How it works Pricing
Solutions For Landlords For Agencies
Login Request a Demo

Privacy Policy

Last Updated: December 4, 2025
Effective Date: December 4, 2025

1. Introduction

Welcome to enoikio ("we," "our," or "us"). We are committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store, and share information about you when you use our website, mobile application, and property management services (collectively, the "Services").

For the purposes of the General Data Protection Regulation (GDPR), Soho Technologies Ltd is the Data Controller.

Registered Office:
86-90 Paul Street
London, EC2A 4NE
United Kingdom

Contact Email: privacy@enoikio.com

2. Data We Collect

We collect data to provide automated rent collection, tenant screening, and property management tools. The types of data depend on your role (Landlord, Tenant, or Agent).

A. Information You Provide to Us

  • Identity Data: First name, last name, date of birth, government ID (where required for KYC).
  • Contact Data: Billing address, physical address, email address, and telephone numbers.
  • Property Data: Details of properties owned, managed, or rented; lease terms; and rental amounts.
  • Financial Data: Bank account details (IBAN/BIC) for SEPA Direct Debit setups.

B. Information Collected via Technology (Open Banking)

When you use our Tenant Screening or Affordability Check services, we utilize regulated Open Banking APIs (PSD2).

  • Transaction Data: We access up to 12 months of transaction history to verify income and rent payments.
  • Account Information: Account holder name, balance, and currency.
  • Note: We never see or store your banking login credentials (PINs/Passwords). Authentication happens directly between you and your bank.

C. Usage & Technical Data

  • Technical Data: IP address, browser type, time zone setting, operating system, and platform.
  • Usage Data: Information about how you use our website and services (e.g., login timestamps, page interaction).

3. How We Use Your Data (Legal Basis)

We only use your personal data when the law allows us to. Most commonly, we use your personal data in the following circumstances:

Purpose / Activity Type of Data Legal Basis for Processing
To register you as a new user Identity, Contact Performance of a Contract
To process Rent Payments (SEPA Direct Debit) Financial, Identity Performance of a Contract
To calculate Affordability/Risk Scores (Tenant Screening) Financial, Identity Consent (Explicit opt-in required)
To prevent fraud and money laundering (AML) Identity, Financial Legal Obligation
To manage our relationship with you (Support) Contact, Usage Performance of a Contract
To improve our website and services Technical, Usage Legitimate Interest

4. Open Banking & PSD2 Specifics

This section applies specifically to Tenants utilizing our "Affordability Score" feature.

  1. Consent: We only access your banking data upon your explicit consent. You may withdraw this consent at any time, though this may prevent the completion of a screening report.
  2. Data Minimization: We do not store your raw transaction history permanently. Once the Affordability Score and Income Verification report is generated, the raw transaction data is deleted or anonymized within 24 hours.
  3. Third-Party Providers: We connect to your bank via licensed Account Information Service Providers (AISPs) regulated under PSD2.

5. Automated Decision Making & Profiling

Our Services include an automated Tenant Risk Scoring system.

  • How it works: Our algorithms analyze financial data (income stability, overdraft usage, rent coverage) to generate a score (e.g., 0-100).
  • Your Rights: If you are a tenant and disagree with an automated decision that has legal consequences (e.g., rejection of a lease application), you have the right to request a human review of the decision. Please contact us at privacy@enoikio.com.

6. Disclosure of Your Data

We do not sell your data. We may share your data with the following trusted third parties strictly for the provision of Services:

  • Landlords/Agencies: If you are a Tenant, the Landlord requesting the screening will receive your "Tenant Passport" (Income Verification and Risk Score). They do not receive your raw bank statements.
  • Payment Processors: To facilitate SEPA Direct Debit transactions.
  • Cloud Infrastructure: Hosting providers (e.g., AWS/Google Cloud) located within the EEA.
  • Regulators & Authorities: Revenue Commissioners, Tax Authorities, or Law Enforcement if required by law (e.g., Anti-Money Laundering regulations).

7. International Transfers

We primarily store and process data within the European Economic Area (EEA).

Whenever we transfer your personal data out of the EEA (e.g., to a sub-processor in the US), we ensure a similar degree of protection is afforded to it by using Standard Contractual Clauses (SCCs) approved by the European Commission.

8. Data Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorized way.

  • Encryption: All data is encrypted in transit (TLS 1.2+) and at rest (AES-256).
  • Access Control: Access to your personal data is limited to employees, agents, and contractors who have a business need to know.
  • Breach Notification: We have procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

9. Data Retention

We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

  • User Account Data: Retained for the duration of your active account.
  • Financial Transaction Records: Retained for 10 years (or as required by local tax law).
  • Open Banking Raw Data: Retained only for the duration of the verification session.

10. Your Legal Rights (GDPR)

Under certain circumstances, you have rights under data protection laws in relation to your personal data:

  1. Request access to your personal data (Data Subject Access Request).
  2. Request correction of the personal data that we hold about you.
  3. Request erasure of your personal data ("Right to be forgotten").
  4. Object to processing of your personal data.
  5. Request restriction of processing of your personal data.
  6. Request the transfer of your personal data to you or to a third party (Data Portability).
  7. Right to withdraw consent at any time where we are relying on consent to process your personal data.

To exercise any of these rights, please contact us at privacy@enoikio.com. We try to respond to all legitimate requests within one month.

11. Cookies

Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and allows us to improve our site.

A. What is a Cookie?

A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer if you agree. Cookies contain information that is transferred to your computer's hard drive.

B. Types of Cookies We Use

We use the following cookies:

  1. Strictly Necessary Cookies: These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website (e.g., the Landlord Dashboard or Tenant Portal) or use the e-billing services. You cannot opt-out of these cookies.
  2. Analytical/Performance Cookies: They allow us to recognize and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.
  3. Functionality Cookies: These are used to recognize you when you return to our website. This enables us to personalize our content for you and remember your preferences (for example, your choice of language or region).

C. Third-Party Cookies

Please note that third parties (including, for example, advertising networks and providers of external services like web traffic analysis services such as Google Analytics) may also use cookies, over which we have no control. These cookies are likely to be analytical/performance cookies or targeting cookies.

D. Managing Cookies

You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies), you may not be able to access all or parts of our site (specifically the secure login areas).

12. Changes to This Policy

We keep our privacy policy under regular review. Any changes we make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by email.