Privacy Policy
Last updated: 28 April 2026
At Priowonen we process personal data to deliver rental alerts to you. We do this as carefully as possible. This document explains what data we collect, why, and what your rights are under GDPR.
1. Who we are
Priowonen is a Dutch service that alerts renters the moment a rental listing goes live at an agency. The data controller is Priowonen, based in Rotterdam.
For questions or requests: info@priowonen.nl
2. What data we collect
We only collect what we need to provide the service:
- Email address and password (for your account)
- Phone number (to deliver listing alerts via WhatsApp or SMS)
- Preferences: maximum rent, target cities, number of rooms
- Payment status and subscription history (no credit card numbers — those are processed by Stripe)
- Logs of sent notifications, for diagnostics and transparency
3. Why and on what legal basis
We process your data on the basis of:
- Performance of contract (Article 6(1)(b) GDPR): we need your email, phone number, and preferences to send you alerts
- Legal obligation (Article 6(1)(c) GDPR): we retain payment and invoice data as required by tax law
- Legitimate interest (Article 6(1)(f) GDPR): for fraud prevention and platform security
4. Who we share data with
We never sell your data. We only share it with sub-processors we need to provide the service:
- Supabase (Ireland/EU) — storage of account data and preferences
- Stripe (Ireland/EU) — payment processing via iDEAL
- Twilio (US) — sending SMS and WhatsApp alerts. Twilio is certified under the EU–US Data Privacy Framework
- Vercel (US) — hosting the website
We have a Data Processing Agreement in place with each of these parties. Your email address and phone number are only passed to Twilio at the moment we actually send you a message.
5. How long we keep your data
We keep account data as long as you have an active subscription. After cancellation we delete your account within 90 days, unless we are legally required to keep something longer (e.g. invoices — tax retention is 7 years).
Notification logs are kept for a maximum of 12 months for diagnostics.
6. Your rights
Under GDPR you have the right to:
- Access your personal data
- Correct or delete your data
- Export your data (data portability)
- Object to our processing
- Withdraw your consent at any time
Send a request to info@priowonen.nl. We respond within 30 days.
You also have the right to file a complaint with the Dutch Data Protection Authority (autoriteitpersoonsgegevens.nl).
7. Cookies
We only use functional cookies needed to keep you logged in. We don't use tracking cookies, advertising cookies, or third-party analytics. That's why we don't show a cookie banner.
8. Security
We encrypt all traffic between your device and our servers (TLS). Passwords are stored hashed via Supabase Auth. Access to production data is limited to Priowonen's founder.
9. Changes
If we change this policy, we will publish the new version on this page and update the "last updated" date. For material changes we will email your registered address.