Privacy Policy
Privacy Policy
Effective date: 7 May 2026. Vardenus operates worldwide; this Policy describes how we process personal data and your rights under applicable data-protection law. Please also see our Terms & Conditions.
1. About This Policy
This Privacy Policy explains how Vardenus collects, uses, shares, and protects personal data when you use the Vardenus website at vardenus.com and any related apps, dashboards, APIs, or services (the "Platform"). It applies to tenants, landlords, letting agencies, service providers, visitors, and anyone whose personal data we process through the Platform.
Vardenus is a worldwide rental marketplace. We process personal data in accordance with the data-protection laws that apply to you, which may include the EU General Data Protection Regulation (GDPR), the UK GDPR and Data Protection Act 2018, the California Consumer Privacy Act as amended by the CPRA, Canada's Personal Information Protection and Electronic Documents Act (PIPEDA), Brazil's LGPD, Australia's Privacy Act, and other equivalent laws in your country.
2. Who We Are (Data Controller / Business)
Vardenus is the controller (under EU/UK GDPR) and the "business" (under the CCPA/CPRA) of the personal data we collect about you, except where we act as a processor or service provider on behalf of a landlord, agency, or service provider in respect of their own customers. In those cases the third party's privacy notice applies in addition to this one.
For privacy questions or to exercise your rights, contact our Data Protection team at privacy@vardenus.com.
3. Personal Data We Collect
We collect the following categories of personal data:
1. Identity & Contact Data
Name, date of birth, email address, phone number, postal address, profile photo, and account credentials.
2. Verification Data
Government-issued ID (passport, national ID card, driving licence, residence permit), proof of address, proof of income, employment information, and any local right-to-occupy or right-to-rent documentation required in your jurisdiction.
3. Property & Listing Data
Property addresses, photos, descriptions, rent and deposit values, energy / safety certificates, and any licensing or registration numbers required by local law.
4. Application & Tenancy Data
Rental applications, references, credit information (where you authorise checks), tenancy agreements, viewing slot bookings, and renewal/end-of-tenancy data.
5. Financial Data
Bank or card details processed by our payment partner Stripe, payment history, payout details for landlords/agencies/service providers, invoices, and tax-related identifiers where required by local tax authorities.
6. Communications Data
Messages, calls, voicemails, and attachments exchanged through Vardenus Chat; emails to support; survey responses; and dispute submissions.
7. Technical & Usage Data
IP address, device identifiers, browser type, operating system, time-zone, referrer, pages viewed, search terms, click events, and crash logs.
8. Location Data
Approximate location derived from IP address; precise location only if you grant permission (for example, to centre the property map on your area).
9. Marketing & Preferences
Subscription state, language preference, and consent flags for cookies, email, and SMS marketing.
4. How We Collect Your Data
We collect personal data: (a) directly from you when you register, complete a profile, list a property, apply for a property, sign a contract, upload documents, send messages, or contact support; (b) automatically when you use the Platform, via cookies, server logs, and analytics; and (c) from third parties such as identity-verification providers, credit-reference agencies (with your consent), Stripe, social-login providers (Google, Facebook), and public registers (for example, business registries when listing as a company).
5. How We Use Your Data (Lawful Bases)
Where EU/UK GDPR applies, we rely on the following lawful bases under Article 6:
1. Performance of a contract
To create and manage your account, list properties, process applications, sign contracts, take payments, and provide customer support.
2. Legitimate interests
To secure the Platform, prevent fraud, improve our services, conduct analytics, defend legal claims, and contact existing customers about similar services. We balance these interests against your rights.
3. Legal obligation
To comply with anti-money-laundering, tenancy, tax, accounting, and law-enforcement requirements in the jurisdictions where we or you operate.
4. Consent
For non-essential cookies, optional marketing emails or SMS, and any processing of special category / sensitive data (see Section 6).
5. Vital interests
In rare cases where processing is necessary to protect someone's life, for example a credible safeguarding concern.
6. Identity Verification & Sensitive Data
Some verification documents (for example, a passport image) may incidentally reveal special category / sensitive data such as ethnic origin or biometric data. Where such data is processed, we rely on your explicit consent and, where applicable, additional conditions permitted by local law (for example, prevention of fraud or compliance with another statutory obligation).
We may use third-party verification providers (and, where applicable, Veriff) to confirm the authenticity of documents and check liveness. Those providers act as independent or joint controllers and have their own privacy notices.
7. Sharing & Disclosure
We share personal data only as needed to operate the Platform and only with parties bound by appropriate confidentiality and data-protection obligations. We do not sell personal information for monetary consideration.
1. Other users
Tenants, landlords, agencies, and service providers see the information necessary to evaluate applications, viewings, contracts, and services. We do not show your full contact details to other users until you choose to share them or a contract is in place.
2. Service providers (processors)
Cloud hosting (AWS), payment processing (Stripe), identity verification providers, email delivery (Amazon SES), SMS delivery (Amazon SNS), customer-support tooling, error monitoring, and analytics.
3. Professional advisers
Lawyers, accountants, auditors, and insurers, where reasonably necessary.
4. Authorities
Law enforcement, regulators (including tax authorities and data-protection authorities), or courts when legally required or to protect our rights or those of our users.
5. Corporate transactions
If Vardenus is involved in a merger, acquisition, financing, or sale of assets, personal data may be transferred subject to confidentiality and continued protection.
8. International Data Transfers
Vardenus operates internationally, and personal data may be transferred to and processed in countries other than the one in which you live, including the United States and the European Economic Area. When we transfer personal data across borders, we rely on recognised legal mechanisms such as the EU Standard Contractual Clauses, the UK International Data Transfer Agreement (or UK Addendum), the EU-US Data Privacy Framework where applicable, adequacy decisions, or other lawful safeguards. You can request a copy of the safeguards in place by emailing privacy@vardenus.com.
