Back to Home

Privacy Policy

Effective Date: January 15, 2026

1. Introduction

UltraBMS ("we," "our," or "us") operates the UltraBMS building management system (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

2. Information We Collect

2.1 Personal Information

We collect information you provide directly:

  • Name and contact details (email, phone number)
  • Emirates ID information (for UAE compliance)
  • Property and tenancy details
  • Payment and financial information

2.2 Google Account Data

When you connect your Google account for email functionality, we access:

  • Gmail API (Send-only): We request permission to send emails on your behalf for notifications (invoices, receipts, maintenance updates). We do NOT read, store, or access your inbox contents.
  • Email address: Used to identify your account and send notifications.

2.3 Automatically Collected Information

  • Device and browser information
  • IP address and location data
  • Usage analytics and logs

3. How We Use Your Information

We use collected information to:

  • Provide and maintain the Service
  • Send transactional emails (invoices, payment confirmations, maintenance updates)
  • Process rent payments and financial transactions
  • Comply with UAE legal requirements
  • Improve our Service

4. Google API Services User Data Policy

Our use of Google API Services complies with the Google API Services User Data Policy, including the Limited Use requirements.

Specifically:

  • We only use Gmail API to send emails on your behalf
  • We do NOT read, analyze, or store your email inbox contents
  • We do NOT share your Google data with third parties
  • We do NOT use your data for advertising purposes
  • Access tokens are encrypted and stored securely

5. Data Security

We implement industry-standard security measures:

  • AES-256-GCM encryption for sensitive data
  • JWT-based authentication with secure session management
  • HTTPS encryption for all data transmission
  • Role-based access control (RBAC)
  • Regular security audits

6. Data Retention

  • Account data: Retained while your account is active
  • Financial records: Retained for 7 years (UAE compliance)
  • OAuth tokens: Retained until you disconnect or tokens expire
  • You may request data deletion by contacting us

7. Third-Party Services

We use the following third-party services:

  • Google Cloud Platform: Email sending via Gmail API
  • Amazon Web Services (AWS): Cloud infrastructure, file storage (S3), document processing (Textract)
  • Vercel: Frontend hosting

8. Your Rights

You have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Delete your account and data
  • Withdraw consent for optional processing
  • Export your data

9. Children's Privacy

Our Service is not intended for users under 18 years of age. We do not knowingly collect data from minors.

10. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes via email or Service notification.

11. Contact Us

For privacy-related inquiries:

  • Email: privacy@ultrabms.com
  • Address: Dubai, United Arab Emirates
Terms of Service|Home