LearnTrust and security
Data, privacy, and GDPR
Renting means trusting someone with the details of your home, your identity, and your money. Haven treats that trust as the product. We collect only what a step actually needs, keep every tenancy walled off from every other, and give you real controls to see, export, and erase your data.
What we collect, and the reason for each
Haven collects data step by step, tied to the moment you actually need it. Nothing is gathered "just in case". If a feature is turned off for you, its data is not collected.
- Account and contact details, your name, email, and phone, so we can create your account, sign you in, and reach you about your tenancy.
- Identity verification, a government ID and a liveness check at application time, to confirm you are who you say you are before a lease is signed. This is a legal and anti-fraud requirement, not a marketing profile.
- Application and tenancy records, the properties you apply to, the lease you sign, and its terms, so the agreement is real, enforceable, and available to both sides.
- Payment details, for rent by SEPA autopay and the escrow deposit, we hold the mandate and the ledger of payments. Money moves as double-entry journal entries; we never keep a mutable balance that can silently drift.
- Maintenance, invoices, and messages, the requests you raise and the documents a tenancy generates, so there is one honest record instead of scattered emails.
Every field maps to a step in the tenancy lifecycle. If you cannot see why a piece of data is needed, that is a question we owe you a clear answer to.
Tenant isolation: your data stays yours
Haven is built around one non-negotiable rule: your data belongs to your tenancy, and nothing crosses that line. Every query that touches your information is scoped by a tenancy key derived from your signed session, never from a value a browser or app could tamper with.
In practice, this means an owner sees the tenancies on their own properties and nothing else. A renter sees their own applications, lease, payments, and messages, and nothing else. There is no shared pool where a mistake could leak one household's data into another's.
We never fetch a sensitive record by a bare id and hope the caller is allowed to see it. Access is checked against your session first, every time. This is the single most important guarantee in the system, and it is enforced in code, not just promised in a policy.
Your GDPR rights: access, export, erasure
Under EU data-protection law you have rights over your personal data, and Haven is built to honour them rather than resist them.
- Access, you can see what we hold about you. Your account already surfaces your applications, lease, payment history, and documents directly.
- Portability, you can request an export of your personal data in a machine-readable form, so it is genuinely yours to take elsewhere.
- Erasure, you can ask us to delete your personal data. Where we can erase, we do.
There is one honest limit. Some records are legal artifacts, a signed lease, a payment record, an official notice. By law and by design these are immutable and append-only: a correction is a new record that references the old one, never a quiet edit. We cannot rewrite the financial and legal history of a real tenancy, because doing so would break the protection that record gives both sides. Where a record must be retained for a legal or accounting obligation, we keep it for that reason and no longer than we have to, and we will tell you which records those are.
Where data is stored and who can see it
Haven operates to European data-protection standards, and your data is stored on infrastructure chosen for that purpose. Data in transit is encrypted; sensitive fields are protected at rest.
Secrets and credentials are never kept in our source code or shared in plain text. They live in an encrypted, database-first secrets store, so the keys that protect your data are themselves protected.
Access by people is the exception, not the norm. The system serves your data to you and to the counterparties in your tenancy, the owner of a home you rent, the renter of a home you own. Haven staff do not browse tenancies. Any operational access is limited, purpose-bound, and auditable, so there is always a record of who touched what and why.
Retention, and what happens after a tenancy ends
Data does not live forever by default. We keep information for as long as it serves the tenancy it belongs to, plus any period the law requires us to hold specific records.
When a tenancy ends, the operational data that no longer has a purpose becomes eligible for deletion. The legal and financial artifacts, the lease that was signed, the rent that was paid, the deposit that was held in escrow and returned, are retained for the statutory period, because they are the proof that protects you if a question ever arises later.
You stay in control throughout. You can request an export before you leave, and request erasure of the data we are not legally required to keep. Our aim is simple: hold what a real tenancy genuinely needs, for exactly as long as it is needed, and no longer.