9. Data Retention
We keep personal data only for as long as necessary for the purposes set out in this Policy, then delete or anonymise it. Typical retention periods:
1. Account & profile data
While your account is open, plus up to 6 years after closure for tax, accounting, and legal-defence purposes (or longer where local law requires).
2. Verification documents
For the period required by applicable identity-verification, anti-money-laundering, or tenancy record-keeping rules in the relevant jurisdiction (typically 5-7 years after the last related transaction).
3. Tenancy and contract data
While the tenancy is active and for the limitation period applicable in the relevant jurisdiction (typically 6 years after it ends).
4. Chat messages
Retained indefinitely while the platform operates, in line with our Messaging & Chat Policy. You can request closure of your account; messages may be retained in anonymised form to preserve the integrity of conversations with other parties.
5. Marketing data
Until you withdraw consent or unsubscribe.
6. Server logs and analytics
Typically 12-24 months.
10. Your Rights
Subject to applicable law, you have the following rights in respect of your personal data:
1. Access
Request a copy of the personal data we hold about you, and (under the CCPA/CPRA) the right to know what categories we collected, used, disclosed, and the sources.
2. Rectification / correction
Ask us to correct inaccurate or incomplete data.
3. Deletion / erasure
Ask us to delete your data, subject to legal retention obligations.
4. Restriction
Ask us to limit how we process your data while a query is resolved (EU/UK GDPR).
5. Objection
Object to processing based on legitimate interests, including direct marketing (EU/UK GDPR).
6. Portability
Receive your data in a structured, commonly used, machine-readable format and have it transmitted to another controller, where technically feasible.
7. Opt-out of sale or sharing
Although Vardenus does not sell personal information, California residents have a right to opt out of any sale or sharing of personal information for cross-context behavioural advertising. You can exercise this right via the cookie banner or by emailing privacy@vardenus.com.
8. Limit use of sensitive personal information
California residents may request that we limit our use of sensitive personal information to that necessary to provide the requested service.
9. Withdraw consent
Where we rely on consent, you can withdraw it at any time without affecting prior lawful processing.
10. Automated decisions
Ask for human review of solely automated decisions that produce legal or similarly significant effects, where applicable law provides this right.
11. No discrimination
We will not discriminate against you for exercising any of these rights.
11. Marketing Communications
We send marketing emails or SMS only with the consent or other lawful basis required by your jurisdiction (for example, opt-in under EU/UK ePrivacy rules; clear notice and opt-out where permitted under US law). You can unsubscribe at any time from any marketing email or by emailing privacy@vardenus.com. Transactional messages (for example, payment confirmations or tenancy notices) are not marketing and continue while you have an active relationship with us.
12. Cookies & Similar Technologies
We use strictly necessary cookies to operate the Platform and, where required by law, request your consent for performance, functional, and marketing cookies. Our cookie banner lets you accept, reject, or customise non-essential cookies, and you can change your choices at any time through the cookie-preference link in the footer or via your browser settings. We honour Global Privacy Control (GPC) signals where required by applicable law.
13. California-Specific Disclosures
If you are a California resident, the CCPA/CPRA gives you the rights described in Section 10 above. Categories of personal information we have collected in the past 12 months include the categories listed in Section 3 (Identity, Verification, Property, Application, Financial, Communications, Technical, Location, and Preferences). We collect this information for the business purposes described in Section 5 and disclose it to the categories of recipients listed in Section 7. We do not knowingly sell or share personal information of consumers under 16. To exercise your rights, email privacy@vardenus.com or use the controls in your account settings; we may need to verify your identity before responding.
14. Children
Vardenus is not directed at children under 18 (or the higher age of digital consent in your jurisdiction). We do not knowingly collect personal data from children. If you believe a child has provided personal data to us, contact privacy@vardenus.com so we can delete it.
15. Security
We use a combination of technical and organisational measures to protect personal data, including TLS encryption in transit, encryption at rest, access controls, role-based permissions, multi-factor authentication for staff, monitoring, and regular reviews. No system is perfectly secure: if you suspect unauthorised access to your account, contact security@vardenus.com immediately.
16. Automated Decision-Making & AI
We use automated tools (including the Vardenus AI Lawyer) to help with risk-scoring, fraud detection, content moderation, and dispute review. We do not make solely automated decisions that produce legal or similarly significant effects without human review. Where AI is used to analyse messages, results are advisory only and may be reviewed by Vardenus staff.
17. Third-Party Links
The Platform may link to third-party websites, services, or apps (for example, payment partners, mapping providers, or social networks). Those third parties have their own privacy notices, and we are not responsible for their practices.
18. Changes to This Policy
We may update this Policy from time to time. If we make material changes, we will notify you by email and/or through an in-app notice. The "Effective date" at the top shows when the current version took effect.
19. Contact Us & Complaints
For privacy questions or to exercise your rights, contact privacy@vardenus.com. We aim to respond to verifiable data-subject requests within the timeframe required by your local law (for example, one calendar month under EU/UK GDPR; 45 days under the CCPA/CPRA).
If you are not satisfied with our response, you have the right to lodge a complaint with your local data-protection authority — for example, the European Data Protection Board's national supervisory authorities, the UK Information Commissioner's Office, the Office of the Privacy Commissioner of Canada, or the California Privacy Protection Agency. We would, however, appreciate the chance to address your concerns first.
Become a Real Estate Agent
We only work with the best companies around the globe