Overview & Compliance
Welcome to Leaseora's Privacy Policy. This comprehensive policy describes how Leaseora GmbH ("Leaseora," "we," "us," or "our") collects, uses, and shares your personal information when you use our innovative property management platform, including our website, mobile applications, AI-powered services, financial tools, and other online products and services (collectively, the "Services").
We are committed to protecting your personal information and your right to privacy. This policy reflects our dedication to transparency and compliance with privacy regulations worldwide.
Global Compliance
This Privacy Policy is designed to comply with privacy regulations worldwide.
Data Controller
Leaseora GmbH is the data controller responsible for your personal information.
Jurisdiction-Specific Compliance
πͺπΊ European Union
GDPR compliance with data subject rights, consent management, and cross-border transfer protections.
πΊπΈ United States
CCPA consumer rights, COPPA children's protection, and state-specific privacy laws compliance.
π¨π¦ Canada
PIPEDA federal compliance and provincial privacy legislation requirements.
π¬π§ United Kingdom
UK GDPR and Data Protection Act 2018 compliance with ICO guidance.
π³π¬ Nigeria
Nigeria Data Protection Act (NDPA) compliance with NITDA regulations.
π Global
International data transfer safeguards and cross-border privacy protections.
Information We Collect
At Leaseora, we collect various types of information to provide our comprehensive property management services, AI-powered tools, and financial features. Understanding what data we collect helps you make informed decisions about your privacy while using our platform.
The specific information we collect depends on how you use our services, your role (landlord, tenant, property manager, corporate entity), and which features you access. We collect information through direct inputs, automated technologies, and third-party sources in accordance with applicable laws.
Personal Identifiers
We collect personal identifiers to verify your identity, provide personalized services, and ensure secure access to your Leaseora account. This information is essential for contractual obligations and compliance with real estate and financial regulations.
- Basic information: Full name, email address, phone number, date of birth, and profile photos
- Address information: Home address, billing address, and property addresses for landlords
- Identity verification: Government-issued ID numbers (passport, driver's license, national ID) for KYC compliance
- Biometric data: Facial recognition patterns for enhanced account security (with explicit consent)
- Professional information: Job title, business name, industry, professional credentials, and business registration numbers
Financial Information
Our platform processes financial information to facilitate rent payments, deposits, loan applications, and other monetary transactions. We maintain robust security protocols that comply with PCI DSS and other financial standards.
- Payment details: Credit/debit card information, bank account numbers, routing numbers, and billing addresses
- Payment authorizations: SEPA mandates, direct debit authorizations, and recurring payment schedules
- Transaction records: Rent payments, security deposits, wallet transfers, utility payments, and transaction timestamps
- Credit information: Credit scores, income verification, employment status, and financial history for tenancy applications
- Tax information: Tax identification numbers, property tax records, and rental income documentation
Property & Listing Data
Property information forms the core of our platform, enabling our marketplace functionality, property management tools, and analytics capabilities. This data powers our property matching algorithms and market insights.
- Property details: Address, size, number of rooms, amenities, facilities, accessibility features, and utility information
- Visual content: Property photos, floor plans, 3D tours, videos, and property condition documentation
- Lease information: Rental terms, lease duration, rent amount, security deposit, utilities included, and special conditions
- Property management: Maintenance requests, repair history, inspection reports, and tenant communications
- Development data: Construction plans, project timelines, contractor information, and development milestones
AI & Interaction Data
Leaseora's AI-powered features collect and process data to provide personalized recommendations, predictive analytics, and automated assistance. This information helps our systems learn and improve service quality over time.
- AI chat interactions: Chat queries, conversation history, response preferences, and session context for our AI assistant
- Property preferences: Search filters, saved properties, browsing patterns, and design style preferences
- Predictive data: Property valuation inputs, market trend indicators, and lease performance metrics
- Lease analysis: Lease terms used for risk assessment, compliance checking, and legal recommendation generation
- Feedback data: AI response ratings, feature improvement suggestions, and service satisfaction indicators
Identity Verification & Security
Leaseora employs robust identity verification processes to ensure platform security, prevent fraud, and comply with regulatory requirements like KYC and AML regulations. This verification is particularly important for financial transactions and property contracts.
- Identity documents: Scans/photos of government-issued IDs, passports, driver's licenses, and residence permits
- Biometric verification: Facial recognition data, liveness detection results, and biometric comparison outputs
- Address verification: Utility bills, bank statements, and official correspondence used to confirm your address
- Background checks: Previous rental history, credit reports, and public records checks (with consent)
- Corporate verification: Business registration documents, company structure information, and beneficial ownership data
- Blockchain verification: Digital signatures, verification timestamps, and blockchain transaction records
We retain verification data in accordance with legal requirements and security best practices. Access to this sensitive information is strictly limited and protected with advanced encryption and security protocols.
Technical & Behavioral Information
We automatically collect certain technical and usage information when you interact with our platform. This data helps us improve user experience, troubleshoot technical issues, and enhance our security measures.
Device & Browser Data
- β’ IP address and approximate location
- β’ Browser type, version, and language
- β’ Operating system and device model
- β’ Unique device identifiers and cookies
- β’ Screen resolution and preferences
- β’ Mobile carrier (if applicable)
Usage Analytics
- β’ Pages visited and navigation paths
- β’ Session duration and timestamps
- β’ Click patterns and scrolling behavior
- β’ Search queries, filters, and parameters
- β’ Feature engagement and preferences
- β’ Error logs and performance metrics
Communication Records
- β’ Support ticket content and history
- β’ In-app messages and notifications
- β’ Email correspondence with Leaseora
- β’ Property reviews and ratings
- β’ Feedback submissions and surveys
- β’ Marketing and notification preferences
Information from Third Parties
We supplement information you provide directly with data from third-party sources to enhance our services, verify information, and provide more accurate insights. We only obtain this information through legal and authorized channels.
Business Partners
We receive information from trusted partners including:
- β’ Payment processors (transaction data)
- β’ KYC/verification providers (identity confirmation)
- β’ Property market data providers (pricing trends)
- β’ Credit bureaus (credit history, with consent)
- β’ Social media platforms (when you connect accounts)
- β’ Banking partners (for direct payment processing)
Public Sources
We may collect publicly available information such as:
- β’ Property records and land registries
- β’ Business registries and directories
- β’ Government databases and public records
- β’ Publicly available social media profiles
- β’ News publications and public announcements
- β’ Real estate listings and market reports
Data Minimization: We follow data minimization principles and only collect information that's necessary for providing and improving our services. You can learn more about how we use this information in the How We Use Your Information section.
How We Use Your Information
We use your personal information for various business and commercial purposes to provide, maintain, and improve our comprehensive property management platform. Our data usage is guided by principles of transparency, minimization, purpose limitation, and security.
How we use your information depends on your relationship with Leaseora (tenant, landlord, property manager, etc.), the features you access, and your regional privacy requirements. This section provides detailed insights into how your information powers our platform's functionality.
Legal Bases for Processing
Our use of your personal information is based on one or more of the following legal grounds:
Contract Performance
Processing necessary to fulfill our services and contractual obligations, including lease management, payment processing, and property services.
Legitimate Interests
Processing for our legitimate business interests, such as fraud prevention, service improvement, and market analysis, balanced with your rights and interests.
Your Consent
Processing based on your explicit consent, such as for optional features, marketing communications, and biometric verification, which you can withdraw anytime.
Legal Compliance
Processing necessary to comply with our legal and regulatory obligations, including tax regulations, anti-money laundering laws, and real estate requirements.
Property Management & Operations
Your information enables our core property management functionality across the Leaseora platform:
Property Listings & Search
- Creating and displaying property listings with details, photos, and features
- Matching tenants with suitable properties based on preferences
- Location-based search and property recommendations
- Property comparisons and availability verification
Lease Management
- Creating, storing, and managing lease agreements
- Processing lease applications, renewals, and terminations
- Facilitating lease transfers and modifications
- Maintaining lease history and documentation
Maintenance & Support
- Processing and tracking maintenance requests
- Coordinating with service providers and contractors
- Managing property inspections and condition reports
- Scheduling preventive maintenance activities
Tenant & Landlord Management
- Creating and managing user profiles and accounts
- Tenant screening and application processing
- Corporate tenant and landlord organizational structures
- Managing tenant-landlord relationships and communications
Privacy Safeguards: We implement role-based access controls to ensure property information is only accessible to authorized users. Property data is compartmentalized, allowing landlords to see only their properties and tenants to see only properties relevant to them.
Financial Services & Transactions
We process financial information to facilitate secure transactions and provide financial services:
Payment Processing
- Processing rent payments and security deposits
- Managing recurring payment schedules
- Processing SEPA mandates and direct debits
- Handling payment method verification and storage
Wallet & Financial Management
- Managing in-platform wallet balances and transfers
- Processing wallet top-ups and withdrawals
- Tracking transaction history and generating financial statements
- Managing corporate financial allocations and budgets
Billing & Invoicing
- Generating and processing invoices and receipts
- Managing utility billing and payments
- Processing subscription payments and platform fees
- Calculating and applying late fees or penalties
Financial Analytics & Reporting
- Generating financial reports and income statements
- Analyzing payment patterns and financial performance
- Preparing tax documentation and financial records
- Forecasting revenue and financial planning
Financial Security: Financial data is protected with PCI DSS compliant systems, advanced encryption, and fraud detection measures. Payment processing is handled through secure, certified payment providers, and our systems maintain strict audit trails for all financial transactions.
AI & Advanced Technologies
We leverage AI and advanced technologies to provide personalized, intelligent services across our platform:
AI Assistants & Chat
- Powering AI chat assistants for user support and guidance
- Processing and understanding user queries and instructions
- Learning from interactions to improve response accuracy
- Providing contextual information and property insights
Personalization & Recommendations
- Generating personalized property recommendations
- Analyzing preferences to customize user experience
- Tailoring content and interface based on usage patterns
- Creating personalized dashboards and insights
Predictive Analytics
- Generating property valuation and price predictions
- Analyzing market trends and investment opportunities
- Forecasting occupancy rates and demand patterns
- Predicting maintenance needs and property issues
Document Analysis & Insights
- Analyzing lease documents for risk assessment
- Extracting key terms and conditions from contracts
- Evaluating document compliance with regulations
- Generating lease summaries and key points
AI Ethics & Controls: Our AI systems are designed with privacy by design principles and undergo regular fairness assessments. We implement data minimization for AI training, pseudonymize training data where possible, and provide users with controls over their AI interaction history and preferences.
