Privacy Policy — REOS Marketplace

Last updated: May 2026

1. Introduction; Scope; Who We Are

This Privacy Policy (the "Policy") explains how REOS World Ltd, doing business as REOS Global, and its affiliates (collectively, "REOS", "we", "us", or "our") collect, use, share, and protect personal information when operating our online marketplace that connects US-based buyers with Israeli properties and real estate-related services and provides features including an AI interface, multi-party chat, document repositories, third-party payment processing, and optional e-signature functionality. This Policy also explains your rights and choices and how to exercise them.

This Policy applies to personal information processed when you visit or use our websites, apps, and services (the "Services"), including when you create an account; view or post listings; use chat, voice, or video features; share or store documents; use our AI-assisted tools; interact with suppliers and sellers; or are redirected to third parties integrated with or linked from our Services (for example, payment and e-signature providers).

REOS acts as a data controller for account, platform operation, safety and security, analytics, and marketing. In limited cases, REOS may act as a data processor when handling personal information strictly on documented instructions from a supplier or seller using our platform tools for their service delivery. See Section 3 (Our Roles) and Section 10 (Sharing and Disclosures).

2. Definitions

Buyer means any person or entity that seeks to purchase Israeli real estate or real estate-related services via the Services.

Seller means any person or entity that sells, markets, or lists Israeli properties via or through the Services.

Supplier means any licensed professional or service provider using the Services to offer real estate-related services to Buyers, including lawyers, real estate brokers, appraisers, mortgage advisors, insurance advisors, and contractors.

Personal Information (or Personal Data) means any information that identifies or can reasonably be linked to an identified or identifiable individual or household.

Controller means the entity that determines the purposes and means of processing personal information. Processor means an entity that processes personal information on behalf of and on documented instructions from a controller.

3. Our Roles: When REOS Is a Controller vs. a Processor

Controller role.REOS acts as a controller for: account registration and profile information; identity and location verification; platform telemetry and diagnostics; security and fraud prevention; chat and collaboration features (including related metadata and, where applicable, content, subject to consent and law); document repository operations; marketing communications and advertising (including cookie-based analytics and targeting where applicable); product research and improvement (including AI-assisted features as described in Section 7); legal compliance; and business operations.

Processor role.REOS may act as a processor to a Supplier or Seller when we process personal information strictly on that party’s documented instructions via our platform tools to help them provide services or manage their listings or transactions (for example, capturing specific intake fields defined by the Supplier within a workspace). In those cases, a Data Processing Agreement (DPA) with the Supplier or Seller governs our processing.

Independent controllers. In some situations, REOS and a Supplier or Seller may independently determine purposes and means for certain shared datasets (for example, identity verification or trust-and-safety signals). In those cases, REOS and the Supplier/Seller act as independent controllers and will each meet their separate compliance obligations.

4. Information We Collect

Information you provide to us directly or via our platform

  • Account and profile data. Name, contact details, company or firm, role, licensure information (where applicable), identity verification artifacts, and preferences.
  • Listings and submissions. Property listing content, descriptions, photos, attachments, location details, pricing and fee terms, and other information you publish on the marketplace.
  • Communications and collaboration. Messages, attachments, feedback, support tickets, and, where enabled and consented as required by law, audio or video session data captured via platform chat, voice, or video features.
  • Documents and repository content. Files you upload or share, including contracts and transaction documents, and related metadata.
  • Payment and e-signature flows. Information you provide when redirected to third-party processors (for example, name and payment method details, transaction identifiers, and e-signature envelope identifiers); those services process your data under their own terms and privacy policies.
  • Marketing preferences and survey responses. Preferences for communications, cookie settings, and responses to surveys, promotions, or beta programs.

Information we collect automatically

  • Device and usage data. IP address, device identifiers, browser and OS details, cookie and pixel identifiers, session activity, headers and referrers, time spent, clicks, scrolls, error and performance logs, and crash diagnostics.
  • Geolocation and approximate location. IP-based location and, if you enable it, device-based geolocation.
  • Communications telemetry. Message timestamps, delivery status, read indicators, and engagement metrics; where permitted and disclosed, limited content analysis (for example, trust-and-safety scanning and abuse detection).
  • Security and fraud signals. Login history, access patterns, anomalous activity, and signals used to prevent account compromise, spam, scraping, or fraud.

Information from third parties

  • Identity, licensing, and sanctions checks from verification providers or public sources.
  • Partners supporting payments, e-signature, analytics, marketing, security, and trust-and-safety functions.
  • Suppliers, Sellers, and other users who interact with you via our Services.
  • Public or enterprise sources, including professional directories, sanction lists, and open data.

