service.

3. User Eligibility

Users must be at least 18 years of age and have legal capacity to enter contracts under Saudi law. Partner agents must hold a valid REGA real estate licence.

4. Account Responsibilities

You are responsible for the confidentiality of your account credentials and all activity under your account. Notify support@propx.com immediately of any suspected unauthorised access.

5. Permitted and Prohibited Use

Use the Platform only for lawful real estate activity in KSA. You must not: submit false or misleading information; impersonate others; circumvent security measures; use automated scrapers without written consent; or upload content that violates applicable law or third-party rights. Violations may result in immediate account suspension.

6. Ejar and REGA Compliance

PropX is designed to support compliance with the Ejar rental-registration platform administered by REGA. Registration of tenancy agreements with Ejar is the legal responsibility of the contracting parties. Inspection records generated on PropX are supporting documentation only.

7. AI-Generated Content

PropX Vision AI (powered by Anthropic's Claude API and Google Cloud Vision) and the PropX Decision Engine assist with condition assessment and report generation. AI outputs are advisory only and do not constitute legal determinations or valuations. Inspection photographs are processed securely and are not used to train third-party AI models.

8. Privacy and Data

Your use of the Platform is governed by our Privacy Policy (see the Privacy tab above). Key practices: no sale of personal data; Google Cloud infrastructure in the Middle East; Sentry error monitoring with EU/Germany storage and IP addresses excluded; transactional e-mail via SendGrid with minimal data transferred.

9. Limitation of Liability

The Platform is provided "as is" without warranties of any kind. PropX's aggregate liability shall not exceed total fees paid by you in the 12 months preceding the claim. Nothing in these Terms excludes liability for fraud or gross negligence.

10. Governing Law

These Terms are governed exclusively by the laws of the Kingdom of Saudi Arabia. Any dispute shall be subject to the exclusive jurisdiction of the competent courts of Saudi Arabia. Contact: legal@propx.com.

11. Contact

For questions about these Terms: legal@propx.com. For privacy: privacy@propx.com. For support: support@propx.com.