Communication & Collaboration
We process your information to facilitate communication between users and provide collaborative tools:
- Messaging: Processing messages between tenants, landlords, and property managers
- Support: Handling support tickets, inquiries, and dispute resolution communications
- Notifications: Sending payment reminders, maintenance updates, and system alerts
- Team collaboration: Enabling shared access and collaboration for corporate users
- Feedback: Processing ratings, reviews, and service improvement suggestions
Identity & Access Management
We use your information to verify identity, ensure security, and manage access controls:
- KYC verification: Verifying identities through document and biometric checks
- Corporate verification: Validating business entities and their authorized representatives
- Authentication: Securing account access with multi-factor authentication
- Permissions: Managing role-based access controls and user permissions
- Fraud prevention: Detecting and preventing suspicious activities
Analytics & Business Intelligence
We analyze data to improve our platform, generate insights, and optimize user experience:
- Usage analytics: Analyzing how users interact with our platform
- Market insights: Generating property market trends and statistics
- Performance metrics: Monitoring platform performance and optimization
- Feature development: Identifying opportunities for new features
- Business reporting: Creating aggregate business intelligence reports
Legal & Compliance
We process data to meet our legal obligations and maintain regulatory compliance:
- Regulatory compliance: Meeting real estate, financial, and data protection requirements
- Legal requests: Responding to legal requests, subpoenas, and court orders
- Record keeping: Maintaining records for tax, accounting, and audit purposes
- Terms enforcement: Enforcing our terms of service and acceptable use policies
- Dispute resolution: Handling disputes between users and protecting legal rights
Leaseora Platform Services
Leaseora offers a comprehensive suite of services designed for property management, tenant relationships, financial transactions, and real estate analytics. This section explains our core platform services, how they use your information, and the privacy protections we implement for each service.
Our platform is tailored to different user roles, including tenants (private and corporate), landlords (private and corporate), and property managers. The specific services you can access and how your data is used depends on your role and subscription level.
Property Marketplace & Management
Core services for property listings, management, and tenant-landlord relationships:
Property Listing & Discovery
- Property search with customizable filters and location-based results
- Property details with photos, floor plans, amenities, and virtual tours
- Saved properties and search preferences for personalized experiences
- Property comparison tools and market insights for informed decisions
Property Management
- Comprehensive property dashboards with key metrics and status indicators
- Multi-property management for landlords with portfolio views
- Property condition monitoring and inspection management
- Occupancy tracking and tenant management features
Privacy Safeguards: Property data is accessible based on strict role-based permissions. Public listings display limited information until verified interest is established. Personal contact information is protected until transaction intent is confirmed. Location data is processed with appropriate anonymization for market analytics.
Lease Management & Documentation
Services for creating, managing, and analyzing lease agreements and related documents:
Lease Creation & Management
- Digital lease creation with customizable templates and terms
- Lease renewal, amendment, and termination processing
- Bulk lease operations for corporate landlords and property managers
- Lease transfer and assignment capabilities with approval workflows
Document Management
- Secure document storage for leases and supporting documents
- Digital signature capabilities with verification and timestamp
- Document sharing with controlled access permissions
- Document versioning and audit trail for compliance purposes
Privacy Safeguards: Lease documents are encrypted both in transit and at rest. Document access is controlled through granular permissions. Sensitive personal information in documents is processed according to data minimization principles. Document retention follows legal requirements with automated deletion when permissible.
Financial Services & Transactions
Services for payments, financial management, and monetary transactions:
Payments & Billing
- Rent payment processing with multiple payment methods
- Automated recurring payment scheduling and management
- Security deposit management and return processing
- Utility payments and bill splitting functionalities
Financial Management
- In-platform wallet for secure balance management
- Financial reporting and transaction history tracking
- Budget allocation tools for corporate users
- Tax documentation and financial record-keeping
Invoicing & Receipts
- Automated invoice generation and delivery
- Digital receipt creation for all transactions
- Customizable invoice templates for branding
- Invoice management and payment tracking
Financial Tools
- Mortgage calculators and financing tools
- ROI calculators for property investments
- Rent pricing analysis and optimization
- Financial forecasting and scenario planning
Privacy Safeguards: Financial data is processed in compliance with PCI DSS standards. Payment processing is handled through trusted payment providers with tokenization of sensitive payment information. Financial records are subject to strict access controls and audit logging. Transaction data is retained according to financial regulations with appropriate security measures.
AI & Advanced Technology Services
Intelligent services powered by AI and advanced technologies:
AI Assistants & Chatbots
- 24/7 AI-powered support chatbots for platform guidance
- Natural language processing for query understanding
- Contextual assistance based on user activity
- Personalized recommendations and insights
Predictive Analytics
- Property valuation and price prediction models
- Market trend analysis and opportunity identification
- Tenant behavior predictions and insights
- Maintenance prediction and preventive scheduling
Document Intelligence
- Lease sentiment analysis for risk assessment
- Automated extraction of key terms from documents
- Legal compliance checking and recommendations
- Contract summarization and comparison tools
Smart Property Features
- Virtual property tours and 3D visualization
- IoT integration for smart property management
- Automated property condition assessment
- Energy optimization and sustainability tools
Privacy Safeguards: AI systems are designed with privacy by design principles. Training data is pseudonymized where possible. Users can opt out of certain AI-powered features. Chat history and interactions can be deleted upon request. AI models are regularly audited for bias and fairness. Data minimization principles are applied to all AI processing activities.
Communication & Support Services
Services that facilitate communication between users and provide support:
Messaging & Notifications
- In-platform messaging between tenants and landlords
- Automated notifications and alerts for important events
- Team messaging for corporate users with role-based access
- Email and SMS integration for critical communications
Support & Service Requests
- Support ticket system with tracking and resolution
- Maintenance request submission and tracking
- Service provider coordination and scheduling
- Dispute resolution tools and mediation services
Privacy Safeguards: Communication content is encrypted and accessible only to intended recipients. Support tickets are visible only to authorized personnel. Message history is retained according to retention policies with user deletion options. Chat and message monitoring is limited to fraud prevention and platform integrity purposes.
