Last Updated: January 2026
Effective Date: January 1, 2026
1. Introduction
Welcome to SPITI365 ("we," "our," or "us"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our internal real estate management platform and related services.
SPITI365 is an internal business tool used exclusively by SPITI365 real estate company employees for managing property appointments, client callbacks, team scheduling through Google Calendar integration, voice bot automation, and social media content distribution.
Our Commitment: We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR), the Hellenic Data Protection Authority (HDPA) guidelines, and other applicable data protection laws.
2. Data Controller
The data controller responsible for your personal information is:
SPITI365
Real Estate Management Platform
Thessaloniki, Greece
Privacy Contact: welcome@spiti365.gr
Website: spiti365.gr
For any privacy-related inquiries, data access requests, or concerns about how your information is handled, please contact us at the email address above. We aim to respond within 30 days.
3. Information We Collect
3.1 Employee Account Information
When you create an account on SPITI365, we collect:
- Email address: Primary identifier for your account
- Full name: For identification and communication
- Profile image: From Google OAuth (optional)
- Account preferences: Settings and configurations
- Role and permissions: Access level within the platform
3.2 Calendar and Scheduling Data
Through Google Calendar integration, we access:
- Calendar events: Appointments, viewings, meetings
- Event details: Titles, descriptions, locations, attendees
- Availability: Free/busy information for scheduling
3.3 Voice and Call Data
Through our voice bot integration, we collect:
- Call recordings: For quality assurance (with consent)
- Client phone numbers: For callback scheduling
- Call metadata: Duration, timestamps, outcomes
- Transcriptions: For callback action items
3.4 Social Media Data
When connecting social media accounts:
- Account tokens: For posting on your behalf
- Profile information: Username, account ID
- Post analytics: Engagement metrics
3.5 Usage and Analytics Data
- Login information: Times, IP addresses, device info
- Feature usage: Which features you use and how often
- Browser information: Type, version, settings
4. Legal Basis for Processing (GDPR)
We process your personal data based on the following legal grounds under GDPR Article 6:
Contract Performance (Article 6.1.b)
Processing necessary to provide our platform services to you as an employee, including account management, calendar integration, and scheduling features.
Legitimate Interest (Article 6.1.f)
Processing for platform security, fraud prevention, service improvement, analytics, and ensuring the proper functioning of our systems.
Consent (Article 6.1.a)
For optional features such as call recordings, social media posting, and non-essential analytics. You can withdraw consent at any time.
Legal Obligation (Article 6.1.c)
Processing required to comply with applicable laws, regulations, and legal requests from authorities.
5. How We Use Your Information
5.1 For Platform Services
- Authenticate and maintain your account
- Manage property viewing appointments via Google Calendar
- Schedule and track client callbacks
- Coordinate team schedules and availability
- Process voice calls and automate callback scheduling
- Post property content to connected social media accounts
5.2 For Communication
- Send important service updates and notifications
- Provide customer and technical support
- Communicate about appointments and callbacks
5.3 For Improvement and Security
- Improve platform features and user experience
- Generate analytics and performance reports
- Ensure platform security and prevent unauthorized access
- Debug issues and maintain system stability
6. Third-Party Services and Integrations
We integrate with the following third-party services. By using SPITI365, you acknowledge their respective privacy policies:
6.1 Google OAuth and Calendar API
Purpose: Authentication and calendar management
Data accessed: Email, name, profile picture, calendar events
Privacy Policy: Google Privacy Policy
6.2 Twilio
Purpose: Voice call handling and automation
Data accessed: Phone numbers, call recordings, call metadata
Privacy Policy: Twilio Privacy Policy
6.3 Meta (Facebook/Instagram)
Purpose: Social media content posting
Data accessed: Account tokens, posting permissions
Privacy Policy: Meta Privacy Policy
6.4 TikTok
Purpose: Social media content posting
Data accessed: Account tokens, posting permissions
Privacy Policy: TikTok Privacy Policy
7. Data Sharing
Important: We do not sell, rent, or trade your personal information to third parties for marketing purposes.
