Privacy Policy

We collect information that you provide directly to us when you create an account, list a property, search for accommodations, or communicate with other users. This includes:

• Full name and display name
• Email address
• Phone number
• Location and address details (for property listings)
• Profile photo (optional)
• User role preference (tenant, owner, or agent)
• Property details and photos (for owners and agents)
• Search preferences and saved listings
• Reviews and ratings submitted on the platform

We use Supabase as our primary backend and database service. Supabase provides a secure PostgreSQL database with built-in authentication. Your data is stored in Supabase-managed servers with enterprise-grade security, including:

• Row-level security (RLS) policies to ensure users can only access their own data
• Encrypted connections (SSL/TLS) for all data in transit
• Secure authentication with email/password and social login support
• Regular automated backups of all data

We use cookies and browser localStorage to enhance your experience on Castle:

• Authentication tokens — to keep you signed in across sessions
• Theme preference — to remember your dark/light mode choice
• Recently viewed listings — to show you properties you have recently browsed
• Search filters — to preserve your last search preferences
• Saved/bookmarked PGs — stored locally for quick access

You can clear your browser cookies and localStorage at any time through your browser settings. Please note that doing so may require you to sign in again.

Castle integrates with the following third-party services to provide a better experience:

We take the security of your personal data seriously and implement the following measures:

• All data transmitted between your browser and our servers is encrypted using HTTPS/TLS
• Passwords are hashed using bcrypt and are never stored in plain text
• Database access is restricted through Supabase row-level security policies
• API routes are protected with authentication middleware
• Regular security reviews and dependency updates
• Admin access is restricted and monitored

While we strive to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

As a user of Castle, you have the following rights regarding your personal data:

• Access — You can view and download your personal data from your profile page at any time
• Correction — You can update your profile information, including name, email, phone, and preferences
• Deletion — You can permanently delete your account and all associated data through the account settings. This action is irreversible
• Data Portability — You can request a copy of your data in a structured format
• Withdraw Consent — You can withdraw consent for optional data processing at any time
• Opt-out — You can opt out of promotional communications and notifications

We retain your personal data for as long as your account is active or as needed to provide our services. If you delete your account, we will remove your personal data within 30 days, except where we are required to retain it by law.

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal reasons. We will notify you of any material changes by posting the updated policy on this page and updating the "Last updated" date. We encourage you to review this page periodically.

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us: