Privacy Policy

1. Introduction

MoveIn, operated by Noveternum ("we", "us", "our"), is an Irish property rental marketplace. We are committed to protecting your personal data in accordance with the General Data Protection Regulation (GDPR) and the Irish Data Protection Act 2018. This policy explains what data we collect, how we use it, and your rights.

2. Data Controller

The data controller for the purposes of GDPR is MoveIn (Noveternum Limited). You can reach our data-protection team via our contact form.

3. Data We Collect

We collect and process the following categories of personal data:

• Account information: email address, full name, and phone number provided during registration and onboarding.
• Profile data: renter preferences (preferred counties, property types, budget, minimum bedrooms) and landlord details (RTB registration number, verification status). Landlords also have a phone-verification timestamp and channel (e.g. SMS) recorded after they prove control of their number.
• Property data: listing details including addresses, eircodes, photos, descriptions, and rental prices submitted by landlords.
• Search and browsing activity: search filters used, properties viewed, and saved/shortlisted properties.
• Inquiry and messaging data: messages exchanged between renters and landlords through our inquiry system.
• Technical data: browser type, device information, and usage patterns collected through analytics (with your consent).

4. How We Use Your Data

• To provide and operate the MoveIn platform, including property search, listings, inquiries, and messaging.
• To send transactional emails (inquiry notifications, message alerts, saved search alerts, and welcome emails).
• To compute market price intelligence scores by comparing listing rents against aggregated, anonymised market data.
• To generate listing descriptions for landlords using property details they provide, via Anthropic Claude (an AI model).
• To detect and prevent fraudulent or scam listings.
• To geocode property eircodes for map display.
• To improve our platform through anonymised analytics (only with your consent).

5. Legal Basis for Processing

• Contract performance: processing necessary to provide you with our services (account management, property listings, inquiries, messaging).
• Legitimate interest: fraud and scam detection to maintain platform safety.
• Consent: analytics tracking via PostHog. You can accept or decline analytics cookies at any time.
• Legal obligation: where required to comply with Irish or EU law.

6. Data Storage and Security

Your data is stored in Supabase, a PostgreSQL-based platform hosted in the EU (Ireland region). All data is encrypted at rest and in transit. We use Row Level Security (RLS) policies to ensure users can only access data they are authorised to view. Property photos are stored in Supabase Storage within the EU.

7. Cookies

We use two categories of cookies:

• Essential cookies: Supabase authentication cookies required for login and session management. These are strictly necessary and do not require consent.
• Analytics cookies: PostHog analytics cookies used to understand how visitors use our platform. We capture pageviews only — no session recording, and IP addresses are anonymised at the source. These cookies are only set if you provide consent via our cookie banner. PostHog is EU-hosted at eu.posthog.com.

You can withdraw consent at any time from Profile → Data & privacy. Toggling the analytics switch stops tracking immediately and clears your distinct identifier from PostHog.

8. Third-Party Services

We share data with the following third-party processors, each operating under their own privacy policies and GDPR-compliant data processing agreements:

• Supabase: database hosting, authentication, and file storage (EU-hosted).
• Mapbox: map display and eircode geocoding for property locations.
• Resend: transactional email delivery (notifications, alerts, welcome emails).
• Anthropic: AI-powered features including listing description generation and scam detection analysis. Property details (not personal data) are sent to generate descriptions.
• PostHog: product analytics (EU-hosted at eu.posthog.com). Only active with your consent. IP addresses are anonymised.
• Vercel: application hosting.
• Sentry: error tracking and crash reporting (EU region). Error reports may include your user ID and the URL path you were on when the error occurred. Form contents and message bodies are not sent.
• Twilio: SMS delivery for landlord phone verification. Phone numbers and one-time verification codes are sent to Twilio when you choose to become a landlord; codes expire within minutes and are not stored beyond verification.

9. Data Retention

We retain your personal data for as long as your account remains active.

When you delete your account, your personal data is erased immediately in a single action — no support ticket or follow-up required. Specifically: your name, phone number, and email are removed from your profile (your email is rewritten to a non-deliverable internal address and your display name is set to "Former renter" or "Former landlord"). Saved properties and search alerts are hard-deleted. Any property listings you owned are archived and removed from search. The text of every inquiry and chat message you authored is replaced with a "content removed at user's request" marker.

We keep the empty thread shells (timestamps, who-messaged-whom, which property) so the other party still has a record of the conversation taking place. This residual record is retained under our legitimate-interest basis, scoped narrowly to fraud prevention and dispute resolution for the counterparty — never for marketing or analytics. The text of messages the other party sent to you is their personal data and is left untouched.

A limited subset of records may be retained longer where law requires it (e.g. tax-related records under Art 17(3)(b) GDPR). Aggregated, anonymised market data (price snapshots) is retained indefinitely as it contains no personal information.

10. Your Rights Under GDPR

As a data subject under GDPR, you have the following rights:

• Right of access: request a copy of the personal data we hold about you.
• Right to rectification: request correction of inaccurate or incomplete personal data.
• Right to erasure: request deletion of your account and all associated personal data.
• Right to data portability: request an export of your data in a structured, commonly used format. You can self-serve this any time from your profile — pick CSV (a zip with one file per data type) or PDF.
• Right to restriction: request that we limit processing of your data in certain circumstances.
• Right to object: object to processing of your data based on legitimate interests.
• Right to withdraw consent: withdraw consent for analytics tracking at any time by declining cookies.

To exercise any of these rights, submit a request via our contact form. We will respond within 30 days.

11. Children's Privacy

MoveIn is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children.

12. Data Protection Officer

MoveIn is not legally required to appoint a Data Protection Officer under Article 37 of the GDPR. Our processing activities do not constitute large-scale processing of personal data, nor do they involve special categories of personal data such as health, biometric, or political information. For any data protection question or request — including access, erasure, portability, or objection — please reach us via our contact form with topic Privacy. Privacy submissions are routed to a named person internally and we aim to respond within the one-month window required by GDPR Article 12.

13. Complaints

If you are not satisfied with how we handle your data, you have the right to lodge a complaint with the Data Protection Commission (DPC), Ireland's supervisory authority for data protection. You can contact the DPC at www.dataprotection.ie.

14. Changes to This Policy

We may update this privacy policy from time to time. Material changes will be communicated via email or a notice on our platform. The "Last updated" date at the top of this page indicates when the policy was last revised.

15. Contact Us

For any questions about this privacy policy or our data practices, please reach us via our contact form.