5. How We Use Personal Information (Purposes and Legal Bases)

  • Service delivery and account management. To provide and administer the Services, enable marketplace features, host listings, support communications and repositories, and manage your account and preferences.
  • Safety, security, and integrity. To protect accounts and the Services; detect and prevent fraud, spam, scraping, or other abuse; enforce policies; and investigate and respond to complaints or incidents.
  • Communications. To send transactional and service messages, and, where permitted, marketing communications (you may opt out at any time).
  • AI-assisted features and product improvement. To operate and improve platform features; see Section 7.
  • Analytics and personalization. To analyze usage, improve performance and reliability, and personalize experiences.
  • Advertising. To deliver and measure advertising and retargeting campaigns, subject to your choices.
  • Legal and compliance. To comply with applicable law and maintain appropriate business records.

Legal basis (where required, e.g., EU/UK/Israel). We rely on one or more of the following: performance of a contract, legitimate interests, consent, and legal obligations.

6. Communications, Chat, and Recording

Platform messaging and collaboration. Messages sent via our Services may not be private or confidential to the same extent as communications on your own systems; avoid sharing information that violates your own confidentiality obligations or applicable law.

Monitoring and recording. Where required by law, we will present consent prompts and indicators for voice or video features.

7. AI-Assisted Features

Overview. Our AI-assisted tools can help surface information, draft language suggestions, provide general educational guidance, or assist in discovery. AI outputs may be incomplete, inaccurate, or out of date and are not a substitute for licensed professional judgment, due diligence, or independent verification.

Training and third-party models. We do not use your personal information to train third-party foundation models. If we collaborate with third-party AI providers to power features, we require contractual safeguards that prohibit those providers from using your data to train their generalized models and that restrict use to providing services to REOS.

8. Children’s Privacy

Our Services are not directed to children, and we do not knowingly collect personal information from children. If we learn that we have collected personal information from a child in violation of law, we will delete it.

9. Cookies, Tracking Technologies, and “Your Privacy Choices”

We use cookies, pixels, SDKs, and related technologies to operate core functionality, measure performance, and, where applicable, personalize content. For details, see our Cookie Policy.

Global Privacy Control (GPC). While we do not respond to browser-based Do Not Track signals, we will honor Global Privacy Control signals as an opt-out of selling or sharing personal information for targeted advertising where required by applicable US state privacy laws.

10. Sharing and Disclosures

  • Service providers and subprocessors. We share personal information with vendors who perform services on our behalf (hosting, storage, analytics, communications, support, identity verification, trust and safety, AI infrastructure, and advertising technology) under contracts that limit their use of data to the services provided.
  • Suppliers, Sellers, and other users. When you use the marketplace, we share necessary information with your counterparties.
  • Payment and e-signature partners. Those providers process your personal information under their own terms and privacy policies.
  • Corporate transactions and legal disclosures. In connection with a merger, acquisition, financing, divestiture, restructuring, or sale of assets; to comply with legal obligations or lawful requests; or to protect rights, property, or safety.
  • Aggregated and de-identified information. We may use and share aggregated or de-identified data for research, benchmarking, and product development.

11. Cross-Border Transfers

We may process personal information in Israel, the United States, the EU/UK, and other jurisdictions. When transferring personal information internationally, we implement appropriate safeguards such as the European Commission’s Standard Contractual Clauses (and UK Addendum or IDTA, as applicable) and rely on adequacy decisions where available (including Israel’s adequacy status for certain EU transfers).

12. Advertising, Marketing Communications, and Opt-Outs

Email and SMS marketing. We send marketing communications where permitted by law and with required consents (for example, Israeli opt-in for certain electronic messages). You can opt out at any time via unsubscribe links or by contacting us. We may still send you transactional or service communications.

13. Security

We implement administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, disclosure, alteration, or destruction. Despite these measures, no Internet or email transmission is ever fully secure or error free.

14. Retention

We retain personal information for as long as needed to provide the Services, comply with legal obligations, resolve disputes, protect our rights, and pursue legitimate business purposes. Retention periods vary based on the type of information and the purposes for which it is processed.

15. Your Rights and How to Exercise Them

Access, correction, and deletion. Subject to applicable law, you may have the right to request access to your personal information, correction of inaccurate information, or deletion of certain information.

Portability and restriction/objection. In some jurisdictions, you may have the right to data portability and to request restriction of or object to certain processing.

Opt-out of selling or sharing (US).Where applicable, you may opt out via the “Your Privacy Choices” link and by enabling Global Privacy Control signals where recognized.

Appeal (US). If we decline to take action on your request, you may have the right to appeal our decision.

EU/UK GDPR rights. Where the GDPR/UK GDPR applies, you may have rights to access, rectification, erasure, restriction, portability, and objection, and the right to withdraw consent where processing is based on consent.

16. Subprocessors and Third-Party Tools

We maintain a list of our key subprocessors and third-party tools used to deliver the Services. This list may be updated from time to time as we add or change service providers.

To request a copy of our current subprocessor list, email info@reos.global.

17. Contact Us

REOS is responsible for the processing described in this Policy. If you have questions or concerns, or wish to exercise your rights, contact us at:

  • Email: info@reos.global
  • Mail (US): «US mailing address — to be supplied before launch»
  • Mail (Israel): «Israel mailing address — to be supplied before launch»

18. Changes to This Policy

We may update this Policy from time to time. We will post changes on this page and, if changes are material, provide a prominent notice or email notification. Unless otherwise noted, changes are effective when posted.

19. Additional Jurisdiction-Specific Notices

US state privacy laws

If you are a resident of a US state with a comprehensive consumer privacy law (California, Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, Delaware, Iowa, Nebraska, New Hampshire, New Jersey, Tennessee, Minnesota, Maryland, or another), you may have rights to access, correct, delete, port, and opt out of targeted advertising, profiling, and sale of personal data, where those rights apply.

We do not sell personal information for money. We may “share” personal information (as defined in certain US state laws) for cross-context behavioral advertising. We do not use or disclose sensitive personal information to infer characteristics or for purposes other than those allowed by law without your consent. We will not discriminate against you for exercising your privacy rights.

EU/UK

Where the GDPR/UK GDPR applies, REOS World Ltd is the controller for EU/UK users unless otherwise stated. You have the right to lodge a complaint with your local supervisory authority.

Israel

Under the Israeli Protection of Privacy Law and Data Security Regulations, you may have rights to access and correct personal information held in a database and may contact us to exercise such rights.

Privacy Notice for California Residents (Supplement)

This Privacy Notice for California Residents supplements the information contained in our Privacy Policy and applies solely to visitors, users, customers, applicants, and others who reside in the State of California, to the extent the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act (the "CPRA") applies.

Information We Collect

Depending on how you interact with us, we may collect the following categories of personal information (within the last 12 months): identifiers, California Customer Records information, protected classification characteristics, commercial information, internet or other electronic network activity, geolocation data, audio or visual information (where permitted by law), professional or employment-related information, education information, inferences, and sensitive personal information (only where applicable).

Your CPRA Rights

  • Right to know/access: request information about our collection, use, and disclosure of your personal information.
  • Right to delete: request deletion, subject to exceptions.
  • Right to correct: request correction of inaccurate information.
  • Right to opt out of sale or sharing for cross-context behavioral advertising.
  • Right to limit use and disclosure of sensitive personal information, where applicable.
  • Right to non-discrimination for exercising your rights.

To submit a request, email info@reos.global or use the “Your Privacy Choices” link (when available). We may need to verify your identity before fulfilling your request.

Automated Decision-Making Technology (ADMT)

For purposes of this Notice, automated decision-making technology ("ADMT") means any technology that processes personal information and uses computation to replace human decision-making or substantially replace human decision-making. A “Significant Decision” is a decision that results in the provision or denial of financial or lending services, housing, education enrollment or opportunities, employment or independent contracting opportunities or compensation, or healthcare services.

If we use ADMT to make a Significant Decision about a consumer, we will provide a prominent Pre-Use Notice and honor your right to opt out, subject to applicable CPRA exceptions. Where we offer an alternative decision-making process that includes an appeal, the appeal will be conducted by a human reviewer with authority to overturn the decision.

Privacy Risk Assessments & Cybersecurity Audits

We conduct privacy risk assessments where our processing of personal information presents a significant risk to consumers’ privacy, as required by CPRA regulations, and update them at least once every three (3) years. Where required by law, we conduct cybersecurity audits performed by a qualified independent professional and retain related documentation as required.

“Shine the Light”

California Civil Code section 1798.83 permits California residents to ask for and receive from us once a year, without charge, information about their personally identifiable information, if any, that we disclosed to third parties for direct marketing purposes in the preceding calendar year. To request, email info@reos.global.

Items that still need final values before launch: US mailing address, Israel mailing address, confirmation that info@reos.global is the correct contact inbox. Hebrew translation will be supplied separately by counsel and published in the he locale.