Privacy Policy
Effective: 15-01-2026 · Last updated: 15-01-2026
This Privacy Policy explains how BaiTech (“we”, “us”, “our”) collects, uses, shares, and protects personal data when you use our public website baitech.app (“Website”), the BaiTech App (mobile/web), and our integrations including our WhatsApp Business (Facebook/Meta) app and the BaiTech WhatsApp bot (together, the “Services”). If you do not agree, please do not use the Services.
1) Who we are
Legal entity: BaiTech by Ignite Ventures
Privacy email: info@baitech.app · Phone: +973 39 870 870
2) Scope & roles
For the Website and App accounts, BaiTech is the controller (we decide why and how personal data is processed). When landlords import or manage tenant data in the App, the landlord is typically the controller for that tenant data, and BaiTech acts as a processor (we process it to provide the service) under our Data Processing Addendum (available on request).
3) Data we collect
3.1 Data you provide
- Account & profile: name, email, phone/WhatsApp number, role, organization.
- Property & lease (landlord-provided): property and unit details, lease terms, due dates, EWA caps, uploaded documents (e.g., IDs, contracts).
- Payments: payer name, invoice ID, amount, currency, provider reference (we do not store full card data).
- Support & chat: messages, attachments, maintenance descriptions, photos/videos.
- Marketing forms: company, portfolio size, interests, demo notes.
3.2 Data collected automatically
- Usage & logs: IP, device/OS, timestamps, event logs, crash reports.
- Cookies (Website): essential session cookies and, with consent where required, analytics/preference cookies.
3.3 Data from third parties
- OTP and delivery status from SMS/WhatsApp providers.
- Payment status from Tap Payments.
- Sign-in providers (if enabled): basic profile (name, email, avatar).
3.4 Camera and Photo Library (App permissions)
BaiTech may request access to your device camera and photo library to support maintenance workflows. For example, a tenant can take a photo/video of a maintenance issue (e.g., leaking faucet or AC not cooling), or select an existing photo/video from the gallery to attach to a maintenance request so vendors can diagnose the issue and resolve it faster.
4) How we use data
- Account creation, authentication (including OTP) and customer support.
- Service delivery: rent reminders, maintenance intake/dispatch, status notifications (email/SMS/WhatsApp).
- AI assistance & workflow automation (with access controls and minimization).
- Analytics, debugging, fraud and abuse prevention.
- Legal compliance and enforcing our terms.
5) Legal bases
Where applicable (e.g., Bahrain PDPL, GDPR/UK GDPR): contract performance; legitimate interests (security, product improvement, B2B communications with opt-out); consent (marketing, WhatsApp/SMS opt-ins, cookies); and legal obligation (e.g., financial records).
7) WhatsApp-specific notice
Our WhatsApp bot and Facebook App for WhatsApp use the WhatsApp Business Platform (Meta). When you message us on WhatsApp, WhatsApp/Meta may process your data (including message content and metadata) according to their terms and privacy notices. We use WhatsApp to deliver OTP codes, rent/maintenance updates, and support communications.
Opt-out: reply STOP on WhatsApp, or contact us to switch to SMS/email. Messaging and carrier charges may apply.
8) Payments
Payments are processed by third parties. We receive status and references to reconcile invoices; we do not store full card data.
- Tap Payments (GCC): card and regional methods, per Tap’s policies.
10) Data retention
- Account, lease, invoice, and payment records: for your account lifetime and as required by law (e.g., 5–10 years for finance).
- Chat logs, maintenance media, notifications: per your organization’s settings or our default (e.g., 24 months), then deleted or anonymized.
- Server logs: typically 90 days, unless extended for investigations.
11) International transfers
Your data may be processed outside your country. Where required, we use lawful safeguards (e.g., Standard Contractual Clauses) and technical/organizational measures.
12) Security
We implement encryption in transit, access controls, audit logging, and backups. No system is 100% secure; we maintain incident response processes and will notify you and authorities where legally required.
13) Your rights
Subject to local law (e.g., Bahrain PDPL, GDPR/UK GDPR), you may request access, correction, deletion, restriction, portability, or object to processing. You may withdraw consent (e.g., marketing/WhatsApp). For tenant data managed by a landlord, we will forward requests to the landlord.
Submit a request: info@baitech.app
Account deletion: You may request account deletion by emailing info@baitech.app. We may retain certain records where required by law or for legitimate business purposes (e.g., financial recordkeeping and fraud prevention).
14) Children
Our Services are not directed to children under 16 (or the age defined by local law). If you believe we collected data from a child, contact us to delete it.
15) Changes to this Policy
We may update this Policy. Material changes will be notified (e.g., email, in-app, or Website notice). The “Effective” date above controls.
16) Contact us
BaiTech
Email: info@baitech.app · Phone: +973 39 870 870
Annex A — Key subprocessors
| Subprocessor | Purpose | Data categories | Location/transfer |
|---|---|---|---|
| Supabase | Hosting, database, auth | Accounts, leases, documents | EU/US (SCCs as needed) |
| Twilio | SMS/WhatsApp delivery & OTP | Phone number, message content/metadata | Global (per provider) |
| Postmark / AWS SES | Transactional email | Email, templates, delivery status | US/EU (SCCs) |
| Tap Payments | Payment processing (GCC) | Payer details, amount, status | GCC |
| Sentry / Logging | Error & performance monitoring | Pseudonymous identifiers, logs | EU/US (SCCs as needed) |
Note: The list reflects core providers and may change as our Services evolve. We will update this table when materially changed.