Identity Verification & Security Services
Services that ensure platform security and verify user identities:
Identity Verification
- KYC verification for all platform users
- Document verification with anti-fraud checks
- Biometric verification for enhanced security
- Corporate entity verification and validation
Security & Access Management
- Multi-factor authentication for account security
- Role-based access control with permission management
- Fraud detection and prevention systems
- Blockchain verification for document authenticity
Privacy Safeguards: Verification data is processed in compliance with GDPR and other privacy regulations. Biometric data is handled with explicit consent and strong encryption. Identity documents are stored securely with strict access controls. Verification results are retained only as long as necessary for legal and security purposes.
Leaseora Services Privacy Commitment
Across all our platform services, we maintain these core privacy commitments:
Data Minimization
We collect and process only the information necessary to provide each service, avoiding unnecessary data collection.
Transparent Processing
We provide clear information about how your data is used for each service and feature you access on our platform.
Access Controls
We implement strict role-based access controls to ensure your information is only accessible to authorized persons.
Information Sharing & Disclosure
We understand that how we share your information is of paramount importance. Leaseora is committed to transparency regarding when, why, and how we disclose your personal data to third parties. We share your information only when necessary to provide our services, comply with legal obligations, or as otherwise described in this privacy policy.
The specific details of how we share information may vary based on your location, applicable privacy laws, and the services you use. We implement appropriate safeguards for all data sharing activities in accordance with applicable privacy regulations including GDPR, CCPA, PIPEDA, and other relevant laws.
π€ Service Providers & Partners
We share information with carefully vetted third-party vendors who perform services on our behalf:
- β’ Payment processors & financial institutions
- β’ Cloud hosting & data storage providers
- β’ Identity verification & KYC services
- β’ Analytics & business intelligence tools
- β’ Customer support & communication platforms
- β’ Marketing & advertising services
- β’ Property inspection & maintenance partners
- β’ Legal & compliance consultants
Safeguards: All service providers are contractually obligated to protect your information, use it only for specified purposes, and comply with applicable privacy laws. We conduct regular security assessments of our partners.
π₯ Platform Ecosystem Sharing
Information shared within our platform to facilitate property transactions and relationships:
-
Property listings & availability
Property details, photos, amenities, and pricing visible to platform users based on privacy settings
-
Contact & transaction information
Contact details shared only after verified interest and consent during transaction processes
-
Reviews & feedback
Property and user ratings that enhance platform trust, with privacy controls
-
Public profile information
User-controlled public profile details with customizable privacy settings
βοΈ Legal & Regulatory Disclosures
We may disclose personal information when legally required or necessary to protect our rights, safety, or the rights of others:
-
Legal compliance
Responding to court orders, subpoenas, and legal processes as required by applicable laws
-
Government requests
Addressing valid requests from regulatory agencies, law enforcement, and other public authorities
-
Safety & fraud prevention
Investigating and preventing fraudulent activities, security incidents, and potential harm
-
Terms enforcement
Enforcing our terms of service, user agreements, and platform policies
π’ Business Transactions & Transfers
Information may be transferred in connection with corporate transactions:
-
Mergers & acquisitions
Transfer of user data as part of a merger, acquisition, or sale of all or part of our assets
-
Corporate restructuring
Reorganization, dissolution, or other major corporate changes requiring data transfer
-
Financing & investments
Due diligence processes for significant financing or investment transactions
User Notice: If your information becomes subject to a different privacy policy due to a business transaction, we'll notify you before transferring your data and explain your options.
International Data Transfers
Leaseora operates globally, which means your information may be transferred to, stored, and processed in countries outside your residence. These countries may have different data protection laws than your country of residence.
International data transfers are essential to provide our comprehensive property management platform across borders. We are committed to ensuring that your personal information remains protected regardless of where it is processed. This section explains how we handle cross-border data transfers and the safeguards we implement to protect your privacy.
Global Infrastructure & Data Flows
Understanding where and how your data travels helps you make informed privacy choices:
Primary Data Processing Locations
- European Union (Germany): Primary data hosting and processing center
- United Kingdom: Secondary processing and backup facilities
- United States: Analytics, AI services, and specialized processing
- Nigeria: Regional services for African markets
- Canada: Regional services for North American markets
Common Data Transfer Scenarios
- Service Delivery: Transferring data to provide you with the Leaseora platform services
- Global Operations: Sharing data with our offices and staff in different countries
- Third-Party Services: Transferring data to service providers in different jurisdictions
- Disaster Recovery: Backup and redundancy systems in different geographical locations
- Legal Compliance: Transfers necessary to comply with legal obligations
<strong>Data Localization:</strong> Where possible and required by applicable laws, we implement data localization measures for specific types of information. For example, payment data for EU customers is primarily processed within the EU, and certain sensitive information for Nigerian users is stored within approved African data centers.
Legal Frameworks & Transfer Mechanisms
We use legally approved mechanisms to transfer data internationally in compliance with applicable privacy regulations:
Standard Contractual Clauses
We implement the latest EU-approved Standard Contractual Clauses (SCCs) as the primary legal mechanism for transfers of personal data outside the EU/EEA to countries without adequacy decisions.
- Updated 2021 SCCs with modular approach
- Supplementary measures where necessary
Adequacy Decisions
Where applicable, we rely on adequacy decisions that confirm certain countries provide adequate protection for personal data.
- EU Commission adequacy decisions
- UK adequacy regulations
Technical Safeguards
We implement comprehensive technical measures to protect data during international transfers:
- End-to-end encryption for data in transit
- Secure transfer protocols (SFTP, TLS 1.3)
<strong>Legal Framework Updates:</strong> We continuously monitor changes to international transfer requirements and update our mechanisms accordingly. When new frameworks become available (such as new adequacy decisions or transfer mechanisms), we evaluate and implement them where appropriate.
