Privacy Policy
This Privacy Policy explains how Broker Free ("we", "us") collects, uses, shares, and protects your personal data when you use the Broker Free mobile application and related services (the "Service"). It is written to comply with the EU General Data Protection Regulation (GDPR) and applicable Bulgarian law. Please read it together with our Terms & Conditions.
1. Who is responsible (data controller)
The controller of your personal data is Broker Free, operated by Stoyan Hristov, an individual based in Sofia, Bulgaria. For any privacy question or to exercise your rights, contact us at support@broker-free.app.
2. The data we collect
Information you provide
- Phone number: used to verify your account. We store it only as a salted, one-way hash (we cannot reverse it). The raw number is held only by our authentication provider (Google Firebase) to send the verification SMS.
- Profile: your display name and, optionally, an avatar photo.
- Sign-in identity: if you connect Sign in with Apple or Google, the identifier they provide (not your password).
- Listings: the property details, description, price, address, approximate location (coordinates), and photos you upload.
- Messages: the content of chats you send to other members.
- Bookings & reviews: viewing requests, notes, attendance, and the ratings/reviews you write.
- Saved searches & favourites: search filters you save and listings you favourite.
- Reports & support: content you submit when reporting a user/listing or contacting support, including a contact email you provide.
Information collected automatically
- Device platform (iOS/Android) and a push notification token (so we can send notifications).
- Usage & safety signals: listing views, no-show/attendance and response counters, and records of policy violations (e.g. attempts to share contact details in chat, or screenshots of other members' content).
- Subscription status: a mirror of your plan (Apple/Google remain the source of truth). We do not receive your payment-card details.
3. How and why we use your data (and our legal bases)
- To provide the Service: create your account, show and manage listings, enable messaging, bookings, reviews, and notifications. Legal basis: performance of our contract with you.
- Safety, trust, and anti-circumvention: automatically scanning messages for prohibited content and attempts to take deals off-platform, detecting and recording screenshots of other members' content, moderating listings and reviews, preventing fraud, fake listings, and broker/agent activity, and enforcing our Terms. Legal basis: our legitimate interests in operating a safe, broker-free marketplace, and compliance with legal obligations.
- Account security: verifying your phone, rate-limiting identity and number changes, and preventing account takeover. Legal basis: legitimate interests and legal obligation.
- Communications: sending service and safety notifications (e.g. a new message, a booking update, a moderation notice). Legal basis: contract / legitimate interests; push notifications also rely on your device permission.
- Subscriptions & features: applying your plan limits and one-time features. Legal basis: contract.
- Advertising: showing ads to free-tier users (see §7). Legal basis: consent (in the EEA/UK) or legitimate interests for non-personalised ads.
- Legal & dispute handling: responding to lawful requests and defending legal claims. Legal basis: legal obligation / legitimate interests.
4. Message scanning & moderation (transparency)
To keep the marketplace safe and broker-free, the Service automatically scans messages for contact-information sharing (phone numbers, emails, social handles) and prohibited content. Detected attempts are masked in the chat and may be logged as a violation. When a member reports another member or listing, we capture a minimised snapshot of the relevant content (a chat excerpt, the listing, booking context) so our moderators can review the report. This content is moderator-only and used solely for the safety review you were informed about. We do not monitor private conversations beyond these automated and report-triggered purposes.
5. Who we share data with
We do not sell your personal data. We share it only with service providers ("processors") who help us run the Service, under contracts that require them to protect it:
- Google Firebase: phone authentication and push notification delivery.
- Supabase: our database and backend hosting.
- Cloudflare R2: storage and delivery of listing photos and avatars.
- Apple & Google: payment processing for subscriptions and in-app purchases.
- Google AdMob: advertising to free-tier users (see §7).
Other members see the information you choose to make public, such as your display name, avatar, ratings, and your active listings and their photos. We may also disclose data where required by law, to enforce our Terms, or to protect the rights and safety of our users.
6. International transfers
Some of our providers (e.g. Google, Cloudflare, Apple) process data on servers outside the European Economic Area. Where data is transferred internationally, it is protected by appropriate safeguards such as the European Commission's Standard Contractual Clauses or an adequacy decision.
7. Advertising
Free-tier users may see ads served through Google AdMob; paid subscribers do not see ads. In the EEA/UK we ask for your consent through Google's consent message before showing personalised ads; you can change your choice at any time. For more on how Google uses data in this context, see Google's privacy resources.
8. How long we keep data
We keep personal data only as long as necessary for the purposes above. In particular: your account data is kept while your account is active; when you delete your account we anonymise or remove your personal data, the raw phone number is deleted from our authentication provider, your photos are removed from storage, and the content of messages you sent is redacted, while we retain certain records (e.g. safety reports and reviews left by others) as long as necessary for legal and safety reasons, no longer linked to your identity. Removed listings and their photos are purged after a short retention window. Violation and moderation records are retained only as long as needed for safety and legal purposes.
9. Your rights
Under the GDPR you have the right to:
- Access: get a copy of your personal data (Art. 15).
- Rectification: correct inaccurate data (Art. 16).
- Erasure: delete your account and data (Art. 17). You can do this in the app under Settings → Privacy & data → Delete my account.
- Portability: receive your data in a portable format (Art. 20). You can request an export in the app or from support.
- Restriction & objection: limit or object to certain processing (Arts. 18, 21).
- Withdraw consent: where we rely on consent (e.g. personalised ads, push notifications), at any time.
To exercise any right, use the in-app tools or email support@broker-free.app. We respond within the timeframes required by law (generally within one month). You also have the right to lodge a complaint with your data protection authority, in Bulgaria, the Commission for Personal Data Protection (CPDP / КЗЛД).
10. Security
We apply technical and organisational measures to protect your data, including hashing of phone numbers, access controls, encryption in transit, a single privileged administrative seam, and audit logging of moderation actions. No system is perfectly secure, but we work to protect your information and to respond promptly to any incident.
11. Children
The Service is intended for users aged 18 and over. We do not knowingly collect data from anyone under 18; if you believe a minor has provided us data, contact us and we will delete it.
12. Changes to this policy
We may update this Privacy Policy from time to time. Material changes will be notified in the app and/or by updating the date and version above. Continued use after changes take effect constitutes acknowledgement of the updated policy.
13. Contact
For any privacy question or request: support@broker-free.app.