Statire.ie

Privacy Policy

Last updated: 3 May 2026

This policy explains what personal data Statire.ie collects, why we collect it, who we share it with, and what your rights are. We have written it in plain English on purpose — if anything is unclear, please email us at info@statire.ie.

Who we are

Statire.ie (“Statire”, “we”, “us”) is an independent Irish data publisher operating the website at statire.ie. We are not affiliated with any Irish government body. For privacy questions or to exercise your rights under GDPR, contact us at info@statire.ie.

What personal data we collect

We collect only what we need to operate the service. Specifically:

  • Account data — email address, password (stored as a salted hash, never in plain text), display name if you set one, account creation date.
  • Property valuation inputs — when you submit a valuation, we store the address or eircode, property type, floor size, bedrooms, bathrooms, BER rating, and any optional features you provide. This is stored against your account so you can revisit your reports.
  • Payment data — when you purchase a credit or subscription, payment is handled entirely by Stripe. We never see your card number. We do receive and store the Stripe customer ID, subscription ID, and metadata about the transaction (amount, date, status) for billing-history and refund handling.
  • Usage data — anonymous, aggregated traffic analytics from Vercel Analytics. We do not use third-party advertising trackers.
  • Email engagement — when we send you transactional emails (signup confirmation, receipts), our email provider Resend records delivery and basic open/click data so we can detect deliverability problems.

Why we collect it

  • To operate the valuation service you signed up for (legal basis: contract performance under Article 6(1)(b) GDPR).
  • To process payments and send receipts (contract performance + legal obligation).
  • To detect and prevent abuse, fraud, or chargebacks (legitimate interest under Article 6(1)(f)).
  • To improve the product based on aggregated usage patterns (legitimate interest).
  • We do not sell your data, and we do not use it for advertising profiling.

Third parties we share data with

We use a small set of well-known service providers to run the platform. Each only sees the data they need:

  • Supabase — database and authentication. Hosts your account record and your valuation reports. EU-based infrastructure.
  • Stripe — payment processing. Sees your payment method, billing email, and country. Stripe's privacy policy.
  • Resend — transactional email delivery (signup confirmation, receipts). Resend's privacy policy.
  • Google Maps Platform — geocoding (converting an address you submit into a latitude/longitude). Only the address, not your account, is sent. Google's privacy policy.
  • Microsoft Azure (OpenAI Service) — generates the “AI Review” section of each report. Only the de-identified property attributes and comparable sales are sent; no personal data leaves Statire.
  • Vercel — hosts the website and serves anonymised traffic analytics. Vercel's privacy policy.

Cookies

We use a small number of strictly-necessary cookies. The session cookie set by Supabase Auth keeps you logged in. Vercel Analytics uses no client-side cookies — it identifies visitors via a hashed signal that resets daily. We do not use third-party advertising or tracking cookies.

How long we keep data

  • Account data and valuation reports — for as long as your account is active. You can request deletion at any time.
  • Payment records and audit trails — kept for 7 years to comply with Irish accounting and tax requirements (Revenue Commissioners).
  • Aggregated, anonymised analytics — retained indefinitely.

Your rights under GDPR

You have the right to:

  • Request a copy of the personal data we hold about you (right of access).
  • Correct any inaccurate data (right of rectification).
  • Request deletion of your account and personal data (right to erasure / “right to be forgotten”), subject to the retention obligations above.
  • Restrict or object to certain types of processing.
  • Receive an export of your data in a machine-readable format (right to portability).
  • Withdraw consent at any time, where consent is the basis for processing.
  • Lodge a complaint with the Irish Data Protection Commission if you believe your rights have been infringed.

To exercise any of these rights, email info@statire.ie. We will respond within 30 days.

Security

We use TLS encryption in transit, encrypted storage at rest via Supabase, hashed passwords, and PCI-compliant payment handling via Stripe. No system is perfect; if we ever experience a personal-data breach that affects your rights and freedoms, we will notify you and the Data Protection Commission within 72 hours of becoming aware.

Changes to this policy

When we make material changes to this policy, we will update the “Last updated” date at the top and, for significant changes, notify active users by email. Your continued use of the service after such changes signals acceptance of the updated policy.

Contact

For privacy questions, GDPR rights requests, or any concern about how we handle your data, email info@statire.ie.