Region-Specific Transfer Requirements
We comply with specific data transfer requirements in different jurisdictions:
European Union (GDPR)
EU data transfers comply with Chapter V of the GDPR, requiring appropriate safeguards for transfers to third countries.
United Kingdom
UK data transfers follow UK GDPR and Data Protection Act requirements with UK-specific international transfer mechanisms.
Other Key Regions
We comply with transfer requirements in all regions where we operate, including Nigeria (NDPA), Canada (PIPEDA), and US (CCPA/CPRA).
Your Rights Regarding International Transfers
You have specific rights related to the international transfer of your personal information:
Right to Information
You have the right to be informed about international transfers of your data, including the destinations, safeguards implemented, and potential risks.
Access to Documentation
You may request access to the transfer mechanisms (such as SCCs) that we use to protect your data when it's transferred internationally.
Right to Object
In certain circumstances, you may have the right to object to the transfer of your data to specific countries or recipients if you have compelling legitimate grounds.
<strong>Transfer Transparency:</strong> When you submit a data access request, we will include information about any international transfers of your data, including the countries involved and safeguards in place. For more information about your general privacy rights, please see the <a href="#your-rights" class="text-indigo-600 hover:underline">Your Rights & Choices</a> section.
Service Provider Categories & Processing Activities
Financial & Payment Processing
Information shared for payment processing, financial transactions, and financial services:
- Payment gateways and processors
- Banking and financial institutions
- Wallet service providers
- Financial compliance and fraud prevention services
- Tax and accounting service providers
Data shared typically includes: payment information, transaction history, account details, and billing addresses
Technology & Infrastructure
Information shared with technical infrastructure and service providers:
- Cloud hosting and data storage providers
- Content delivery networks
- Database management services
- Development and maintenance partners
- Cybersecurity and monitoring services
Data shared typically includes: user account data, usage information, system logs, and application data
Identity & Verification Services
Information shared for identity verification and security purposes:
- KYC (Know Your Customer) service providers
- Identity verification platforms
- Background check services
- Biometric verification providers
- Document validation services
Data shared typically includes: identity documents, biometric data, address verification, and personal identifiers
Analytics & Business Intelligence
Information shared for analytics, reporting, and business optimization:
- Analytics and measurement services
- Market research providers
- Business intelligence platforms
- User behavior analysis tools
- Performance optimization services
Data shared typically includes: usage statistics, interaction data, device information, and anonymized user behavior
Due Diligence: We perform thorough due diligence before engaging service providers, including security assessments, data protection agreement reviews, and privacy practice evaluations. We regularly audit and review their compliance with our privacy and security requirements.
Data Sharing Principles & Safeguards
Data Minimization
We share only the specific data needed for each purpose. We apply data minimization principles to limit exposure of personal information.
Contractual Protection
We use comprehensive data processing agreements with all partners, requiring them to protect your data and use it only as permitted.
Purpose Limitation
Shared data may only be used for specific, authorized purposes. We prohibit use of shared data for unrelated purposes.
Vendor Assessment
We conduct rigorous privacy and security assessments before sharing data with service providers and perform periodic audits.
No Selling of Data
We do not sell your personal information to third parties. We share data only as outlined in this privacy policy for specific services.
Transparency
We are transparent about our data sharing practices and provide mechanisms for you to inquire about third parties that have accessed your information.
For more information about our data sharing practices or to inquire about specific third parties with whom we've shared your information, please contact our Privacy Team at privacy@leaseora.com.
Data Security & Protection
Protecting your information is a top priority at Leaseora. We employ comprehensive security measures across our infrastructure, applications, and operations to safeguard your personal and financial data from unauthorized access, alteration, disclosure, or destruction.
We maintain a multi-layered security approach that combines industry-standard technologies, advanced security practices, and ongoing monitoring to protect the Leaseora platform and your information. Our security program is regularly assessed and enhanced to address evolving threats and comply with global security standards.
Technical Security Measures
We implement advanced technical controls to protect our platform and your data:
Encryption & Data Protection
- TLS/SSL encryption for all data transmitted to and from our platform
- AES-256 encryption for sensitive data at rest in our databases
- End-to-end encryption for financial transactions and communications
- Secure key management and rotation practices
- Data anonymization and pseudonymization where appropriate
Access Controls & Authentication
- Multi-factor authentication for critical systems and user accounts
- Role-based access controls with principle of least privilege
- Strong password policies with secure storage using bcrypt hashing
- Session management with automatic timeouts and secure tokens
- Regular access reviews and privilege audits
Network & Infrastructure Security
- Advanced firewalls and intrusion detection/prevention systems
- Regular security scans and vulnerability assessments
- DDoS protection and traffic filtering mechanisms
- Secure network architecture with appropriate segmentation
- Real-time monitoring and alerting for suspicious activities
Application Security
- Secure development practices following OWASP guidelines
- Regular security code reviews and penetration testing
- Protection against common vulnerabilities (XSS, CSRF, injection attacks)
- Third-party dependency scanning and management
- Web application firewalls and API security controls
<strong>Continuous Improvement:</strong> Our security technology stack is regularly updated to address emerging threats and vulnerabilities. We employ automated scanning tools, threat intelligence feeds, and security patches to maintain a robust security posture.
