
Privacy Policy

Privacy Policy
Last Updated: JULY 8, 2026
This Privacy Policy explains what personal data Zettla collects, why, how it is used and protected, who it is shared with, and what rights you have. It should be read together with our Cookie Policy ("Zettla and Your Digital Footprint"), which covers cookies and similar technologies in detail, and our Terms of Use.
Because Zettla serves users in the European Union (including Spain), the United States, the Dominican Republic, and elsewhere, we apply EU data-protection standards (GDPR) to all users, regardless of location, and honor applicable rights under the California Consumer Privacy Act (CCPA/CPRA) and Dominican Republic law.
1. Who we are
The data controller for the Platform is:Zettla S.R.L., RNC: 1-33-58846-3.
Registered Address: Dominican Republic, Higüey, La-Altagracia Province, Punta Cana, Av. Alemania, Residencial Palma Real Villas / Cocotal, Condominio "Reserva Real", Apt. No. D - 205.
Email: privacy@zettla.com
EU representative: to be appointed.
2. What personal data we collect
Data you give us directly:
Account data – name, email address, and password (if you register with email), or the data received from your sign-in provider (see Section 3);
Inquiry and lead data – information you submit through contact, inquiry, or payment-plan request forms: name, email, phone number, preferred language, property preferences, budget indications, and the content of your message;
Booking data – name, email, time zone, and selected time slot when you schedule an appointment through our booking calendar;
Service request data – when you request a connection with a local service specialist: your name, contact details, and a description of the work needed;
Communications – the content of emails, messages, and calls you exchange with us, and notes our team keeps to serve you (for example, your stage in the buying process and your stated preferences).
Data collected automatically:
Analytics and session data – only with your consent, as described in our Cookie Policy: pages viewed, interactions, approximate location (country/city), device and browser information, and masked session replays;
Security and technical logs – IP addresses and connection metadata processed by our infrastructure (web server logs, intrusion prevention, and bot protection) to keep the Platform secure.
Data we do not collect: we do not collect special categories of personal data (such as health, religion, or political opinions), and we ask you not to include such information in free-text fields. We do not process payment card data – no payments are taken through the Platform.
3. Signing in with Google or Apple
If you choose to sign in with Google or Apple, we receive from the provider your name, email address, and a unique account identifier. We use this only to create and authenticate your account. Google and Apple act as independent controllers for the sign-in process itself – their handling of your data is governed by their own privacy policies, and your relationship with them is separate from your relationship with us. If you use Apple's "Hide My Email" feature, we receive a private relay address instead of your real email; our service emails will be delivered through Apple's relay.
4. Why we process your data (purposes and legal bases)
Purpose
Data
Legal basis (GDPR)
Responding to inquiries, providing property information, scheduling viewings and appointments
Inquiry, booking, account, communications
Performance of a contract / pre-contractual steps (Art. 6(1)(b))
Creating and managing your
account
Account data
Contract (Art. 6(1)(b))
Connecting you with a local
service specialist you requested
Service request data
Contract (Art. 6(1)(b))
Generating documents you
request (e.g., payment plan PDFs)
Inquiry data
Contract (Art. 6(1)(b))
Understanding and improving how the Platform is used (analytics, session replay)
Analytics data
Consent (Art. 6(1)(a)) – via the cookie banner
Sending marketing
communications
Contact data
Consent (Art. 6(1)(a)) or soft opt-in where permitted; opt-out always available
Platform security, abuse and
intrusion prevention, logging
Technical logs, IP addresses
Legitimate interest (Art. 6(1)(f)) – keeping the Platform and users safe
Internal lead management and prioritization
Inquiry, communications, account
Legitimate interest (Art. 6(1)(f)) – operating our sales process
Complying with legal obligations
As required
Legal obligation (Art. 6(1)(c))
Where we rely on legitimate interest, we have assessed that our interest does not override your rights and freedoms; you may object at any time (Section 10).
5. AI-assisted processing
We may use AI-assisted tools to support communication, scheduling, and lead management (for example, drafting responses or prioritizing inquiries). Where you interact directly with an AI-assisted system, we make this apparent, and you may request human assistance. AI tools are not used to make legally binding decisions about you without human oversight, and we do not use your personal data to train third-party AI models.
6. Who we share your data with
We do not sell your personal information, and we do not share it for cross-context behavioral advertising.
We share personal data only as follows:
Service specialists (at your request). When you request a connection with a local specialist (for example, plumbing or electrical work), we transmit your name, contact details, and request description to the assigned specialist so they can contact you and perform the work. Specialists are independent contractors and act as separate controllers of the data they receive for performing their services.
