Effective Date: January 1, 2026
Last Updated: January 1, 2026
Welcome to HomesGravity.com (“Site,” “Platform,” “Service”), a comprehensive real estate technology platform operated by HomesGravity Technologies Inc. (“we,” “us,” “our,” “Company”). We are committed to revolutionizing the property search, transaction, and ownership experience through advanced data analytics, artificial intelligence, and personalized matching algorithms.
This Privacy Policy constitutes a legally binding document that explains in detail how we collect, use, process, store, share, and protect your personal information in connection with your use of our Site, mobile applications, services, tools, and any related platforms (collectively, the “Services”). Given our multinational user base and the global nature of real estate transactions, this policy has been meticulously crafted to comply with the stringent requirements of multiple privacy frameworks across jurisdictions, including but not limited to:
European Economic Area (EEA) & United Kingdom: The General Data Protection Regulation (GDPR) and its UK equivalent (UK GDPR), implementing principles of lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity, and accountability.
United States: A comprehensive approach covering the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), Virginia Consumer Data Protection Act (VCDPA), Colorado Privacy Act (CPA), Connecticut Data Privacy Act (CTDPA), Utah Consumer Privacy Act (UCPA), and other applicable state laws, alongside sector-specific regulations such as the Gramm-Leach-Bliley Act (GLBA) for financial data and the Fair Housing Act.
Canada: The Personal Information Protection and Electronic Documents Act (PIPEDA) and substantially similar provincial legislation, including Quebec’s Law 25 (formerly Bill 64), Alberta’s Personal Information Protection Act (PIPA), and British Columbia’s PIPA, emphasizing meaningful consent, individual access, and accountability.
This Privacy Policy applies to all users of our Services globally, including: prospective home buyers, sellers, renters, landlords, real estate professionals (agents, brokers), mortgage seekers, property investors, and general visitors. By accessing, browsing, registering for, or otherwise using our Services, you acknowledge that you have read, understood, and agree to be bound by the terms of this Privacy Policy and our Terms of Service. If you do not agree with any part of this policy, you must immediately discontinue use of our Services.
“Personal Information” or “Personal Data” means any information relating to an identified or identifiable natural person. An identifiable person is one who can be identified, directly or indirectly, by reference to an identifier such as a name, identification number, location data, online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that person.
“Processing” means any operation or set of operations performed on personal data, such as collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination, alignment, combination, restriction, erasure, or destruction.
“Data Controller” (GDPR) / “Business” (CCPA) means the entity that determines the purposes and means of processing personal data. For most processing activities on HomesGravity.com, we are the Data Controller.
“Data Processor” (GDPR) / “Service Provider” (CCPA/CPRA) means an entity that processes personal data on behalf of and under the instructions of the Data Controller.
“Data Subject” (GDPR) / “Consumer” (CCPA) means the individual to whom the personal information relates.
“Sensitive Personal Information” refers to special categories of data under GDPR (e.g., racial/ethnic origin, biometric data for identification) and similarly sensitive data under other laws (e.g., precise geolocation, financial account numbers, contents of private communications).
We collect information that you provide directly, that we collect automatically, and that we obtain from third parties. The scope of collection varies based on your interaction with our Services.
Account and Registration Data: When you create an account, we collect your full name, email address, telephone number, and a secure hashed password. For professionals, we collect brokerage affiliation, license number, and professional bio.
Profile and Preference Data: Your saved searches, favorite properties, search criteria (price range, bedrooms, location, property type), communication preferences, and profile photo.
Property Listing and Transaction Data: If you list a property for sale or rent, we collect detailed property information, photos, floor plans, listing price, and your contact information. If you engage in a transaction inquiry, we collect communication records, offer details, and transaction progress information.
Identity and Verification Data: To comply with “Know Your Customer” (KYC) and anti-money laundering regulations in certain transactions, we may collect government-issued identification numbers (e.g., driver’s license, passport), proof of address, and signature. This is collected only when strictly necessary and with explicit consent.