Organizational Security & Governance
We maintain comprehensive security governance, policies, and procedures:
Security Policies & Compliance
-
Comprehensive security policies
Formal policies covering data protection, access control, incident response, and security operations
-
Regular policy reviews and updates
Periodic evaluation to ensure alignment with regulatory requirements and industry standards
-
Compliance management program
Structured approach to maintaining compliance with relevant standards and regulations
Human Resources Security
-
Security awareness training
Regular training sessions for all employees on security best practices and threats
-
Background checks
Pre-employment verification for employees with access to sensitive systems
-
Confidentiality agreements
Binding agreements with all staff and contractors handling personal data
Vendor Management & Third-Party Security
-
Vendor security assessments
Rigorous evaluation of third-party security controls before engagement
-
Contractual security requirements
Clear security and privacy obligations in all vendor contracts
-
Ongoing monitoring and reviews
Regular security assessments of critical service providers
Security Oversight & Accountability
-
Dedicated security team
Specialized professionals responsible for our security program
-
Security governance committee
Cross-functional oversight of security initiatives and risk management
-
Regular security reporting
Systematic reporting on security metrics, incidents, and enhancements
Security Leadership: Our security program is led by experienced professionals who stay current with emerging threats and best practices. We maintain a culture of security awareness throughout our organization, with security being a shared responsibility for all team members.
Incident Response & Breach Handling
We maintain a comprehensive incident response program to detect, respond to, and recover from security events:
Detection & Monitoring
- β’ 24/7 security monitoring and alerting systems
- β’ Automated anomaly detection for unusual patterns
- β’ Log management and security information monitoring
- β’ Vulnerability scanning and penetration testing
- β’ Threat intelligence integration to identify emerging risks
Incident Response Process
- β’ Documented incident response plan with clear roles
- β’ Trained response team with specialized expertise
- β’ Predefined procedures for different incident types
- β’ Regular testing through tabletop exercises and simulations
- β’ Post-incident reviews to improve future response
Data Breach Notification
In the unlikely event of a data breach affecting your personal information, we will:
- Promptly investigate the incident to determine its scope and impact
- Take immediate steps to contain the breach and mitigate potential harm
- Notify affected individuals in accordance with applicable laws
- Report to relevant regulatory authorities as required
- Provide clear information about the breach and recommended actions
- Implement measures to prevent similar incidents in the future
Standards & Certifications
Our security program is aligned with industry standards and best practices:
ISO 27001
Information Security Management System alignment
PCI DSS
Payment Card Industry compliance for financial data
SOC 2
Controls for security, availability, and confidentiality
Continuous Compliance: We maintain ongoing compliance through regular assessments, audits, and monitoring. Our security team stays current with evolving standards and implements new requirements as they emerge.
User Security Features & Recommendations
We provide security features and tools to help you protect your account and data:
Account Security Features
- Multi-factor authentication options for enhanced protection
- Customizable privacy settings for personal information
- Login notifications and suspicious activity alerts
- Session management tools to monitor active logins
- Account recovery options with secure verification
User Security Recommendations
- Enable multi-factor authentication for additional security
- Use strong, unique passwords for your Leaseora account
- Keep your devices and browsers updated and secure
- Be cautious of phishing attempts impersonating Leaseora
- Regularly review your account activity and notifications
Security Partnership: Protecting your data is a shared responsibility. While we implement robust security measures on our platform, your security practices also play a crucial role. If you notice any suspicious activities related to your account, please contact our support team immediately at security@leaseora.com.
Your Rights & Choices
At Leaseora, we respect your privacy rights and are committed to providing you with control over your personal information. Depending on your location, you may have various legal rights regarding your data under applicable privacy laws such as the GDPR, CCPA, PIPEDA, UK Data Protection Act, and Nigeria Data Protection Act.
We honor these rights regardless of your location and strive to handle all privacy requests promptly and transparently. This section explains your rights, how to exercise them, and any limitations that may apply.
Summary of Your Privacy Rights
Access
View your personal data
Correct
Update inaccurate information
Delete
Request data removal
Portability
Export your data
Object
Restrict certain processing
Consent Withdrawal
Revoke previous consent
Preferences
Manage privacy settings
Complaint
Lodge concerns with authorities
Detailed Explanation of Your Rights
Right to Access Your Data
You have the right to request access to the personal information we hold about you and to verify the lawfulness of our processing.
What You Can Request:
- Confirmation that we process your personal data
- Copy of your personal information in our systems
- Categories of personal data we collect
- Information about how we use your data
- Details of third parties with whom we share your data
- Data retention periods or criteria
How to Access Your Data:
- Account Settings: Most basic information is directly accessible in your account profile
- Data Download: Use the "Export My Data" feature in account settings
- Full Request: Submit a complete access request via email for all information
<strong>Note:</strong> We typically respond to access requests within 30 days. For large or complex requests, we may extend this period by up to two additional months, in which case we will notify you of the extension and the reasons for it.
Right to Correction
You have the right to request correction of any inaccurate personal information we hold about you, and to complete any incomplete personal information.
What You Can Correct:
- Account profile information
- Contact details and communication preferences
- Property information and listing details
- Financial and payment information
- Document information and uploaded content
How to Request Corrections:
- Self-Service: Most information can be directly updated in your account settings
- Profile Editor: Use the profile editor for personal details
- Support Request: Contact our support team for information you cannot edit directly
Verification: For certain correction requests, we may need to verify the accuracy of the new data provided. We may ask for supporting documentation when necessary to validate changes to important information.
Right to Deletion
You have the right to request deletion of your personal information in certain circumstances, sometimes referred to as the "Right to be Forgotten" or "Erasure Right."
