Privacy Policy

Introduction

HelloRento, as data controller, attaches great importance to the protection of your personal data. This privacy policy informs you about how we collect, use and protect your data in accordance with the UK GDPR, Data Protection Act 2018, and UK tenancy law regulations.

1. Data Controller

Company name: [TO BE COMPLETED]

Address: [TO BE COMPLETED]

Email: contact@hellorento.fr

Data Protection Officer (DPO): [TO BE COMPLETED]

2. Data Collected

In connection with the use of the HelloRento platform, we collect the following categories of data:

2.1 Landlord data

  • Name, first name and contact details
  • Email address and phone number
  • Status (individual or professional)
  • For professionals: Companies House number, company name, registered address
  • Bank details (for rent transfers)

2.2 Tenant data

  • Full personal details (name, date and place of birth)
  • Contact details (address, email, phone)
  • Identity documents
  • Proof of income (payslips, tax returns)
  • For companies: Companies House number, articles of association, financial statements
  • Guarantor information (if applicable)

2.3 Property data

  • Full property address
  • Property type (flat, house, commercial space)
  • Characteristics (area, rooms, features)
  • Property photos
  • Mandatory technical certificates
  • Rent and service charge amounts

2.4 Tenancy contract data

  • Electronically signed tenancy agreements
  • Move-in and move-out inspection reports with signatures
  • Monthly rent receipts
  • Rent review history (RPI/CPI)
  • Payment history
  • Landlord-tenant correspondence

2.5 Usage data

  • Connection logs and IP address
  • Browsing data
  • User preferences
  • Action timestamps (document creation, modification)

3. Purposes of Processing

Your data is collected and processed for the following purposes:

  • Creating and managing your user account
  • Managing the tenancy relationship between landlords and tenants
  • Creating and storing tenancy agreements compliant with UK law
  • Generating property inspections and rent receipts
  • Automatic annual rent review calculation (RPI/CPI)
  • Electronic signing of legally binding documents
  • Legal retention of tenancy documents (6 years)
  • Improving our services
  • Security and fraud prevention
  • Compliance with legal and regulatory obligations

4. Legal Basis for Processing

The processing of your data is based on the following legal grounds:

  • Contract performance: For the provision of rental management services
  • Legal obligation: Document retention for 6 years (Limitation Act 1980)
  • Legal obligation: Compliance with UK tenancy legislation
  • Legitimate interest: Service improvement and platform security
  • Consent: For certain marketing communications (optional)

5. Data Recipients

Your data may be shared with the following recipients:

  • Authorised HelloRento staff (technical support, developers)
  • Parties to the tenancy agreement (landlord and tenant)
  • Technical service providers (hosting, payment, email)
  • Legal authorities on justified request

We ensure all our sub-processors comply with UK GDPR and guarantee an adequate level of data protection.

Important note: Data is isolated per landlord through Supabase's Row Level Security (RLS) system. Each user can only access data to which they are legitimately authorised.

6. Retention Periods

In accordance with UK tenancy law obligations, your data is retained for the following periods:

  • Active account data: For the duration of the service contract
  • Closed account data: 3 years after closure
  • Tenancy documents (agreements, inspections, receipts): 6 years after end of tenancy (Limitation Act 1980)
  • Tenant supporting documents: 6 years after end of tenancy
  • Billing data: 6 years (legal accounting obligation)
  • Connection logs: Maximum 12 months
  • Electronic signatures: For the retention period of the signed document

These retention periods allow us to meet legal obligations in the event of a dispute or audit related to residential letting.

7. Data Security

We implement appropriate technical and organisational measures to protect your data against unauthorised access, loss, destruction or disclosure:

  • Encryption in transit (HTTPS/TLS)
  • Encryption of sensitive data at rest
  • Strong authentication via NextAuth.js with JWT sessions
  • Secure hosting (Supabase and Vercel)
  • Row Level Security (RLS) for per-user data isolation
  • Automatic daily backups
  • Strict access control and action audit trail
  • Security incident monitoring and detection
  • Secure document storage in Supabase Storage with access policies

8. Your Rights

Under the UK GDPR, you have the following rights regarding your personal data:

  • Right of access: Obtain a copy of your data
  • Right to rectification: Correct inaccurate or incomplete data
  • Right to erasure: Delete your data (subject to legal retention obligations)
  • Right to restriction: Limit the processing of your data
  • Right to data portability: Receive your data in a structured format
  • Right to object: Object to the processing of your data
  • Right to withdraw consent: At any time for consent-based processing

Important: Due to the legal obligation to retain tenancy documents for 6 years (Limitation Act 1980), certain data cannot be deleted before this period expires. However, access will be restricted to the strict minimum.

To exercise these rights, contact us at: contact@hellorento.fr

You also have the right to lodge a complaint with the ICO (Information Commissioner's Office): ico.org.uk

9. Cookies

Our platform uses strictly necessary cookies for the operation of the service:

  • Session cookies (NextAuth.js): For secure login
  • Security cookies (CSRF): Against attacks
  • Preference cookies: For language and theme settings
  • Local storage cookies: For Zustand state persistence

You may configure your browser to refuse cookies, but this may affect platform functionality.

10. International Data Transfers

Your data is primarily hosted in the UK/EU via Supabase and is not systematically transferred outside the UK or European Economic Area.

Certain third-party services may be hosted outside the UK/EEA (Vercel in the United States for application hosting, Resend for emails). In such cases, appropriate safeguards are in place (Standard Contractual Clauses approved by the European Commission and UK ICO) to ensure adequate protection of your data.

11. Electronic Signatures

Electronic signatures on tenancy agreements and inspection reports are made in accordance with the Electronic Communications Act 2000 and have the same legal validity as handwritten signatures.

Signature data (timestamp, IP address, document fingerprint) is retained for the full retention period of the signed document to guarantee traceability and integrity.

12. Modifications

We reserve the right to modify this privacy policy at any time to reflect legislative or service developments. Any changes will be communicated to you and the updated version will be published on this page.

13. Contact

For any questions about this privacy policy or the processing of your data, contact us:

Email: contact@hellorento.fr

Address: [TO BE COMPLETED]

DPO: [DPO EMAIL TO BE COMPLETED]

Last updated: 4 June 2026