Privacy Policy

Wexlo (“Wexlo”, “we”, “us”, or “our”) operates the property marketplaces at wexlo.duckdns.org and wexlopro.duckdns.org. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our platforms, and explains your rights under the General Data Protection Regulation (GDPR) and applicable Maltese law.

By using Wexlo, you agree to the collection and use of information in accordance with this policy.

1. Who we are

The data controller responsible for your personal data is Wexlo, a business name operated by a self-employed individual registered in Malta. For any data-related queries, you may contact us at privacy@wexlo.mt.

2. Data we collect

We collect the following categories of personal data:

Account data

• Name and email address (required to create an account)
• Phone number and WhatsApp number (optional, used to enable buyer contact)
• Profile photo (if you sign in via Google)
• Role on the platform (buyer, owner, or agent)

Listing data

• Property details you enter when creating a listing (address, price, description, photos)
• Tier selection and payment status
• Listing activity (views, saves, enquiries received)

Usage data

• Pages visited and time spent on the platform
• Device type and browser (anonymised)
• Session identifiers (anonymous cookies)
• Search queries and filter preferences

Payment data

• Payment is processed by Stripe. We do not store full card details.
• We store confirmation of payment, the Stripe payment intent ID, and the plan or listing tier purchased.

Communications

• Enquiry messages sent through the platform
• Reports submitted about listings
• Any emails you send to us directly

3. How we use your data

• To create and manage your account
• To display your listings to buyers and renters
• To process payments for listing upgrades, boosts, and subscriptions (Wexlo Pro)
• To send transactional emails (listing confirmation, payment receipts, enquiry notifications)
• To enable direct contact between buyers and sellers via email or WhatsApp
• To monitor platform usage, detect fraud, and improve our services
• To respond to support requests and reports
• To comply with legal obligations

4. Legal basis for processing

We process your personal data on the following legal bases under GDPR Article 6:

• Contract performance — to provide the services you have registered for
• Legitimate interests — to improve the platform, prevent fraud, and maintain security
• Legal obligation — to comply with applicable Maltese and EU law
• Consent — for optional cookies and marketing communications (where applicable)

5. Sharing your data

We do not sell your personal data. We share data only where necessary:

• Stripe — to process payments securely. Stripe's privacy policy applies to payment data.
• Cloudinary — to host and deliver property images and videos uploaded to the platform.
• Google (OAuth) — if you choose to sign in with Google.
• Nodemailer / SMTP provider — to send transactional and notification emails.
• Maltese authorities — if required by law or in response to a valid legal request.

Your listing contact details (name, phone, WhatsApp) are displayed publicly on your active listing so that buyers can contact you directly. You control what contact information you provide.

6. Cookies

We use cookies to operate the platform and to understand how it is used. These include:

• Session cookies — to keep you logged in during your visit (strictly necessary)
• Authentication tokens — to manage your login session securely (strictly necessary)
• Analytics cookies — to collect anonymised usage statistics (optional, with your consent)

You can manage your cookie preferences at any time using the Cookie Settings link in the footer. Rejecting optional cookies will not affect your ability to use the platform.

7. Data retention

• Account data is retained for as long as your account is active.
• Listing data is retained for the duration of the listing plus 12 months.
• Enquiry and report data is retained for 24 months.
• Payment records are retained for 7 years to comply with Maltese tax law.
• Usage/analytics data is retained for 12 months in aggregated form.
• If you delete your account, personal data is removed within 30 days, except where retention is required by law.

8. Your rights

Under GDPR, you have the right to:

• Access the personal data we hold about you
• Correct inaccurate or incomplete data
• Request deletion of your data ('right to be forgotten'), subject to legal retention requirements
• Restrict or object to certain processing
• Data portability — receive your data in a structured, machine-readable format
• Withdraw consent at any time, where processing is based on consent
• Lodge a complaint with the Information and Data Protection Commissioner (IDPC) of Malta

To exercise any of these rights, contact us at privacy@wexlo.mt. We will respond within 30 days.

9. Security

We take the security of your data seriously. Measures include: encrypted HTTPS connections, hashed password storage (bcrypt), Stripe-handled payment data (PCI DSS compliant), and restricted access to production systems. No method of transmission over the internet is 100% secure — if you suspect a security issue, please contact us immediately.

10. Children

Wexlo is not intended for use by anyone under the age of 18. We do not knowingly collect personal data from minors. If you believe a minor has created an account, please contact us and we will delete the account promptly.

11. Changes to this policy

We may update this Privacy Policy from time to time. When we make significant changes, we will notify registered users by email and update the “Last updated” date at the top of this page. Continued use of the platform after changes constitutes acceptance of the updated policy.

12. Contact us

For any questions about this Privacy Policy or your personal data, contact us at:

You also have the right to complain to the Information and Data Protection Commissioner (IDPC) of Malta.