A LevantGate productPrivacy Policy
Effective 2026-07-14 · LevantGate, Erbil, Kurdistan Region of Iraq
This Privacy Policy explains how LevantGate ("LevantGate", "we", "us") collects, uses, discloses, and protects personal information when you use SRP — Smart Residential Platform, including our website, resident mobile applications on Google Play and the Apple App Store, and administrative dashboards (together, the "Service").
1. Data controller
LevantGate, headquartered in Erbil, Kurdistan Region of Iraq, is the controller of personal data processed through the Service. For residents whose compound uses SRP, your property management company acts as an independent controller of the compound records; we process resident data on their behalf as a processor.
2. Information we collect
2.1 Information you provide
- Account identifiers: full name, email address, mobile phone number, password (stored as a salted hash), preferred language.
- Compound and unit records: unit number, tenancy status, lease dates, household members entered by administrators.
- Payment information: invoice history, receipt records, and transaction metadata. Card numbers are entered directly with our payment processor and are never stored on our servers.
- Support content: messages you send to support or through in-app tickets.
2.2 Information collected automatically
- Device identifiers: device model, operating system version, application version, language and time-zone settings.
- Push notification tokens issued by Apple Push Notification service (APNs) and Firebase Cloud Messaging (FCM).
- Diagnostics: anonymised crash reports, performance traces, and error logs used to keep the app stable.
- App interaction analytics: aggregated feature usage counts (e.g. how many bills were opened) with no individual profiling.
- IP address and coarse network data for security, fraud prevention, and audit logging.
2.3 Information we do NOT collect
SRP does not access your photo library, camera, microphone, contacts, calendar, precise or background location, health data, or advertising identifiers. We do not sell personal data and do not use it for cross-context behavioural advertising.
3. Purposes and legal bases (GDPR Art. 6)
| Purpose | Data | Legal basis |
|---|---|---|
| Providing the Service, invoices, notifications | Account, unit, billing | Contract |
| Security, fraud prevention, audit logs | IP, device, activity | Legitimate interest |
| Customer support | Support content, account | Contract / legitimate interest |
| Legal, tax, accounting obligations | Billing history | Legal obligation |
| Product improvement (aggregated) | Diagnostics, usage counts | Legitimate interest |
4. Sharing and disclosure
We share personal data only with:
- Your property management company and its authorised administrators, according to your role and unit.
- Sub-processors that host or transmit data on our behalf under a written data processing agreement. The full list is on our Third-Party Services page.
- Payment processors to complete transactions you authorise.
- Authorities where required by valid legal process.
- Successors in the event of a merger, acquisition, or reorganisation, under equivalent confidentiality obligations.
We do not sell, rent, or trade personal data.
5. International transfers
Our primary infrastructure is hosted in the Middle East / EU regions of enterprise cloud providers. Where personal data is transferred outside your country, we rely on the recipient's certifications and Standard Contractual Clauses.
6. Retention
Detailed timelines are in our Data Retention policy. In summary: account data is kept while the account is active; billing records are kept for the period required by tax law; diagnostic logs are kept for up to 90 days; backups are cycled out within 30 days after deletion.
7. Security
See our Security page for details. In brief: TLS 1.2+ in transit, AES-256 at rest, role-based access control, mandatory MFA for administrators, encrypted backups, and continuous logging.
8. Your rights
Subject to applicable law (including GDPR and CCPA), you have the right to access, correct, delete, restrict or object to processing, receive a portable copy, and withdraw consent. To exercise any right, email info@levantgate.com or use the flows on our Delete Account and Delete Data pages. We respond within 30 days.
California residents (CCPA/CPRA): you also have the right to know the categories of data collected, to opt out of "sharing" (we do not sell or share for cross-context advertising), and to non-discrimination for exercising your rights.
9. Children
SRP is intended for adults 18 years or older. We do not knowingly collect personal data from children. See our Children's Privacy policy.
10. Cookies
We use a minimal set of first-party cookies for authentication, language preference, and security. Details are on our Cookie Policy page.
11. Changes to this Policy
We will post material changes on this page and, where required, notify you in-app or by email at least 30 days before they take effect. The "Effective" date at the top reflects the latest version.
12. Contact
Privacy questions: info@levantgate.com
Support: support@levantgate.com
Postal: LevantGate, Erbil, Kurdistan Region of Iraq.