We may share your information only in the following circumstances:
- Service Providers: With the third-party services listed above, solely to provide platform functionality
- Legal Requirements: When required by law, court order, or governmental authority
- Business Transfers: In case of merger, acquisition, or sale of company assets
- Protection of Rights: To protect the rights, property, or safety of SPITI365, our users, or others
8. Data Retention
We retain your data for the following periods:
- Employee accounts: While you are an active employee, plus 30 days after termination
- Calendar event data: Retained for business records as long as relevant
- Call recordings: Retained for up to 12 months for quality assurance
- Analytics data: Aggregated and anonymized, retained indefinitely
- Social media tokens: Until disconnected or account termination
You can request deletion of your personal data at any time by contacting us. We will process your request within 30 days, subject to any legal retention requirements.
9. Your Rights Under GDPR
As a data subject, you have the following rights regarding your personal data:
Right of Access
Request a copy of your personal data we hold
Right to Rectification
Correct inaccurate or incomplete data
Right to Erasure
Request deletion of your personal data
Right to Restrict Processing
Limit how we use your data
Right to Data Portability
Receive your data in a structured format
Right to Object
Object to processing based on legitimate interests
Right to Withdraw Consent
Withdraw consent for consent-based processing
Right to Lodge Complaint
File a complaint with a supervisory authority
How to Exercise Your Rights: Contact us at welcome@spiti365.gr. We will respond within 30 days. For GDPR complaints, you may also contact the Hellenic Data Protection Authority (HDPA) at
www.dpa.gr.
10. Data Security
We implement industry-standard security measures to protect your information:
- Encryption: All data transmission uses HTTPS/TLS encryption
- Authentication: Secure OAuth 2.0 protocols for third-party integrations
- Access Controls: Role-based access restrictions for employees
- Server Security: Hosted on secure, monitored servers
- Regular Audits: Periodic security assessments and updates
- Token Management: Secure storage of API tokens and credentials
Disclaimer: While we strive to protect your data, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.
11. International Data Transfers
Your data may be processed in countries outside the European Economic Area (EEA), particularly when using our third-party service providers:
- Google: Data centers worldwide (EU-US Data Privacy Framework participant)
- Twilio: US-based with global infrastructure
- Meta: US-based with EU data centers
- TikTok: Singapore and US-based operations
We ensure appropriate safeguards are in place for such transfers, including:
- EU Standard Contractual Clauses (SCCs)
- Adequacy decisions by the European Commission
- Binding Corporate Rules where applicable
- EU-US Data Privacy Framework certification
12. Cookies and Tracking
SPITI365 uses cookies to provide and improve our services:
12.1 Essential Cookies
- Session management and authentication
- Security tokens and CSRF protection
- User preferences and settings
12.2 Analytics Cookies (Optional)
- Usage patterns and feature adoption
- Performance monitoring
- Error tracking and debugging
We do not use third-party advertising or marketing cookies. You can manage cookie preferences through your browser settings.
13. Children's Privacy
SPITI365 is a business platform intended for use by adults (18 years or older) who are employees of SPITI365.
We do not knowingly collect personal information from children under 18. If you become aware that a child has provided us with personal information, please contact us immediately at welcome@spiti365.gr, and we will take steps to delete such information.
14. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors.
- Minor Changes: Posted on this page with updated "Last Updated" date
- Material Changes: Notified via email or platform notification at least 30 days before taking effect
Continued use of SPITI365 after changes become effective constitutes acceptance of the updated Privacy Policy.
15. Contact Information
For any privacy-related questions, concerns, or to exercise your rights, please contact us:
SPITI365 Privacy Team
Email: welcome@spiti365.gr
Website: spiti365.gr
Address: Thessaloniki, Greece
Response Time: We aim to respond within 5 business days, and complete requests within 30 days as required by GDPR.
For GDPR-related complaints, you may also contact:
Hellenic Data Protection Authority (HDPA)
Website: www.dpa.gr
Email: contact@dpa.gr