When Deletion Applies:
- The data is no longer necessary for its original purpose
- You withdraw consent (where processing was based on consent)
- You object to processing and there are no overriding legitimate grounds
- Your data was unlawfully processed
- Deletion is required for legal compliance
How to Request Deletion:
- Account Deletion: Use the "Delete Account" function in account settings
- Specific Data: Request deletion of specific data elements via email
- Content Removal: Delete uploaded content through the platform interface
- Complete Erasure: Contact privacy@leaseora.com for full data deletion
Limitations: In some cases, we may not be able to fully delete your information due to legal obligations, security purposes, fraud prevention, or to complete transactions. We will inform you of any applicable limitations during the deletion request process.
Right to Data Portability
You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit this data to another controller without hindrance.
What Data You Can Export:
- Account profile information
- Property listings and details
- Transaction history and financial records
- Documents and uploaded content
- Communication history and messages
- Preference settings and saved information
Available Export Formats:
- JSON: For technical data and complete exports
- CSV: For transaction and listing data
- PDF: For documents and reports
- ZIP: For bundled content including images
Direct Transfer: Where technically feasible, we can transfer your data directly to another service provider. Please note that interoperability limitations may apply depending on the receiving platform's capabilities.
Right to Object & Restrict Processing
You have the right to object to certain types of processing of your personal data and to request restriction of processing under specific circumstances.
What You Can Object To:
- Processing based on legitimate interests
- Direct marketing (including profiling)
- Processing for research or statistical purposes
- Automated decision-making and profiling
When You Can Restrict Processing:
- When contesting data accuracy (during verification)
- When processing is unlawful but you oppose deletion
- When we no longer need the data but you need it for legal claims
- When you've objected to processing (pending verification)
<strong>Important Note:</strong> Even if you object to certain processing, we may continue processing if we can demonstrate compelling legitimate grounds which override your interests or rights, or for the establishment, exercise or defense of legal claims.
Rights Related to Automated Decisions
You have the right not to be subject to a decision based solely on automated processing (including profiling) that produces legal or similarly significant effects on you.
Your Rights Include:
- Human intervention in the decision-making process
- Expression of your point of view
- Contestation of the decision
- Explanation of the logic involved
- Testing of the system's accuracy and fairness
Automated Systems at Leaseora:
- Property Matching: AI-based recommendations
- Risk Assessment: Rental application evaluation
- Fraud Detection: Transaction monitoring systems
- Pricing Tools: Dynamic pricing recommendations
Safeguards: All automated systems at Leaseora include human oversight and review mechanisms. You can always request human review of any automated decision that affects you by contacting our support team.
How to Exercise Your Rights
Self-Service Options
Many privacy rights can be exercised directly through your Leaseora account:
- Access and update profile information
- Manage communication preferences
- Download your data
- Delete content you've uploaded
- Manage privacy settings
Path: Account Settings > Privacy & Data
Email Request
For comprehensive requests or rights that can't be exercised through self-service:
- Email your request to privacy@leaseora.com
- Include "Privacy Rights Request" in the subject line
- Specify which right(s) you wish to exercise
- Provide details to help us locate your information
Verification Process
To protect your information, we need to verify your identity when you exercise your rights:
- For account holders: Log into your account or verify via email link
- For email requests: Verification through account email or additional documentation
- For sensitive requests: Additional security questions or ID verification
We only use verification information to confirm your identity, not for other purposes.
Response Timeline
We respond to all privacy rights requests without undue delay:
- Initial confirmation: Within 3 business days
- Complete response: Within 30 calendar days
- Complex requests: May be extended by up to 60 additional days with notice
If we need more time, we'll explain why and keep you updated on our progress.
Region-Specific Privacy Rights
In addition to the core privacy rights available to all users, you may have additional rights depending on your location:
πͺπΊ European Union (GDPR)
- Right to lodge a complaint with a supervisory authority
- Explicit rules around consent withdrawal
- Data breach notification within 72 hours
- Cross-border transfer protections
πΊπΈ California, USA (CCPA/CPRA)
- Right to know what personal information is collected
- Right to know if personal information is disclosed or sold
- Right to opt-out of the sale of personal information
- Right to non-discrimination for exercising rights
π¬π§ United Kingdom (UK GDPR)
- Similar rights to EU GDPR with UK-specific implementation
- Complaints can be directed to the ICO
- UK-specific data adequacy provisions
π¨π¦ Canada (PIPEDA)
- Right to withdraw consent for secondary marketing purposes
- Right to challenge accuracy with evidence
- Provincial variations in Quebec, Alberta, and BC
π³π¬ Nigeria (NDPA)
- Data subject participation including consent requirements
- Physical presence requirement for foreign data controllers
- Local filing system rights
π Other Regions
We respect privacy rights according to applicable local laws in all regions where we operate.
Contact us for specific information about rights in your region.
<strong>Note:</strong> The above is a general overview of region-specific rights. The specific rights available to you depend on your location, residency, citizenship, and other factors. We apply the highest standard of privacy protection where regulations overlap.
Limitations & Exceptions
While we strive to honor all privacy requests, there are some circumstances where we may be limited in our ability to fulfill your request:
Legal & Regulatory Requirements
- Legal obligation to retain certain information
- Regulatory compliance requirements
- Information needed for tax or financial reporting
- Data required for legal claims or proceedings
Technical & Operational Limitations
- Requests that are excessive or manifestly unfounded
- Information that cannot be separated from others' data
- Archived or backup information that is difficult to access
- Inability to verify the requestor's identity
Overriding Interests
- Freedom of expression and information
- Public interest in public health or scientific/historical research
- Defending legal claims
- Protection of others' rights and freedoms
Our Commitment: If we cannot fully comply with your request, we will explain the reasons and explore alternative solutions. We will never refuse to consider a legitimate request and will always provide a detailed explanation if a request cannot be fully satisfied.
