Privacy Policy

Who is responsible for your personal data

The operator of Perfect Blue is the controller of personal data processed through the platform. You can contact us at contact@perfectblue.es.

Full legal identity details of the operator, including registered address and tax identification, will be published on our website when confirmed. If we appoint a Data Protection Officer or EU representative where required, we will list those details here.

What personal data we process

Depending on how you use Perfect Blue, we may process the following categories of personal data:

• Account and authentication data, such as your email address, account ID, and login-related information managed through our authentication provider.
• Profile data, such as your display name and preferred language.
• Listing data, such as property descriptions, location information, price, characteristics, and other information you choose to publish.
• Listing photos and related metadata.
• Message data exchanged through the in-app messaging feature.
• Technical and security data, such as device and browser information, approximate location derived from IP address, service logs, and fraud-prevention information.
• Support and contact communications that you send to us.
• Analytics or product-usage events, only if and when such tracking is enabled in future (see Cookies and analytics below).

How and why we use your data

We use personal data to provide and operate the service; create and manage accounts; authenticate users; publish and display listings and listing photos; enable in-app messaging about listings; communicate with you about the service; respond to support requests; maintain platform security; prevent fraud, abuse, and misuse; investigate reports; comply with legal obligations; and improve the service.

If we enable analytics or product event tracking in future, we intend to configure it so that it does not collect message contents, private email addresses, phone numbers, exact private addresses, or other data that is not necessary for service improvement.

Legal bases

We normally rely on the following legal bases under the GDPR:

• Contract / steps at your request: to create your account, provide the portal, publish your listings, store photos, enable messaging, and manage core service functions.
• Legitimate interests: to secure the service, prevent fraud and abuse, moderate content, investigate reports, provide support, keep necessary records, defend legal claims, and run carefully designed first-party service analytics where permitted.
• Consent: where required for non-essential cookies or analytics technologies, or for optional marketing communications.
• Legal obligation: where we must keep records, respond to lawful requests, or comply with tax, accounting, or other legal duties.

Who we share data with

We share personal data only where needed to run the service, comply with law, protect rights, or investigate misuse. Our service providers may include hosting and deployment providers, authentication, database and storage providers, email or support providers, analytics providers, and professional advisers.

For the current stack, this includes Supabase for authentication, database, and storage, and Vercel for hosting and deployment. If we enable web analytics or product event tracking in future, we will update this policy to describe those tools. If payment features are activated in future, we will update this policy to identify the payment provider and explain what payment-related data is processed.

Processors and sub-processors

Our service providers may use authorised sub-processors. We expect our processors to provide appropriate security and confidentiality safeguards and to process personal data under written contractual terms. Some providers publish their own sub-processor information and may update those lists from time to time.

International data transfers

Some of our providers may process or access personal data outside Spain or the European Economic Area. Where that happens, we aim to use a lawful transfer mechanism, such as a European Commission adequacy decision or standard contractual clauses and related safeguards. You can contact us if you would like more information about the transfer safeguards relevant to your data.

How long we keep data

We keep personal data for no longer than necessary for the purposes described in this Policy, taking into account the nature of the data, the purpose for which it was collected, the status of your account or listing, security and anti-abuse needs, potential disputes, and legal retention obligations.

For example, we may keep account data while your account is active and for a follow-on period where needed for legal, security, or dispute purposes; listing data while a listing is live and for a limited follow-on period for records, support, fraud prevention, or disputes; message data for as long as needed to provide the messaging feature and investigate misuse; and technical logs for as long as reasonably necessary for security and service reliability.

Messages and user-generated content

Messages sent through Perfect Blue are user communications. We do not use message contents for advertising profiling. We may access or review message content where this is necessary and proportionate to provide the messaging function, respond to support requests, investigate abuse or suspicious activity, enforce our Terms of Use, respond to legal requests, or protect the safety of users and the platform.

Listing text, photos, and similar user-generated content may contain personal data and will be processed in order to publish and operate the platform.

Cookies and analytics

Perfect Blue does not currently use analytics tools, advertising trackers, or a cookie consent banner. Basic technical cookies or similar technologies may still be needed for authentication, security, and core site operation.

We may introduce privacy-oriented analytics or first-party product event tracking in future, for example to understand how the service is used and to improve it. If we do, we will update this Policy and, where required by law, provide appropriate notice or consent choices before non-essential tracking is activated.

If analytics are added, we intend to configure them so they do not track message contents, private emails, phone numbers, exact private addresses, or unnecessary identifiers.

Your rights

Under the GDPR, you may have the right to request access to your personal data, correction of inaccurate data, deletion, restriction of processing, objection to certain processing, and data portability where the legal conditions apply. Where we rely on consent, you may withdraw consent at any time without affecting earlier lawful processing.

You also have the right to lodge a complaint with a supervisory authority in the EU/EEA country where you live, work, or where you believe an issue occurred. If our main establishment is in Spain, that may include the Spanish Data Protection Agency (AEPD). We encourage you to contact us first where possible.

How to exercise your rights

You can contact us at contact@perfectblue.es. We may ask for reasonable information to verify your identity before acting on a request. If your request concerns messages, listings, or content involving other users, we may need to balance your rights against the rights and freedoms of others.

Security

We use technical and organisational measures intended to protect personal data, including access controls, secure storage, and service-provider protections appropriate to the nature of the service. No online service can guarantee absolute security, so we encourage users to protect their passwords and remain cautious when communicating with others online.

Changes to this Policy

We may update this Privacy Policy from time to time. We will publish the updated version on the website and update the "Last updated" date. Where required, we will provide additional notice.