Financial and Mortgage Data: When using our integrated mortgage calculator, pre-approval, or lender connection services, you may choose to provide income information, employment history, credit score estimates, debt obligations, and bank account information. Note: This data may be subject to GLBA and is processed with heightened security.
Communication and Inquiry Data: Contents of your messages to agents or other users, inquiry forms submitted, customer support tickets, and survey responses.
User-Generated Content: Reviews, ratings, comments, and photos you submit to the platform.
Device and Technical Data: IP address, browser type and version, operating system, device type and model, mobile network information, unique device identifiers.
Usage and Browsing Data: Pages visited, time spent on pages, clickstream patterns, search queries entered on the Site, features used, date and time stamps of activities.
Location Data:
Precise Location: Collected via your device’s GPS or mobile network if you grant permission in our mobile app for location-based searches and alerts.
Approximate Location: Derived from your IP address to show relevant listings in your region.
Cookies and Tracking Technologies Data: Please refer to Section 12 for an exhaustive treatment.
Multiple Listing Services (MLS) and Data Aggregators: Property listing data, historical sales data, tax records, and school district information.
Credit Bureaus and Identity Verification Services: With your explicit consent, for mortgage-related services.
Social Media Platforms: If you connect your account or use social features, we may receive profile information (subject to your privacy settings on those platforms).
Service Providers: Analytics providers, advertising networks, and data enrichment services may provide us with inferred demographic information or interest categories.
Public Records: Government property records, deed transfers, and other publicly available data sources.
Business Partners: Real estate agents, brokerages, lenders, and title companies may share information about your interactions with them that originated from our Platform.
We process your personal information only for specified, explicit, and legitimate purposes. Below we outline the purposes and the corresponding legal bases under the GDPR. For other jurisdictions, similar principles of necessity and proportionality apply.
| Purpose of Processing | Categories of Personal Information Used | Legal Basis (GDPR) | Additional Jurisdictional Notes |
|---|---|---|---|
| Service Delivery & Account Management | Account, Profile, Communication, Transaction Data | Performance of a Contract (Art. 6(1)(b)) | Necessary for providing the core Services you request. |
| Personalization & Recommendations | Profile, Preference, Usage, Location Data | Legitimate Interest (Art. 6(1)(f)) – to enhance user experience. Consent (Art. 6(1)(a)) for certain profiling activities where required. | Users can opt-out of personalized features in settings. |
| Marketing Communications | Contact Data, Profile Data | Consent (Art. 6(1)(a)) for email newsletters. Legitimate Interest for service-related transactional emails. | Opt-in required for marketing emails per CAN-SPAM, CASL, and GDPR. |
| Targeted Advertising on and off our Site | Identifiers, Usage Data, Inference Data | Consent (Art. 6(1)(a)) for non-essential cookies and advertising partners. Legitimate Interest for first-party, contextual ads. | Subject to opt-out rights under CCPA (“Do Not Sell/Share”) and cookie consent. |
| Fraud Prevention, Security & Compliance | All categories, as necessary | Legitimate Interest (Art. 6(1)(f)) and Legal Obligation (Art. 6(1)(c)) | Necessary to protect our Services, users, and to comply with laws (e.g., record-keeping for tax). |
| Market Research & Analytics | Aggregated, anonymized Usage Data | Legitimate Interest (Art. 6(1)(f)) – to improve our Services. | Data is aggregated and de-identified wherever possible. |
| Facilitation of Real Estate Transactions | Identity, Financial, Transaction Data | Performance of a Contract, Legal Obligation (e.g., anti-fraud laws), Explicit Consent (Art. 9(2)(a)) for sensitive data if processed. | May involve sharing with regulated professionals (agents, notaries, lenders). |
We do not sell your personal information in the traditional sense. However, in the context of modern digital advertising, certain disclosures may be considered a “sale” under the CCPA or “sharing for cross-context behavioral advertising.” We are transparent about these practices below.
Service Providers (Data Processors): We engage specialized companies under strict contractual data processing agreements (DPAs). These include:
Cloud Hosting & Infrastructure: Amazon Web Services (AWS), Google Cloud Platform.
Analytics & Performance: Google Analytics (with IP anonymization), Mixpanel, Hotjar.
Customer Relationship Management (CRM): Salesforce, HubSpot.
Communication: Twilio (SMS), SendGrid (email).
Payment Processing: Stripe, PayPal.
Advertising & Marketing Platforms: Google Ads, Meta Ads, LinkedIn Ads.
Real Estate Professionals and Partners: When you request information about a property or express interest in an agent’s services, we share your inquiry details (name, contact info, property of interest) with the relevant agent, brokerage, or listing manager to facilitate the service you requested.
Financial and Transaction Partners: Mortgage brokers, lenders, title companies, escrow agents, and home warranty providers—only at your direction and with your explicit consent.
Corporate Affiliates: Within our corporate group, for internal administrative purposes under a shared privacy policy.
Legal and Regulatory Authorities: When required by law, subpoena, court order, or to respond to a government request. We may also disclose information to protect the rights, property, or safety of HomesGravity, our users, or the public.
Business Transferees: In connection with a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of company assets, or transition of service to another provider. You will be notified via email and/or a prominent notice on our Site of any change in ownership or uses of your information.
Advertising Networks and Data Analytics Providers: We allow these partners to collect information via cookies and similar technologies on our Site for purposes of serving targeted ads on other sites and measuring ad performance. This is considered “sharing” under CPRA and may be a “sale.”
In the preceding 12 months, we have disclosed the following categories of personal information to the categories of third parties listed for business purposes:
Identifiers → Service Providers, Real Estate Partners.
Commercial Information → Service Providers, Real Estate Partners.
Internet/Network Activity → Analytics and Advertising Service Providers.
Inferences → Service Providers (for personalization).
In the preceding 12 months, we have “shared” (for cross-context behavioral advertising) and potentially “sold” (as defined by CCPA) the following categories to advertising partners: Identifiers, Internet/Network Activity, and Inferences. You have the right to opt-out of such sharing/selling. See Section 9.2.
Our primary data centers are located in the United States. As a global platform, your personal information will be transferred to, stored, and processed in the United States and potentially other countries where our service providers operate, which may have data protection laws different from your country of residence.
EEA/UK to U.S. Transfers: We rely on a combination of transfer mechanisms deemed adequate by the European Commission and UK authorities:
EU-U.S. Data Privacy Framework (DPF), UK Extension, and Swiss-U.S. DPF: HomesGravity Technologies Inc. complies with the EU-U.S. Data Privacy Framework (DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF as set forth by the U.S. Department of Commerce. We have certified to the U.S. Department of Commerce that we adhere to the DPF Principles with regard to the processing of personal data transferred from the European Union, the United Kingdom, and Switzerland to the United States. Our certification is publicly available at https://www.dataprivacyframework.gov/. For unresolved complaints, a free, independent dispute resolution mechanism is available.
Standard Contractual Clauses (SCCs): For transfers to service providers not covered by DPF, we implement the European Commission’s SCCs.
Other Countries: We use similar approved transfer mechanisms, such as SCCs or binding corporate rules, for transfers from other countries with strict export requirements (e.g., Canada, South Korea).
We retain personal information only for as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required or permitted by law. Our retention schedule is based on the following criteria:
Active Accounts: We retain your profile and associated data while your account is active and for a period of 24 months following your last login, to facilitate easy re-engagement.
Transaction Records: Financial and property transaction records are retained for 7 years to comply with tax, accounting, and real estate regulatory requirements.
Marketing Data: Contact information for marketing purposes is retained until you withdraw consent or opt-out, after which we suppress the data on our “do-not-contact” list.
Cookies and Tracking Data: Session cookies expire when you close your browser. Persistent cookies are retained according to the timeframe set in the cookie declaration (typically 1 month to 2 years).
Backups and Archives: Data may persist in secure, encrypted backups for up to 12 months before automated deletion.
Upon expiration of the retention period, or upon your valid request for erasure, we will securely delete or anonymize your personal information using industry-standard methods designed to prevent recovery.
