HomePropertiesNew BuildsResaleBlogAbout UsContact

Privacy Policy

Last updated: 14 April 2026

At ESYS VIP we are committed to protecting your privacy. This policy describes what personal data we collect, how we use it and what your rights are under the General Data Protection Regulation (GDPR) and the Spanish Organic Law on Data Protection (LOPD-GDD).

Data controller

The data controller for your personal data is ESYS VIP.

Contact email: info@esysvip.com

Phone: +34 688 47 27 54

Data we collect

We collect the following personal data depending on how you use our platform:

  • When you register: full name, username, email address and password (stored in encrypted form).
  • When you use your account: properties saved to favourites, saved searches and configured price alerts.
  • When you send us a message: name, email, phone number (optional) and the message content.
  • Technical data: IP address (for rate limiting and security), anonymous browsing data (via Vercel Web Analytics).

Purpose of processing

We use your data solely to operate the platform: manage your user account, provide access to favourites, saved searches and alerts, respond to your enquiries, ensure service security and send you account-related communications.

Legal basis

  • Performance of a contract (Art. 6.1.b GDPR): when you register, we establish a contractual relationship to provide the service. Your data is necessary for the platform to function.
  • Legitimate interest (Art. 6.1.f GDPR): rate limiting, fraud prevention and service security.
  • Consent (Art. 6.1.a GDPR): should features requiring explicit consent be introduced in the future.

Third parties with data access

To operate the platform, we use the following third-party services:

  • Supabase (database): stores user and property data. Servers in the European Union.
  • Upstash (Redis): manages user sessions and cache. Servers in the European Union.
  • Cloudflare (hosting, CDN, CAPTCHA): hosts the website and provides bot protection. Global network with Standard Contractual Clauses (SCCs).
  • Vercel (web analytics): collects anonymous browsing data. Based in the US with SCCs.
  • Resend (transactional email): sends welcome and password reset emails. Based in the US with SCCs.

Data retention

  • Account data: retained while your account is active. After account deletion, data is erased within 30 days.
  • Contact messages and leads: retained for 2 years from the date received.
  • Rate-limiting data (IP): automatically deleted via configured TTL (time to live) in seconds.

Your rights

Under the GDPR, you have the right to:

  • Access: request a copy of the personal data we hold about you.
  • Rectification: correct inaccurate or incomplete data.
  • Erasure: request the deletion of your personal data.
  • Portability: receive your data in a structured, machine-readable format.
  • Objection: object to the processing of your data in certain circumstances.
  • Restriction: request the restriction of processing of your data.

To exercise any of these rights, send an email to info@esysvip.com. We will respond within 30 days.

You also have the right to lodge a complaint with the Spanish Data Protection Agency (AEPD) at www.aepd.es.

Security

We implement technical and organisational measures to protect your data: passwords encrypted with PBKDF2 (100,000 iterations, SHA-512), httpOnly and Secure session cookies, TLS-encrypted communications, rate limiting on sensitive endpoints and CAPTCHA bot protection.

Updates

We may update this policy from time to time. The date of the last update is shown at the top of this page. We recommend reviewing it periodically.