Legal
Privacy Policy
Last updated: 1 April 2026
This Privacy Policy explains how Tariro Limited ("AnyDoor", "we") collects, uses, shares and protects your personal data when you use the AnyDoor website and services. We comply with the EU General Data Protection Regulation (Regulation (EU) 2016/679, "GDPR") and the Cyprus Personal Data Protection Law (125(I)/2018).
1. Data controller
The data controller for personal data processed through the Service is Tariro Limited, a company incorporated in the Republic of Cyprus, with registered office at 246 Archiepiskopou Makariou III, 3105 Limassol, Cyprus. For any privacy enquiry, contact us at info@getanydoor.com.
2. Personal data we collect
We collect the following categories of personal data:
- Identifiers and contact data — name, email, phone number, account credentials.
- Property and enquiry data — addresses, photos, descriptions and other details you submit when listing or enquiring about a property.
- Communications — messages, support requests, and any correspondence with us or our Listing Partner.
- Device and usage data — IP address, browser type and version, operating system, device identifiers, referring URLs, pages viewed, timestamps, and approximate (city-level) location derived from IP.
- Cookies and similar technologies — see our Cookie Policy.
- Transaction-related data — for paid services, billing details processed by our payment providers (we do not store full card numbers).
3. Sources of data
- Directly from you (forms, account creation, enquiries, listings).
- Automatically when you use the Service (cookies, server logs, analytics).
- From our Listing Partner DDN Real Deal Estates Limited and other partners when you interact with them in connection with a listing.
4. Purposes and legal basis
We process personal data for the following purposes, relying on the legal bases set out in Article 6 GDPR:
| Purpose | Legal basis (GDPR Art. 6) |
|---|---|
| Provide the Service, maintain accounts, route enquiries to the Listing Partner | Performance of a contract (6(1)(b)) |
| Send service emails, security and fraud prevention, debugging, infrastructure operation | Legitimate interests (6(1)(f)) |
| Marketing newsletters and market briefings | Consent (6(1)(a)) — withdrawable at any time |
| Analytics cookies and usage measurement | Consent (6(1)(a)) |
| Comply with tax, accounting, AML, court orders | Legal obligation (6(1)(c)) |
| Defend legal claims, investigate abuse | Legitimate interests (6(1)(f)) |
5. Who we share data with
- DDN Real Deal Estates Limited (our Listing Partner) — when you submit an enquiry or listing related to a property they handle.
- Service providers (processors) — hosting and infrastructure (Lovable Cloud, Cloudflare), database (Supabase), email delivery, error monitoring, and analytics. Each processor is bound by a written data-processing agreement.
- Professional advisers — lawyers, accountants, auditors, where necessary.
- Public authorities — where required by law, court order, or to protect our rights.
- Successors in interest — in connection with a merger, acquisition, or asset sale, subject to confidentiality.
We do not sell your personal data and we do not share it with third parties for their own marketing.
6. International transfers
Where personal data is transferred outside the European Economic Area, we rely on appropriate safeguards under Articles 44–49 GDPR, primarily the European Commission's Standard Contractual Clauses, supplemented by technical measures such as encryption in transit and at rest.
7. Retention
| Category | Retention period |
|---|---|
| Account data | Until you delete the account, plus up to 12 months in encrypted backups |
| Enquiry submissions | 24 months from last interaction |
| Newsletter subscribers | Until you unsubscribe |
| Server and security logs | 12 months |
| Billing and tax records | As required by Cyprus tax law (typically 6 years) |
When the retention period ends we delete or anonymise the data.
8. Your rights
Subject to GDPR Articles 15–22, you have the right to:
- Access a copy of the personal data we hold about you.
- Rectify inaccurate or incomplete data.
- Erase your data ("right to be forgotten") in defined circumstances.
- Restrict processing in defined circumstances.
- Portability — receive your data in a structured, machine-readable format.
- Object to processing based on legitimate interests, including direct marketing.
- Withdraw consent at any time where processing is based on consent (without affecting prior lawful processing).
To exercise any of these rights, email info@getanydoor.com. We will respond within one month (extendable by two months for complex requests, with notice).
9. Automated decision-making
We do not make decisions producing legal or similarly significant effects about you based solely on automated processing, including profiling.
10. Children
The Service is not directed at children under 18 and we do not knowingly collect personal data from children. If you believe a child has provided us personal data, please contact us and we will delete it.
11. Security
We apply appropriate technical and organisational measures to protect personal data, including encryption of data in transit (TLS), access controls, principle of least privilege, audit logging, regular dependency and security reviews, and segregation of production data. No system is perfectly secure; please keep your account credentials confidential.
12. Complaints
If you believe we have handled your data unlawfully, please contact us first. You also have the right to lodge a complaint with the Cyprus supervisory authority — the Office of the Commissioner for Personal Data Protection — or with the supervisory authority in your country of residence.
13. Updates to this Policy
We may update this Policy from time to time. The "Last updated" date at the top reflects the most recent revision. Material changes will be communicated through the Service or by email where appropriate.