Legal · Data protection

Privacy Policy.

Version: 1.0

Effective: 1 June 2026

Controller: REIGPlus Inc.

Contact: privacy@reigplus.com

Applicable frameworks

U.S. state privacy laws (Georgia)

GDPR (EU/UK investors)

NDPR (Nigeria Data Protection Regulation)

POPIA (South Africa)

General international best practice

Contents

01Who we are 02Data we collect 03How we collect it 04Why we use your data 05Legal basis 06Who we share data with 07International transfers 08How long we keep data 09How we protect data 10Cookies 11Your rights 12Marketing 13Children 14Changes to this policy 15Contact & complaints

Your privacy matters

This policy explains what personal data REIGPlus collects, why we collect it, how we use and protect it, who we share it with, and what rights you have over it. We process sensitive personal and financial data as a necessary part of facilitating international real estate investment. We take that responsibility seriously and are committed to handling your data with transparency and care.

Who we are

REIGPlus Inc. is the data controller responsible for your personal data. We determine the purposes and means of processing personal data collected through the REIGPlus platform, website, email communications, and WhatsApp channels.

Detail	Information
Data controller	REIGPlus Inc.
Primary address	8735 Dunwoody Place, Suite N, Atlanta, Georgia 30350, USA
Operations address	10a Poroku Layout, Lekki, Lagos, Nigeria
Privacy contact	privacy@reigplus.com
Website	reigplus.com

Where third-party partners process your data in the course of delivering services to you (for example, mortgage lenders or property managers), those partners act as independent data controllers or as data processors on our behalf, as described in Section 6.

Data we collect

We collect the following categories of personal data. We collect only what is necessary for the purpose for which it is collected.

Identity and contact data

Data type	Examples	Required?
Full legal name	As on passport	Yes — all investors
Email address	Primary and any secondary	Yes — all investors
Phone / WhatsApp number	With country code	Yes — all investors
Country of residence	Primary country	Yes — all investors
Nationality	As on passport	Yes — investment investors
Date of birth	DD/MM/YYYY	Yes — investment investors
Residential address	Full postal address	Yes — investment investors

Identification documents

Data type	Purpose	Required?
International passport (certified copy)	Identity verification, LLC formation, lender KYC	Yes — investment investors
National identity card (where applicable)	Secondary ID where required by lender	Sometimes
ITIN or SSN (where applicable)	U.S. tax filing	Where applicable

Financial data

Data type	Purpose	Required?
Bank statements (3–6 months)	DSCR lender KYC — proof of down payment funds	Yes — financed investors
Source of funds information	AML compliance, lender requirements	Sometimes
Investment budget and goals	Property matching, advisor preparation	Yes — all investors
Payment card details	Reservation deposit processing (Paystack/Stripe)	Yes — at reservation
Bank account details (for distributions)	Rental income distribution	Yes — post-closing investors

Transaction and investment data

Data type	Examples
Reservation records	Property reserved, Reservation ID, deposit amount, dates
Property ownership records	Property acquired, LLC details, title information, closing documents
Rental income records	Monthly distributions, payment confirmations
Communications history	Emails, WhatsApp messages, call notes related to your investment

Website and device data

Data type	Purpose
IP address	Security, fraud prevention, geographic analytics
Browser type and version	Platform compatibility and improvement
Pages visited, time on site, referral source	Platform improvement, marketing analytics
Device type and operating system	Platform optimisation
Cookie identifiers	See Section 10

We do not collect or store full payment card numbers. Payment processing is handled by Paystack and Stripe, who are responsible for the security of card data in accordance with PCI-DSS standards. REIGPlus receives only a payment confirmation token and transaction reference.

How we collect your data

We collect personal data through the following channels.

Source	Data collected
Website forms	Name, email, WhatsApp, investment goals, budget, property preferences — from guide download, booking, webinar registration, and contact forms
Reservation process	Full identity and financial data collected at reservation and during onboarding, including passport and bank statements
Paystack / Stripe	Payment confirmation, transaction reference, billing country — from reservation deposit payment
Calendly	Name, email, time zone, booking details — from consultation call scheduling
WhatsApp / Manychat	Phone number, message content, bot interaction responses — from WhatsApp engagement
Email communications	Email content and metadata — from investor queries and responses
Advisor calls	Call notes and summaries — recorded with your consent where applicable
Webinar platform (Zoom)	Name, email, attendance data, Q&A submissions — from webinar registration and participation
Cookies and analytics	Browsing behaviour on reigplus.com — see Section 10
Third-party partners	Inspection reports, LLC formation documents, title search results, lender decisions — from partner organisations involved in your investment
Publicly available sources	Business register information, publicly available property records — for due diligence purposes

Why we use your data

We use personal data for the following purposes. We do not use your data for purposes incompatible with those listed here without obtaining fresh consent.

