Privacy Policy


Privacy Policy of the Estify.ai Service

Data Controller

The controller of personal data of users of the Estify.ai Service is GRAILSTONE Prosta Spółka Akcyjna, registered in Poland under KRS: 0001139986, with its registered office at Alfreda Dauna 14, 30-566 Kraków, Poland, e-mail: hello@estify.ai.
Grailstone PSA processes personal data in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR) and other applicable data protection laws.

Purposes of Data Processing

Personal data collected via Estify.ai is processed for the following purposes:

  • Performance of a contract. To provide property valuation services (including generating and delivering the Report). This requires processing identification data (e.g., name, surname, email, phone number) and property-related data (address, parameters).
  • Payment processing. To process online payments (invoicing and accounting). Legal basis: performance of a contract and legal obligation (tax and accounting regulations).
  • Customer communication. To send order confirmations, Reports, and handle customer inquiries or complaints. Legal basis: Art. 6(1)(b) GDPR.
  • Marketing (optional). To send newsletters or marketing offers related to Estify.ai services – only with user consent or based on legitimate interest (e.g., service improvement, market research).
  • Analytics and statistics. To collect anonymized data (e.g., via Google Analytics) to optimize the Service. Legal basis: user consent (cookies) or legitimate interest.

Legal Bases for Processing

Estify.ai processes personal data based on:

  • Art. 6(1)(b) GDPR – performance of a contract
  • Art. 6(1)(c) GDPR – compliance with legal obligations
  • Art. 6(1)(f) GDPR – legitimate interests (e.g., marketing, analytics)
  • Art. 6(1)(a) GDPR – user consent (e.g., cookies, newsletter)

Scope of Processed Data

The following categories of data may be processed:

  • Customer identification data: Name, surname, email address, phone number.
  • Property data: Property address (street, number, city, postal code) and parameters (area, number of rooms, floor, year of construction, etc.). Note: While a property address is not directly personal data, it may indirectly identify an owner and is therefore treated as personal data.
  • Payment data: We do not store full payment card details. Payments are processed via certified providers. Transaction data (amount, date, payment ID) may be processed.
  • Technical data (logs): IP address, browser type, operating system, access time, cookies data. Used for security, analytics, and diagnostics.

Data Retention Period

Personal data is retained only as long as necessary. Customer data: until expiration of claims (typically up to 2 years). Accounting data: as required by tax law (minimum 5 years). Technical data (logs): up to 30 days (unless needed longer for security). After this period, data is deleted or anonymized.

Data Subject Rights

Users have the following rights under GDPR:

  • Right of access (Art. 15 GDPR).
  • Right to rectification (Art. 16 GDPR).
  • Right to erasure (“right to be forgotten”) (Art. 17 GDPR).
  • Right to restriction of processing (Art. 18 GDPR).
  • Right to data portability (Art. 20 GDPR).
  • Right to object (Art. 21 GDPR).
  • Right to withdraw consent at any time.
  • Right to lodge a complaint with a supervisory authority (PUODO).

Requests can be sent to: hello@estify.ai. We respond within 1 month, in accordance with GDPR.

Data Recipients

Personal data may be shared with:

  • IT and hosting providers (e.g., cloud services like Google Cloud, AWS).
  • Payment operators (e.g., Stripe, PayPal).
  • Accounting providers.
  • Public authorities, where required by law.
  • Marketing and analytics providers (with consent).

All partners process data under appropriate safeguards (e.g., data processing agreements, SCCs).

Security Measures

Estify.ai applies appropriate technical and organizational measures, including: SSL/TLS encryption, secure data centers, system updates and backups, restricted access to authorized personnel, password hashing and authentication systems, security monitoring. Employees are obligated to maintain data confidentiality.

Cookies and Tracking Technologies

Estify.ai uses cookies and similar technologies:

  • Essential cookies: Required for basic functionality (e.g., session management).
  • Analytics cookies: Used to analyze traffic (e.g., Google Analytics) – require consent.
  • Marketing cookies: Used for personalized advertising (e.g., Google Ads).

Users can manage cookies in browser settings. Detailed information is available in the Cookies Policy section.

International Data Transfers (outside EEA)

Data may be transferred outside the EEA (e.g., to the United States) when using services such as Google Cloud, Stripe, or PayPal. Transfers are conducted in compliance with GDPR, using mechanisms such as: Standard Contractual Clauses (SCCs), other approved safeguards.

Data Subject Rights and Contact

Users can exercise their GDPR rights by contacting: hello@estify.ai, Grailstone PSA, Kraków, Poland. We respond within 30 days.

Changes to this Privacy Policy

Grailstone PSA reserves the right to update this Privacy Policy. Changes will be published on the website in advance. Continued use of the Service constitutes acceptance of the updated Policy. Last updated: December 4, 2025.

Contact for data protection inquiries: hello@estify.ai

Partnerzy

Uniwesytet Ekonomiczny w Krakowie
Google for Startups
Ad Value