We implement a robust, layered security framework aligned with the ISO 27001 standard and the NIST Cybersecurity Framework. Our measures include, but are not limited to:
Encryption: Data in transit is protected by TLS 1.2+ encryption. Data at rest is encrypted using AES-256 encryption.
Access Control: Strict role-based access control (RBAC), mandatory multi-factor authentication (MFA) for administrative systems, and principle of least privilege.
Network Security: Firewalls, intrusion detection/prevention systems (IDS/IPS), regular penetration testing by third-party security firms, and DDoS mitigation.
Application Security: Secure coding practices, static and dynamic application security testing (SAST/DAST), and regular vulnerability scanning.
Employee Training: Mandatory annual privacy and security awareness training for all employees.
Incident Response: A formal, documented incident response plan that includes procedures for notifying regulatory authorities and affected individuals in the event of a data breach, as required by GDPR (72 hours), PIPEDA, and state breach notification laws.
While we implement these stringent measures, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security but we commit to promptly investigating and notifying you and relevant authorities of any suspected breach where there is a likely risk to your rights and freedoms.
Depending on your geographic location, you may have certain legal rights regarding your personal information. We will not discriminate against you for exercising these rights.
| Right | GDPR (EEA/UK) | CCPA/CPRA (California) | PIPEDA (Canada) | Other US States (VA, CO, CT, UT) |
|---|---|---|---|---|
| Right to Know/Access | ✅ Art. 15 | ✅ | ✅ | ✅ |
| Right to Data Portability | ✅ Art. 20 | ✅ (Limited) | ✅ | ✅ (CO, CT) |
| Right to Rectification/Correction | ✅ Art. 16 | ✅ (CPRA) | ✅ | ✅ |
| Right to Deletion/Erasure | ✅ Art. 17 | ✅ | ✅ | ✅ |
| Right to Restrict Processing | ✅ Art. 18 | ❌ | ❌ | ❌ |
| Right to Object to Processing | ✅ Art. 21 | ❌ | ✅ (Withdraw Consent) | ❌ |
| Right to Opt-Out of Sale/Sharing | ✅ (Consent Based) | ✅ | ✅ (Implied) | ✅ |
| Right to Limit Use of Sensitive Data | ✅ (Explicit Consent) | ✅ (CPRA) | ✅ | ✅ (CO, CT) |
| Right to Non-Discrimination | Implied | ✅ | ✅ | ✅ |
| Right to Appeal a Decision | ✅ (Supervisory Authority) | ❌ | ✅ (OPC) | ✅ (CO, CT, VA) |
You can exercise your rights by any of the following methods:
Email: Send a detailed request to [email protected].
Postal Mail: Beytepe Mah. Kanuni Sultan Süleyman Blv. No: 93 B İç Kapı No: 27 Çankaya/Ankara, Türkiye.
For California Opt-Out of Sale/Share: In addition to the above, you may use the interactive “Your Privacy Choices” link in the footer of our website, which includes a toggle to opt-out of sale/sharing. We also recognize the Global Privacy Control (GPC) signal as a valid opt-out preference signal for browsers that support it.
To protect your data, we must verify your identity before fulfilling most requests. We may ask you to provide information such as your account email, phone number associated with the account, or other identifiers. For requests requiring a higher degree of verification (e.g., accessing specific financial data), we may require additional steps. Authorized agents may submit requests on your behalf with proof of written permission and their own identity verification.
We aim to respond to all verifiable requests within 30 days, with a possible 45-day extension if notified. We will provide our response in a portable and readily usable format.
Our Services are not intended for, designed for, or directed at individuals under the age of 18 (or the age of majority in your jurisdiction). We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected personal information from a child, we will take immediate steps to delete such information from our servers. If you are a parent or guardian and believe your child has provided us with information, please contact us at [email protected].
Our Site may contain links to third-party websites (e.g., lender websites, agent personal sites, government property portals) and may include social media widgets (e.g., Facebook “Like” button). This Privacy Policy applies only to our Services. We are not responsible for the privacy practices or content of any third-party sites. We encourage you to read the privacy policies of every website you visit.