Purpose	Description
Delivering investment services	Processing reservations, coordinating LLC formation, facilitating financing, coordinating closing, managing property distributions, and all other services described in our Service Agreement
Identity verification and KYC	Verifying your identity before processing a reservation or transmitting funds, as required by anti-money laundering obligations
AML and sanctions screening	Screening against sanctions lists and PEP databases as required by applicable law
Communication	Responding to enquiries, sending reservation confirmations, advisor call preparation, transaction updates, and platform notifications
Legal and regulatory compliance	Meeting obligations under U.S. federal and Georgia state law, FIRPTA reporting, tax documentation (1042-S), and record-keeping requirements
Marketing communications	Sending our investor newsletter, monthly market updates, webinar invitations, and new property alerts — only where you have opted in or have an existing investor relationship with us
Platform improvement	Analysing website usage, improving user experience, testing new features, and understanding investor behaviour in aggregate
Fraud prevention and security	Detecting and preventing fraudulent reservations, unauthorised payments, and suspicious activity on the platform
Dispute resolution	Maintaining records necessary to resolve disputes about reservations, refunds, or transactions

Legal basis for processing

For investors based in the European Union, United Kingdom, or other jurisdictions with similar data protection frameworks (including Nigeria under the NDPR and South Africa under POPIA), we rely on the following legal bases to process your personal data.

Legal basis	When we rely on it
Contract performance	Processing necessary to deliver our investment services — identity verification, LLC coordination, DSCR financing facilitation, closing coordination, and distribution management. Without this processing, we cannot provide the services.
Legal obligation	Processing required by law — AML screening, FIRPTA reporting, tax document preparation (1042-S), sanctions compliance, and record-keeping obligations under U.S. and applicable foreign law.
Legitimate interests	Processing for fraud prevention and platform security, service quality improvement, internal analytics, and maintaining records to defend against legal claims. We balance our interests against your rights before relying on this basis.
Consent	Marketing communications, cookies beyond strictly necessary, and the recording of advisory calls. You may withdraw consent at any time without affecting the lawfulness of prior processing.

For U.S.-based investors

U.S. privacy law does not require a legal basis for data processing in the same way as GDPR. We nonetheless apply the principles above as a matter of policy. California residents may have additional rights under the CCPA — see Section 11 for details.

Who we share your data with

We share personal data with the following categories of recipients. We share only the data necessary for the specific purpose and require all recipients to treat your data with appropriate confidentiality.

Investment service partners

DSCR / Mortgage lenders

USA

Identity documents, bank statements, and financial data required to assess and process your mortgage application. The lender becomes an independent data controller for your mortgage file.

LLC legal partner

USA

Passport, contact details, and entity formation instructions required to form your Georgia LLC, apply for your EIN, and assist with ITIN if applicable.

Title company

USA

Identity, LLC details, and transaction data required to conduct the title search, open escrow, and coordinate closing. The title company is subject to Georgia state licensing requirements.

Property management firms

USA (Georgia)

Your name, contact details, LLC information, and property details required to manage the property on your behalf and distribute rental income.

CPA / tax partner

USA

Identity, financial records, rental income data, and property transaction details required to prepare annual tax returns and FIRPTA documentation.

Home inspection firms

USA (Georgia)

Contact details and property access instructions to schedule and conduct the property inspection. Inspection reports are shared with you and retained by REIGPlus.

Homes by Tameka

USA

Investment goals, budget, and property preferences shared with our licensed Georgia advisor for property sourcing, matching, and transaction management.

Platform and technology providers

Airtable

USA

Our investor CRM — stores investor profiles, reservation records, property data, and transaction history. Data processor acting on our instructions.

Mailchimp (Intuit)

USA

Email marketing platform — stores name, email, and communication preferences for marketing and transactional emails. You may unsubscribe at any time.

Manychat

USA

WhatsApp automation platform — stores phone number and WhatsApp interaction history for investor communications and nurture sequences.

Make.com (Celonis)

Workflow automation — routes data between systems as part of our reservation and onboarding automation. Data processor acting on our instructions.

Paystack

Nigeria / USA

Payment processing for reservation deposits from Africa-based investors. Paystack is an independent data controller for payment data.

Stripe

USA / Ireland

Payment processing for reservation deposits from international and diaspora investors. Stripe is an independent data controller for payment data.

Calendly

USA

Consultation call scheduling — stores name, email, and time zone for booking management.

Zoom

USA

Video call platform for advisor consultations and webinars — stores name, email, and call/webinar records.

Documint

USA

Certificate generation — receives reservation data to generate PDF Reservation Certificates.

