Urbanxo logoUrbanxo

Urbanxo home

Terms of Service & Privacy Policy

One document covering how you may use Urbanxo, how we handle personal data, and your rights in Europe and worldwide.

Overview

This document combines Terms of Service and a Privacy Policy for the Urbanxo software platform and related websites (the “Service”). It is designed to reflect common requirements under the EU General Data Protection Regulation (“GDPR,” Regulation (EU) 2016/679), the UK GDPR and Data Protection Act 2018, the Swiss Federal Act on Data Protection (“FADP”), and comparable laws in other countries—including U.S. state privacy laws such as the California Consumer Privacy Act as amended by the California Privacy Rights Act (“CCPA / CPRA”)—where they apply to you.

This is not legal advice. Laws differ by country, sector, and facts. The person or company operating Urbanxo for you (“we,” “us,” “Operator”) should have qualified counsel review and adapt this text for your entity, hosting locations, and contracts.

Last updated: March 30, 2026.

Terms of Service

1. Acceptance

By creating an account, accessing, or using the Service, you agree to these Terms on behalf of yourself and, where applicable, the organization you represent. If you do not agree, do not use the Service.

2. What Urbanxo is

Urbanxo is a cloud application for real-estate and project sales operations: for example buildings, units, maps, offers, sales, payments, reporting, and optional public-facing listing pages. Features may change over time.

3. Accounts and eligibility

You must provide accurate registration information and keep credentials confidential. You are responsible for activity under your account. You must be legally able to enter a binding contract in your jurisdiction.

4. Organizations and roles

The Service is typically used in organizations (workspaces). Administrators may invite members, assign permissions, and configure settings. You acknowledge that your organization’s admins may access, export, or delete content you submit within that workspace according to its policies and these Terms.

5. Your content and license to operate

You retain rights to data and materials you submit. You grant the Operator a non-exclusive, worldwide license to host, process, back up, display (including on your public site), and otherwise use that content solely to provide, secure, and improve the Service and to comply with law.

6. Acceptable use

You agree not to:

  • break the law or infringe others’ rights;
  • upload malware, probe or attack systems, or bypass security;
  • scrape or overload the Service without permission;
  • use the Service to send unsolicited bulk email in violation of anti-spam rules;
  • misrepresent identity or impersonate others.

7. Third parties

The Service may integrate email, hosting, AI, maps, analytics, or payment-related providers. Their terms may apply in addition to ours. We are not responsible for third-party sites you link to from your content.

Preferences and AI: We do not sell your user preferences to third parties for their own marketing. Where the Service includes artificial intelligence, it is provided solely as an assistive capability to support your workflows (for example drafting suggestions, recommendations, or productivity features), as further described in the Privacy Policy (Artificial intelligence). Such tools do not exercise autonomous or unrestricted control over your data, do not replace your organization’s judgment or obligations, and remain subject to your permissions and applicable product controls.

8. Availability and changes

We strive for high availability but do not guarantee uninterrupted access. We may modify, suspend, or discontinue features with reasonable notice where practicable.

9. Fees

If you use paid plans, fees, billing cycles, and taxes are as stated at purchase or in your order. We may suspend access for material non-payment according to contract.

10. Disclaimer of warranties

The Service is provided “as is” and “as available.” To the fullest extent permitted by law, we disclaim implied warranties of merchantability, fitness for a particular purpose, and non-infringement.

11. Limitation of liability

To the fullest extent permitted by applicable law, neither party is liable for indirect, incidental, special, consequential, or punitive damages, or loss of profits, data, or goodwill, except where such exclusion is void (for example, some consumer laws). Our aggregate liability for claims arising out of the Service in any twelve-month period is generally limited to amounts you paid us for the Service in that period, unless mandatory law requires otherwise.

12. Indemnity

You will defend and indemnify the Operator against third-party claims arising from your content, your misuse of the Service, or your violation of these Terms, subject to applicable law.

13. Termination

You may stop using the Service at any time. We may suspend or terminate access for breach, risk, legal requirement, or non-payment as allowed by law and contract. Provisions that by nature should survive (e.g., liability limits, governing law where stated in a separate agreement) will survive.

14. Governing law and disputes

If you have a written agreement with the Operator that specifies governing law and courts, that agreement controls. Otherwise, mandatory consumer or employment protections in your country may still apply and cannot be waived where prohibited.

Privacy Policy

1. Who is responsible

For account and platform data (e.g., login details, audit logs about use of Urbanxo), the Operator is typically the controller under GDPR-style laws. For business data you enter about your clients, buyers, or tenants, your organization is often the controller and the Operator processes that data on documented instructions as a processor, to the extent those roles apply in your jurisdiction. Where both roles exist, this Policy explains both.

2. Categories of personal data

Depending on how you use the Service, we may process:

  • Identity and contact: name, email, phone, company, role;
  • Account and security: credentials, session tokens, device/browser metadata, IP address, timestamps;
  • Organization content: property, unit, offer, sale, payment, client, and messaging data you choose to store;
  • Technical and usage: logs, diagnostics, support tickets;
  • Marketing: limited data if you subscribe to updates (with consent where required).

3. Purposes and legal bases (GDPR / UK / EEA / Switzerland)

We process personal data on these bases where applicable:

  • Contract (Art. 6(1)(b) GDPR): providing accounts, organizations, and features you request;
  • Legitimate interests (Art. 6(1)(f)): securing the Service, preventing abuse, improving reliability, and limited analytics, balanced against your rights;
  • Legal obligation (Art. 6(1)(c)): tax, accounting, court orders, or regulatory requests;
  • Consent (Art. 6(1)(a)): optional cookies, marketing emails, or other uses we expressly ask you to agree to.

4. Recipients and subprocessors

We use vetted infrastructure and service providers (e.g., hosting, database, email delivery, storage). They process data only under contract and instructions compatible with this Policy. A current list may be published separately or provided on request where required by law.

5. Retention

We keep data only as long as needed for the purposes above, including statutory retention (for example invoicing or accounting records). Backup systems may retain redundant copies for a limited period before overwrite or secure deletion cycles complete.

6. User preferences and internal use

We may store preferences and settings you choose in the Service (for example workspace options, marketing or listing choices, and similar controls). We use this information only to operate, secure, and improve the Service for you and your organization—including to personalize recommendations and surface features that fit how you work—so we can serve your clients and teams as effectively as possible.

We do not sell user preferences to third parties or share them for unrelated third-party advertising or marketing. Where subprocessors host or process such data, they do so only under contract and our instructions, as described in “Recipients and subprocessors” above—not for their own independent use of your preferences.

7. Artificial intelligence (AI)

Certain features may incorporate artificial intelligence or machine-learning models (collectively, “AI features”) for ancillary, assistive purposes only—for example to generate suggestions, summaries, or recommendations; to prioritize or rank content you already control; or to help you complete tasks more efficiently. AI features are intended to supplement human judgment, not to replace it, and to make routine work faster and easier within the scope of the Service.

We configure AI features so that sensitive categories of personal data are not transmitted to AI systems except to the minimum extent necessary to provide the specific functionality you invoke, and we implement technical and organizational measures proportionate to the risk. AI features do not grant any model or vendor general-purpose, autonomous, or unrestricted access to your databases or accounts; processing remains bounded by product design, access controls, and your organization’s instructions where applicable.

No fully automated decision-making without appropriate oversight: outputs may be incomplete, outdated, or incorrect. You remain responsible for reviewing AI-generated content before use in material business, financial, regulatory, or legal contexts. The Operator does not warrant that AI outputs will meet any particular standard of accuracy or fitness for a specific purpose beyond what is expressly stated in your commercial agreement, if any.

EU, EEA, UK, and Switzerland—your rights

If the GDPR, UK GDPR, or FADP applies to you, you may have the right to:

  • access your personal data (GDPR Art. 15);
  • rectify inaccurate data (Art. 16);
  • erase data in certain cases (Art. 17);
  • restrict processing (Art. 18);
  • data portability (Art. 20);
  • object to processing based on legitimate interests (Art. 21);
  • withdraw consent where processing was consent-based, without affecting earlier lawful processing;
  • lodge a complaint with a supervisory authority in your country.

To exercise rights, contact us using the details below. We may need to verify your identity. If your organization is the controller for certain data, we may direct you to them for parts of your request.

Worldwide use and U.S. state privacy

If you reside outside the EEA/UK/Switzerland, local laws may give you similar or additional rights (for example access, deletion, correction, opt-out of “sale” or “sharing” of personal information, or limitation of use of sensitive data under CCPA/CPRA and other U.S. state laws). We honor applicable requests where the law applies to our processing and we can reasonably verify the request.

International transfers: If we transfer personal data from the EEA, UK, or Switzerland to countries not deemed adequate by the relevant authority, we use appropriate safeguards such as the EU Standard Contractual Clauses (SCCs), the UK International Data Transfer Addendum, or Swiss adaptations, plus supplementary measures where required by case law and regulators.

Security, confidentiality, and encryption

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction, including:

  • Encryption in transit: data is typically transmitted over HTTPS (TLS) between your browser and our application;
  • Encryption at rest: where supported by our cloud and storage providers, databases and object storage use industry-standard encryption for stored data;
  • Access control: role-based permissions, authentication, logging, and least-privilege practices for administrative access;
  • Operational practices: patching, monitoring, backups, and incident response procedures appropriate to risk.

No method of transmission or storage is 100% secure. We will notify you and regulators of personal data breaches where we are legally required to do so.

Account deletion and erasure

When you delete your user account through the controls we provide (or when an administrator removes you), we delete or irreversibly anonymize personal data tied to that account in our production systems within a reasonable period, except where we must retain specific information to:

  • comply with legal obligations (e.g., tax, accounting, court orders);
  • establish, exercise, or defend legal claims; or
  • complete a deletion already in progress across distributed systems and backups.

Organization data: deleting your personal account does not automatically delete all business records your organization keeps in Urbanxo; your admin may retain operational data. If an entire organization requests closure and deletion, we work with lawful instructions and contracts to remove or return data as agreed.

Backup copies may persist for a limited technical window; they are protected with the same security standards and are overwritten or purged according to our retention schedule.

Cookies and similar technologies

We use cookies and similar technologies that are strictly necessary for authentication, security, and session management. Where we use optional analytics or marketing cookies, we will ask for consent where EU/UK/ePrivacy rules require it. You can control cookies through your browser settings; disabling strictly necessary cookies may break sign-in.

Children

The Service is not directed at children under the age where parental consent is required in your region. We do not knowingly collect personal data from children for marketing. If you believe we have collected such data, contact us and we will delete it promptly where the law requires.

Changes to this document

We may update these Terms and this Privacy Policy. We will post the new version with an updated date and, where changes are material and the law requires, provide additional notice (for example by email or in-product message).

Contact

For privacy, data-protection, or contractual questions, use the support or legal contact named in your order, invoice, or enterprise agreement. If you use Urbanxo without such details, contact the administrator of your organization’s workspace or the party that invited you to the platform.

For EU/UK representatives or data protection officer details, if appointed, the Operator should publish them alongside this page or in your commercial agreement.

Back to the product

HomeCreate accountSign in