Exercise Your Privacy Rights
Have questions or want to exercise your rights? Our privacy team is here to help.
We typically respond to all privacy-related inquiries within 3 business days.
Children's Privacy
Leaseora takes children's privacy very seriously. We understand the importance of protecting children's personal information and comply with applicable laws governing children's privacy, including the Children's Online Privacy Protection Act (COPPA) in the United States and provisions related to children's data in other privacy regulations like GDPR, PIPEDA, and NDPA.
This section explains our practices regarding children's personal information, including how we limit collection, use parental consent mechanisms, and implement special protections for younger users who may interact with our platform.
Age Restrictions & Platform Access
Leaseora is designed for users who are at least 18 years old. We implement various measures to restrict access by underage users:
Platform Age Requirements
- Account Creation: Only adults (18+) may create Leaseora accounts
- Financial Services: All financial features require adult verification
- Property Transactions: Lease agreements and property contracts require legal adult status
- Business Functions: Corporate features are restricted to verified adult users
Age Verification Measures
- Identity Verification: KYC processes to confirm user age during registration
- Document Validation: Official ID checking for account verification
- Biometric Verification: Optional facial verification to confirm identity matches documentation
- Technical Measures: Monitoring and detection systems to identify potential underage users
<strong>Important:</strong> If we learn that a user under 18 has created an account or provided personal information, we will take prompt steps to delete that information and terminate the account. If you believe an underage user has accessed our platform, please contact us immediately at <a href="mailto:privacy@leaseora.com" class="text-indigo-600 hover:underline">privacy@leaseora.com</a>.
Children's Data Processing
While our platform is intended for adults, we recognize that there are limited circumstances where we may process children's information:
Property Occupancy Information
Adult tenants may need to provide basic information about children who will be occupying a property:
- Number of minor occupants for occupancy compliance
- Age ranges of children (not exact birthdates) for property suitability
- Special accommodations needed for minor occupants
- Emergency contact information for the household
Lease Documentation Information
Some legal documentation in the leasing process may reference minor occupants:
- Names of all occupants in lease agreements
- Information in guarantor or co-signer documentation
- References in tenancy application forms
- Information in property transfer or ownership documents
Data Minimization: We apply strict data minimization principles to any information related to children. We only collect what is absolutely necessary for legal, safety, or property management purposes, and implement enhanced security for this data. We never use children's data for marketing, profiling, or other non-essential purposes.
Parental Controls & Consent
We recognize the rights of parents and guardians to control information about their children:
Parental Consent Mechanisms
In the limited circumstances where children's information is processed (such as property occupancy information), we implement the following consent mechanisms:
- Verified Parental Consent: Required before collecting any information about children
- Consent Verification: Multiple methods to verify parental identity
- Explicit Purpose Disclosure: Clear explanation of how information will be used
- Granular Consent Options: Specific consent for different types of information
- Consent Withdrawal: Simple process for parents to withdraw consent
- Parental Access: Ability to review information collected about their children
- Information Updates: Methods for parents to update or correct information
- Deletion Requests: Process for parents to request data deletion
Parental Management Tools
- Dedicated parental dashboard for information management
- Option to review all collected information
- Ability to update household occupancy information
- Data deletion request functionality
Parental Assistance
- Dedicated support for children's privacy inquiries
- Expedited response to parental requests
- Assistance with consent management processes
- Guidance on children's privacy rights and protections
Legal Compliance & Safeguards
Leaseora complies with global regulations regarding children's privacy, implementing region-specific protections as required:
COPPA Compliance (United States)
- Strict verifiable parental consent requirements
- Clear notice about information collection and use
- Reasonable procedures to protect confidentiality
- Data retention limitations for children's information
GDPR & UK Requirements
- Special protection for children's personal data
- Transparent privacy notices suitable for children
- Parental consent for children under 16 (or lower age limit if locally specified)
- Data Protection Impact Assessments for children's data processing
Nigeria NDPA Requirements
- Special protections for children's personal data
- Parental or guardian consent verification
- Child-friendly privacy notices and information
- Appropriate security for children's data
Canada PIPEDA & Other Regions
- Enhanced consent requirements for minors
- Protection of children's data under provincial laws
- Local age of consent requirements compliance
- Tailored privacy policies for specific jurisdictions
<strong>Enhanced Protections:</strong> We apply the highest standards of children's privacy protection, regardless of jurisdiction. Our systems are designed with additional safeguards for any data that might relate to minors, including enhanced encryption, strict access controls, and special handling procedures.
Enhanced Security Measures
For the limited children's data we may process, we implement specialized security measures beyond our standard protections:
Restricted Access
Strict need-to-know access controls with elevated permission requirements
Enhanced Encryption
Additional encryption layers for any data potentially relating to minors
Special Handling
Designated processes for managing and protecting children's information
Limited Retention
Shorter retention periods with automatic deletion when no longer needed
Enhanced Monitoring
Special monitoring and alerts for any access to children's information
Audited Access
Comprehensive audit trails for any interaction with children's data
Children's Privacy Contact Information
For questions about our children's privacy practices, to exercise parental rights, or to report concerns:
We prioritize all inquiries related to children's privacy and aim to respond within 24 hours. For urgent matters related to children's data, please indicate this in your message subject line.
Contact Us
privacy@leaseora.com
Address
Rosenthaler StraΓe 72 A, 10119 Berlin, Germany
Phone
+49 173 8622196