Self-hosted software (no data leaves our control). Our analytics (PostHog) and booking calendar (Cal.com) run on Zettla's own server. No personal data collected by these tools is transferred to PostHog Inc., Cal.com Inc., or any other software vendor.
Processors acting under our instructions, bound by Data Processing Agreements:
Provider
Role
Contabo
Hosting of Zettla's own server (analytics, booking, internal CRM and file storage)
Cloudflare
Network security, bot protection, approximate geolocation, and hosting of our request-routing infrastructure (including the specialist request service)
Supabase
Authentication and database for Platform accounts and user data
Resend
Transactional email delivery
Google Workspace
Business email and correspondence
Legal requirements. We may disclose data where required by law, court order, or to protect rights, safety, or property.
Business transfers. In the event of a merger, acquisition, or asset sale, data may be transferred with notice to users.
7. International transfers
Zettla's own server is located in the United States; our other providers may also process data in the US or other countries. For users in the EU/EEA, this means personal data is processed outside the EEA.
Such transfers are safeguarded as required by GDPR Chapter V: our hosting provider is bound by a Data Processing Agreement incorporating the EU Standard Contractual Clauses, and our other providers process data under Data Processing Agreements, with transfers covered by the EU Standard Contractual Clauses or the EU-US Data Privacy Framework, as applicable.
Details are available on request at privacy@zettla.com.
8. How long we keep your data
By category:
Analytics events – 12 months; session recordings – 30 days (see Cookie Policy);
Account data – for as long as your account exists, then deleted or anonymized within a reasonable period after closure;
Inquiry and lead data – for the duration of our engagement and up to 24 months after last contact, unless you ask us to delete it sooner;
Booking data – 12 months after the appointment;
Service request data – 12 months after completion of the request;
Security logs – short rotation periods appropriate to their purpose;
Email correspondence – retained as ordinary business records.
Backups are retained on a rolling schedule and expire automatically; data deleted from live systems disappears from backups as they rotate.
9. How we protect your data
We apply technical and organizational measures appropriate to the risk, including: encryption of data in transit (TLS); encrypted off-site backups; server hardening, intrusion detection and prevention; access limited to authorized team members on a need-to-know basis; and credential management with multi-factor authentication. No system is perfectly secure, but security is a core discipline at Zettla, not an afterthought.
10. Your rights
If you are in the EU/EEA – and we extend these rights to all users – you have the right to:
Access the personal data we hold about you;
Rectify inaccurate data;
Erase your data ("right to be forgotten");
Restrict or object to processing, including processing based on legitimate interest;
Data portability – receive the data you provided in a structured, machine-readable format;
Withdraw consent at any time (for cookies – via "Cookie Settings"), without affecting prior processing;
Not be subject to solely automated decisions with legal or similarly significant effects – we do not make such decisions.
To exercise any right, email privacy@zettla.com. We will verify your identity and respond within one month (extendable as permitted by law). Exercising your rights is free of charge.
You may also lodge a complaint with a supervisory authority – for users in Spain, the Agencia Española de Protección de Datos (AEPD), www.aepd.es.
California residents. The rights above cover what the CCPA/CPRA grants: the right to know, delete, correct, and to non-discrimination for exercising your rights. Since we do not sell or share personal information, there is nothing to opt out of, and no "Do Not Sell or Share" link is required. If your browser sends a Global Privacy Control signal, we honor it as an expression of that choice. Requests: privacy@zettla.com.
11. Marketing communications
We send marketing communications (such as property recommendations or newsletters) only where permitted by law – where required, only with your consent.
Every marketing message includes an unsubscribe option; you can also opt out via account settings or support@zettla.com. Calls and text messages involving automated technology or AI-generated voice are made only with your prior express consent, which is never a condition of any purchase; reply STOP to any SMS to cancel.
12. Children
The Platform is intended for adults (18+). We do not knowingly collect personal data from children. If you believe a child has provided us data, contact privacy@zettla.com and we will delete it.
13. Cookies and similar technologies
Covered in full in our Cookie Policy – "Zettla and Your Digital Footprint" – including every cookie by name, consent controls, and durations. Nothing optional runs until you allow it.
14. Changes to this policy
We may update this Privacy Policy to reflect changes in our practices, technology, or law. Material changes will be announced on the Platform, and where required we will seek fresh consent. The "Last updated" date reflects the current version.
15. Contact
Privacy-related requests, and data inquiries: privacy@zettla.com.
General support: support@zettla.com.