We use cookies, web beacons, pixels, SDKs, and similar technologies to collect and store information about your interactions with our Services.
Essential Cookies: Necessary for the Site to function (e.g., security, load balancing, session management). These cannot be disabled.
Performance/Analytics Cookies: Help us understand how visitors interact with the Site (e.g., Google Analytics). They provide information on metrics like bounce rate, traffic sources, and page views.
Functional Cookies: Enable enhanced functionality and personalization (e.g., remembering saved searches, language preferences).
Targeting/Advertising Cookies: Set by our advertising partners to build a profile of your interests and show you relevant ads on other sites. They are based on uniquely identifying your browser and internet device.
Your Choices:
Cookie Consent Manager: On your first visit, and accessible via the “Cookie Settings” link in the footer, you can granularly accept or reject categories of non-essential cookies.
Browser Controls: Most browsers allow you to block or delete cookies. See www.allaboutcookies.org for guidance.
Advertising Opt-Outs: You can opt-out of interest-based advertising from many participating companies via the Digital Advertising Alliance (optout.aboutads.info) or Network Advertising Initiative (optout.networkadvertising.org).
Do Not Track: Our Site does not currently respond to “Do Not Track” browser signals due to a lack of universal technical standard.
We may update this Privacy Policy periodically to reflect changes in our practices, technologies, legal requirements, or business needs. The “Last Updated” date at the top indicates when it was last revised. We will provide notice of material changes by:
Posting a prominent notice on the Site’s homepage for at least 30 days before the change takes effect.
Sending an email notification to the address associated with your account.
We encourage you to review this page periodically for the latest information on our privacy practices. Your continued use of the Services after the effective date of any changes constitutes your acceptance of the updated policy.
If you have any questions, concerns, or complaints about this Privacy Policy or our data practices, please contact us:
HomesGravity
Attn: Privacy Officer / Data Protection Team
Beytepe Mah. Kanuni Sultan Süleyman Blv. No: 93 B İç Kapı No: 27 Çankaya/Ankara, Türkiye.
Email: [email protected]
Data Controller: For personal data processed through the core Services, HomesGravity Technologies Inc. is the data controller. Our EU representative (see Section 14) can be contacted for GDPR-related inquiries.
Legal Basis: We rely on the legal bases outlined in Section 4. Where we rely on Legitimate Interests, we have conducted a Legitimate Interests Assessment (LIA) balancing our interests against your rights and freedoms.
Data Protection Officer (DPO): We have appointed an external DPO who can be contacted at [email protected].
Automated Decision-Making & Profiling: We use automated algorithms to recommend properties and match users with agents. This constitutes profiling under GDPR. You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal or similarly significant effects. Our profiling does not produce such effects. You can object to this profiling via your account settings or by contacting us.
Notice at Collection: The categories of personal information we collect and the purposes are detailed in Sections 3 and 4. We retain each category as described in Section 7.
Shine the Light (CA Civil Code § 1798.83): California residents can request, once per year, a list of third parties with whom we shared personal information for direct marketing purposes in the previous calendar year. Submit such requests via the contact methods in Section 9.2.
Financial Incentives: We do not offer financial incentives for the collection, sale, or retention of personal information.
Metrics: Upon request, we will provide metrics on the number of requests to know, delete, and opt-out we received and complied with in the previous year.
Accountability: Our Privacy Officer is accountable for our compliance with PIPEDA and provincial laws. All employees are responsible for protecting the confidentiality of personal information.
Openness: This policy is publicly available. For further information on our policies and practices, contact our Privacy Officer.
Consent (Meaningful & Withdrawal): We obtain express or implied consent depending on the sensitivity of the information and reasonable expectations. Consent can be withdrawn at any time, subject to legal or contractual restrictions, by contacting us. Withdrawal may impact our ability to provide certain services.
Challenging Compliance: Individuals may challenge our compliance with this policy by contacting our Privacy Officer. We have procedures in place to receive, investigate, and respond to complaints.