NORelocationRelocation

Privacy policy

Last updated: 31 May 2026

This policy explains how NoRelocation collects, uses, shares, and protects your personal data when you use this website and your dossier account. It is written to meet the General Data Protection Regulation (GDPR), known in the Netherlands as the AVG, supervised by the Autoriteit Persoonsgegevens (AP).

1. Who is responsible for your data

NoRelocation is the data controller. For any privacy question, request, or complaint, contact luca@norelocation.com. If a formal data protection contact is appointed, this section will name them.

2. The data we collect

Most of the data below is provided by you when you build your dossier. Some is generated automatically when you use the site.

  • Account and contact data: name, email address, phone number, and sign-in credentials handled by our authentication provider.
  • Identity data: nationality and identity documents such as a passport or ID page, where you upload them for your dossier.
  • Employment and income data: employer, job title, employment contract, payslips, and proof of income.
  • Financial data: bank statements or equivalent documents, and references from a previous landlord.
  • Tenancy data: target cities, budget, move-in date, household composition, and other preferences.
  • Payment data: handled by our payment processor. We receive confirmation and invoice records, not your full card number.
  • Usage data: pages viewed, device and browser information, and IP address, where you consent to analytics.

Some documents (payslips, bank statements, identity pages) are sensitive even where they are not a “special category” under the GDPR. We treat them with extra care and collect only what is necessary to present you as a credible tenant. We do not ask for special-category data (such as health, religion, or ethnicity) and ask that you do not upload it.

3. Why we process it, and our legal basis

  • To provide the service (build, verify, and host your dossier; run a house search; manage a placement): performance of our contract with you (Art. 6(1)(b)).
  • To share your dossier with an agent, landlord, or partner: your explicit consent, given each time you create or send a sharing link (Art. 6(1)(a)).
  • To take payment and keep invoices:performance of contract, and a legal obligation to retain financial records (Art. 6(1)(c)).
  • To secure the platform and prevent abuse:our legitimate interests (Art. 6(1)(f)).
  • For analytics and marketing emails:your consent, which you can withdraw at any time (Art. 6(1)(a)).

4. How your dossier is shared

Your dossier is private by default. It is only shown to a third party when you create a sharing link and send it. You control what each link reveals:

  • Viewing link: a summary with no sensitive documents.
  • Screening link: full documents, released only after the recipient confirms and you have consented.
  • Application link: shared with a specific partner for a specific property.

You can revoke any link at any time. Once a recipient has viewed or downloaded a snapshot we cannot recall the copy they hold; only you decide who receives a link in the first place.

5. Who we share data with

We do not sell your data. We use a small set of processors who handle data on our instructions under a data processing agreement:

  • Supabase: database and dossier storage.
  • Clerk:account sign-in and identity.
  • Cloudflare R2: document and file storage.
  • Stripe:payments, tax, and invoicing.
  • Resend:transactional and newsletter email.
  • PostHog:product analytics (only with your consent).
  • Vercel:website and application hosting.

We also share your dossier with the agents, landlords, or partners you choose, and may disclose data where required by law.

6. International transfers

We prefer EU-based hosting and storage. Some processors are based outside the European Economic Area. Where data is transferred outside the EEA, it is protected by an adequacy decision or by the European Commission’s Standard Contractual Clauses.

7. How long we keep it

  • Dossier and account data: for as long as your account is active. Your dossier account is lifetime; you can delete your data at any time.
  • Financial and invoice records: seven years, as required by Dutch tax law.
  • Marketing data: until you unsubscribe or object.

When you ask us to delete your data we remove or anonymise it, except where we are legally required to keep it.

8. How we protect it

Data is encrypted in transit and at rest, access is restricted and logged, and documents are stored separately from public profile data. No system is perfectly secure, but we hold your information to the standard its sensitivity demands.

9. Your rights

Under the GDPR you have the right to:

  • access the data we hold about you;
  • correct it if it is wrong;
  • delete it;
  • restrict or object to how we use it;
  • receive a portable copy;
  • withdraw consent at any time.

To exercise any of these, email luca@norelocation.com. You can also lodge a complaint with the Autoriteit Persoonsgegevens, the Dutch supervisory authority.

10. Cookies

We use essential cookies to run the site and, with your consent, analytics cookies. See the cookie policy for the full list and how to change your choice.

11. Children

The platform is for adults. We do not knowingly collect data from anyone under 18.

12. Changes

We may update this policy. The date at the top shows the latest version, and material changes will be communicated where appropriate.

13. Contact

Questions about this policy or your data: luca@norelocation.com.