Webflow

USA

Website hosting and CMS — hosts the REIGPlus platform. May collect standard web server logs including IP addresses.

Legal and regulatory authorities

We may disclose personal data to law enforcement agencies, regulatory authorities, courts, or other public bodies where required by law or where we reasonably believe disclosure is necessary to protect our legal rights, prevent fraud, or comply with a lawful request. We will notify you of any such disclosure where permitted by law.

Business transfers

If REIGPlus Inc. undergoes a merger, acquisition, or sale of assets, personal data held by us may be transferred to the successor entity as part of that transaction. We will notify investors of any such change and your rights under this policy will be maintained.

International data transfers

REIGPlus operates internationally. Your personal data will be transferred to and processed in the United States, Nigeria, and potentially other countries where our technology providers and partners are located.

The United States does not have an adequacy decision from the European Commission for general data transfers. Where we transfer data from the EU or UK to the U.S., we rely on Standard Contractual Clauses (SCCs) with our U.S.-based data processors, or other approved transfer mechanisms where applicable.

For investors based in Nigeria, transfers are made in accordance with the Nigeria Data Protection Regulation (NDPR) and its requirements for cross-border data transfers. For investors in South Africa, transfers comply with the Protection of Personal Information Act (POPIA).

Your right to know

You may request information about the specific safeguards we have in place for any international transfer of your personal data by contacting privacy@reigplus.com.

How long we keep your data

We retain personal data for as long as necessary to fulfil the purpose for which it was collected, or as required by law. The following retention periods apply.

Data category	Retention period	Reason
Investor registration and contact data (non-purchasing)	3 years from last interaction	Legitimate interests — marketing, re-engagement
Reservation records (where transaction did not proceed)	5 years from reservation	Legal — potential dispute resolution, AML record-keeping
Identity documents (passport, ID)	5 years from transaction close	Legal — AML obligations under applicable law
Financial records (bank statements, source of funds)	5 years from transaction close	Legal — AML and financial crime prevention requirements
Property ownership and closing records	7 years from property sale	Legal — U.S. tax record-keeping requirements
Rental income and distribution records	7 years from distribution	Legal — U.S. tax (1042-S) and IRS record-keeping
Tax documents (1042-S, FIRPTA records)	7 years from filing	Legal — IRS statute of limitations
Email and call communication records	3 years from last interaction	Legitimate interests — dispute resolution, service quality
Website analytics and cookies	Up to 24 months	Legitimate interests — platform improvement
Marketing opt-in records	Until withdrawal of consent + 1 year	Legal — evidence of consent

At the end of the applicable retention period, personal data is securely deleted or anonymised so it can no longer be associated with an identified individual. Anonymised data may be retained indefinitely for statistical purposes.

How we protect your data

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, accidental loss, destruction, or alteration.

Measure	Detail
Encryption in transit	All data transmitted between your browser and our platform is encrypted using TLS 1.2 or higher (HTTPS). WhatsApp communications are end-to-end encrypted by the platform.
Encryption at rest	Sensitive data stored in Airtable and our email systems is encrypted at rest by our technology providers.
Access controls	Access to investor data is restricted to REIGPlus team members and authorised partner organisations who need it to perform their role. We use role-based access controls.
Payment security	We do not store payment card data. Paystack and Stripe are PCI-DSS compliant payment processors. We receive only payment tokens and transaction references.
Document security	Sensitive documents (passports, bank statements) submitted by investors are stored in secure, access-controlled document management systems and not shared beyond the parties that require them.
Data breach procedures	We maintain an incident response plan. In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify affected investors and relevant supervisory authorities within the timeframes required by applicable law.

Despite these measures, no system is completely immune to security risks. We encourage you to use strong, unique passwords and to contact us immediately at privacy@reigplus.com if you suspect unauthorised access to your account.

Cookies and tracking

Our website uses cookies — small text files stored on your device — to make the site work correctly and to help us understand how it is used. We use the following categories of cookies.

Category	Purpose	Consent required?	Examples
Strictly necessary	Core website functionality — form submissions, security, session management. Without these cookies the site cannot function.	No — these are always active	Session cookies, CSRF tokens
Functional	Remembering your preferences (e.g. language, city filter on the properties page) to improve your experience.	Yes	Preference cookies
Analytics	Understanding how visitors use the site — pages visited, time spent, referral source. Data is aggregated and anonymised where possible.	Yes	Google Analytics (where used)
Marketing	Tracking whether you came from a specific campaign, ad, or referral link so we can measure the effectiveness of our marketing.	Yes	UTM parameter tracking, pixel tags

On your first visit to reigplus.com, you will be presented with a cookie consent banner. You may accept all cookies, accept only necessary cookies, or customise your preferences. You may change your preferences at any time through the cookie settings link in the footer.

Most browsers allow you to control cookies through their settings. Note that disabling cookies may affect the functionality of the website.

Your rights

Depending on your country of residence, you have some or all of the following rights over your personal data. We will respond to all verified requests within 30 days. Contact privacy@reigplus.com to exercise any of these rights.

👁️

Right of access

Request a copy of the personal data we hold about you and information about how we use it. Available to all investors.

✏️

Right of rectification

Request correction of inaccurate or incomplete personal data. We will update records and notify relevant partners where necessary.

🗑️

Right of erasure

Request deletion of your personal data where we no longer have a lawful basis to hold it. This right is limited where we are required by law to retain data (e.g. AML and tax records).

⏸️

Right to restrict processing

Request that we limit how we use your data while a complaint or accuracy dispute is being resolved.

📦

Right to data portability

Request your personal data in a structured, machine-readable format so you can transfer it to another provider. Applies to data processed by automated means on the basis of consent or contract.

🚫

Right to object

Object to processing based on legitimate interests or for direct marketing purposes. We will stop processing unless we can demonstrate compelling legitimate grounds.

🔄

Right to withdraw consent

Withdraw consent at any time for processing based on consent (e.g. marketing emails, optional cookies). Withdrawal does not affect the lawfulness of prior processing.

🤖

Automated decision-making

We do not make legally significant decisions about you using fully automated processing without human review. Reservation processing involves human advisor review at each stage.

California residents (CCPA)

California residents have the right to know what personal information is collected and sold, the right to opt out of the sale of personal information, and the right to non-discrimination for exercising these rights. REIGPlus does not sell personal information. To exercise California privacy rights, contact privacy@reigplus.com.

Marketing communications

We send marketing communications — including property alerts, market updates, webinar invitations, and educational content — only in the following circumstances.

Basis	What this means
Explicit opt-in	You have ticked a box or submitted a form specifically requesting our newsletter or market updates. We rely on consent for these communications.
Existing investor relationship	You are an existing or past investor or have made a reservation with us. We may send relevant communications about our services and new listings. You may opt out at any time.

Every marketing email includes an unsubscribe link. Every WhatsApp marketing message includes opt-out instructions. You may also opt out at any time by emailing privacy@reigplus.com or by replying STOP to any WhatsApp message. Opting out of marketing communications does not affect transactional communications relating to an active reservation or investment.

We do not send unsolicited commercial messages (spam). We do not purchase or rent mailing lists. All contacts receive communications only because they have interacted with REIGPlus directly.

Children

The REIGPlus platform is intended for adults aged 18 and over. We do not knowingly collect personal data from anyone under the age of 18.

If you are a parent or guardian and believe that a child under 18 has provided us with personal data, please contact us at privacy@reigplus.com and we will delete that data promptly.

Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our data practices, our services, or applicable law.

When we make material changes, we will notify registered investors by email at least 14 days before the change takes effect, and update the version number and effective date at the top of this page. The previous version of this policy will be archived and available on request.

Your continued use of the REIGPlus platform after the effective date of a revised policy constitutes your acceptance of the changes. If you do not agree with the revised policy, you may request deletion of your data by contacting privacy@reigplus.com.

This policy was first published on 1 June 2026 (Version 1.0). The most recent version is always available at reigplus.com/privacypolicy.

Contact and complaints

For any privacy-related question, request to exercise your rights, or complaint about how we handle your personal data, contact us at the details below. We aim to respond to all privacy requests within 30 days.

Contact type	Detail
Privacy enquiries	privacy@reigplus.com
Postal address	REIGPlus Inc., 8735 Dunwoody Place, Suite N, Atlanta, Georgia 30350, USA
Response time	Within 30 days of verified request. Complex requests may take up to 60 days — we will notify you if an extension is needed.

Supervisory authorities

If you are not satisfied with our response to a privacy complaint, you have the right to lodge a complaint with the relevant supervisory authority in your jurisdiction.

Jurisdiction	Authority
European Union	The data protection authority in your EU member state of residence (e.g. CNIL in France, BfDI in Germany)
United Kingdom	Information Commissioner's Office (ICO) — ico.org.uk
Nigeria	Nigeria Data Protection Commission (NDPC) — ndpc.gov.ng
South Africa	Information Regulator — inforegulator.org.za
United States (California)	California Privacy Protection Agency (CPPA) — cppa.ca.gov

Our commitment

We are committed to handling your personal data responsibly and transparently. If you have concerns about how we use your data, we encourage you to contact us directly first. We take all privacy complaints seriously and will work to resolve them fairly and promptly.