Effective Date: November 17, 2025
Last Updated: December 15, 2025
Version: 1.5
ebba, Inc. ("ebba", "we", "us") provides a data-insights and analytics platform for real estate portfolio analysis. We are committed to protecting personal data and complying with the EU General Data Protection Regulation (GDPR) and the EU–U.S. Data Privacy Framework (DPF).
Entity: ebba, Inc.
Registered in: Delaware, United States
Email: privacy@ebba-ai.com
Website: https://www.ebba-ai.com
For GDPR purposes, ebba acts as a Data Processor on behalf of its EEA-based customers (Controllers). Since ebba is incorporated outside the EEA, it has appointed an EU Representative under Article 27 GDPR:
EU Representative: L.v. Thiel, Lyvins
Email: ebba@lyvins.nl
ebba, Inc. complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) as set forth by the U.S. Department of Commerce. ebba, Inc. has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
All customer production data is stored and processed exclusively within the European Economic Area (EEA) on secure infrastructure.
Because ebba, Inc. is a U.S.-incorporated entity, any processing of personal data on behalf of our EEA-based customers constitutes a "data transfer" under the GDPR. We legitimize these transfers through our certification to the DPF and, where applicable, the execution of the 2021 Standard Contractual Clauses (SCCs).
We process limited personal data to deliver our analytics services, including:
Disclosure to Third Parties: We disclose personal data to the following types of third parties for the purposes described below:
Liability for Onward Transfers: ebba, Inc. complies with the DPF Principles for all onward transfers of personal data from the EU, including the onward transfer liability provisions. ebba, Inc. remains liable under the DPF Principles if its agent processes such personal information in a manner inconsistent with the Principles, unless ebba, Inc. proves that it is not responsible for the event giving rise to the damage.
Personal data is processed solely to deliver, maintain, and improve our services, provide support, and meet contractual obligations with customers.
Personal data is retained for the duration of the customer relationship and deleted or anonymized within 30 days following contract termination, unless longer retention is required by law.
Access, Correction, and Deletion: Individuals have the right to access the personal data we hold about them. You also have the right to request that we correct, amend, or delete it if it is inaccurate or processed in violation of the DPF Principles.
Choice: You have the choice to limit the use and disclosure of your personal data. If you wish to opt out of having your personal data used for a purpose that is materially different from the purpose for which it was originally collected or subsequently authorized by you, or if you wish to limit the disclosure of your data to non-agent third parties, please contact us at privacy@ebba-ai.com.
ebba implements strict security measures, including:
In compliance with the EU-U.S. DPF, ebba, Inc. commits to resolve DPF Principles-related complaints about our collection and use of your personal information. EU individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF should first contact ebba, Inc. at: privacy@ebba-ai.com
In compliance with the EU-U.S. DPF Principles, ebba, Inc. commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF to ICDR-AAA, an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://go.adr.org/dpf_irm.html for more information or to file a complaint. The services of ICDR-AAA are provided at no cost to you.
Binding Arbitration: You have the possibility, under certain conditions, to invoke binding arbitration for complaints regarding DPF compliance not resolved by any of the other DPF mechanisms. For additional information and the conditions for invoking binding arbitration, please visit the Data Privacy Framework website: https://www.dataprivacyframework.gov/framework-article/ANNEX-I-introduction
Investigatory Powers: ebba, Inc. is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).
We may update this Privacy Policy periodically. Any significant changes will be posted on our website with a new effective date.
If you have questions about this policy or wish to exercise your rights, please contact us first:
Data Protection Contact: privacy@ebba-ai.com
Because ebba, Inc. is established outside the EU, we have appointed an EU Representative pursuant to Article 27 GDPR:
EU Representative:
L.v. Thiel, Lyvins (ebba@lyvins.nl)