LUXURYSTAGEHAUS← Back to home

Legal

Privacy Policy

Effective 2026-01-01

This Privacy Policy describes how LuxuryStageHaus (“we”, “us”) collects, uses, stores, and discloses personal information when you use our website, dashboard, and listing tooling (the “Service”). We operate under Israeli Privacy Protection Law 5741-1981 and apply equivalent practices to data subjects located in the European Union.

1. Who's responsible

The controller of personal data collected through the Service is the entity operating LuxuryStageHaus. For data-protection requests, contact privacy@luxurystagehaus.example.

2. What we collect

We collect:

  • Account data — email, name, and any profile details (handle, agency name, photo, headline) you choose to provide.
  • Listing content — text, photos, and videos you upload as part of your listings, plus the AI variants generated from them.
  • Contact submissions — when a visitor uses a listing's contact form: their name, email, optional phone, message text, and a salted hash of their IP address used for spam protection only.
  • Analytics — anonymous page-view and session counts for published listing pages (first-party, no third-party trackers; see §6).
  • Operational logs — request metadata used to diagnose errors and abuse.

3. Why we use it

  • To operate the Service: render your dashboard, store and serve your listings, deliver contact-form messages to you.
  • To provide AI-generated images and hero videos at your request.
  • To detect abuse: rate-limit contact submissions, block bots via honeypot, hash visitor IPs for spam-protection only.
  • To respond to legal requirements (court orders, lawful information requests).

4. Legal bases (GDPR, where applicable)

We rely on: (a) contract — to provide the Service you signed up for; (b) legitimate interest — running and securing the platform; (c) consent — for analytics tracking (see Cookie Policy); (d) legal obligation — when we're required to retain or disclose.

5. Who we share with

  • Authentication provider (Clerk) — to verify your identity and manage sessions.
  • Hosting and storage providers — to serve the Service (e.g. Vercel, Cloudflare R2 / S3-compatible storage).
  • Email provider — to send transactional email (welcome, listing-published, enquiry forwards, etc.).
  • AI service providers — when you opt into AI staging or hero-video generation, the relevant image or video is sent to the configured staging-api / video-api endpoint for processing.

We do not sell personal information.

6. Analytics

We use first-party page analytics on published listing pages (view counts, scroll milestones, language toggles). No third-party trackers, no cross-site identifiers. Visitor IPs are salted-hashed before storage and used only to soft-dedupe traffic. You can decline analytics in the cookie banner, in which case the analytics call is suppressed entirely (see the Cookie Policy).

7. Retention

  • Account, listings, and uploaded media — kept while your account is active.
  • Contact submissions — kept while the corresponding listing exists; deleted with the listing.
  • Analytics events — kept for 24 months in aggregate form; deleted with their listing when the listing is removed.
  • Operational logs — kept for at most 90 days.

8. Your rights

You have the right to access, correct, export, or delete your personal data, and to object to or restrict processing. Most actions are self-service from your dashboard: delete a draft, unpublish or delete a listing, edit your profile, withdraw a submission. For anything you can't do from the dashboard, email privacy@luxurystagehaus.example. We'll respond within 30 days (often sooner).

Deleting your account also deletes your listings, drafts, images, videos, agent profile, and contact submissions (via our Clerk user.deleted webhook). Best-effort storage-object cleanup runs alongside the database delete.

9. Security

Sessions are bearer tokens issued by Clerk. API access is auth-scoped per route. Uploaded media is served from S3-compatible storage with appropriate access policies. We rate-limit sensitive endpoints (contact form, AI staging) and HMAC-sign webhooks. No system is perfectly secure; we encourage reporting suspected vulnerabilities to security@luxurystagehaus.example.

10. International transfers

Our infrastructure runs in the European Union and the United States. When personal data crosses borders, we rely on Standard Contractual Clauses or the equivalent safeguards each sub-processor publishes.

11. Children

The Service is not intended for individuals under 16. We do not knowingly collect personal information from children. If you believe we have, contact us so we can delete it.

12. Changes

We may update this Policy from time to time. Material changes will be announced on the Service. Continued use after the effective date constitutes acceptance.