Privacy Policy

1. Identity and Contact Information

This Privacy Policy explains how Inquly collects, uses, and protects your personal data in compliance with the General Data Protection Regulation (GDPR) and Spanish Organic Law 3/2018 on Personal Data Protection (LOPDGDD).

2. Definitions

• Landlords: Users who own or manage properties and use our services to manage their rentals and process tenant data.
• Tenants: Occupants of rented properties whose personal data may be collected and managed by a Landlord through the Software.
• Users: Any person who uses the Software, including Landlords and Tenants.

3. Legal Basis for Data Processing

In accordance with the GDPR, we process your data based on the following legal grounds:

• Contract Execution: Processing necessary to provide our services and manage your account.
• Legal Obligations: Processing required to comply with accounting, tax, and other legal requirements.
• Legitimate Interest: Processing for security, fraud prevention, and service improvement.
• Consent: Processing based on your explicit consent, particularly for marketing communications and non-essential cookies.

4. Data Collected

Registration Data

• First and last name
• Email address (account identifier)
• Password (stored encrypted)

Service Data

• Property information and details
• Tenant information and contact details
• Financial records (payments, expenses, invoices)
• Uploaded documents

Tenant Data (entered by landlords)

• Full name and identification (DNI/NIE - only necessary data, not full document copies)
• Contact information (email, phone, address)
• Employment and income information
• Emergency contact details

Automatic Data

• IP address
• Browser type and version
• Session and preference cookies

Security Data

• reCAPTCHA verification data (interaction patterns, browser fingerprint)
• API usage logs (endpoint, method, IP address, user agent)

5. Data Processing Responsibility

Landlord as Data Controller

Landlords who use Inquly to manage their rentals are the Data Controller for the personal data of their tenants. They are responsible for ensuring GDPR compliance for this data.

Inquly as Data Processor

Inquly acts as a Data Processor on behalf of Landlords, hosting and processing data to enable rental management. We do not make decisions about how tenant data is used.

Inquly as Data Controller

Inquly is the Data Controller for certain data collected independently, such as usage logs, security measures, and support communications.

6. Purposes of Processing

• Providing and maintaining our services
• Managing your account and preferences
• Communicating with you about your account
• Ensuring security and preventing fraud
• Complying with legal obligations

7. Data Recipients

We may share your data with the following categories of recipients:

• Application Hosting: Vercel Inc. (US (with SCCs))
• Database Hosting: Hostinger International Ltd. (EU (Lithuania))
• Email Service Provider: Hostinger International Ltd. (EU (Lithuania))
• Security (reCAPTCHA): Google LLC (US (with SCCs))
• Authentication (Google Sign-In): Google LLC (US (with SCCs))
• Payment Processing: Stripe, Inc. (US (with SCCs))

All our data processors are required to maintain appropriate security measures and process data only according to our instructions.

8. International Data Transfers

Some of our service providers are located outside the European Economic Area (EEA). When we transfer your data to these providers, we ensure appropriate safeguards are in place:

Transfer Mechanism

We use Standard Contractual Clauses (SCCs) approved by the European Commission for transfers to countries without an adequacy decision.

The following providers receive data transfers under SCCs:

Additional Safeguards

All third-country providers have committed to maintaining GDPR-equivalent data protection standards. We regularly review these arrangements to ensure ongoing compliance.

9. Security Measures

We implement appropriate technical and organizational measures to protect your data:

• SSL/TLS encryption for all data transmission
• Secure password hashing using industry-standard algorithms
• Secure session management and authentication
• Regular encrypted backups

Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the Spanish Data Protection Authority (AEPD) within 72 hours. If the breach is likely to result in a high risk to you, we will also notify you directly without undue delay.

10. Data Retention

11. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

• Right of Access: Request a copy of your personal data.
• Right to Rectification: Request correction of inaccurate data.
• Right to Erasure: Request deletion of your data ('right to be forgotten').
• Right to Portability: Receive your data in a portable format.
• Right to Object: Object to processing based on legitimate interest.
• Right to Restriction: Request restriction of processing in certain circumstances.
• Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time. This will not affect the lawfulness of processing before withdrawal.
• Rights Related to Automated Decisions: You have the right not to be subject to decisions based solely on automated processing that significantly affect you. We do not currently use automated decision-making.

How to Exercise Your Rights

To exercise any of these rights, please contact us at the email address provided below. We will respond to your request within one month.

12. Cookies

We use cookies to provide and improve our services. For detailed information about cookies, please see our Cookie Policy.

For more information, please visit our Cookie Policy

13. Policy Updates

We may update this Privacy Policy from time to time. For significant changes, we will notify you at least 30 days in advance via email or a notice on our platform.

14. Contact

For questions about this Privacy Policy or to exercise your rights, please contact us: